| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
(large change to modularise the auth subsystem)
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
structre contains pointers (well not if you intend of free those pointers
at some stage)
There is no reason (given the new passdb interface) that you can't modify a
SAM_ACCOUNT in any case.
Andrew Bartlett
|
| |
|
|
|
|
| |
and more to come ...
J.F.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
J.F.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
NT4 server.
This lets our Win9X clients give sane error messages when you get passwords wrong
and the like.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined
as 0x8000001a instead of 0xc000001a. The former is actually a
NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status
code.
Removed the & 0xffffff from the loop in get_nt_error_msg() as all the
error constants now have the correct high bits set.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
winbindd.
|
| |
|
|
| |
doxyfy.
|
| |
|
|
|
|
|
|
| |
winbindd_lookup_sid_by_name. Also if the lookup fails then clobber
the output parameters rather than leaving them looking potentially
valid.
Add doxygen.
|
| |
|
|
| |
pointer itself. (Whatever that is.... ;-)
|
| |
|
|
| |
Made test names more verbose.
|
| | |
|
| |
|
|
|
| |
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
That works as expected now.
J.F.
|
| |
|
|
|
|
| |
of a privilege.
J.F.
|
| |
|
|
| |
J.F.
|
| |
|
|
|
|
|
|
|
| |
lookupname/lookupsid.
There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was
being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped
was being returned. The correct field is mapped_count, *NOT* num_entries.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
under it.
|
| |
|
|
|
|
|
|
|
|
|
| |
discovered that our reply is short by 4 bytes since day 1 of this code.
Added a decode function to rpcclient too.
splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).
J.F.
|
| |
|
|
|
| |
lookup uses password server parameter when looking for PDCs.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
be easily added (a one liner) once we know the correct error codes returned
by a W2K DC.
All other winbindd calls should go through a similar transparent caching layer
(and will soon).
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
