1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

400 Commits

Author SHA1 Message Date
Herb Lewis
549e904d3f merge from 2.2
don't set WINBIND variables unless configure was run --with-winbind
(This used to be commit 83ec4c0f4d)
2001-12-05 21:08:17 +00:00
Herb Lewis
f3e6f2d953 dont add -I./popt to CFLAGS it really belongs in FLAGS1 with other include
paths. This make it hard to use a script that overrides CFLAGS options.
(This used to be commit 646b5ae752)
2001-12-05 19:45:30 +00:00
Andrew Bartlett
8ba00d147b OK. Smbpasswd -j is DEAD.
This moves the rest of the functionality into the 'net rpc join' code.

Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.

I have also fixed up the smbpasswd -a -m bug in the process.

We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.

With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).

Andrew Bartlett
(This used to be commit 575897e879)
2001-12-05 11:00:26 +00:00
Jean-François Micouleau
e9894404ba move proto.h and build_env.h from $(srcdir)/include to $(builddir)/include
tridge, martin, if you think it's wrong , you can revert it.

	J.F.
(This used to be commit f057d62aae)
2001-12-04 21:58:37 +00:00
Andrew Bartlett
3bc87626ae Add 'net rpc join' to match the ADS equiv.
This kills off the offending code in smbpasswd -j -Uab%c

In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings.  While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.

In the meantime this allows us to actually *type* the machine account
password duruign debugging.

This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)

Andrew Bartlett
(This used to be commit c0b7ee6ee5)
2001-12-04 05:03:03 +00:00
Jean-François Micouleau
cdf9b42754 added a tdb to store the account policy informations.
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain

we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?

alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)

        J.F.
(This used to be commit bc28a8eebd)
2001-12-03 17:14:23 +00:00
Andrew Tridgell
92f47c03e0 make proto should build winbindd_proto.h as well
(This used to be commit c8339ce5c8)
2001-12-03 08:15:18 +00:00
Andrew Tridgell
2285b99cb1 added a basic ADS backend to winbind. More work needed, but at
least basic operations work
(This used to be commit 88241cab98)
2001-12-03 06:04:18 +00:00
Andrew Bartlett
feb4f52f13 This is another major rework of the 'net' command.
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.

In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.

This will allow 'net user' to work no matter what the remote server.

The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.

Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!

We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value.  (A net join, for example, would not be sane against
localhost).

Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.

Andrew Bartlett
(This used to be commit 8739d426ca)
2001-12-03 04:39:23 +00:00
Andrew Tridgell
7f9fe00d35 added nsstest target
fixed winbindd_rpc.o typo
(This used to be commit 2ce7f38fe9)
2001-12-03 04:09:43 +00:00
Andrew Tridgell
78169af90a split winbindd_enum_dom_groups into the new backend structure
also created winbindd_rpc.c which contains the functions that
have been converted to the new structure. There will soon be
a winbindd_ads.c for the ldap backend
(This used to be commit e4ccc602ba)
2001-12-03 01:23:42 +00:00
Jean-François Micouleau
df5dd906a7 added smbgroupedit to compile by default
J.F.
(This used to be commit 540a6122dc)
2001-12-01 23:51:21 +00:00
Motonobu Takahashi
c5f4a4b9ad added $(LDFLAGS) to link smbmount/smbmnt/smbumount to make Red Hat Linux
happy
(This used to be commit 7dfde592aa)
2001-12-01 05:28:14 +00:00
Andrew Bartlett
fe64484824 Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.

Also fix mem leaks etc.

Andrew Bartlett
(This used to be commit 8f9ce71781)
2001-11-29 06:21:56 +00:00
Andrew Bartlett
e75ad578d2 This compleats the of the authenticaion subystem into the new 'auth'
subdirectory.

(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).

This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.

