summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
1998-05-12- removed ldap_get_trust()Luke Leighton1-101/+74
- #ifdef around putting 16 byte hashes instead of plaintext password. (This used to be commit ca7bf597e4781ee1a82dc231584b16624d99e9f3)
1998-05-12function comments wrongLuke Leighton1-2/+2
(This used to be commit da11063cbd23c376c4e1afaad647adcb989934eb)
1998-05-12removed lp_domain_workstation() parameterLuke Leighton3-10/+1
(This used to be commit 80d6a3bb0cf3853aa51594cce888e6c0a6e6f634)
1998-05-12retired this file: it's not actually needed now that passdb.c providesLuke Leighton1-152/+0
the interface point. (This used to be commit 27ba6fafc90d8de7107f39c848f1f34b021ed0a0)
1998-05-12a new slprintf() function. This one is totally portable but a bit of aAndrew Tridgell1-27/+41
kludge. It is a safe kludge with our current code but I would like to revisit it at some point in the future. The problem with the one I committed yesterday is it used non-portable functions. (it also had a bug in it, but that's another matter) This one works by just using vsprintf() into a 8k buffer and a memcpy from there. No memory protection tricks or other non-portable stuff. This is safe because all calls to slprintf() in samba use strings which have been through a pstrcpy and thus are less than 1024 bytes. No call uses more than 2 of these strings. See what I mean by kludge? Note that the 8k is way overkill but I like overkill :) Someday (after autoconf) we will replace this with something better, but meanwhile this is simple, secure and portable. (This used to be commit 4cfcc398c35c6726f14f485ae8e9ebcef180392f)
1998-05-12This is a security audit change of the main source.Jeremy Allison68-787/+887
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11password back-end database supportLuke Leighton4-118/+168
ldap.c : - added getldap21pwent() function passdb.c : - getsam21pwent() no longer a stub: calls ldap21 or smb21 smbpass.c : - added getsmb21pwent() function (he he :-) lib/rpc/server/srv_samr.c : - removed "specific" calls to ldap functions; replaced with call to get_sampwd_entries instead (which is unfinished). - rewrote get_user_info_21 function to call getsam21pwrid. (This used to be commit c760ebbf127796427c4602aae61952df938c6def)
1998-05-11reply.c: Added code to not overwrite sesssetup_user when in share level securityJeremy Allison2-2/+9
and null session setup done. smbpasswd.c: Fix from Gerald Carter <cartegw@Eng.Auburn.EDU> to fix incorrect use of pointer. Jeremy. (This used to be commit 69ace0760986a6e892cd5b25ca85930b65e38c45)
1998-05-11add lp_domain_workstations() parameter. this is a list of workstation namesLuke Leighton2-0/+6
from which an NT user can log in from. empty (default) indicates no restrictions. exactly how this is enforced is unknown. from past experience it's likely that the enforcement is left to the client to carry out... (This used to be commit 6b2f9ea68f5754ca6caaf685a9538ab404e1bab4)
1998-05-11ldap back-end database developmentLuke Leighton10-604/+725
Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
1998-05-11don't use system functions as arguments to qsort() as otherwise youAndrew Tridgell1-1/+1
get stuck on systems with broken headers (like SunOS4). In this case use StrCaseCmp instead of strcasecmp (This used to be commit 1386c6e25a2cf05c5c48b7a5094db3b2a6f5a5b3)
1998-05-11include includes.h in all the ubiqx files. I know Chris won't likeAndrew Tridgell5-4/+6
this but it really is necessary (sorry Chris!) ubiqx code didn't compile on SunOS4 otherwise as stdlib didn't define NULL. (This used to be commit 4989db8b0b6fad8bd743615b1fe177adbb2594cf)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell33-94/+207
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell1-1/+1
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit 6b0c1733d2ebf3b8f09f3bf88b8648d8b371bb1f)
1998-05-10Updated OSF1_ENH_SEC mode password handling.John Terpstra1-1/+8
This now tries Enhanced passwords first and if this fails trys Basic mode (ie: Unix /etc/passwd) authentication. This only happens when OSF1_ENH_SEC is defined at compilation. (This used to be commit 29462c8d7a241eb462b1583170a0b5f16096ea3f)
1998-05-08added sam_passwd structure: don't want smb_passwd to be "polluted".Luke Leighton1-6/+50
(This used to be commit d42dd371fa2ab690bf4261a735f03a7380479ebe)
1998-05-08move things around to get rid of make clean warning messagesHerb Lewis1-4/+12
