| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
(This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
|
|
'net' untility.
This should make it easier to port rpcclient code across to net.
It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse
it kills off the early destruction of the clear-text password.
Andrew Bartlett
(This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
|
|
Andrew Bartlett
(This used to be commit 8dbd9702d829eaefcdab8e3f8a4750befa884234)
|
|
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett
(This used to be commit 8739d426caabe3794a018dd28ab139b08f88b603)
|
|
(This used to be commit 97627e424a1de3df0a6f7a9bfaaf3ece4dd2036d)
|
|
definitions.
(This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
|
|
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
|
|
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
(This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
|
|
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
|
|
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
|
|
conflicts with nmbd's definition.
(This used to be commit 70e9c2efaada4be609ff053d216d554cb036df4e)
|
|
(This used to be commit 8227f6909cca67fcc1a8455f4b386df7778ef2e7)
|
|
and replaced with two functions:
void zero_ip(struct in_adder *ip);
BOOL is_zero_ip(struct in_addr ip);
(This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
|
|
(This used to be commit 1c9d951f86609b08e5660b0fc966c5e5058a3ce2)
|
|
(This used to be commit 09127d85dc91037c9d0280b57d48d23e93a39f8b)
|
|
(This used to be commit b14ae495028da4d2b995cefa786746d2c649460c)
|
|
(This used to be commit b390d6eef95ee6094eb193006bc2f23c40291026)
|
|
(This used to be commit 720c50a7514febdd7cfd6ce40b7b5a0c5cc0abf8)
|
|
(This used to be commit f482583139eedb75a23c7a720dca4e8fb7070fd5)
|
|
(This used to be commit ae0eabd04c97320c2cf3c4575263c53cf61d03ea)
|
|
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
The rewrite fixes a number of things:
- much better command line parsing
- fixed usage of static and const
- better finding of hosts
- clean internal separation of sub-functions
- expandable design
(This used to be commit 0f88d9c50e419504b9ceca5eadbe30ee04fa42dc)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
lookup uses password server parameter when looking for PDCs.
Jeremy.
(This used to be commit 54c968913d6553c6d834b068234ab176917075eb)
|
|
Jeremy.
(This used to be commit 694372b2c4d7713fe228114730027175f7b4e9b6)
|
|
versions defined by libreadline on SCO (!).
(This used to be commit 32480d7aff21ce1c14991e242aaf8a4e14ec6f2a)
|
|
shows all the available options, but explains that you must be root to
use them. Surely this is less confusing?
(This used to be commit 19f5f813995d1cf3874df705ab5e71aa5eb14ae6)
|
|
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
|
|
for new command option
(This used to be commit 3623fbb4f0182b201d62491fa0680c29a4fd68e3)
|
|
(This used to be commit b83b21e9ca364a097455c119815074f23324111d)
|
|
- Basic functionality intact
- Now adds machine accounts without a uid. (using the machine uid range to
avoid conflict with real uid based accounts)
(This used to be commit 09d2e05d26f71b10ccabe4c6fa168a4923697bae)
|
|
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in....
They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure
it's not being used correctly....
Jeremy.
(This used to be commit b1930abb35dee74f858a3f7190276c418af2322b)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
(This used to be commit a1f3930637a6ccadd4dba90dcd713cf1e4b5a536)
|
|
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
|
|
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
(This used to be commit cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c)
|
|
just a hack to make things work.
(This used to be commit fd1bc3557a7ba57a983a29d36ce0461085fb6682)
|
|
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
|
|
(This used to be commit 5a482350a74e255b8db1ea3c8e76654d6f089f51)
|
|
(This used to be commit 0be7bf421be5ccff295a0d36331e915fce31796f)
|
|
Jeremy.
(This used to be commit d01a9e5974d80ee8be2f7a20aeaae5826325d035)
|
|
(This used to be commit 50c243518aa7996e697876096073598a3b5a8d3a)
|
|
of gettext for internationalisation support. There is more to do
(This used to be commit ab7f67677a1ade4669e5c2750d0a38422ea616a9)
|
|
Jeremy.
(This used to be commit d1adaee373f08020d350af2aa65b7651da94bdae)
|
|
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
