| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
|
|
|
|
|
|
|
|
| |
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
| |
better job of working with usrmgr. Previously we were blanking out entires,
and all sort of mischif.
The new patch (which I've now had a chance to test/modify) also takes care not
to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store
\\server\user back) and to correctly notice 'not set' compared to 'null string'
etc.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
| |
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
|
| |
|
|
|
|
|
|
|
| |
flag to what we expect. This handles the 'upgrade' from unixsam beter (where
all $ terminated accounts are machines).
Andrew Bartlett
|
|
|
|
| |
bug reported by metze
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
|
|
|
|
| |
else we can't add to OpenLDAP 2.1
|
|
|
|
|
| |
were no longer locking the secrets entry. I saw this on a live system.
Jeremy.
|
|
|
|
|
|
|
| |
be traversals being attempted. Yes, this was from bitter experience (and
an out of control server :-). Also allow callers to break out of a tdb_chainlock
with sigalarm if desired.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
accounts added first to /etc/passwd will be honered correctly. Also, users
'upgraded' to smbpasswd will have the right flags.
Andrew Bartlett
|
|
|
|
| |
make lp_sam_backend() a list
|
| |
|
|
|
|
|
|
|
|
|
| |
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
|
|
|
| |
pdbedit failed to initialize global_myworkgroup, wo we could end up
having a SID for SECRETS/SID/ in secrets.tdb.
Volker
|
|
|
|
|
|
| |
- don't use lp_passwd_file() to retrieve NIS domain name, but use location
instead
- some cleanups
|
|
|
|
|
|
| |
uid for -1.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
build farm happy again, and allow the 'guest account' to be added to smbpasswd.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
| |
This moves it right into the passdb subsystem, where we can do this in
just one (or 2) places. Due to the fact that this code can be in a tight loop,
I've had to make 'guest account' a 'const' paramater, where % macros cannot be
used. In any case, if the 'guest account' varies, we are in for some nasty
cases in the other code, so it's useful anyway.
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
| |
Only does it for PDCs.
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
| |
|
| |
|
|
|
|
|
| |
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- That we never call winbind recursivly
- That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping
in either the passdb or the group mapping db.
Also, remove restrictions that say 'this domain only'. If we have a mapping
configured, allow it to be returned. If we later decide certian mappings are
invalid, then we sould put that in the code that actually does the map.
Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even
if they are not represented by Unix groups yet.
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
| |
null before close
this one fixes swat not working with browsers that set more then one language.
along the way implemented language priority in web/neg_lang.c with bubble sort
also changet str_list_make to be able to use a different separator string
Simo.
|
|
|
|
|
|
|
|
|
|
| |
I've still not tested this, but I didn't test the last lot and I'm pretty
sure I stuffed it up - but at least this rebind procedure matches the
function prototype.
It should also be fine on OpenLDAP 2.1 if I'm lucky.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
Add some debugging info to the secrets code.
We might review what debug level that should be at, but it's fine for now.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
patches:
Andrew Bartlett
From his e-mail:
Below I attach the following patches as a result of my work
on trusted domains support:
1) srv_samr_nt.c.diff
This fixes a bug which caused to return null string as
the first entry of enumerated accounts list (no matter what
entry, it was always null string and rid) and possibly
spoiled further names, depeding on their length.
I found that while testing my 'net rpc trustdom list'
against nt servers and samba server.
2) libsmb.diff
Now, fallback to anonymous connection works correctly.
3) smbpasswd.c.diff
Just a little fix which actually allows one to create
a trusting domain account using smbpasswd
4) typos.diff
As the name suggests, it's just a few typos fix :)
|
| |
|
|
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
| |
(and yes, some of these are real bugs)
In particular, the samr code was doing an &foo of various types, to a function
that assumed uint32. If time_t isn't 32 bits long, that broke.
They are assignment compatible however, so use that and an intermediate
variable.
Andrew Bartlett
|
|
|
|
|
| |
they will get a const string and return a (t)alloced epanded one.
also modified passdb/* stuff to use this one.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The idea here is to allow invalid LM passwords in otherwise valid accounts.
This happens when we create an account without a password, for example.
Previously we would stop at the LM password, and not read things like the
account flags correctly. Now we process the record, and just set the password
to NULL.
(Note, 'no password for access' is decided only on the basis of the Account
Control bits, not on the 'NULL' value of the password feild.).
Andrew Bartlett
|
|
|
|
|
|
|
| |
LM password isn't anything special. All the users check the ACB nowadays,
and this allows us to correctly return flags set via usermgr.
Andrew Bartlett
|
|
|
|
|
|
| |
Just set it directly.
Andrew Bartlett
|
| |
|