summaryrefslogtreecommitdiff
path: root/source3/passdb/smbpass.c
AgeCommit message (Collapse)AuthorFilesLines
1998-08-17moved connection_struct handling code into smbd/conn.c and changed itAndrew Tridgell1-4/+4
to a linked list with bitmap format. (This used to be commit b7aaab1b6b2d2f72b2bb7c11f5c7bf081a6093d9)
1998-08-14this is the bug change to using connection_struct* instead of cnum.Andrew Tridgell1-2/+2
Connections[] is now a local array in server.c I might have broken something with this change. In particular the oplock code is suspect and some .dll files aren't being oplocked when I expected them to be. I'll look at it after I've got some sleep. (This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
1998-07-29merge from the autoconf2 branch to the main branchAndrew Tridgell1-1/+1
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
1998-06-04includes.h: Fixes for NetBSD and BSDI.Jeremy Allison1-2/+2
smbpass.c: Fixed irix warnings. Jeremy. (This used to be commit 2caefb35ff56dba67968d04755d74238a38ba29d)
1998-06-01clientutil.c: Don't core dump if no controlling terminal available for password.Jeremy Allison1-2/+2
passdb.c: lib/rpc/include/rpc_misc.h: First cut at automatic uid/gid to rid mapping. We can change this at a later date to make more bits available if neccessary. Jeremy. (This used to be commit 34f40474aba97118e1e80fe6259c686e46dc16b4)
1998-05-26smb.h: More NT SMB stuff (just defines).Jeremy Allison1-1/+2
smbpass.c: Do *NOT* make this function static. It breaks the compile on gcc util.c: Getting closer to MS wildcard semantics. A trailing '*' matches any trailing dot-separated components. trans2.c: Removed hacks that change multiple '?' -> '*' as this breaks things now. trans2.h: Removed NT_FILE_ATTRIBUTE_NORMAL - now FILE_ATTRIBUTE_NORMAL is defined in smb.h. Jeremy. (This used to be commit 42a65511068cd9006350c80bbed2f346f3f01cb0)
1998-05-24- created pdb_sethexpwd(), to be called from all pwd apis that need toLuke Leighton1-2/+2
store passwords in ascii format - dealt with lots of signed/unsigned char thingies spotted by Tim Winders. (This used to be commit bd825f1ef15c4bf12aeba945f8bfdc7fd0e14d25)
1998-05-21fixed signed / unsigned warnings spotted by tim winders. also fixedLuke Leighton1-1/+1
unnecessary "address of" warnings. (This used to be commit ed0afe1e186ce53046e70d8a92103d4f59a2eed2)
1998-05-19passdb.c: Fixed typo in coment.Jeremy Allison1-1/+5
smb.h: Removed comments no longer valid. smbpass.c: Stopped dummy function from being prototyped. util.c: Fix for multibyte char problems with strlower, strupper and string_replace. Jeremy. (This used to be commit cd244b45a5d35fceee2a4034b0c6aabdb58871aa)
1998-05-19made mod_smbfilepwd_entry() and getsmbfilepwent() static. they need notLuke Leighton1-98/+97
be exposed. (This used to be commit 61ab72b82b24006c69b573400f740ff73e742b32)
1998-05-19oops - got some of the default (conversion) functions wrong.Luke Leighton1-32/+19
(This used to be commit b836581cda2b58d285245f71f2bc419c6ece4911)
1998-05-19removed "default" system for password database api: all functions mustLuke Leighton1-0/+18
be supported. there are some stub routines in passdb.c which can be copied into a password database api which do conversion. the module writer can choose which of these to provide full support for instead of using the conversion routines. (This used to be commit d906ac5941fa22f93a38d65906b89a80f971b83c)
1998-05-19ldap.c :Luke Leighton1-0/+1
- added support for some of the new passdb_ops functions. - removed functions that are supported "indirectly" through passdb.c nisppass.c : - modified make_nisname_from_xxx() functions to take a "file" arg. - turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid() functionality is available through "indirect" support in passdb.c - removed functions that are supported "indirectly" through passdb.c - added support for some of the new passdb_ops functions. passdb.c : - created getsam21pwrid() function to go alongside getsam21pwuid. it is not expected that getsam21pwuid ever be used, certainly not from the lib/rpc code. - created getsamdisprid() and getsamdispent(). these are primarily for support of SamrQueryDisplayInfo, however given that they [struct sam_disp_info] return username, rid and fullname, there may be further instances where these functions will be useful. - added support where either the get/add/mod-smb or get/add/mod-sam21 functions are optional. this can be done very easily by checking whether the struct passdb_ops table functions are NULL or not. documented this