diff options
| -rw-r--r-- | WHATSNEW.txt | 29 | ||||
| -rw-r--r-- | source3/utils/net.c | 52 | ||||
| -rw-r--r-- | source3/utils/net_help.c | 7 |
3 files changed, 72 insertions, 16 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2f0b33f464..5319adeee7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -40,7 +40,8 @@ Major new features: 7) Better Windows 2000/XP/2003 printing support including publishing printer attributes in active directory. -8) New loadable RPC modules. +8) New loadable module support for passdb backends and + character sets. 9) New default dual-daemon winbindd support for better performance. @@ -73,17 +74,17 @@ refer to the various man pages for information on individual options. ###################################################################### -Changes since 3.0rc -################### +Changes since 3.0rc1 +#################### Please refer to the CVS log for the SAMBA_3_0 branch for complete details: 1) Add levels 261 and 262 to search. Found using Samba4 tester. -2) Correct bad errot return code in session setup reply +2) Correct bad error return code in session setup reply 3) Fix bug where smbd returned DOS error codes from SMBsearch even when NT1 protocol was negotiated. -4) Implement SMBxit properly. +4) Implement SMBexit properly. 5) Return group lists from a Samba PDC to a Windows 9x/ME box in implementing user level access control (bug 314). 6) Prevent SWAT from crashing when adding shares (bug 254) @@ -99,29 +100,29 @@ details: 14) Include initial version of smbldap-tool scripts for the Samba 3.0 schema. 15) Implement numerous fixes for multi-byte character strings. -16) Enable unix extensions by default. -17) Make sure we set the sid type when falling back to the rid +16) Enable 'unix extensions' parameter by default. +17) Make sure we set the SID type when falling back to the rid algorithm (bug 245). 18) Correct linking problems with pam_smbpass (bug 327). 19) Add SYSV defines for Irix and Solaris to ensure the 'printing' parameter default to the correct value (bug 230) -20) Fix recusion bug in alloc_string+sub() (bug 289, et. al.) +20) Fix recursion bug in alloc_string_sub() (bug 289, et. al.) 21) Ensure that 'make install' includes the static and shared versions of the libsmbclient libraries. 22) Add CP850 and CP437 internal character set support (bug 150). -23) Add support to examples/LDAP/convertSambaAccuont for generating - LDIF modify files instaed of just add (303). +23) Add support to examples/LDAP/convertSambaAccount for generating + LDIF modify files instead of just add (303). 24) Fix support for -W option in smbclient (bug 39) 25) Remove 'ldap trust ids' parameter since it could not be supported by the current architecture. 26) Don't crash when no argument is given to -T in smbclient (bug 345). 27) Ensure smbadduser contains the same paths for the smbpasswd file as the other Samba tools (bug 290). -28) Port of 'avalable = no' fix for [homes] from SAMBA_2_2 cvs tree. +28) Port of 'available = no' fix for [homes] from SAMBA_2_2 cvs tree. 29) Add sanity checks to DeletePrinterData[Ex]() and ensure that the modified printer is written to disk. -30) Force winbindd to preiodically update the trusted domain cache. -31) Remove outdate import/export script to convert an smbpasswd file +30) Force winbindd to periodically update the trusted domain cache. +31) Remove outdated import/export script to convert an smbpasswd file to and from and LDAP directory. Use the pdbedit tool instead. @@ -214,7 +215,7 @@ Changes since 3.0beta3 53) Add vfs_readonly VFS module. 54) Make sure to initialize the sambaNextUserRid and sambaNextGroupRid attributes when using 'idmap backend = ldap' (bug 280). -55) Make sure that UNIX users shared between a Samba PDC and member +55) Make sure that users shared between a Samba PDC and member samba server are seen as domain users and not local users on the domain member. 56) Fix Query FS Info level 2. diff --git a/source3/utils/net.c b/source3/utils/net.c index c49c77dd50..90f71f5035 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -79,6 +79,30 @@ struct in_addr opt_dest_ip; extern BOOL AllowDebugChange; +/**************************************************************************************************/ +/* Utility function to prompt for password from stdin. Password entered must end with a newline. */ +/**************************************************************************************************/ +static char *stdin_new_passwd(void) +{ + static fstring new_pw; + size_t len; + + ZERO_ARRAY(new_pw); + + /* + * if no error is reported from fgets() and string at least contains + * the newline that ends the password, then replace the newline with + * a null terminator. + */ + if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) { + if ((len = strlen(new_pw)) > 0) { + if(new_pw[len-1] == '\n') + new_pw[len - 1] = 0; + } + } + return(new_pw); +} + uint32 get_sec_channel_type(const char *param) { if (!(param && *param)) { @@ -355,6 +379,33 @@ static int net_changetrustpw(int argc, const char **argv) return net_rpc_changetrustpw(argc, argv); } +static int net_changesecretpw(int argc, const char **argv) +{ + char *trust_pw; + char trust_pw_hash[16]; + uint32 sec_channel_type = SEC_CHAN_WKSTA; + + + if(opt_force) { + trust_pw = getpass("Enter machine password: "); + + if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) { + d_printf("Unable to write the machine account password in the secrets database"); + return 1; + } + else { + d_printf("Modified trust account password in secrets database\n"); + } + } + else { + d_printf("Machine account password change requires the -f flag.\n"); + d_printf("Do NOT use this function unless you know what it does!\n"); + d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n"); + } + + return 0; +} + static int net_share(int argc, const char **argv) { if (net_rpc_check(0)) @@ -537,6 +588,7 @@ static struct functable net_func[] = { {"SERVICE", net_rap_service}, {"PASSWORD", net_rap_password}, {"CHANGETRUSTPW", net_changetrustpw}, + {"CHANGESECRETPW", net_changesecretpw}, {"TIME", net_time}, {"LOOKUP", net_lookup}, {"JOIN", net_join}, diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c index 1f3afb1690..272a06bc90 100644 --- a/source3/utils/net_help.c +++ b/source3/utils/net_help.c @@ -47,7 +47,7 @@ int net_common_flags_usage(int argc, const char **argv) d_printf("\t-U or --user=<name>\t\tuser name\n"); d_printf("\t-s or --configfile=<path>\t\tpathname of smb.conf file\n"); d_printf("\t-l or --long\t\t\tDisplay full information\n"); - d_printf("\t-V or --version\t\tPrint samba version information\n"); + d_printf("\t-V or --version\t\t\tPrint samba version information\n"); d_printf("\t-P or --machine-pass\t\tAuthenticate as machine account\n"); return -1; } @@ -60,7 +60,8 @@ static int help_usage(int argc, const char **argv) "\n"\ "Valid functions are:\n"\ " RPC RAP ADS FILE SHARE SESSION SERVER DOMAIN PRINTQ USER GROUP VALIDATE\n"\ -" GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"); +" GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP GETLOCALSID SETLOCALSID\n"\ +" CHANGESCRETPW\n"); return -1; } @@ -156,6 +157,8 @@ static int net_usage(int argc, const char **argv) " net cache\t\tto operate on cache tdb file\n"\ " net getlocalsid [NAME]\tto get the SID for local name\n"\ " net setlocalsid SID\tto set the local domain SID\n"\ + " net changesecretpw\tto change the machine password in the local secrets database only\n"\ + " \tthis requires the -f flag as a safety barrier\n"\ "\n"\ " net ads <command>\tto run ADS commands\n"\ " net rap <command>\tto run RAP (pre-RPC) commands\n"\ |