| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
though it is up to the calling function to decide whether values are
strings or not. Attributes are not converted at this point, though support
for it would be simple.
I have tested it with users and groups using non-ascii chars, and if the
check for alphanumeric user/domain names is removed form sesssetup.c, even
a user with accented chars can connect, or even login (via winbind).
I have also simplified the interfaces to ads_mod_*, though we will probably
want to expand this by a few functions in the near future. We just had
too many ways to do the same thing...
|
| | |
| |
| |
| |
| | |
now supported in HEAD.
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous code both had basic logic flaws in it, and some subtle
issues regarding the Win2k info3 response.
I've tested this against Samba (it looks like that was missed last time
due to the 'called name' corruption - which broke my testsuite) and
accomidated what I've seen from a info3 printout jmcd gave me.
I'll get this tested fully as soon as I get my VMware going again.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All passdb modules need to include a 'magic' macro that creates simple
'return my version number' function.
(from metze and jelmer)
Also fix up the dir_drive autosubsitute code to correctly use lp_logon_drive().
(from metze)
Andrew Bartlett
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| |
| | |
Replaced with "unsigned int".
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| | |
print queue).
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added an auth_user field which denotes whether the api call can be made
anonymously. In combination with lp_restrict_anonymous() this can
decrease the amount of information that can be retrieved anonymously.
So far NetShareEnum, NetSessionEnum, NetGroupEnum, NetGroupGetUsers,
NetUserEnum, PrintQEnum, NetFileEnum cannot be called anonymously.
SamOEMChangePassword and NetServerEnum can be called anonymously.
All other functions can be called anonymously until it can be proven
that they can't to avoid breaking anything.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
interfaces yet. Instead of giving up, nmbd will now wait for some
interfaces to appear
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
and we seem to have eliminated the segfault.
Unfortunetly I'm still at a bit of a loss as to why it did segfault, but
the patch is correct in any case.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| | |
rebind proc (some give an extra paramter to pass a void* paramater) and
some small changes for the SMB signing code to reset things when the
signing starts, and to 'turn off' signing if the session setup failed.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The problem was that *all* packets were being signed, even packets before
signing was set up. (This broke the session request).
This fixes it to be an 'opt in' measure - that is, we only attempt to sign
things after we have got a valid, non-guest session setup as per the CIFS spec.
I've not tested this against an MS server, becouse my VMware is down, but
at least it doesn't break the build farm any more.
Andrew Bartlett
|
| | |
| |
| |
| | |
platforms :-)
|
| | |
| |
| |
| |
| |
| | |
paths handle the rest later.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| | |
like the domain name and SID come from the remote domain, not the local
one. These are filled out by the code from the previous commit (auth_util.c,
the make_server_info_info3() fn) and read back here.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It extends the 'server mutex' to conver security=server, becouse the connection
race condition exists here too, and while people *should* use security=domain,
some sites don't....
(This probably should be done in 2.2 as well).
Also, start to actually extract and use the information that the remote
server returns in the info3 struct.
The server mutex code is now in a new file.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
deveopers hack to always send a fixed challange, for the benifit
of tutorials and packet sniffing etc.
Enabling this module removes all security, so its a --enable-developer
option.
Andrew Bartlett
|
| | |
| |
| |
| | |
and that local accounts are perfectly fine.
|
| | |
| |
| |
| |
| |
| | |
use the silly cache any more. Also add group functions and fix a few callers.
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
already.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
of implementing it twice inline.
This code is complex - but occasionally I get the feeling that people made
it more complext than it really needed to be...
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
(invalid passdb backends smb.conf entry) we picked up a few things :-).
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
the passdb backends fail to load (is this the right way? - I think so).
Also, I've added some more comments, cleaned up some style etc.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.)
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
|
