| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com>
noticed the problem.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
password from 'display' to 'unix' before we check them.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
|
| | |
|
| |
|
|
| |
use FUNCTION_MACRO instead of __FUNCTION_
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
authentication code.
In particular, ntlm_auth is designed to replace the winbind authentication
'helpers' currently supplied by Squid. I have added support for the current
plaintext password protocol used by Squid, and will add the real guts (NTLMSSP
support) shortly.
I'll merge this into 3.0 when I've got the interface more stable (error message
format etc) and got the important NTLMSSP support added.
Also move SWAT's URL decoding code into util_str.c, for use in both utilities.
Andrew Bartlett
|
| |
|
|
|
|
| |
<sugioka@itonet.co.jp>.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Debian patchset.
The idea is to still allow DNS domains to be specified in 'hosts allow' and
'hosts deny' without making the admin set 'hostname lookups' in their smb.conf.
His concern is about upgrades.
This has been designed not to change the value of %M.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
| |
parm_struct.ptr
this one also fixes log level not shown in swat
fix swat help system
|
| |
|
|
|
| |
changed strtof with sscanf to make things working on all platforms.
changed auto-made bubble sort for more efficient and clean qsort()
|
| |
|
|
|
|
|
|
|
|
|
|
| |
null before close
this one fixes swat not working with browsers that set more then one language.
along the way implemented language priority in web/neg_lang.c with bubble sort
also changet str_list_make to be able to use a different separator string
Simo.
|
| |
|
|
| |
almost working, seem it does not yet properly detect if windbind is running or not in all situations testing is welcome.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now smbclient, net, and swat use their own proto files - now the global
proto.h
The change to libads/kerberos.c was to break up the dependency on secrets.c -
we want to be able to write an ADS client that doesn't need local secrets.
I have other breakups in the works - I will remove the dependency of
rpc_parse on passdb (and therefore secrets.c) shortly.
(NOTE: This patch does *not* break up includes.h, or other such forbidden
actions).
Andrew Bartlett
|
| |
|
|
|
| |
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
pid. This follows a bug in rsync where it would accidentally
kill(-1), removing all the user's processes. I can't see any way this
would directly happen in Samba, but having the assertions seems
beneficial.
http://cvs.samba.org/cgi-bin/cvsweb/rsync/util.c.diff?r1=1.108&r2=1.109&f=h
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
|
| |
|
|
| |
default, rather than in preprocessor macros.
|
| | |
|
| |
|
|
|
|
|
| |
and also completes the switch to lang_tdb.c. SWAT should now work
with a po file in the lib/ directory
also removed useless SYSLOG defines in many files
|
| |
|
|
| |
of gettext for internationalisation support. There is more to do
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TO enable configure with --with-i18n-swat
to support this gettext is integrated
and a new directories name "po" and "intl" are created.
now these languages are supported:
en - English (default)
ja - Japanese
po - Polish
tr - Turkish
To add your language,
to create ${your_language}.po by translating source/po/en.po
into your language is needed.
some of html and image files of various language version are not
included yet, though message catalogue files are installed.
you need to copy files manually under
${swatdir}/lang/$ln/{help,images,included,using_samba}
And also added a option to intall manual pages:
of various lang version
To enable configure with --with-manlangs
but manual pages themself are not included yet.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Add the ability for swat to run in non-root-mode (ie non-root from inetd).
- we still need some of the am_root() calls fixed however.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
simply not doing Get_Pwnam() calls in pass_check.c
We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter
what it returns. We also no longer run the password cracker for these logins.
The truly parinod will note the slight difference in call paths, in that we only
call crypt for valid password structs (if not --with-pam). The truly parinoid
don't run SWAT either, so I don't think this is an issue.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
|
| | |
|
| | |
|
