| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
rafal
(This used to be commit b3efdcf0aeec5a115c53de8bbedaa9ca8225b689)
|
|
settrustpwent, gettrustpwnam
2) Implementation of another couple of these functions in tdbsam:
settrustpwent, gettrustpwnam, gettrustpwsid
3) Testing (mostly for now) usage of the interface in pdbedit
which is soon to be offline tool back again.
This is quite a new code, so many changes will be put in soon.
rafal
(This used to be commit 2ed23fbce846f9710747d72aa98c20d54894d61e)
|
|
(should fix the mb service name problem, can't remember the bugid).
Jeremy.
(This used to be commit 93c2d50f1adbf257c0c0185b420a1d73d56be2f9)
|
|
Bas van Sisseren <bas@dnd.utwente.nl>
(This used to be commit a90df1c170a168092e0c90f684ea968bd1f6f768)
|
|
(This used to be commit da59bab769dac3702dbddd6ad718f918befee6db)
|
|
Volker
(This used to be commit 6287141f10e6c774990b4fdf65bfd2a55afca35a)
|
|
(This used to be commit fa6500fe773ae1f0aa70f370600b6f7aa7f65f3d)
|
|
This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.
I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.
At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.
The command "net priv" has been provided to manipulate the privileges
database.
There are still many things to do (like support in "net rpc vampire") but
the working core is here.
Feel free to comment/extend on this work.
Of course I will deny that any bug may affect this code :-)
Simo.
This patch adds also my patch about add share command enhancements.
(This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
|
|
merge to 3_0, as the pdb interfaces has changed a bit between the two.
This has not been tested too severly (which means it's completely broken ;-),
but I want it in for review. Feel free to revert it :-)
TODO:
make 'net groupmap' a bit more friendly for alias members.
Put that stuff into pdb_ldap.
Getting the information over to winbind. One plan without linking pdb into
winbind would be to fill group_mapping.tdb with the membership information and
have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone
could trigger that itself, the problem is a BDC using LDAP. This needs to do
it on a regular basis. The BDC smbd needs to be informed about SAM changes
somehow...
Volker
(This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
|
|
srv_samr_nt.c: Correctly report that a user is not member of an alias.
Volker
(This used to be commit 26d99204b7cbfa8e259f2a8438eadc9ff6be0709)
|
|
Volker
(This used to be commit 73117f5e41aa923b07d200a18c84b8082d8b71a6)
|
|
something not a group.
Volker
(This used to be commit 9cfc97df456199c22e199831d28597132cf001a8)
|
|
Volker
(This used to be commit 6785dc84ce4d9c2d5ebe3113c7f506947b09a7f8)
|
|
set of groups.
Volker
(This used to be commit 710969acaa9ce4467ec09c2fadb03e49fbc207be)
|
|
new functionality and testing interface for new pdb functions.
Also, quite a bit of objects is being added to pdbedit in order to make
it able to find domain sid automatically (if not given explicitly).
If such amount of "wisdom" is not required to be in pdbedit, I'll move
it to 'net' which will have this new functionality, anyway.
rafal
(This used to be commit cfb1b7bda905c8391bf065ecb99bb28806dfe96a)
|
|
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
(This used to be commit 69879ceffa587ccf2bf59e1c716424e1d20a7f68)
|
|
Fix bug in previous global_sam_sid() commit. I broke the 'read from
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit af1b6447b8292a83851361570219ee6d889e0898)
|
|
I *hate* global variables...
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit f3ecdea56d9ea6d562ace84f0e653a641eb96f6e)
|
|
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 9cadd14aa53d390a2419d7ce4fe48d58cf372279)
|
|
Volker
(This used to be commit f5af0326e67c0eb7be6f4b07f8b89c4c680903ac)
|
|
Set the HWM values correctly after having manipulated the tdb.
Volker
(This used to be commit efad125f40858176145c69265d06b25295292132)
|
|
new system and a user is being added via pdbedit/smbpasswd.
Found at Connectathon setup.
Jeremy.
