IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
searching and not finding otherwise we return a valid looking pointer
that was whatever crap was on the stack.
Jeremy.
(This used to be commit 5d3ac0e39b)
searching and not finding otherwise we return a valid looking pointer
that was whatever crap was on the stack.
Jeremy.
(This used to be commit b6e7890017)
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.
Change in functionality of the 'ldap filter' parameter. This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam
conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
(This used to be commit 998586e652)
idmap-and-the-rest from HEAD.
These are correctness fixes that were already in 3.0, and a memory leak fix.
The pdb_ldap changes are held back at jerry's request (he is also playing
with pdb_ldap ATM).
Andrew Bartlett
(This used to be commit c7d5e336bd)
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978)
Jump out of sam entry processing loop if the return value from
cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES.
(This used to be commit 47d8ee3679)
channel:
- If the domain name passed to create_rpc_bind_req() is empty, use
lp_workgroup()
- Correctly set the auth_padding field when the send_size is a multiple
of 8 bytes
I've tested with nt4sp6 and win2ksp0 and it seems to work, although
there are no password hashes transferred from win2k. The empty
passwords are being protected by the secure channel encryption though.
(This used to be commit a8c11e8556)
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab
2. Disabled by default and when requested, will be probed and enabled only on Linux where it works
3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far
Documentation to follow
(This used to be commit 4bf022ce9e)
1. idmap.h is used for unid_t only, agreed by Simo
2. sysquotas.h is used to add quota support to VFS layer and is needed for future NT quota commit
3. vfs_macros.h provides convenient macros to access VFS API.
(This used to be commit 1dd5786359)
1. Finally work with cascaded modules with private data storage per module
2. Convert VFS API to macro calls to simplify cascading
3. Add quota support to VFS layer (prepare to NT quota support)
Patch by Stefan (metze) Metzemacher, with review of Jelmer and me
Tested in past few weeks. Documentation to new VFS API for third-party developers to follow
(This used to be commit 91984ef5ca)
password. On NT4, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT means
the password was correct. So the PDC believed that he had his trust
account correctly added. Later the auth2 naturally failed.
BTW, setting up an interdom trust account is not what I would call
well documented and easy to handle... Working on that now :-)
Volker
(This used to be commit e4e44cf3b1)
useful in the auth verifier yet. So this patch ignores it.
Really checking this would be a lot more intrusive: in rpc_api_pipe we
would have to distinguish between binds and normal requests, or have
more state in the netsec info of cli_state, which is also somewhat
hackish.
Volker
(This used to be commit 8de04fcf68)
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid
for the primary user identifier.
Also cope with legacy installations where primaryGroupID might have been
stored as 0.
Andrew Bartlett
(This used to be commit 0e432817cb)
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2d)
structure-memcpy for DATA_BLOB parameters to using a pointer to that DATA_BLOB.
auth_sam calls some of these functions, so I've cleaned it all up to use this
format now.
Also clean up some debug statements to make them easier to read.
Andrew Bartlett
(This used to be commit 0c355c274a)
With big thanks to tpot for the ethereal disector, and for the base code
behind this, we now fully support NTLMv2 as a client.
In particular, we support it with direct domain logons (tested with ntlm_auth
--diagnostics), with 'old style' session setups, and with NTLMSSP.
In fact, for NTLMSSP we recycle one of the parts of the server's reply directly...
(we might need to parse for unicode issues later).
In particular, a Win2k domain controller now supplies us with a session key
for this password, which means that doman joins, and non-spnego SMB signing
are now supported with NTLMv2!
Andrew Bartlett
(This used to be commit 9f6a26769d)
- auth with ntlmv2 and lmv2 but deliberately break the ntlmv2 hash
- auth with ntlmv2 and lmv2 but deliberately break the lmv2 hash
- auth with ntlm and lm but deliberately break the ntlm hash
- auth with ntlm and lm but deliberately break the lm hash
My theory is that the NTLM or NTLMv2 field must be correct and if it is,
it doesn't matter what the value of the LM or LMv2 field is.
Fixed cosmetic test name display bug.
(This used to be commit 5dcde9451b)
then we weren't always correctly detecting that it had a valid stat struct
and so might now return a 'file existed'. Finally realized this when installing
the W2K resource kit as a test case.
Jeremy.
(This used to be commit a0688316ce)
then we weren't always correctly detecting that it had a valid stat struct
and so might now return a 'file existed'. Finally realized this when installing
the W2K resource kit as a test case.
Jeremy.
(This used to be commit d48069ccd8)
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.
