IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e77)
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages. *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.
I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.
Andrew Bartlett
(This used to be commit d61061052d)
split out the auth methods.
This caused all SWAT logins to fail, except when using local system
authentication.
Andrew Bartlett
(This used to be commit b5a9d507a3)
will now control the auth methods, but an override is still available,
ex:
auth methods:domain controller = <methods>
Andrew Bartlett
(This used to be commit b7e727186e)
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0)
and gensec_server_start().
calling them with NULL for event context or messaging context
is no longer allowed!
metze
(This used to be commit 679ac74e71)
This should give better behaviour in SWAT.
Fix authentication as Samba, rather than System, users in SWAT.
Andrew Bartlett
(This used to be commit 498d72c4ad)
main provision script a bit, as the argument list was getting out of
control. (It has been replaced in part with an object).
This also returns the session_info from the auth code into ejs.
We still need access control allowing only root to re-provision.
Andrew Bartlett
(This used to be commit 002cdcf3ca)
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881)
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:
- SYSTEM and Administrators can read all.
- Users and anonymous cannot read passwords, can read everything else
- list of 'password' attributes is hard-coded
Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)
Andrew Bartlett
(This used to be commit be9d0cae89)
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee)
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
(This used to be commit 194e8f07c0)
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6e)
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3)
- tried to make the ejs_userAuth() call work for the sam, not just for
unix auth. I didn't get this working. Andrew, when you get a chance
can you see what I'm doing wrong? I suspect its because we aren't
supplying a challenge, but a challenge doesn't really make sense in a
'is this username/password' correct call.
(This used to be commit 9e07c08a71)
upstream sources. This makes it much easier to keep it up to date.
I will separate out the mpr code into lib/appweb/mpr next
(This used to be commit 52db7a052b)
- added sys_unlink()
- added sys_file_load() and sys_file_save()
- use mprString() instead of mprCreateStringVar() to cope with NULL strings
- removed smbcalls_irpc.c as its not needed any more
- allow ldbAdd() and ldbModify() to take multiple ldif records
- added a sprintf() function to ejs. Quite complex, but very useful!
(This used to be commit 625628a3f6)
have the toString() and valueOf() default attributes
this allows all our returned objects to be used in logical expressions
(This used to be commit 570f071b15)
