Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)
|
|
(This used to be commit 1a5ef2425747c2e0c7cf28fc7712563039086100)
|
|
(This used to be commit 69d256af4612f5c1277202eb8a7ef37eb6bb55f4)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
(This used to be commit ad7afbfdea600a62fa1550bd354996ad38807533)
|
|
The rewrite fixes a number of things:
- much better command line parsing
- fixed usage of static and const
- better finding of hosts
- clean internal separation of sub-functions
- expandable design
(This used to be commit 0f88d9c50e419504b9ceca5eadbe30ee04fa42dc)
|
|
(large change to modularise the auth subsystem)
Andrew Bartlett
(This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
structre contains pointers (well not if you intend of free those pointers
at some stage)
There is no reason (given the new passdb interface) that you can't modify a
SAM_ACCOUNT in any case.
Andrew Bartlett
(This used to be commit e8e73f7f0fcd86c8c2bfe3fc0b44ea2fd6570cc5)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
Jeremy.
(This used to be commit fe288b14cc7f2bc6b8427438da672e7dd7812027)
|
|
J.F.
(This used to be commit 75ee50bbef531a1487c1f8b76b8e70627fbdbdf1)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
Jeremy.
(This used to be commit a58d0f91f9ee7354c01a9c20cfe178d5dc02142d)
|
|
Jeremy.
(This used to be commit 20a4167599ce211f239d0f324e7e73a1c2d8a5a6)
|
|
NT4 server.
This lets our Win9X clients give sane error messages when you get passwords wrong
and the like.
Andrew Bartlett
(This used to be commit f199e9518226ed57a011113bdf06c85265e49674)
|
|
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined
as 0x8000001a instead of 0xc000001a. The former is actually a
NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status
code.
Removed the & 0xffffff from the loop in get_nt_error_msg() as all the
error constants now have the correct high bits set.
(This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
|
|
(This used to be commit 6ce1eec09de64f19d969a67fc236abd4ae277926)
|
|
(This used to be commit 53963eae7d5930246c6c0c0b947f425d50d382c3)
|
|
(This used to be commit a875b3a6e7a9501a31fe15fb9b04394a95484e77)
|
|
winbindd.
(This used to be commit 72060a6f5af505d597f372d550d7f3fe559e5550)
|
|
doxyfy.
(This used to be commit 6ddd8e7bf69d8aee4148cbcf72de55c903d5f0a1)
|
|
winbindd_lookup_sid_by_name. Also if the lookup fails then clobber
the output parameters rather than leaving them looking potentially
valid.
Add doxygen.
(This used to be commit 61dba52a549039255e46393be1618d3eb54b79dd)
|
|
pointer itself. (Whatever that is.... ;-)
(This used to be commit 1393c7c4ede1d6d624c3f5d0bfa4c18b0c6dc27f)
|
|
(This used to be commit 039ea0a0b94be2d70164616f448c0e29fed071cf)
|
|
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
|
|
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
|
|
(This used to be commit 5d343b40650464ae70037fd6e3fd96a9865fa611)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
(This used to be commit d1dee2d0323fe6fc498e50201535b1718a88abaf)
|
|
(This used to be commit d2034bc5f7dc9b5b9d5e4f17ee8e468307dcb2d5)
|
|
That works as expected now.
J.F.
(This used to be commit f2766932d693fc601b2c3e7853e61f751435ec3c)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
|
J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
|
|
lookupname/lookupsid.
There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was
being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped
was being returned. The correct field is mapped_count, *NOT* num_entries.
Jeremy.
(This used to be commit 9f8c644abc455510c06dbd5dbac49c6270746560)
|
|
Jeremy.
(This used to be commit 7883a2288a6e3198e10ab4e02ed4585e7bb313f6)
|
|
Jeremy.
(This used to be commit d039d4fa507a7284e7e1cada0026c63863fe0a2d)
|
|
Jeremy.
(This used to be commit d3f5d5a4aca0d5bc8c4db7dfa8b766b7cda808eb)
|
|
(This used to be commit 90ed3d47e16a511161532f75b98db3f4b10ba685)
|
|
(This used to be commit 48f2da440f973047faa7ecf031be66bc30d4a985)
|
|
(This used to be commit 0c0f3223731cfb46a0e3b8e289c13c8f908e0cf2)
|
|
(This used to be commit 96b3a65a73d403a41bf1b3aba79bd743698344ac)
|
|
(This used to be commit f1143cd02c24f7c56b2e4ec70f77f22dbc01b113)
|
|
(This used to be commit b51e5b07d9f7719180b28215236efc3fa09d8bea)
|
|
under it.
(This used to be commit 43c496598f8e1aedc9c80222e60bb8e7b3027e03)
|
|
discovered that our reply is short by 4 bytes since day 1 of this code.
Added a decode function to rpcclient too.
splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).
J.F.
(This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
|
|
lookup uses password server parameter when looking for PDCs.
Jeremy.
(This used to be commit 54c968913d6553c6d834b068234ab176917075eb)
|
|
(This used to be commit edb556b47446f75dc4987eee15276661eb6cec8d)
|
|
(This used to be commit 096868bd35b374f97e570676fc23c006b6c7a1d3)
|
|
(This used to be commit 6d7c0f0bb4cbfdcd9a83416345432e07556f6cfc)
|