| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
should eventually be an autoconf test with a #ifdef workaround. I *HATE* pam :-).
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
court of king caractacus, was just passing by... :-).
Jeremy.
|
| |
|
|
|
|
| |
PAM_AUTHTOK_RECOVER_ERR).
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
remove global static PAM variables, and to tidy up the PAM internals code.
Now looks like the rest of Samba.
Still needs testing.
Jeremy.
|
| |
|
|
| |
- fixed slprintf and vsprintf macros
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
for memory allocation. This fixes a long standing seg fault
(i knew i would get around to it one day :) )
Tested with NT4 and Win2k. Needs a little more testing with the
"create the machine account on the fly" code for NT4.
Simo, this is probably going to break the tdb passdb code.
Can you look at that when you get a chance and see what you think?
|
| |
|
|
|
|
|
| |
Only set this to "on" if you know you have your PAM set up correctly.....
NB. Doesn't apply to plaintext password authentication, which must use
pam when compiled in.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Fixed off by one bug using StrnCpy instead of strdup().
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
don't use pam_setcred() if we haven't called pam_authenticate()
Merge from 2.2
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
| |
all in caps.
rpc_server/srv_srvsvc_nt.c: Added "CONFIGFILE" arg to scripts so path to smb.conf is given.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
with real ACLs...
Jeremy.
|
| |
|
|
|
|
| |
lookup_name was expecting to be able to write to the string. Changed
lookup_name to use const.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
| |
system header files...
Jeremy.
|
| |
|
|
|
|
| |
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
with a PDC that has international netbios name and domain name. There's
still quite a bit of i18n stuff to fix though...
|
| |
|
|
| |
jerry
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
testsuite/printing/psec.c
- Use lock directory from smb.conf parameter when peeking at the
ntdrivers.tdb file.
source/rpc_parse/parse_sec.c
- fix typo in debug message
source/script/installbin.sh
- create private directory as part of 'make install'.
source/nsswitch/winbindd_cache.c
source/nsswitch/winbindd_idmap.c
source/passdb/secrets.c
source/smbd/connection.c
- always convert tdb key to unix code-page when generating.
source/printing/nt_printing.c
- always convert tdb key to unix code-page when generating.
- don't prepend path to a filename that is NULL in
add_a_printer_driver_3().
source/rpc_server/srv_spoolss_nt.c
- always convert tdb key to unix code-page when generating.
- don't prepend server name to a path/filename that is NULL in the
fill_printer_driver_info functions.
source/printing/printing.c
- always convert tdb key to unix code-page when generating.
- move access check for print_queue_purge() outside of job delete
loop.
source/smbd/unix_acls.c
- fix for setting ACLs (this got missed earlier)
source/lib/messages.c
- trivial sync with appliance_head
|
| |
|
|
|
|
|
|
| |
source/include/proto.h
source/param/loadparm.c
source/passdb/passdb.c
source/rpc_server/srv_samr.c
- add support for "hide local users" option to HEAD.
|
| |
|
|
|
|
|
|
|
| |
in the tdbsam to never expire (we don't support this yet).
jerry
|
| |
|
|
| |
--jerry
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently does exactly the same thing (returns ACLs the same way). This
code is written to try and get a POSIX ACL via the abstract sys_XX interface,
then fall back to providing a UNIX based ACL if the calls fail. Seems to
work. Next step is to add a --with-posix-acls to configure.in and then
check on a POSIX ACL system that a complex ACL is returned correctly
as an NT ACL. Note that the ACL set (a more complex problem) is not
addressed yet.
Jeremy.
|
| |
|
|
| |
--jerry
|
| |
|
|
|
|
|
| |
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb.
printing/nt_printing.c: Fix case insensitive name lookups for driver files.
John - this should fix the Win9x/WinME problem correctly.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a few strings). I was the one who broke it obviously.
o changed a few more defaults in the smbpasswd backend with
respect to times. Now the logon time becomes '0' and the
pass_can_change_time is set ot the same as pass_last_set_time
o change Get_Pwnam() call in local_lookup_name to sys_getpwnam()
as it did not seem necessary to try case permutations in the
username.
Tim, I think this was your code, so you might want to double
check me.
-- jerry
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
|
| |
|
|
|
|
|
|
|
|
| |
Marked as an experimental compile time option (defaults to off) for now.
jerry
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the trust domain list reply on netlogon pipe was wrong, interim hack until
we have full trust relationships.
changed some unistr2 to parse the ending NULL char.
added a prs_align_needed() function. much like a prs_align but with a
condition. needed for the unistr2 parsing.
J.F.
|
