| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| | |
like the domain name and SID come from the remote domain, not the local
one. These are filled out by the code from the previous commit (auth_util.c,
the make_server_info_info3() fn) and read back here.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It extends the 'server mutex' to conver security=server, becouse the connection
race condition exists here too, and while people *should* use security=domain,
some sites don't....
(This probably should be done in 2.2 as well).
Also, start to actually extract and use the information that the remote
server returns in the info3 struct.
The server mutex code is now in a new file.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
deveopers hack to always send a fixed challange, for the benifit
of tutorials and packet sniffing etc.
Enabling this module removes all security, so its a --enable-developer
option.
Andrew Bartlett
|
| | |
| |
| |
| | |
and that local accounts are perfectly fine.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
use the silly cache any more. Also add group functions and fix a few callers.
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
already.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
of implementing it twice inline.
This code is complex - but occasionally I get the feeling that people made
it more complext than it really needed to be...
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
(invalid passdb backends smb.conf entry) we picked up a few things :-).
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
the passdb backends fail to load (is this the right way? - I think so).
Also, I've added some more comments, cleaned up some style etc.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.)
Andrew Bartlett
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
modifications required to suppress the const warnings.
Andrew Bartlett
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| | |
be static
very very slow ... I leave it as an exercise for the reader to make
this O(n) instead of O(n^2)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
O'Connor(billy@oconnoronline.net)
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
the (now static) global_sam_sid.
The only place it was being used was to return global_sid_NULL to some
uid->sid functions - and I'm not convinced this is correct in any case.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
I think it should be removed from CVS. This matches the other proto files.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
charsets, becouse it really don't apply well with Samba 3.0 and unicode.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
involving the use of lp_winbind_gid() without checking if they have been
set.
Also revert the 'clashing user' check back to a Get_Pwnam() - I probably should
never have changed it.
Andrew Bartlett
|
| | |
| |
| |
| |
| | |
we leave the gid alone.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
initialising function. This patch thanks to the work of
"Stefan (metze) Metzmacher" <metze@metzemix.de>
This is partly to enable the transition to SIDs in the the passdb.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| | |
a file that is linked with the passdb.
This is to avoid linking insanity when this global becomes a self-initing
function.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(const, takes unix string as arg)
Also update cli_full_connection to take NULL pointers as 'undefined' correctly,
and therefore do its own lookup etc. This what was intended, but previously
you needed to supply a 0.0.0.0 IP address.
Andrew Bartlett
|
