| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Zero out some of the plaintext passwords for paranoia
Fix up some of the other passdb backends with the change to *uid_t rather than
uid_t.
Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.
Use sizeof() rather than magic numbers, it makes things easier to read.
Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.
Andrew Bartlett
(This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
|
|
(This used to be commit eeaa80aa09736dc1c5f5f72a1437eb9d9c0d4ae7)
|
|
(This used to be commit c80641b6f335aa706a2e384b7cfe7912be4a41b1)
|
|
This needs to use the auth interface at some stage, but for now this will do.
(This used to be commit 8dc4f2e44b150cdcdecd2f6028bf06907ff90cad)
|
|
(This used to be commit 531e24973227ca4f1ae65ffb2454aedd5871de96)
|
|
(This used to be commit c8b2718adfe114b74a155116c5e74f014d6df887)
|
|
(This used to be commit e0b56a31480906b39f37761eed20d3cad0d53973)
|
|
(This used to be commit 813bf962ae6f29ddcaee4bc8b67d8017f04172b1)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)
|
|
(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)
|
|
(This used to be commit 3b5e72bda3263c6bdf81dfface4fae4f06b71032)
|
|
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
|
|
of the lm challenge/response header in the NET_ID_INFO_2 structure included
in a network logon request. It seems Windows 2000 is the only OS that
cares about this.
(This used to be commit 0f6207f45567a8af0a125a838a5ed68ea6c22283)
|
|
request. This exposes a domain authentication bug with win2k where a rpc
fault is returned but not propagated up as an error.
(This used to be commit 27cd7ac85779bbc1e9488ee06e87b0c743c5b29c)
|
|
(This used to be commit b30232e2b7ddb5eab419d4e6237176f695a534ad)
|
|
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
|
|
flags so we just do a 'normal' session setup.
Also add some parinoia code to detect when sombody attempts to do a 'normal'
session setup when spnego had been negoitiated.
Andrew Bartlett
(This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
|
|
(This used to be commit c78fec86c97075bb5726fcb7ed197bc75dd88ac0)
|
|
the validation level.
(This used to be commit c79e94ea27aab31423b1bdc34e9cff25688dbe5f)
|
|
the validation level. This allows us to test interactive or network logons.
Interestingly enough a win2k native mode server generates a rpc fault when
presented with a network logon!
(This used to be commit 0758c0ea845dd0b552e4dab3ce05f0811fa9658e)
|
|
(This used to be commit b496936634a4b676aa2df973e64c91aa0da5d7d5)
|
|
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
(This used to be commit cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c)
|
|
made.
(This used to be commit c3f5df8d6743bb7b48118b378f23268008e74145)
|
|
there's a bug in the marshalling of net_sam_logon.
(This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
|
|
(This used to be commit 26fa0374bb5894ece460899ca37cf512c4424b2f)
|
|
structures directly.
Andrew Bartlett
(This used to be commit c2dc24ab6370236437b72b929e2a56e174163d78)
|
|
Add a new data_blob_clear_free() function - that zero's out the buffer
when its done.
(This used to be commit b02ed7ee195ebd9060f91e117c002d661b6cc9d6)
|
|
Volker
(This used to be commit fd1d0064b3a4fe834c5d8e810a12a8077f9d2a66)
|
|
just a hack to make things work.
(This used to be commit fd1bc3557a7ba57a983a29d36ce0461085fb6682)
|
|
(This used to be commit 92f953c156a39b54230c52c6102a319a4a5ca798)
|
|
(This used to be commit 06a7c28ea1be81c4a53f9a5b885c37fdde31f75c)
|
|
dos hars...
- addedd ascii compatibility functions
(This used to be commit 8b9302b7078f1dd5459051500ed19a696dc09ae0)
|
|
Thanks!
Andrew Bartlett
(This used to be commit f019bed7663b4a20c1b5ab6b59fcadda17b89acd)
|
|
Andrew Bartlett.
From kai@cmail.ru Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <kai@cmail.ru>
To: samba-technical@lists.samba.org
Subject: [patch]: makes some arrays const to be shared between processes
Hi!
This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.
Regards,
Andrew V. Samoilov.
P.S. Please cc your answer to kai@cmail.ru,
I don't subscribed to this list.
ChangeLog:
* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
(This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
|
|
In particular this commit focuses on:
The guts of the moving about inside passdb.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for the introduction of a large dose of 'const' to
the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
passdb/
- Kill off disp_info stuff, it isn't used any more - Kill off
support for writing to the old smbpasswd format, it isn't relevent
to Samba 3.0
- Move around and modify the pdb_...() helper functions, adding
one that sets the last changed time to 'now' and that sets the
must change time appropriately.
- Remove the ugly forced update of the LCT- value in
pdb_smbpasswd. - Remove the implicit modification of the ACB
flags when both NT and LM passwords are set.
- Removed substation in pdb_getsampwnam output, as a single
password change will render them inoperable in any case (they
will be substituted and stored)
- Added a default RID to the init_sam_from_pw() function, based on
our rid algorithm.
- Added checks that an smbpasswd stored user has a uid-based RID.
- Fail to store tdb based users without a RID
lib/
- Change the substituion code to use global_myname if there is
no connection (and therefore no called name) at the present time.
(This used to be commit 8f607810eb24ed1157bbd2e896c2c167bc34d986)
|
|
In particular this commit focusses on:
Adding the new 'pass changed now' helper function.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
(This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)
|
|
allow hex or decimal rids to be specified.
(This used to be commit d93488b953337890a17de124f88cf2066f733c40)
|
|
(This used to be commit 49d47238267c3a2e0fc466178b779a692a7809ff)
|
|
cli_samr_query_userinfo function used to do this.
(This used to be commit da2c167660ec12360354f96dc672d935f58dd9c0)
|
|
correct uid.
(This used to be commit ad30a35ebc04f6a56c3ffb28bfb793557cf1fdf7)
|
|
this fixes also the bug with file renaming.
(This used to be commit 5246d7609c3aff658fcd08a1f1c1bb6e11509e35)
|
|
(This used to be commit bc909797efcb9b13480d1a77e1429473bb107ed4)
|
|
I understand that Vance is reworking the build_options stuff, so maybe we can
have better way of regenerating this in future.
Andrew Bartlett
(This used to be commit a228e9b39f0a5642d5acaba90a92ba0b29adf689)
|
|
lib/debug.c: Fix for potential null pointer access.
Jeremy.
(This used to be commit 5a4d22dd66ab782f6161aa5a4162c0e7f1d811fb)
|
|
environments.
Jeremy.
(This used to be commit e5f8147d02b57198f684c6686dfa497c6732ff44)
|
|
(This used to be commit 4f4dace5772780cf4eedc0ebca1c60d04171eb74)
|
|
Thanks!
(This used to be commit 5fda15463a63018d917fbd7d6d9dd1fb0b2558cf)
|