capability in the notes at the top of the module. - where unix uid was referenced, use uid_t. - where unix gid was referenced, use gid_t. smb.h : - added sam_disp_info functions to passdb_ops. - added getsam21pwrid() function. smbpass.c : - added reference to iterate_getsam21pwrid(). lib/rpc/server/srv_samr.c : - removed group rid code added to get_user_info_21() code: this had been added in the wrong place. the client / server should already know whether it wants to do a lookup by user rid or by group rid. the test of whether the rid is a user or group rid has been left in because this may become useful consistency-check code. - converted back to getsam21pwrid() not getsam21pwuid(pdb_user_rid_to_uid()). this is because the unix uid to user rid mapping can be non-monotonic in some password database systems, and monotonic in others. imposing the restriction by converting immediately from rid to uid at this point is inadviseable, and will place this potential restriction on _all_ password database systems, not just some which, for whatever reason, do not support user rids. it should be up to the individual password database writer to convert from user rid to unix uid, should that module not support rids. lib/rpc/server/srv_util.c : - got lookup_user_name() to call getsamdisprid() not getsmbpwuid(). a bug was introduced (or at least the bug already there was not fixed) whereby the nt user rid was converted to a unix uid, and then not used. (This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
1998-05-18Abstracted all the crappy password interfaces through an indirectJeremy Allison1-34/+40
function table, selectable at compile time. This should make the code that implements all the password functions much cleaner, as it's now very clear exactly what a particular password database needs to provide to Samba. Jeremy. (This used to be commit 27ca536ad974242524c12f7100e419d9e7f9647f)
1998-05-18chgpasswd.c: Changed back to getsmb... from getsam...Jeremy Allison1-63/+63
ldap.c: Stoped dummy_function being prototyped. loadparm.c: Fixed slprintf sizes. nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved stuff around a lot - stopped any lookups by rid. This needs to be indirected through a function table (soon). password.c: Changed back to getsmb... from getsam... reply.c: Changed back to getsmb... from getsam... slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems. smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam... Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)
1998-05-18creating and using some pdb_init_(sam/smb) routines. putting ldap headersLuke Leighton1-9/+3
back in (they had been taken out of includes.h because they are only local to ldap.c. (This used to be commit 98ab085b93fb25a4d9275c0d54a863fd9fae2548)
1998-05-18resolving compilation errorsLuke Leighton1-1/+2
(This used to be commit dea0c06eec44a7c2860f97d8f23584d30e482e0a)
1998-05-18- renamed some of the passdb.c functions: they have a prefix pdb_ on themLuke Leighton1-297/+9
- split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
1998-05-18Makefile:Luke Leighton1-3/+30
- added nisppass.c and NISPLUS_FLAGS includes.h: - renamed USE_LDAP to USE_LDAP_DB. renamed NISPLUS to USE_NISPLUS_DB. added default define of USE_SMBPASS_DB. - removed ldap headers: they are local only to ldap.c ldap.c : - made all ldap-specific functions static. - added dummy sam21 functions loadparm.c : - renamed NISPLUS to NISPLUS_HOME mkproto.awk - commented out ldap-specific #ifdef generation code: it's not needed now that ldap-specific functions in ldap.c are static nisppass.c : - first attempt at an add function from (This used to be commit f215d375f0f1e12894c2a9e86bd28d4776d337c1)
1998-05-14namequery.c: Fixed SGI IRIX 5.x compiler problem.Jeremy Allison1-4/+4
server.c: Added MACHINE.SID file generation - use lp_domain_sid() be default. smbpass.c: Exposed do_file_lock() as I now use it in server.c Jeremy. (This used to be commit 5bf17840ac7d65d08dd3fdfe8b789010488f6808)
1998-05-13initialise a variableAndrew Tridgell1-1/+1
(This used to be commit 1c052f8744c3f1f64638eb4c0ea7b0db39d50040)
1998-05-12removed lp_domain_workstation() parameterLuke Leighton1-1/+1
(This used to be commit 80d6a3bb0cf3853aa51594cce888e6c0a6e6f634)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-21/+22
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11password back-end database supportLuke Leighton1-1/+108
