IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
samba domain.
The PDC must be running a special authenticaion module that spits out NT errors
based on username.
Andrew Bartlett
(This used to be commit adc7a6048c)
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a)
open to w2k
- fix the string handling in the device name to match NT and smbd
- don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set
(This used to be commit 618989b386)
Andrew Bartlett.
From kai@cmail.ru Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <kai@cmail.ru>
To: samba-technical@lists.samba.org
Subject: [patch]: makes some arrays const to be shared between processes
Hi!
This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.
Regards,
Andrew V. Samoilov.
P.S. Please cc your answer to kai@cmail.ru,
I don't subscribed to this list.
ChangeLog:
* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
(This used to be commit cb84485a2b)
NTLMSSP in cli_establish_connection()
What we really need to do is kill off the pwd_cache code. It is horrible,
and assumes the challenge comes in the negprot reply.
(This used to be commit 3f919b4360)
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf)
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.
it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
(This used to be commit 395cfeea94)
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d330575856)
out the error handling into a bunch of separate functions rather than all
being handled in one big function.
Fetch error codes from the last received packet:
void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *num);
uint32 cli_nt_error(struct cli_state *);
Convert errors to UNIX errno values:
int cli_errno_from_dos(uint8 eclass, uint32 num);
int cli_errno_from_nt(uint32 status);
int cli_errno(struct cli_state *cli);
Detect different kinds of errors:
BOOL cli_is_dos_error(struct cli_state *cli);
BOOL cli_is_nt_error(struct cli_state *cli);
BOOL cli_is_error(struct cli_state *cli);
This also means we now support CAP_STATUS32 as we can decode and understand
NT errors instead of just DOS errors. Yay!
Ported a whole bunch of files in libsmb to use this new API instead of the
just the DOS error.
(This used to be commit 6dbdb0d813)
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
allow us to have test targets without special configure options
- fixed make proto so that it actually does something
(This used to be commit 55109a7525)
that libsmb/ creates a local tcp socket then launches smbd as a subprocess
attached to that socket. smbd thinks it is being launched from inetd.
to use it do the following:
- compile with -DSMB_REGRESSION_TEST
- run like this (also works with smbtorture etc)
export SMBD_TEST=1
export LIBSMB_PROG=bin/smbd
smbclient //server/share -Uuser%pass
obviously you need to setup a smb.conf etc. Using --prefix to configure
is useful.
The aim of all this stuff is to add a decent set of regression tests
to the build farm, so we know if smbd actually runs correctly on all the
platforms, not just builds. We can run smbtorture, masktest, locktest etc,
plus a bunch of smbclient scripts and any new tests we write.
This doesn't help much with nmbd (at least not yet) but its a good start.
(This used to be commit 7e8e6ae9a8)
send unaligned unicode strings sometimes!
Fixed our handling of the workgroup name tacked on the end of the
NT1 negprot response (a unaligned unicode)
fixed a couple of places where we should be using the message_end fns instead
of pre-calculated buffer lengths
(This used to be commit 86613493a9)
back to working order. The main change is that the cli_*() RPC
functions from libsmb/*.c now should accept a struct cli_state*.
The reason for this is that rpcclient should establish the
connection to the server at startup so that it is not necessary
to keep the clear test or password hash in memory for each command.
enumports and enumprinters now works as well. lsa* functions
have been tested. SAMR calls may or may not work (one of the core
dumps I know), but it compiles :-)
jerry
(This used to be commit d98ac8852a)
I've currently got this code disabled by default as it is
incomplete. You enable it by setting a USE_UNICODE environment
variable. Once the support is complete this check will be removed and
the CAP_UNICODE capability bit will be the sole determination of
whether the client library code uses unicode
right now I have converted session_setup and tconx. I will do more fns
over the next few days.
see clistr.c for the new client side string interface. Luckily it
tends to make the code smaller and neater while adding unicode
support.
(This used to be commit e1a04e621f)
with a PDC that has international netbios name and domain name. There's
still quite a bit of i18n stuff to fix though...
(This used to be commit 79045bd72a)
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
(This used to be commit 213cd0b519)
* fixes some readline bugs from the merge
* first attempt at commands (spoolenum almost works)
* no changes to existing functions in HEAD; only additions
of new functions. I'll weed out what I can as I go.
--jerry
(This used to be commit 61d2aad5dc)