(This used to be commit d7975ef1e3f38e678ea20d3f86718b05f4fb1aff)
1998-05-08removed proto.h from cvsignoreLuke Leighton1-1/+0
(This used to be commit beb56f083d6f9c557486f08b8266c53552684118)
1998-05-08clitar.c: #ifdef'ed out all the bits that were giving 'defined but not used'Jeremy Allison4-48/+35
messages. nttrans.c: More updates. smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke to use a new structure. web/swat.c: Fixed gcc complaints about shadowing global 'string'. Jeremy. (This used to be commit 61c1dbb9785ed1e6fe40f93c7cc65024884df6f5)
1998-05-08Ho hum, someone deleted proto.h from cvs... re-adding.Jeremy Allison1-0/+2070
Jeremy. (This used to be commit 6dde50738fcdbaae799101b84ab6b6270696193d)
1998-05-08proto.h was being a pain. use "make proto" instead. check release andLuke Leighton1-2070/+0
release-alpha scripts operate correctly when it comes to generating a release or alpha release. (This used to be commit 6f792502d714c4883fe0831068c4ac703e7029ba)
1998-05-08added proto.h to .cvsignoreLuke Leighton1-0/+1
(This used to be commit 29eda8a00ad0d1036a14e2b1e30c7aeca846bbb2)
1998-05-08added smb_grpid to smb_passwd structLuke Leighton1-0/+1
(This used to be commit bcafdcda85581cee4b7b5ead4526c30851e461bf)
1998-05-08Se-submitting clitar.c/Richard Sharpe2-58/+436
I now only have one warning in my code which is the result of some code I have started working on but am not yet using in the code, along with a warning that is caused by one of the include files (a nested comment). I used -Wall -Wshadow -Wstrict-prototypes (This used to be commit 7b98fd5b69282320af700833c2d2720c42a382d8)
1998-05-08renamed last_change_time to pass_must_change_time. removed "if (bool==True)"Luke Leighton2-21/+20
and "if (bool==False)" code from ldap.c - a boolean test may not necessarily return exactly True or exactly False: True may be defined to be -1: you never know... (This used to be commit 9bf9752134a92b9a6e8895300d986cfa23547c03)
1998-05-08added extra fields to struct smb_passwdLuke Leighton1-7/+37
the smbpw functions are expected to fill in the blanks by reading the appropriate smb.conf parameters. the ldappw functions are expected to fill in the fields from the ldap database. a separate utility can be written to fill in the ldap database fields from the smb.conf parameters, at a later date. (This used to be commit 0b6394c83ec20afdd8065da6785e057c35f3951f)
1998-05-08The globals section now shows non-default variables (like theHerb Lewis2-23/+125
view config section does) in the basic view. There is also a reset button to undo all changes you have made (that haven't been committed). In addition each field now has a "Set Default" button. Multi-choice fields are now select fields instead of a set of radio buttons. On the status screen I added a "restart" option for stopping then starting smbd and nmbd. (This used to be commit a6edde4f004d3ba65d938acd3e6e094664a6c468)
1998-05-08added FLAG_BASIC to some browse options for swat.Herb Lewis1-4/+4
(This used to be commit ce1af10ab44d5d16557ddfd28c58f1669c04e0b3)
1998-05-08smb.h: Supporting defines for NT trans calls.Jeremy Allison2-4/+33
trans2.c: Paranoia bugfixes added when studying nttrans.c. Jeremy. (This used to be commit 94e70edef91c71703a7ebcdaf2b5a2bdce940a69)
1998-05-08Initial cut at the code that will do NT SMB calls. Not linked in, notJeremy Allison1-0/+225
compiled yet, just checked in for safe keeping :-). Jeremy. (This used to be commit 74565f0039be8ab02a501accad5e671e80733314)
1998-05-07added first pass at start/get/end-ldappwent functions. unfortunately, lotsLuke Leighton1-10/+65
of information will be lost as these functions currently return struct smb_passwd not SAM_USER_INFO_21 or any other type of structure... (This used to be commit ad3097099cba524c9ec7c3ffc6d5647019efeaab)
1998-05-07remove unused ldap functions: add stub start/get/endldappwent routines.Luke Leighton2-146/+97
(This used to be commit a827412effe75029622cc3c822b1d581dd374fda)
1998-05-07moving gethexpwd into util.c, because it's used in both smbpass.c and ldap.cLuke Leighton5-67/+38
(This used to be commit abe261b2f5ea7036e7be6230876176d134ef4ee4)
1998-05-07This should (hopefully :-) be the final fix for the %U %G substitutionJeremy Allison9-52/+57
problem.... smbpass.c: Removed Luke's dire warning - as some of the functions in here *need* to be called externally :-). Jeremy. (This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton12-140/+334