ldap.c : - added getldap21pwent() function passdb.c : - getsam21pwent() no longer a stub: calls ldap21 or smb21 smbpass.c : - added getsmb21pwent() function (he he :-) lib/rpc/server/srv_samr.c : - removed "specific" calls to ldap functions; replaced with call to get_sampwd_entries instead (which is unfinished). - rewrote get_user_info_21 function to call getsam21pwrid. (This used to be commit c760ebbf127796427c4602aae61952df938c6def)
1998-05-11ldap back-end database developmentLuke Leighton1-199/+34
Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell1-9/+11
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-05-08renamed last_change_time to pass_must_change_time. removed "if (bool==True)"Luke Leighton1-10/+10
and "if (bool==False)" code from ldap.c - a boolean test may not necessarily return exactly True or exactly False: True may be defined to be -1: you never know... (This used to be commit 9bf9752134a92b9a6e8895300d986cfa23547c03)
1998-05-07remove unused ldap functions: add stub start/get/endldappwent routines.Luke Leighton1-1/+0
(This used to be commit a827412effe75029622cc3c822b1d581dd374fda)
1998-05-07moving gethexpwd into util.c, because it's used in both smbpass.c and ldap.cLuke Leighton1-29/+0
(This used to be commit abe261b2f5ea7036e7be6230876176d134ef4ee4)
1998-05-07This should (hopefully :-) be the final fix for the %U %G substitutionJeremy Allison1-11/+0
problem.... smbpass.c: Removed Luke's dire warning - as some of the functions in here *need* to be called externally :-). Jeremy. (This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton1-32/+43
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
1998-05-06smbpass.c: Fixed machine_passwd_lock() problems.Jeremy Allison1-25/+21
password.c: Fixed machine_passwd_lock() problems. lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now. Jeremy. (This used to be commit d28427f21fff49da6b38c24625e3e2dae49a9713)
1998-05-06loadparm.c: Added #ifdef USE_LDAP around ldap code.Jeremy Allison1-8/+9
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet. util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code. lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code. Jeremy. (This used to be commit 446b98ca071170fc950bad86ad96b58308a5b75c)
1998-05-06jean-francois micouleau's well-alpha code for ldap password database stuff!Luke Leighton1-0/+9
he's going to hate me for checking this in so early, but... (This used to be commit ad9ba0a1cbac5c4e6cbcbcadefe8f1df72231f74)
1998-05-05genrand.c: SGI compile warning fix.Jeremy Allison1-2/+2
ipc.c: Fix for duplicate printer names being long. loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c protects us. nmbd_logonnames.c: nmbd_namequery.c: nmbd_namerelease.c: Debug messages fix. password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call. reply.c: SGI compile warning fix. server.c Debug messages fix. smbpass.c: Fix for incorrect pointer. Jeremy. (This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71)
1998-04-30Added patch from Bruce Tenison <btenison@dibbs.net> to allow encryptedJeremy Allison1-4/+6
passwords to be stored over time, allowing a smbpasswd file migration. Adds new parameter "update encrypted". Will also add to 1.9.18 branch. Docs update to follow. Jeremy. (This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
1998-04-29Makefile: Added files to smbpasswd.c.Jeremy Allison1-27/+54
loadparm.c: Patch from tim@quiknet.com for static string problems. server.c: Setup global_myname. smbpass.c: Fix up locking. Add machine_password_delete() call. smbpasswd.c: Added provisional code to add to a domain. lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password. lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password. Jeremy. (This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
1998-04-29password.c:Luke Leighton1-10/+17
added become_root / unbecome_root around the get machine account password. smbpass.c: cleaning up code. - turning if (BOOL_expr == False) into if (BOOL_expr) what if you test if (BOOL_expr == True) and someone defines True to be -1 on one system and 1 on another? or if you get inconsistent return results between developers - removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) - cannot assume that NULL is zero integer. plus there are typecast issues to deal with - removed return (ret == 0) ? True : False and made this return ret == 0 rely on the compiler to return correct BOOL value: not all developers will return True or False #defines: stick with BOOL test (non-zero). - removed if (ret == False) replaced with if (!ret) - bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a boolean test if (pstring-len-len-6). - removed "." after debugging of filenames: the "." - a fullstop - looked like it was part of the filename, making things difficult to sort out. still to be resolved: the global_myname isn't set up, such that the machine account password file is named "TEST3..mac". (This used to be commit 315e26c23abf7137684bf084c825ad241076132e)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison1-3/+0
