Age | Commit message (Collapse) | Author | Files | Lines |
|
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
(This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
|
|
expression.
(This used to be commit 3813517a8b561e7210ffc32ce861683b057d18eb)
|
|
to the main SAMBA_4_0 tree.
NOTE: that it's not completely ready, but it's functional:-)
metze
(This used to be commit c78a2ddb28ec50d6570a83b1f66f18a5c3621731)
|
|
This removes the code that tried to lookup posix groups, as well as
the code that was tied to the SAM_ACCOUNT.
This should make auth_ldb much easier to write :-)
Andrew Bartlett
(This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
|
|
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
|
|
samr_QueryUserInfo levels except for the password
set levels.
This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4
(This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
|
|
(This used to be commit 2cb06b39d91ef18b21c18e9376ccbd8076aeecf8)
|
|
range of NTSTATUS codes that are normally invalid to prevent conflicts
with real error codes.
use the new DOS facility to fix the ERRbaduid return that volker found
(This used to be commit 10fdfb52398857b604fff9684ee65a96d970bdaa)
|
|
(This used to be commit 85e57684b4dc4edcfd6d4cd1492d63810f8ce211)
|
|
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
|
|
I'd like to see more protocol defininitions in the IDL files and less
in smb.h where possible.
(This used to be commit 854b875bbe447955fb0c3876f046931d0bfde06c)
|
|
rare thing, a non-length string (ie. not a WIRE_STRING) but a null
terminated char string. There wasn't a good interface to pull that
out of a blob (all the string interfaces assumed WIRE_STRINGS). Added
a new one, only used for this call. Sucks, I know - but the alternatives
suck more. Added tests for some of the unix info returned.
Jeremy.
(This used to be commit 4d0ed04c54b105789ffd32334c3b0e544f02418c)
|
|
Jeremy.
(This used to be commit a25ae9addbb362abf67a0cbd6e62bf4cbe06d8b7)
|
|
client library before this test can work.
Jeremy.
(This used to be commit 7b2a2665438a1dbc05053a13f5f84bb56dacd073)
|
|
added ldbedit, a _really_ useful command
added ldbadd, ldbdel, ldbsearch and ldbmodify to build
solved lots of timezone issues, we now pass the torture tests with
client and server in different zones
fixed several build issues
I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4da1841653624fe304b1c8d812c0fdd9)
|
|
breakage
caused by someone recently ...
1. Add configure check HAVE_COMPARISON_FN_T to see if this is defined. I
have not checked this on Linux yet, but will do so soon.
2. Add the definitions of malloc_p, realloc_p etc.
3. Check for LDAP and don't build stuff that depends on LDAP if we don't\
have it.
It currently builds on FreeBSD but there is one warning printed out at the end.
(This used to be commit 7b34fbe0f2ef175e5504e34e4f3cdf9a0563970f)
|
|
- fixed build of the ldb registry backend
(This used to be commit 0b66590330603efaa816fd2348c05a994a1580ef)
|
|
- Start with the LDB backend
- The API is now more windows-like, which should make it easier to use
in rpc_server
- Added a GTK+ front-end
- Added some more IDL
More updates will follow, especially in the RPC field..
(This used to be commit 3adffa021779b26047a20f16a3c0b53d74751560)
|
|
in various crypto
routines
(This used to be commit f6cf9020c8899e784385ea0e14fa465685441ee6)
|
|
(This used to be commit 11717ae912449bde596ff6cf7d8fddcc86548f15)
|
|
see source/lib/registry/TODO for details.
(This used to be commit 7cab3a00d7b4b1d95a3bfa6b28f318b4aaa5d493)
|
|
(This used to be commit b881b72cb9cb5a4a8ad27b621e8cbe9dcfa7ba7f)
|
|
and remove NET_GROUP stuff, this needs to be implemented
in a better way if we ever readd this
metze
(This used to be commit da5f22976fb40ec96160439c7a926a15805fc7f0)
|
|
metze
(This used to be commit cbfa29549e5b302f947c7f2ca14fbea257e46c33)
|
|
metze
(This used to be commit 5ebd6fb761370cbe2835a2a2631e24e35bcaffb4)
|
|
and schannel are both instances of possible security modules
- added schannel sign and sign/seal support to the dcerpc client
code. You select it with binding options of "schannel,sign" or
"schannel,seal".
