1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Commit Graph

1610 Commits

Author SHA1 Message Date
Jeremy Allison
0fd94a5c4b Ensured filetimes set (by name) after close. Ignore errors. This is the
correct way to ensure times set in 'pending modtime' and 'time close'
are always set correctly. Inspired by patch from Juergen Hasch.
Jeremy.
(This used to be commit 2405385854)
2001-12-16 21:04:19 +00:00
Jeremy Allison
079a02b15e Patch for string legths from TAKAHASHI, Motonobu(monyo).
Jeremy.
(This used to be commit f0d8b7573f)
2001-12-13 23:43:15 +00:00
Herb Lewis
e4553718bb add *.po32 to ignore list
(This used to be commit fe0db4c55f)
2001-12-12 16:04:37 +00:00
Andrew Tridgell
216f3ae908 cleanup a little namespace pollution
(This used to be commit e5b484451a)
2001-12-10 03:21:38 +00:00
Andrew Bartlett
9220fd730c Ensure that 'use spnego' restricts, rather than just advises our clients.
This means that if a hole is found in the spnego code, we can tell people
to just set 'use spengo' in their config file while we sort it out.

Other than that, preventing 'unusual' behaviour is always a good thing.

Andrew Bartlett
(This used to be commit a8a53c08f7)
2001-12-08 02:12:17 +00:00
Andrew Tridgell
99c431695c added a "use spnego" option
you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
(This used to be commit b5cb57a367)
2001-12-07 01:01:10 +00:00
Jean-François Micouleau
e0066d2dd4 again an intrusive patch:
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.

- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !

- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.

I just have to write an HOWTO now ;-)

        J.F.
(This used to be commit fef52c4b96)
2001-12-06 13:09:15 +00:00
Andrew Bartlett
3f387d1971 Ensure we fill in the %U for NTLMSSP connections
(This used to be commit d15ea4fa8e)
2001-12-05 10:50:26 +00:00
Andrew Tridgell
9421ad4a7a added a REALLY gross hack into kerberos_kinit_password so that
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b736)
2001-12-05 09:46:53 +00:00
Herb Lewis
61fc7b98a7 Merge from 2.2
If you do not have one more expect than issue when talking to the passwd
program you will not send the last issue.
(This used to be commit 8aafec95cb)
2001-12-04 22:24:17 +00:00
Jean-François Micouleau
922eb763d7 added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free
early.

lib/util_sid.c: added some helper functions to check an SID.

passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !

rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.

	J.F.
(This used to be commit 6c87e96149)
2001-12-04 21:53:47 +00:00
Jeremy Allison
3667377851 Stop using getgrgid() - a very expensive call with winbindd, to look up
a group name.
Jeremy.
(This used to be commit b926660e73)
2001-12-04 03:59:18 +00:00
Jeremy Allison
8e99888e7b Moved name_is_local to the correct place. Ooops.
Jeremy.
(This used to be commit 708c0a8d16)
2001-12-04 03:47:44 +00:00
Jeremy Allison
c2e3d8ba01 Tidyup of lib/username. Add name_is_local fn to determine if name is
winbindd. Getting ready for efficiency fix in group lookups.
Jeremy.
(This used to be commit 8d41dfd149)
2001-12-04 02:58:22 +00:00
Jean-François Micouleau
cdf9b42754 added a tdb to store the account policy informations.
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain

we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?

alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)

        J.F.
(This used to be commit bc28a8eebd)
2001-12-03 17:14:23 +00:00
Jeremy Allison
a9750b2006 XFS quota patch for Linux.
Jeremy.
(This used to be commit ce099faf6c)
2001-11-30 21:50:02 +00:00
Tim Potter
6d9adfe73c Renamed sid field in SEC_ACE to trustee to be more in line with MS's
definitions.
(This used to be commit 9712d3f15a)
2001-11-30 01:04:15 +00:00
Andrew Bartlett
fe64484824 Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.

Also fix mem leaks etc.

Andrew Bartlett
(This used to be commit 8f9ce71781)
2001-11-29 06:21:56 +00:00
Andrew Tridgell
f6b962fba3 fixed some krb5 ifdefs
(This used to be commit 23ef22f117)
2001-11-28 23:54:07 +00:00
Jeremy Allison
7d2d605f0d space -> tab.
Jeremy.
(This used to be commit c7dd0364f2)
2001-11-28 19:51:25 +00:00
Jeremy Allison
59a8827f5d Spelling pedents strike again :-).
Jeremy.
(This used to be commit 0187d4ba16)
2001-11-28 18:10:13 +00:00
Jeremy Allison
a17867af97 Ensure the CAN_WRITE is checked and prevents O_CREAT and O_TRUNC from
being set. Also prevent an open on a file on a readonly share from
setting delete on close.
Jeremy.
(This used to be commit 1f3dcd99bd)
2001-11-28 05:03:37 +00:00
Jeremy Allison
1a50b36d97 Re-added "Share modes" meaning don't allow deny mode conflict. Due to
user demand (don't talk to me about removing parameters.... :-).
Jeremy.
(This used to be commit b69127391b)
2001-11-28 04:47:46 +00:00
Andrew Tridgell
5e25ba6fec always send an OID list until we handle raw (unwrapped) NTLMSSP
packets in session setup
(This used to be commit 3b3f8a9350)
2001-11-27 23:41:14 +00:00
Jeremy Allison
01d91a8249 Fix for the logic bug wrt. existant oplocks. See long message
in samba-technical for explaination.
Jeremy.
(This used to be commit 8150f0f3f7)
2001-11-27 23:12:25 +00:00
Jeremy Allison
064b3e7da7 nsswitch/winbindd_group.c nsswitch/winbindd_user.c: formatting fixups.
smbd/open.c: Fix "delete on close" for directories.
Jeremy.
(This used to be commit 014b0973a3)
2001-11-27 06:28:06 +00:00
Andrew Tridgell
67b3473780 fixed another memory leak
(This used to be commit 37aa2873e5)
2001-11-27 03:54:15 +00:00
Andrew Tridgell
6cf3434785 more memory leak fixes
(This used to be commit 5abf844203)
2001-11-27 03:34:56 +00:00
Andrew Tridgell
1fb4d2f1b0 don't try to auto-change the trust password unless we are in domain
security
(This used to be commit 00e4f0c803)
2001-11-27 01:51:10 +00:00
Andrew Tridgell
0b2763260e we can safely give NO_SUCH_USER if the ticket decodes but the local
account doesn't exist
(This used to be commit 477b6d27fd)
2001-11-26 04:37:24 +00:00
Tim Potter
64dd6c3412 Another merge from appliance-head: in [ug]id_to_sid don't call the
winbind function if the id is obviously going to be local.  Cleanup
of winbind [ug]id parameter handling.
(This used to be commit 4ab9ca31a0)
2001-11-26 04:27:51 +00:00
Tim Potter
178f6a64b2 challange -> challenge
(This used to be commit d6318add27)
2001-11-26 04:05:28 +00:00
Tim Potter
585d0efbc6 Got medieval on another pointless extern. Removed extern struct ipzero
and replaced with two functions:

