| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
default, rather than in preprocessor macros.
|
| |
|
|
|
|
| |
All this stuff was being pulled in due to *one* unneeded call to
fetch a domain SID which smbpasswd already puts in the database...
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
rpc_spoolss.h header file.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
GetPrinterDataEx() and SetPrinterDataEx(). Not sure what the command
number is for the latter is - I haven't seen it on the wire yet.
|
| |
|
|
|
| |
to detect this in configure.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- old mangle code has gone, the new one based on tdb seem resonably ok
probably the valid.dat table need to be updated to treat wild chars as
invalid ones (work ok without it)
- a LOT of new string manipulation function for unicode, they are somewhat
tested but a review would not be bad
- some new function I will need for the new unix_convert function I'm writing,
this will be renamed filename_convert and use only unicode strings.
- charconv, I attached a comment, if someone wnat to look if I'm right or
just was hacking to late in the night to make a sane one :)
of course any bug is my responsibility an will be pleased to see patches if
you find any. :-)
Simo.
|
| |
|
|
|
| |
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In particular this commit focuses on:
The guts of the moving about inside passdb.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for the introduction of a large dose of 'const' to
the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
passdb/
- Kill off disp_info stuff, it isn't used any more - Kill off
support for writing to the old smbpasswd format, it isn't relevent
to Samba 3.0
- Move around and modify the pdb_...() helper functions, adding
one that sets the last changed time to 'now' and that sets the
must change time appropriately.
- Remove the ugly forced update of the LCT- value in
pdb_smbpasswd. - Remove the implicit modification of the ACB
flags when both NT and LM passwords are set.
- Removed substation in pdb_getsampwnam output, as a single
password change will render them inoperable in any case (they
will be substituted and stored)
- Added a default RID to the init_sam_from_pw() function, based on
our rid algorithm.
- Added checks that an smbpasswd stored user has a uid-based RID.
- Fail to store tdb based users without a RID
lib/
- Change the substituion code to use global_myname if there is
no connection (and therefore no called name) at the present time.
|
| | |
|
| |
|
|
|
|
|
| |
NTLMSSP in cli_establish_connection()
What we really need to do is kill off the pwd_cache code. It is horrible,
and assumes the challenge comes in the negprot reply.
|
| |
|
|
| |
- accept a wide range of principal names in session setup
|
| | |
|
| |
|
|
|
| |
in a tdb.
Jeremy.
|
| |
|
|
|
|
| |
caused problems but is tidier).
Fix debug statement in locking.c
Jeremy.
|
| |
|
|
| |
Jeremy
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
it should give something for others to hack on and possibly find what
I'm doing wrong.
|
| |
|
|
|
|
| |
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To speed up operations with the lpq command, it's now run in a separate
asynchronous process.
Opening the Printers folder on NT is now fast ;-) I think even faster than
with a ** server
Jeremy, you should look at that patch to include it in 2.2.3
J.F.
|
| | |
|
| |
|
|
|
|
|
| |
and also completes the switch to lang_tdb.c. SWAT should now work
with a po file in the lib/ directory
also removed useless SYSLOG defines in many files
|
| | |
|
| |
|
|
|
|
| |
rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe
opening stuff up one level. Moved rpcclient.h into rpcclient directory and
out of includes/smb.h
|
| | |
|
| |
|
|
| |
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
|
| |
|
|
|
|
|
|
|
| |
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.
it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
|
| |
|
|
| |
of gettext for internationalisation support. There is more to do
|
| |
|
|
| |
written MIT kerberos5 header files :(
|
| |
|
|
|
|
|
|
|
|
| |
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
|
| | |
|
| | |
|
| | |
|
| | |
|
