Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 6caca4301ba88d026ce1989cefd3e9eeb65df376)
|
|
subdirectory.
(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).
This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.
Andrew Bartlett
(This used to be commit 782835470cb68da2188a57007d6f55c17b094d08)
|
|
winbindd_lookup_usergroups()
(This used to be commit dd2048c418da7a08bc71305491953731fc427f5a)
|
|
(This used to be commit 091f01f34ab0ff7d394811af0d027ea3bad56d0e)
|
|
(This used to be commit 1dd462844a9b90b498ee79ca33e4048980e2af5f)
|
|
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)
|
|
(This used to be commit 2e916222a915c27f919a9841bde5ba0967af2190)
|
|
Why do people keep adding stuff to includes.h (OK I am guilty of this too)?
It's getting really huge and full of random junk. )-:
I've noticed TNG have started to split stuff up in to individual header
files included as needed.
(This used to be commit 36630f3984cb2bc4e60d910889e0396891cbc088)
|
|
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
|
|
(This used to be commit 1c9d951f86609b08e5660b0fc966c5e5058a3ce2)
|
|
(This used to be commit 6dda341bc80dc7c4d044df134fc153f646a6a4e9)
|
|
(This used to be commit 09127d85dc91037c9d0280b57d48d23e93a39f8b)
|
|
(This used to be commit b14ae495028da4d2b995cefa786746d2c649460c)
|
|
(This used to be commit 0c1f90402bf6aa403719cef59afd127ae42b0865)
|
|
(This used to be commit db0bee1c68d8d9af3febb841c86cd3d4ade87c7b)
|
|
(This used to be commit a1304be045d9cfd7bb793bb55ff49e158440a90e)
|
|
(This used to be commit d7216424d94ee89e1760596c8f87d1883f369771)
|
|
Jeremy.
(This used to be commit 97dca242a91c68048e510f42be53421b533183be)
|
|
Jeremy.
(This used to be commit 4aca67761fbe601e27f8f768c28a11241f088bba)
|
|
map.
This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool
invoke by setting:
auth methods = guest sam name_to_ntstatus
in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).
Andrew Bartlett
(This used to be commit 9807e66f34c1088399657060977e384c5a7f0664)
|
|
(This used to be commit c28956d8601c103c3f8dab4253de80e6a00a02d7)
|
|
samba domain.
The PDC must be running a special authenticaion module that spits out NT errors
based on username.
Andrew Bartlett
(This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
|
|
we need to bail here.
(This used to be commit ea0331354e5968aa0a25c0b12379a56c72d7946b)
|
|
Jeremy.
(This used to be commit 84b62d3c8ebd78cd578ac36168631b3bbcafdd8c)
|
|
(This used to be commit 3f1cfb62e85343a45817651f111f01051fc66b18)
|
|
(This used to be commit b390d6eef95ee6094eb193006bc2f23c40291026)
|
|
(This used to be commit 720c50a7514febdd7cfd6ce40b7b5a0c5cc0abf8)
|
|
(This used to be commit f482583139eedb75a23c7a720dca4e8fb7070fd5)
|
|
(This used to be commit ae0eabd04c97320c2cf3c4575263c53cf61d03ea)
|
|
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)
|
|
(This used to be commit 1a5ef2425747c2e0c7cf28fc7712563039086100)
|
|
(This used to be commit 69d256af4612f5c1277202eb8a7ef37eb6bb55f4)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
(This used to be commit ad7afbfdea600a62fa1550bd354996ad38807533)
|
|
The rewrite fixes a number of things:
- much better command line parsing
- fixed usage of static and const
- better finding of hosts
- clean internal separation of sub-functions
- expandable design
(This used to be commit 0f88d9c50e419504b9ceca5eadbe30ee04fa42dc)
|
|
(large change to modularise the auth subsystem)
Andrew Bartlett
(This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
structre contains pointers (well not if you intend of free those pointers
at some stage)
There is no reason (given the new passdb interface) that you can't modify a
SAM_ACCOUNT in any case.
Andrew Bartlett
(This used to be commit e8e73f7f0fcd86c8c2bfe3fc0b44ea2fd6570cc5)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
Jeremy.
(This used to be commit fe288b14cc7f2bc6b8427438da672e7dd7812027)
|
|
J.F.
(This used to be commit 75ee50bbef531a1487c1f8b76b8e70627fbdbdf1)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
Jeremy.
(This used to be commit a58d0f91f9ee7354c01a9c20cfe178d5dc02142d)
|
|
Jeremy.
(This used to be commit 20a4167599ce211f239d0f324e7e73a1c2d8a5a6)
|
|
NT4 server.
This lets our Win9X clients give sane error messages when you get passwords wrong
and the like.
Andrew Bartlett
(This used to be commit f199e9518226ed57a011113bdf06c85265e49674)
|
|
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined
as 0x8000001a instead of 0xc000001a. The former is actually a
NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status
code.
Removed the & 0xffffff from the loop in get_nt_error_msg() as all the
error constants now have the correct high bits set.
(This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
|
|
(This used to be commit 6ce1eec09de64f19d969a67fc236abd4ae277926)
|
|
(This used to be commit 53963eae7d5930246c6c0c0b947f425d50d382c3)
|
|
(This used to be commit a875b3a6e7a9501a31fe15fb9b04394a95484e77)
|
|
winbindd.
(This used to be commit 72060a6f5af505d597f372d550d7f3fe559e5550)
|