(This used to be commit 93580927dc255f205283b64c72fb95be990d2216)
|
|
(This used to be commit caef425d803fa01aa6f54339f8bc17fc752f73b0)
|
|
(This used to be commit 22c312b31d545914ae3fd12a11915ed046421f38)
|
|
Volker
(This used to be commit 5fb9028942e2f16b153f42911e837008824dcecc)
|
|
Volker
(This used to be commit 9d66043ed71d0c0f787a67b06b93f4f3b489c21c)
|
|
Volker
(This used to be commit d8ff6e4b30bda45b5f8680694da383d5769d7db5)
|
|
(This used to be commit c4114a0664467383fc343a55360b48a985fa45ac)
|
|
(This used to be commit 2478501d402a07248d6181d4c9de253b203ff67c)
|
|
fixes for 'net share'
(This used to be commit 447d4fee6c245a5bbf0c33c8ffb0fd9041e51c24)
|
|
Volker
(This used to be commit f524a493154a5f7304be472064550cd61af8305d)
|
|
Make it possible to 'net rpc samdump' of any domain you are currently joined
to, despite any smb.conf settings.
Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.
Andrew Bartlett
(This used to be commit c4b6bd85978b61c4c9c34dde122e968c3771f2e6)
|
|
Add some help for 'net rpc password'.
Andrew Bartlett
(This used to be commit 2c6f1966d6c25238d73a46132c05794677c3a882)
|
|
Make more functions static, and remove duplication in the use of functions
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
This also includes some >14 character password changes, and the start
of a move away from using 'admin user' to determine if the user is
root (as root can login without setting 'admin user').
Andrew Bartlett
(This used to be commit be0704abb919152c359a735023283acbf9be3076)
|
|
Make this table static const.
Andrew Bartlett
(This used to be commit 3803cb36e9d94c08bf310c0ef1cdfc29b443dc0e)
|
|
I should have done this years ago...
This adds the very simple 'admin set password' capability to 'net rpc',
much as we have it for 'net ads'.
Andrew Bartlett
(This used to be commit 5243b89e33efd2ea8842a624d8abd6c5755afb64)
|
|
(This used to be commit 63206b1204bd532bf99912cd4312baf7d69db1f6)
|
|
This adds client-side support for the unicode/SAMR password change scheme.
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 8063b8b6c2eb30cb116988e265fb289109d7c348)
|
|
(This used to be commit 3ec0d3abe9c838ad78fb8fd6a390ea3d8d2b9fcf)
|
|
see a reason why we have so many special cases and not simply use
nt_errstr(nt_status).
Comments?
Volker
(This used to be commit 18fa3ee649102f4bd36f9b03702fe72d234b6a3a)
|
|
initialized.
Also split out the oldstyle join into a new fn, allowing us to call it
with no failure message from net rpc join, but displaying a failure message
when used with net rpc oldjoin.
(This used to be commit cab0a4c4d5c7bf9d89697bf1d351eafbd00d7fd2)
|
|
the parms to cli_lsa_query_info_policy without changing them here...
(This used to be commit 97d6f4752572cc10894e6e80379c25f5da143ad1)
|
|
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
|
|
code changes form 3.0
(This used to be commit 2279e98cb81faaf8a4e971fec339955f14c23858)
|
|
using pread/pwrite. Modified a little to ensure fsp->pos is correct.
Fix for #889.
Jeremy.
(This used to be commit 3a24dc868d95c9bcc2ac3a0dbd50e6e226ac0841)
|
|
I think this was tpot's originally:
Fix format types for 64 bit systems.
Andrew Bartlett
(This used to be commit 256b2da7c96e8313f4f98ce700fc7634eaccb72b)
|
|
JHT came up with a nasty (broken) torture case in preparing examples for
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name -> sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)
|
|
Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.
This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.
--
Get the DOMAIN\username around the right way (I had username\domain...)
Push the unix username into utf8 for it's trip across the socket.
Andrew Bartlett
(This used to be commit 4c2e1189ff84d254f19b604999d011fdb17e538d)
|
|
Remove testing hack
Make the name of the NTLMSSP client more consistant before we lock it in stone.
Andrew Bartlett
(This used to be commit 273dcda9ce62eb04c9cce673bb49b41982b26d98)
|
|
Move our basic password checking code from inside the authentication
subsystem into a seperate file - ntlm_check.c.
This allows us to call these routines from ntlm_auth. The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind. This should allow for easier debugging.
ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's
work)
Andrew Bartlett
(This used to be commit 2f196bb31ac83cf7922583063c74a5f679ca5be7)
|
