| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
when we free curr_ace_outer we need to not try to use it again :)
|
| | |
|
| |
|
|
|
|
|
|
| |
Replace this with some flags that *we* define. We can do a mapping later
if we actually get some more reliable info about what passwords are actually
valid.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy
|
| |
|
|
|
| |
prompt dmalloc to log information about what happening, so you can see
in flight why smbd is getting bloated.
|
| |
|
|
|
|
|
|
|
|
| |
Also more insertion of parenthesis to handle struct members called
'free'.
You can now get useful dmalloc output, as long as it is compatible
with your C library. On RH7.1 it looks like you have to rebuild
dmalloc to allow free(0) by default, because something in libcrypt
does that. (sigh)
|
| |
|
|
| |
gcc warnings about unused parameters.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
Apparently (and I will doublecheck) its legal to do an annoymous session setup
when we negoitiated SPNEGO, but we can't do an authenticated one becouse we
didn't give a challange.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
bug (renaming name -> name was failing, on W2K it succeeds). Simplified
the common case, did a lot of work to ensure NT error codes are correctly
reported back to client.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
be information about memory usage, but this is not done yet.
|
| |
|
|
|
| |
Merge SAFE_FREE fix in tdb from 2.2, and IRIX fix.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.
This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live. This caught a pile of examples, and these have
beeen fixed.
The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.
I've also added some debugs to the pdb get and set, they can be removed if
requested.
I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.
The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.
Finally, any and all testing is always appriciated - but the basics seem to
work.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c
- It hasn't been used by anything else since smbpasswd lost its -j
- Add a TALLOC_CTX to the auth subsytem. These are only valid for the length
of the calls to the individual modules, if you want a longer context hide it
in your private data.
Similarly, all returns (like the server_info) should still be malloced.
- Move the 'ntdomain' module (security=domain in oldspeak) over to use the new
libsmb domain logon code. Also rework much of the code to use some better
helper functions for the connection - getting us much better error returns
(the new code is NTSTATUS).
The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for
the LUID feilds is sufficient, or if we should do random LUIDs as per the old
code.
Similarly, I'll move winbind over to this when I get a chance.
This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in
rpc_client, at least as far as smbd is concerned.
While I've given this a basic rundown, any testing is as always appriciated.
Andrew Bartlett
|
| |
|
|
| |
- fixed gid* bug in rpc_server
|
| |
|
|
|
| |
signal management.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
members (such as uid and gid). This way we will be able to
keep ourselves from writing out default smb.conf settings when
the admin doesn't want to, That part is not done yet.
Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd
backend.
oh...and smbpasswd doesn'y automatically expire accounts after 21 days
from the last password change either now. Just ifdef'd out that code
in build_sam_account().
Will merge updates into 2.2 as they are necessary.
jerry
|
| |
|
|
|
|
| |
messages were sent, so you know how many replies to expect.
Const and doc religion.
|
| | |
|
| |
|
|
|
| |
Fixed winbindd to finally stop leaving log. file droppings :-).
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
the fstype must not be null terminated or win98 doesn't recognise it
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
the method used for checking if a domain is a trusted domain is very
crude, we should really call a backend fn of some sort. For now I'm
using winbindd to do the dirty work.
|
| |
|
|
| |
Jeremy
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
The problem is that name_map_mangle can *change* the length of a patchname.
Ensure that all the character pointer messing about can cope with changing
sizes of components. This code is too ugly to live.....
This also needs *lots* of testing.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
| |
created the file or not.
Jeremy.
|
| |
|
|
|
|
| |
correct way to ensure times set in 'pending modtime' and 'time close'
are always set correctly. Inspired by patch from Juergen Hasch.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This means that if a hole is found in the spnego code, we can tell people
to just set 'use spengo' in their config file while we sort it out.
Other than that, preventing 'unusual' behaviour is always a good thing.
Andrew Bartlett
|
| |
|
|
|
| |
you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.
- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !
- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.
I just have to write an HOWTO now ;-)
J.F.
|
