| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
browse non-guest shares).
|
| | | | |
|
| | | |
| | |
| | |
| | | |
perfectly vailid behaviour for guest logins.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
back into order, becouse its the inverse tests that are 'failing' - they get
error 0 back and think that we just let sombody in without a password and the
like.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Zero out some of the plaintext passwords for paranoia
Fix up some of the other passdb backends with the change to *uid_t rather than
uid_t.
Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.
Use sizeof() rather than magic numbers, it makes things easier to read.
Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.
Andrew Bartlett
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
This needs to use the auth interface at some stage, but for now this will do.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
of the lm challenge/response header in the NET_ID_INFO_2 structure included
in a network logon request. It seems Windows 2000 is the only OS that
cares about this.
|
| | | |
| | |
| | |
| | |
| | | |
request. This exposes a domain authentication bug with win2k where a rpc
fault is returned but not propagated up as an error.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
flags so we just do a 'normal' session setup.
Also add some parinoia code to detect when sombody attempts to do a 'normal'
session setup when spnego had been negoitiated.
Andrew Bartlett
|
| | | | |
|
| | | |
| | |
| | |
| | | |
the validation level.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
the validation level. This allows us to test interactive or network logons.
Interestingly enough a win2k native mode server generates a rpc fault when
presented with a network logon!
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
|
| | | |
| | |
| | |
| | | |
made.
|
| | | |
| | |
| | |
| | | |
there's a bug in the marshalling of net_sam_logon.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
structures directly.
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | | |
Add a new data_blob_clear_free() function - that zero's out the buffer
when its done.
|
| | | |
| | |
| | |
| | | |
Volker
|
| | | |
| | |
| | |
| | | |
just a hack to make things work.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
dos hars...
- addedd ascii compatibility functions
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Thanks!
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Andrew Bartlett.
From kai@cmail.ru Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <kai@cmail.ru>
To: samba-technical@lists.samba.org
Subject: [patch]: makes some arrays const to be shared between processes
Hi!
This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.
Regards,
Andrew V. Samoilov.
P.S. Please cc your answer to kai@cmail.ru,
I don't subscribed to this list.
ChangeLog:
* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In particular this commit focuses on:
The guts of the moving about inside passdb.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for the introduction of a large dose of 'const' to
the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
passdb/
- Kill off disp_info stuff, it isn't used any more - Kill off
support for writing to the old smbpasswd format, it isn't relevent
to Samba 3.0
- Move around and modify the pdb_...() helper functions, adding
one that sets the last changed time to 'now' and that sets the
must change time appropriately.
- Remove the ugly forced update of the LCT- value in
pdb_smbpasswd. - Remove the implicit modification of the ACB
flags when both NT and LM passwords are set.
- Removed substation in pdb_getsampwnam output, as a single
password change will render them inoperable in any case (they
will be substituted and stored)
- Added a default RID to the init_sam_from_pw() function, based on
our rid algorithm.
- Added checks that an smbpasswd stored user has a uid-based RID.
- Fail to store tdb based users without a RID
lib/
- Change the substituion code to use global_myname if there is
no connection (and therefore no called name) at the present time.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In particular this commit focusses on:
Adding the new 'pass changed now' helper function.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
|
| | | |
| | |
| | |
| | | |
allow hex or decimal rids to be specified.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
cli_samr_query_userinfo function used to do this.
|
| | | |
| | |
| | |
| | | |
correct uid.
|