Volker
(This used to be commit 5b3cb7725a)
the other infrastructure with name owners etc in place. If anybody is
really going to tackle winsrepld, it will probably not be hard to put
the additional info back.
Volker
(This used to be commit eb82daa84a)
this world than 'status more entires'...
Also move all the cases to 'NT_STATUS_EQUAL()' to test it.
Andrew Bartlett
(This used to be commit b4645bf066)
(well, under certain conditions :-)
There is no length limit on the size of the authentication response added
into the MD5 hash. (We had previously limited this to lengths like 40, 44 or
64 in attempts to make sense of what the SNIA spec tells us).
Instead, the entire authentication response is added in.
Currently, this only works on a Win2k domain members with a Samba PDC,
becouse our NTLMv2 code currently fails against an Win2k PDC.
However, this splits the problem in half - particularly as the NTLMv2 format
is known, and even has an ethereal disector! (thanks tpot).
Andrew Bartlett
(This used to be commit 7645d3d28a)
lp_workgroup(), for all other server this is global_myname().
This is the name of the domain for accounts on *this* system, and getting
this wrong caused interesting bugs with 'take ownership' on member servers
and standalone servers at Snap.
(They lookup the username that they got, then convert that to a SID - but
becouse the domain out of the smbpasswd entry was wrong, we would fail the
lookup).
Andrew Bartlett
(This used to be commit 5fc78eba20)
Put in a prototype for dummy_snprintf() to quiet compiler warnings.
Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even if
the C library has some snprintf functions already.
(This used to be commit c49cfe1677)
servers don't answer that name. However we *know* they
have the name workgroup#1b (as we just looked it up).
So do the node status request on this name instead.
Found at LBL labs.
Jeremy.
(This used to be commit 41e3abe8b8)
servers don't answer that name. However we *know* they
have the name workgroup#1b (as we just looked it up).
So do the node status request on this name instead.
Found at LBL labs.
Jeremy.
(This used to be commit c5b1654c28)
initialisation code in winbindd_init_common() after the fork when
running in dual daemon mode.
The only tricky bit is we have to run a tdb_reopen_all() somewhere in
the child to avoid tdb corruption.
Fixed bug #60.
(This used to be commit 25e55aca0f)
key, so we can test it in ntlm_auth.
I suspect the 'lm' version doesn't exist, but it's easy to change back.
Andrew Bartlett
(This used to be commit 5efd95622c)
Our NTLMv2 client code needs work, becouse we don't get the session key for
any of the NTLMv2 stuff...
Also test some of the more 'odd' auth cases - like putting the NT password
into the LM feild.
Clean up some static globals into static locals.
Andrew Bartlett
(This used to be commit 62f0acc991)
directly - fixed problem where the last line of the link command was
'\ @LDAP_LIBS@'. If @LDAP_LIBS@ is zero then the backslash
incorrectly includes the next line of the Makefile in the current
target.
This should fix a bucketload of build farm failures.
(This used to be commit 895bef1a62)
This should make it clearer what magic numbers refer to the magic numbers
in the CIFS spec, and what bits and peices are being appended into the MD5
calculation where.
Andrew Bartlett
(This used to be commit 7f1c271cfb)
Now the IRIX and non-irix cases for one of these switch statements is the same,
eliminate the statement...
We now use autoconf > 2.50, so we can use some of it's features.
We also need to correctly include the magic for building vfs_fake_perms.
(This used to be commit a4ec8a6151)
add winbindd_passdb backend
this makes it possible to have nua accounts on security = user servers to
show up in unic through nss_winbind.so
the problem is that we do not have group support, so nss group support is
not very good at this time (read: totally absent)
we NEED group support in passdb
(This used to be commit 921215cf4b)
fixed I would like to see this tested a bit more. Default the schannel
stuff to auto which means 'offer, but do not enforce'.
Volker
(This used to be commit 7a1b8409be)
make a new sam_Account contain our domain by default, windows will complain
on logon otherwise.
fix stupid typo in idmap_util.c
(This used to be commit 21701876dc)
source file. I will be making changes to sock_exec to work on VOS, which
has a blocking connect() call, but first I want to get it in its own source
file so that it can be called from a test program.
(This used to be commit 10bf65d335)
source file. I will be making changes to sock_exec to work on VOS, which
has a blocking connect() call, but first I want to get it in its own source
file so that it can be called from a test program.
(This used to be commit 2dd18ca0cf)
few fixes to *id_to_*id functions, we don't set the mapping for algoritmic
RIDs, they are resolved in the classic way
eliminate getpw* calls from tdbsam
(This used to be commit 6a7689cf74)
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f603246)
