| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
|
| |
|
|
|
| |
If you do not have one more expect than issue when talking to the passwd
program you will not send the last issue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
not the privileges. Usually we don't need them, so the memory is free
early.
lib/util_sid.c: added some helper functions to check an SID.
passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !
rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.
J.F.
|
| |
|
|
|
| |
a group name.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
winbindd. Getting ready for efficiency fix in group lookups.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
definitions.
|
| |
|
|
|
|
|
|
|
| |
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
being set. Also prevent an open on a file on a readonly share from
setting delete on close.
Jeremy.
|
| |
|
|
|
| |
user demand (don't talk to me about removing parameters.... :-).
Jeremy.
|
| |
|
|
| |
packets in session setup
|
| |
|
|
|
| |
in samba-technical for explaination.
Jeremy.
|
| |
|
|
|
| |
smbd/open.c: Fix "delete on close" for directories.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
security
|
| |
|
|
| |
account doesn't exist
|
| |
|
|
|
| |
winbind function if the id is obviously going to be local. Cleanup
of winbind [ug]id parameter handling.
|
| | |
|
| |
|
|
|
|
|
| |
and replaced with two functions:
void zero_ip(struct in_adder *ip);
BOOL is_zero_ip(struct in_addr ip);
|
| |
|
|
|
|
|
|
|
|
|
|
| |
subdirectory.
(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).
This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
map.
This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool
invoke by setting:
auth methods = guest sam name_to_ntstatus
in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
this completes the first stage of the smbd ADS support
|
| | |
|
| |
|
|
|
|
| |
(large change to modularise the auth subsystem)
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Spelling fix.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
waiting for DNS timeouts to occur. The correct place to do this is in the
code that displays the session information.
|
| | |
|
| |
|
|
| |
default, rather than in preprocessor macros.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
Remove unused old file.
Test 42 byte reply to SMBntcreate (W2K does this).
Jeremy.
|