(This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
|
|
metze
(This used to be commit 041dc8c83df21c4cff9a62b9381ebc68b3876e77)
|
|
SMB_SUBSYSTEM() scheme
- some const fixes in ntvfs
metze
(This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)
|
|
metze
(This used to be commit 47a240d7b833542937a1b93829c1cf8baae2ffc5)
|
|
metze
(This used to be commit d634a78faef8f59266f253bac76585ec79ff1b54)
|
|
I plan to convert all objectfile group to use SMB_SUBSYSTEM
later I'll add a SMB_BINARY() and SMB_LIBRARY(), then there will be no more need
to touch Makefile.in, because all make rules will be autogenerated by configure
- convert the PROCESS_MODEL subsystem to this new scheme
and move the pthread test to smbd/process_model.m4
- convert the CHARSET subsystem to this new scheme
and move the iconv test to lib/iconv.m4
(This used to be commit 2e57ee884ebea194ee79ac20e84e385481b56aa2)
|
|
ldap and krb5 configure tests
libads/*.c and libcli/raw/clikrb5.c from 3.0
metze
(This used to be commit 64b5bfcd73d7626d6f687a641b11e64821144df7)
|
|
and exclude some files from Makefile.in
metze
(This used to be commit f77990cf2496f72d02566f09477349436be3dfcd)
|
|
metze
(This used to be commit e7694095d3c3f2e18ec2c05f74541dbb7954d79d)
|
|
metze
(This used to be commit 24dc237e109f6dce69814b22e0fb7878a7f6bfa8)
|
|
and some stuff from configure.in and dynconfig.[ch]
make all
makes
bin/gentest bin/masktest bin/smbd
bin/locktest bin/smbclient bin/smbtorture
bin/ndrdump
now
metze
(This used to be commit e0043693a66a319ab7fef0e4202239c0b5d4bff8)
|
|
msrpc).
this was easier than I expected!
(This used to be commit a0a51af6b746b1f82faaa49d33c17fea9d708fb0)
|
|
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
|
|
(This used to be commit 42dd8d888a1d4c09aebb199e8636f49df6d2e36a)
|
|
(This used to be commit f4abd20b8437703211676fb12ea23af8f0e4642a)
|
|
types on some platforms (eg. solaris)
(This used to be commit ac8a23af8c67d2e39bb6cfd409c50f1f429cf271)
|
|
(This used to be commit d0bef33ffa21ce5caaf8e052cbbd2bb32db40b0c)
|
|
I needed to hack the ntlmssp code a little, as the auth code in samba4
is out of date relative to the samba3 auth code. I need to do a merge :)
(This used to be commit 6ee0935afe9444bf9bb24eed4e02e8377dc746b7)
|
|
server endpoints. We can now successfully setup listening endpoints on
high ports, then use our endpoint mapper redirect incoming clients to
the right port.
also greatly cleanup the rpc over tcp session handling.
(This used to be commit 593bc29bbe0e46d356d001160e8a3332a88f2fa8)
|
|
needs quite a bit more work to get it finished. The biggest missing
feature is the lack of NTLMSSP which is needed for basic
authentication over tcp
(This used to be commit 9fb0f0369356909c99389e2cbc525be27c08793c)
|
|
implements the epm_Lookup() call, I'll add the other important calls
soon. I was rather pleased to find that epm_Lookup() worked first
time, which is particularly surprising given its complexity.
This required quite a bit of new infrastructure:
* a generic way of handling dcerpc policy handles in the rpc server
* added type checked varients of talloc. These are much less error
prone. I'd like to move to using these for nearly all uses of
talloc.
* added more dcerpc fault handling code, and translation from
NTSTATUS to a dcerpc fault code
* added data_blob_talloc_zero() for allocating an initially zero
blob
* added a endpoint enumeration hook in the dcerpc endpoint server
operations
(This used to be commit 3f85f9b782dc17417baf1ca557fcae22f5b6a83a)
|
|
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
|
|
IPC IO routines and the dcerpc endpoint servers.
(This used to be commit 4929c53bc8dddda8a763fdfbcf81a79776d01113)
|
|
(This used to be commit 5fb01b0ec0321724c25669151ea7c20e6ec182d0)
|
|
* updated tdb to latest version from Samba3
* removed some extraneous ';' in tdbutil.c (Thanks to Erlend Aasland
for pointing this out)
(This used to be commit f3eaf270e57d8d2e2157a6a36e260860c7f71c19)
|