IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett
also created winbindd_rpc.c which contains the functions that
have been converted to the new structure. There will soon be
a winbindd_ads.c for the ldap backend
subdirectory.
(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).
This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.
Andrew Bartlett
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
Satyr framework from the buildfarm. This will eventually be copied
into the Samba source tree, but it is not yet. See
cvs://samba.org:/data/cvs/satyr
Add "make showlayout" target to show where installation will put
things.
pam authentication. This allows us to link in less other crap.
Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
Not sure what the original intent was with the [ -f $@ ] test but this
prevented the touch from happening. Could whoever originally added this
target check this out?
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
an authenticaion object that happens to also be used by winbind. We need to
fix this up at some stage.
In the end it will probably be best if winbind does the login over its own
internally managed connections, not a new one per authenticiaon. Then this
would no longer be an issue, as it could call cli_nt_login_network() directly.
Andrew Bartlett
for unicode strings. The new method relies on 3 files that are mmap'd
at startup to provide the mapping tables. The upcase.dat and
lowcase.dat tables should be the same on all systems. The valid.dat
table says what characters are valid in 8.3 names, and differs between
systems. I'm committing the japanese valid.dat here, in future we need
some way of automatically installing and choosing a appropriate table.
This commit also adds my mini tdb based gettext replacement in
intl/lang_tdb.c. I have not enabled this yet and have not removed the
old gettext code as the new code is still being looked at by Monyo.
Right now the code assumes that the upcase.dat, lowcase.dat and
valid.dat files are installed in the Samba lib directory. That is not
a good choice, but I'll leave them there until we work out the new
install directory structure for Samba 3.0.
simo - please look at the isvalid_w() function and think about using
it in your new mangling code. That should be the final step to
correctly passing the chargen test code from monyo.
used by SWAT into $swatdir/$ln/{help,images,include}
we have still points which needs to discuss, that is how to archive
and install lots of HTML help files and Using Samba files.
-- monyo
server. This is just a framework right now - I want this to eventually
replace the win32 test code from monyo
The interesting this about this test is that it shows up a really
horrible performance bug in our stat cache code. I'll see if I can fix
it.
TO enable configure with --with-i18n-swat
to support this gettext is integrated
and a new directories name "po" and "intl" are created.
now these languages are supported:
en - English (default)
ja - Japanese
po - Polish
tr - Turkish
To add your language,
to create ${your_language}.po by translating source/po/en.po
into your language is needed.
some of html and image files of various language version are not
included yet, though message catalogue files are installed.
you need to copy files manually under
${swatdir}/lang/$ln/{help,images,included,using_samba}
And also added a option to intall manual pages:
of various lang version
To enable configure with --with-manlangs
but manual pages themself are not included yet.
