IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
the returned session key is the one that we expect to get for that each
of login.
Andrew Bartlett
(This used to be commit fa47e44b9caba98e0b85782f3057e6cb8a5763ff)
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit e0cb325b99e09a5a5cba07f0403ed445814bbf53)
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit 5a3f89d3c12c5e4ab89fbe220ca34387c1660511)
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
please remember to *test* your changes before committing them. This is
especially the case when you receive patches from outside the team -
before you commit you must make sure that the patch actually works.
(This used to be commit 1d3c7e7fb628a528978f345f83289cc7f2521c35)
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 80d2578108da14f60133df3a308b867beb27e920)
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 09a3db0ffcbbe578788d3dd5ee7540d27cc7c09a)
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 6d3faeaef6c77e389d39b6d4660ffea13e7f25f2)
(Decode all database names, and set only changes, not all info from the samsync
record).
Andrew Bartlett
(This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
- Decode all the database names, even if we don't decode their contents
- Update the 'set' code to match rpc_server/srv_samr_nt.c in only recording
the difference between the old and new.
Andrew Bartlett
(This used to be commit 6509397f91a4c218552a48a96df06e595b630898)
- pdb_guest (including change defaults)
- 'default' passdb actions (instead of 'not implemented' stubs in each module)
- net_rpc_samsync no longer assumes pdb_unix
Andrew Bartlett
(This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
have some of the labels 'duplicated' (ie, the defines double-up).
Also, to an ads_connect() to try and find our KDC. (So we don't segfualt
*every* time)
Andrew Bartlett
(This used to be commit 56dce7ddad118051c93c62507234efca3920bc9b)
- signed/unsigned
- quieten warning about assignment as truth value
- whitespace
Andrew Bartlett
(This used to be commit a13ce0df4b4a776fa635a1fb804dd00d195f58d0)
