Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 1c9d951f86609b08e5660b0fc966c5e5058a3ce2)
|
|
(This used to be commit 09127d85dc91037c9d0280b57d48d23e93a39f8b)
|
|
(This used to be commit b14ae495028da4d2b995cefa786746d2c649460c)
|
|
(This used to be commit b390d6eef95ee6094eb193006bc2f23c40291026)
|
|
(This used to be commit 720c50a7514febdd7cfd6ce40b7b5a0c5cc0abf8)
|
|
(This used to be commit f482583139eedb75a23c7a720dca4e8fb7070fd5)
|
|
(This used to be commit ae0eabd04c97320c2cf3c4575263c53cf61d03ea)
|
|
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
The rewrite fixes a number of things:
- much better command line parsing
- fixed usage of static and const
- better finding of hosts
- clean internal separation of sub-functions
- expandable design
(This used to be commit 0f88d9c50e419504b9ceca5eadbe30ee04fa42dc)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
lookup uses password server parameter when looking for PDCs.
Jeremy.
(This used to be commit 54c968913d6553c6d834b068234ab176917075eb)
|
|
Jeremy.
(This used to be commit 694372b2c4d7713fe228114730027175f7b4e9b6)
|
|
versions defined by libreadline on SCO (!).
(This used to be commit 32480d7aff21ce1c14991e242aaf8a4e14ec6f2a)
|
|
shows all the available options, but explains that you must be root to
use them. Surely this is less confusing?
(This used to be commit 19f5f813995d1cf3874df705ab5e71aa5eb14ae6)
|
|
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
|
|
for new command option
(This used to be commit 3623fbb4f0182b201d62491fa0680c29a4fd68e3)
|
|
(This used to be commit b83b21e9ca364a097455c119815074f23324111d)
|
|
- Basic functionality intact
- Now adds machine accounts without a uid. (using the machine uid range to
avoid conflict with real uid based accounts)
(This used to be commit 09d2e05d26f71b10ccabe4c6fa168a4923697bae)
|
|
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in....
They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure
it's not being used correctly....
Jeremy.
(This used to be commit b1930abb35dee74f858a3f7190276c418af2322b)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
(This used to be commit a1f3930637a6ccadd4dba90dcd713cf1e4b5a536)
|
|
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
|
|
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
(This used to be commit cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c)
|
|
just a hack to make things work.
(This used to be commit fd1bc3557a7ba57a983a29d36ce0461085fb6682)
|
|
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
|
|
(This used to be commit 5a482350a74e255b8db1ea3c8e76654d6f089f51)
|
|
(This used to be commit 0be7bf421be5ccff295a0d36331e915fce31796f)
|
|
Jeremy.
(This used to be commit d01a9e5974d80ee8be2f7a20aeaae5826325d035)
|
|
(This used to be commit 50c243518aa7996e697876096073598a3b5a8d3a)
|
|
of gettext for internationalisation support. There is more to do
(This used to be commit ab7f67677a1ade4669e5c2750d0a38422ea616a9)
|
|
Jeremy.
(This used to be commit d1adaee373f08020d350af2aa65b7651da94bdae)
|
|
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit 90dcbe16be065e2113fba1d3cee28f40be1bb86c)
|
|
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
(This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
|
|
these yesterday ?).
Jeremy.
(This used to be commit e25dc68843ed10d8454cb8166c39ff4b2e6a4159)
|
|
Jeremy.
(This used to be commit 76fac3eb945c7ced28c5685849d3616bb7c89ca2)
|
|
to use the pdb_ formatting functions.
Similarly, it now uses pdb_set...() rather than accessing passdb members
directly.
Andrew Bartlett
(This used to be commit e3b7cac47f4fd9dff289a367ef6649b14c117d17)
|
|
therfore ensuring sensible defaults for some values, notably account expriries
which mean 'locked out' if == 0.
This NEEDS to be merged into 2.2.2 or people can get wrongly initilaised TDB
records. (which will only fail on future versions of samba).
Andrew Bartlett
(This used to be commit f0f315f31533bb5dc47d27cd6823ad0b146f1ff9)
|
|
Volker
(This used to be commit 9ecd9db4efc7b736bef0e01a5e157e149a381587)
|
|
lookup' value.
(This used to be commit 5f5b4b48ca78b3981001965058a2b4e796ba815c)
|
|
(This used to be commit 67db8f03c5c9e81e11b5f3276b50ee23e09a2659)
|
|
tx Andreas Moroder.
(This used to be commit 8d60a825f74a340beba11193a28fd83b0c4a8129)
|
|
Jeremy.
(This used to be commit 6399cf490dffbd162afa06f18cdd6e0364db567d)
|
|
(This used to be commit 70bd17473a2106ef41b5d921595ce537ec1871cb)
|
|
returns NULL.
(This used to be commit afdf93836b59d5d9ede2ac0f3298d99471872829)
|