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
1998-05-07Fixed changed calls to machine password locking code.Jeremy Allison1-5/+4
Jeremy. (This used to be commit dfdc9b0b1e47717b83e54f1cf726e40122cf9baf)
1998-05-06Andrew redefines the free() function to do some memory management testing.Christopher R. Hertel1-1/+19
He also suggested that some systems may implement free() as a macro (but I think he was looking for an excuse ;). Anyway, I've added a function to mangle.c that calls free(). Chris -)----- (This used to be commit 95f7b03285c42e8f5573690939b79afc7e686908)
1998-05-06smbpass.c: Fixed machine_passwd_lock() problems.Jeremy Allison4-37/+33
password.c: Fixed machine_passwd_lock() problems. lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now. Jeremy. (This used to be commit d28427f21fff49da6b38c24625e3e2dae49a9713)
1998-05-06loadparm.c: Added #ifdef USE_LDAP around ldap code.Jeremy Allison6-38/+43
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet. util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code. lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code. Jeremy. (This used to be commit 446b98ca071170fc950bad86ad96b58308a5b75c)
1998-05-06Rolling back again to the equivalent of revision 1.22, as the currentJeremy Allison1-382/+25
CVS head branch will not compile. Jeremy. (This used to be commit 18a0a10dcb04733a2d7ba0e16d07ab7e6e2d54be)
1998-05-06jean-francois micouleau's well-alpha code for ldap password database stuff!Luke Leighton7-55/+859
he's going to hate me for checking this in so early, but... (This used to be commit ad9ba0a1cbac5c4e6cbcbcadefe8f1df72231f74)
1998-05-06Added mksmbpasswd.sh to binary packageVolker Lendecke2-8/+10
(This used to be commit 94f31b95f708a4362fdcc697610d6edc9b72a5fc)
1998-05-06compiler warning for unimportant uninitialised variableLuke Leighton1-4/+4
(This used to be commit 81bf26309248b63cc7e167170a8b384c11126ded)
1998-05-06Real fix for clitar.c problems. Have now made all the rightRichard Sharpe2-28/+385
things static, and have done a 'make proto; make clean; make'. Still get 54 compiler warnings under Digital UNIX cc. Honest. :-) (This used to be commit 47eb7e5be2f12206bd2de0670be478d80e1d84de)
1998-05-06much faster pstrcpy() and fstrcpy()Andrew Tridgell1-16/+24
also print out the first 50 chars of an overflowing string so we have some chance of working out what is causng them. (This used to be commit 7a67e76722521ac8099cbcda054b0f4bf45c7bfe)
1998-05-06Fixes for the %U and %G problems people have reported.Jeremy Allison9-25/+38
Essentially, multiple session_setup_and_X's may be done to an smbd. As there is only one global variable containing the requested connection name (sessionsetup_user), then any subsequent sessionsetups overwrite this name (causing %U and %G to get the wrong name). This is particularly common when an NT client does a null session setup to get a browse list after the user has connected, but before a share has been mounted. These changes store the requested_name in the vuid structure (so this only really works for user level and above security) and copies this name back into the global variable before the standard_sub call. Jeremy. (This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
1998-05-05genrand.c: SGI compile warning fix.Jeremy Allison11-26/+28
ipc.c: Fix for duplicate printer names being long. loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c protects us. nmbd_logonnames.c: nmbd_namequery.c: nmbd_namerelease.c: Debug messages fix. password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call. reply.c: SGI compile warning fix. server.c Debug messages fix. smbpass.c: Fix for incorrect pointer. Jeremy. (This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71)
1998-05-05added definitions for "password chat debug" and "unix password sync"Herb Lewis1-1/+40
from the 1.9.18 tree (This used to be commit 228a2a0507494e0b13ed5c74488607811da20140)
1998-05-05Rolling clitar.c back to the previous rev 1.22 as the current oneJeremy Allison1-382/+25
needs fixing (sorry). Jeremy. (This used to be commit 50f75b11465ac45f1944ed613a65524ca4e60594)
1998-05-05Added bug fixes to clitar to ensure proper longfile name restoresRichard Sharpe1-25/+382
occur. Also getting ready for setting directory dates correctly (This used to be commit fc0cad9035f9cbb5d8a5ee0221c342a3f90cf201)