	void zero_ip(struct in_adder *ip);
	BOOL is_zero_ip(struct in_addr ip);
(This used to be commit 778f5f77a6)
2001-11-26 03:11:44 +00:00
Andrew Bartlett
e75ad578d2 This compleats the of the authenticaion subystem into the new 'auth'
subdirectory.

(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).

This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.

Andrew Bartlett
(This used to be commit 782835470c)
2001-11-26 01:37:01 +00:00
Andrew Tridgell
03439e1836 fixed spnego, non-kerberos negprot
(This used to be commit 2e916222a9)
2001-11-26 00:43:37 +00:00
Andrew Tridgell
481c644b7b added 'security=ADS'
(This used to be commit 5a735a88e4)
2001-11-25 23:05:13 +00:00
Jeremy Allison
391a72a95f #ifdefed DMF fix so not compiled by default. We need to look at this...
Jeremy.
(This used to be commit 97dca242a9)
2001-11-25 08:26:37 +00:00
Andrew Bartlett
1b1b8e39b2 Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
map.

This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool

invoke by setting:

auth methods = guest sam name_to_ntstatus

in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).

Andrew Bartlett
(This used to be commit 9807e66f34)
2001-11-25 03:01:14 +00:00
Jeremy Allison
a8982ca90c I think this is a fix for the "out of space" errors with oplocks=no.
Jeremy.
(This used to be commit 84b62d3c8e)
2001-11-25 02:23:22 +00:00
Andrew Tridgell
ad2974cd05 added "net join" command
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee90)
2001-11-24 14:16:41 +00:00
Andrew Tridgell
0ebb29e032 removed unused function
(This used to be commit ad7afbfdea)
2001-11-24 13:58:40 +00:00
Andrew Bartlett
4f37307452 And add the winbind module I missed in the last run.
(large change to modularise the auth subsystem)

Andrew Bartlett
(This used to be commit 324c467628)
2001-11-24 12:16:27 +00:00
Andrew Bartlett
d0a2faf78d This is another rather major change to the samba authenticaion
subystem.

The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.

This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality.  While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.

This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists.  It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.

Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.

While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.

The following parameters have changed:
 - use rhosts =

  This has been replaced by the 'rhosts' authentication method,
 and can be specified like 'auth methods = guest rhosts'

 - hosts equiv =

  This needs both this parameter and an 'auth methods' entry
  to be effective.  (auth methods = guest hostsequiv ....)

 - plaintext to smbpasswd =

  This is replaced by specifying 'sam' rather than 'local'
  in the auth methods.

The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.

The available auth methods are:

guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)


Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.

Andrew Bartlett
(This used to be commit 8d31eae52a)
2001-11-24 12:12:38 +00:00
Jeremy Allison
d05bbf0422 Fixed delete on close bug. Added core dump code to winbindd.
Jeremy.
(This used to be commit a58d0f91f9)
2001-11-23 11:18:20 +00:00
Tim Potter
79b34d1b11 Removed TimeInit() call from every client program (except for one place
in smbd/process.c where the timezone is reinitialised.  Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5)
2001-11-23 00:52:29 +00:00
Gerald Carter
11aa019bec WITH_MSDFS is not define anywhere. It's built by default.
(This used to be commit b51e5b07d9)
2001-11-22 05:29:04 +00:00
Tim Potter
646f8ca3e8 More spelling fixes, comment reformatting.
(This used to be commit edb556b474)
2001-11-21 21:10:13 +00:00
Tim Potter
54432c4129 Spelling fix, reformatted comment.
(This used to be commit 096868bd35)
2001-11-21 20:14:25 +00:00
Tim Potter
96d884cc0f Fixed sizeof vs array length bug in make_user_info_winbind_crap()
Spelling fix.
(This used to be commit 3d87c1a244)
2001-11-20 23:20:00 +00:00
Andrew Tridgell
c325264416 add a hook to save the krb5 PAC
(This used to be commit 1cbc18ae73)
2001-11-20 08:50:04 +00:00