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-04-23genrand.c: Changed SMB_PASSWD_FILE to lp_smb_passwd_file().Jeremy Allison1-33/+222
password.c: Started the initial code for domain_client_validate(). All bracketed with #ifdef DOMAIN_CLIENT for now. reply.c: Call to domain_client_validate(). All bracketed with #ifdef DOMAIN_CLIENT for now. smbpass.c: New code to get/set machine passwords. Tidied up nesting of lock calls. Jeremy. (This used to be commit 89fe059a6816f32d2cc5c4c04c4089b60590e7e6)
1998-04-18includes.h: Added John's redhat fix for QSORT_CAST.Jeremy Allison1-26/+58
smbpass.c: Added lock depth code so calls to pw_file_lock() can be nested. Fixed codedump problems in add_smbpwd_entry(). smbpasswd.c: Removed all the code that manipulated the password file directly. Now *all* smbpasswd file changes are done through the interfaces defined in smbpass.c This should make the life of people adding alternate backend databases *much* easier. lib/rpc/server/srv_netlog.c: Removed debug messages used to debug machine password changing. Jeremy. (This used to be commit c9f61be08f3691a6421734d8b026a295d9cbd6ba)
1998-04-15ipc.c: Fix for printer queue spinning with Win95.Jeremy Allison1-6/+131
nmbd.c: Fix for always overwriting log despite append setting. smb.h: Addition of last time password changed entry to account info. smbpass.c: Changes to support last time changed field in smbpasswd file. smbpasswd.c: Changes to support last time changed field in smbpasswd file. util.c: Fix for always overwriting log despite append setting. Jeremy. (This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93)
1998-04-14Modified interfaces to getting smb password entries fromJeremy Allison1-8/+50
get_smbpwd_entry (now an internal function to smbpass.c) to a more UNIX-like : getsmbpwnam() - get entry by name. getsmbpwuid() - get entry by uid. Changed the type returned by the smbpasswd enumeration functions to be a void * so that people don't come to depend on it being a FILE *. These abstractions should make it much easier to replace the smbpasswd file with a better backend in future. Other files changed are to match the above changes. Jeremy. (This used to be commit 1161cfb7f2b0d5a6d3e2b524a14a6f325ce70efb)
1998-04-13Changes to allow Samba to be compiled with -Wstrict-prototypesJeremy Allison1-1/+1
with gcc. (Not a big change although it looks like it :-). Jeremy. (This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e)
1998-03-31the default for old style accounts should be workstation trustAndrew Tridgell1-1/+1
account, not server trust account. (This used to be commit f2d1e39a66155497880dc0b26200a85adfe7af68)
1998-03-26smbpass.c: Made unknown accounts ending in '$' server accounts, notJeremy Allison1-1/+1
workstation. smbpasswd.c: Added code to count down from last machine account to add correct uid when adding a machine account. Jeremy. (This used to be commit 0601a41993d6ea4fb2a186b7ca55b2f3a6f6a53d)
1998-03-24Added writing of '[XXX]' account control bits into gcosJeremy Allison1-0/+7
field when adding a user via smbpasswd. Jeremy. (This used to be commit 607c64fadbf8c33459444466630f676800cba5ee)
1998-03-24Updated smbpasswd to allow root to add machine accounts, and allowJeremy Allison1-4/+6
root to disable users and set them to "NO PASSWORD". Not quite finished with machine account stuff yet, but everything compiles. Jeremy. (This used to be commit c66966ff00b0968f765e62b679279b7417988df9)
1998-03-19Adding the same changes to HEAD as were added to BRANCH_1_9_18.Jeremy Allison1-6/+0
Changed smbpasswd to be client-server for a normal user, rather than accessing the private/smbpasswd file directly (it still accesses this file directly when run as root, so root can add users/change a users password without knowing the old password). A shakeout of this change is that smbpasswd can now be used to change a users password on a remote NT machine (yep - you heard that one right - we can now change a NT password from UNIX !!!!!). Jeremy. (This used to be commit 20770b6f1c25288e90d3e0d215afa7f0809ce124)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-784/+774
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)