Andrew Bartlett
(This used to be commit 782835470c)
2001-11-26 01:37:01 +00:00
Andrew Tridgell
af56b0f02a add popt build dependency
(This used to be commit 0c1f90402b)
2001-11-25 12:56:04 +00:00
Andrew Tridgell
69aaccde3b move popt out of proto objs
(This used to be commit db0bee1c68)
2001-11-25 12:46:14 +00:00
Andrew Tridgell
9255dc9a14 made a "net ads" command, currently with "net ads join" and "net ads leave"
(This used to be commit 2f8fa175b1)
2001-11-25 00:18:11 +00:00
Andrew Tridgell
ad2974cd05 added "net join" command
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee90)
2001-11-24 14:16:41 +00:00
Andrew Bartlett
d0a2faf78d This is another rather major change to the samba authenticaion
subystem.

The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.

This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality.  While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.

This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists.  It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.

Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.

While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.

The following parameters have changed:
 - use rhosts =

  This has been replaced by the 'rhosts' authentication method,
 and can be specified like 'auth methods = guest rhosts'

 - hosts equiv =

  This needs both this parameter and an 'auth methods' entry
  to be effective.  (auth methods = guest hostsequiv ....)

 - plaintext to smbpasswd =

  This is replaced by specifying 'sam' rather than 'local'
  in the auth methods.

The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.

The available auth methods are:

guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)


Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.

Andrew Bartlett
(This used to be commit 8d31eae52a)
2001-11-24 12:12:38 +00:00
Andrew Tridgell
6464bb0ae5 added the beginnings of ADS support in smbd
(This used to be commit c7f6116919)
2001-11-20 08:54:15 +00:00
Jeremy Allison
580ee96dae We don't actually use the horror that was lib/util_array.c :-).
More deleted code - hurrah !
Jeremy.
(This used to be commit 48a848f748)
2001-11-20 08:14:24 +00:00
Martin Pool
9b1f2c4090 Do satyr work against a copy of the build farm scripts so as not to
break them.

installcheck has to find smbd in SBINDIR, not BINDIR.
(This used to be commit 1be6139e14)
2001-11-19 08:00:55 +00:00
Martin Pool
7883798301 Move all other paths into dynconfig
(This used to be commit d51ef6bfa3)
2001-11-19 05:49:20 +00:00
Martin Pool
caef2d2884 LIBDIR and LOCKDIR are dynamically configured too.
(This used to be commit 868999ad3c)
2001-11-19 03:35:27 +00:00
Martin Pool
8654a161c8 LMHOSTSFILE is now dynamically configured too.
(This used to be commit a779710fff)
2001-11-19 03:12:10 +00:00
Martin Pool
09e4d181eb Disable "installcheck" -- it's still too likely to clobber somebody's
installation.
(This used to be commit 10022753d1)
2001-11-19 02:52:33 +00:00
Martin Pool
f741f65673 Store some path names in global variables initialized to configure
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da)
2001-11-19 02:49:53 +00:00
Jeremy Allison
355124adaf Fixed detection of RedHat headers. Removed another file !
Jeremy.
(This used to be commit d70674312d)
2001-11-16 23:22:49 +00:00
Jeremy Allison
b0518da076 Removed SMBD_RPC_CLIENT_OBJ temporary I was using.
Jeremy.
(This used to be commit c17bfe7c36)
2001-11-16 18:54:26 +00:00
Jeremy Allison
e74c51dfeb I *love* removing code :-). Removed 4 files that weren't being used.
All this stuff was being pulled in due to *one* unneeded call to
fetch a domain SID which smbpasswd already puts in the database...
Jeremy.
(This used to be commit 6bf2505cce)
2001-11-16 18:32:32 +00:00
Jeremy Allison
2c6f0fa510 Tidyups in the merge process.
Jeremy.
(This used to be commit a7b45bfb71)
2001-11-15 21:50:29 +00:00
Martin Pool
e1f24ab628 Clean up message.
(This used to be commit f07915072f)
2001-11-14 05:46:24 +00:00
Martin Pool
4e71905d85 Too much of samba depends on finding files in their installed
locations, so we can't do "make check" yet, only "make installcheck".
(This used to be commit 7d8610c4fe)
2001-11-14 04:03:49 +00:00
Martin Pool
6bf5caff8b Add basic "make check" and "make installcheck" targets, using the
Satyr framework from the buildfarm.  This will eventually be copied
into the Samba source tree, but it is not yet.   See
cvs://samba.org:/data/cvs/satyr

Add "make showlayout" target to show where installation will put
things.
(This used to be commit 7b5b5693f4)
2001-11-14 01:23:59 +00:00
Tim Potter
823ab98ae3 Added delheaders as a dependency for clean.
(This used to be commit cd9334bd57)
2001-11-07 22:38:03 +00:00
Tim Potter
93fb9f76e2 Use cli_nt_login_network() instead of domain_client_validate() to perform
pam authentication.  This allows us to link in less other crap.

Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
(This used to be commit d85aa1ce83)
2001-11-05 00:21:17 +00:00
Jeremy Allison
f8e2baf39e Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547)
2001-11-03 23:34:24 +00:00
Andrew Bartlett
60f0627afb This is a farily large patch (3300 lines) and reworks most of the AuthRewrite
code.

In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.

Major Changes:
	- Fully malloc'ed structures.
	  - Massive rework of the code so that all structures are made and destroyed
	    using malloc and free, rather than hanging around on the stack.
	- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
	   to be declared 'invalid' without the chance that people might get ROOT by
	   default.

	- kill off some of the "DOMAIN\user" lookups.  These can be readded at a more
	  appropriate place (probably domain_client_validate.c) in the future. They
	  don't belong in session setups.

	- Massive introduction of DATA_BLOB structures, particularly for passwords.

	- Use NTLMSSP flags to tell the backend what its getting, rather than magic
	  lenghths.

	- Fix winbind back up again, but tpot is redoing this soon anyway.

	- Abstract much of the work in srv_netlog_nt back into auth helper functions.

This is a LARGE change, and any assistance is testing it is appriciated.

Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.

Needs testing with a wide variety of MS clients.

Andrew Bartlett
(This used to be commit f70fb819b2)
2001-10-31 10:46:25 +00:00
Andrew Bartlett
24ce7fec9e Fix up the Makefile for now (thanks herb).
I understand that Vance is reworking the build_options stuff, so maybe we can
have better way of regenerating this in future.

Andrew Bartlett
(This used to be commit a228e9b39f)
2001-10-27 12:59:46 +00:00
Andrew Bartlett
464def3437 Restore the intended behaviour for .headers.stamp
We don't want a 'make headers' (aka make proto) to force a rebuild
of the entire tree.

Andrew Bartlett
(This used to be commit 8c0cb50387)
2001-10-26 23:03:33 +00:00
Herb Lewis
9e9b503024 .headers.stamp not getting touched if file already existed.
Not sure what the original intent was with the [ -f $@ ] test but this
prevented the touch from happening. Could whoever originally added this
target check this out?
(This used to be commit 8134908553)
2001-10-23 20:32:24 +00:00
Jim McDonough
be6edf50c4 Add popt for parsing commandline options
(This used to be commit df34e11d84)
2001-10-23 14:16:22 +00:00
Andrew Tridgell
4245accc03 fixed LDSHFLAGS when using non-standard lib locations
(This used to be commit d23772c306)
2001-10-20 01:23:27 +00:00
Jim McDonough
78b109e43b Add build of net utility
(This used to be commit 53247f5880)
2001-10-19 17:00:11 +00:00
Andrew Tridgell
0c0dd06dbd split session setup code out of reply.c in preparation for adding
NTLMSSP and kerberos support in smbd
(This used to be commit 38a43d75e2)
2001-10-15 07:50:21 +00:00
Andrew Tridgell
179cf90db7 include more libs needed for kerberos5 on some systems (eg. solaris)
removed some no longer needed i18n stuff from configure.in
(This used to be commit dd3ad91724)
2001-10-15 01:54:39 +00:00
Andrew Tridgell
9f7cb41f11 added NTLMSSP authentication to libsmb. It seems to work well so I have enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee)
2001-10-12 04:49:42 +00:00
Andrew Tridgell
8cec5cf35f first step in converting the head branch to use lang_tdb.c instead
of gettext for internationalisation support. There is more to do
(This used to be commit ab7f67677a)
2001-10-11 08:40:42 +00:00
Andrew Tridgell
81f56139b6 initial kerberos/ADS/SPNEGO support in libsmb and smbclient. To
activate you need to:

- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d330575856)
2001-10-11 07:42:52 +00:00