summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
1998-03-31the default for old style accounts should be workstation trustAndrew Tridgell1-1/+1
account, not server trust account. (This used to be commit f2d1e39a66155497880dc0b26200a85adfe7af68)
1998-03-26smbpass.c: Made unknown accounts ending in '$' server accounts, notJeremy Allison1-1/+1
workstation. smbpasswd.c: Added code to count down from last machine account to add correct uid when adding a machine account. Jeremy. (This used to be commit 0601a41993d6ea4fb2a186b7ca55b2f3a6f6a53d)
1998-03-24Added writing of '[XXX]' account control bits into gcosJeremy Allison1-0/+7
field when adding a user via smbpasswd. Jeremy. (This used to be commit 607c64fadbf8c33459444466630f676800cba5ee)
1998-03-24Updated smbpasswd to allow root to add machine accounts, and allowJeremy Allison1-4/+6
root to disable users and set them to "NO PASSWORD". Not quite finished with machine account stuff yet, but everything compiles. Jeremy. (This used to be commit c66966ff00b0968f765e62b679279b7417988df9)
1998-03-19Adding the same changes to HEAD as were added to BRANCH_1_9_18.Jeremy Allison1-6/+0
Changed smbpasswd to be client-server for a normal user, rather than accessing the private/smbpasswd file directly (it still accesses this file directly when run as root, so root can add users/change a users password without knowing the old password). A shakeout of this change is that smbpasswd can now be used to change a users password on a remote NT machine (yep - you heard that one right - we can now change a NT password from UNIX !!!!!). Jeremy. (This used to be commit 20770b6f1c25288e90d3e0d215afa7f0809ce124)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-784/+774
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
1998-02-20nmbd_packets.c: nmbd_subnetdb.c: Patch from Andrey Alekseyev ↵Jeremy Allison1-6/+2
<fetch@muffin.arcadia.spb.ru> to fix the fact that retransmit_or_expire_response_records() wasn't looking at the WINS subnet. server.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution. smbpass.c: Fix to stop parsing failing on non-valid lines. trans2.c: Fix for volume serial number code. util.c: Patch from jkf@soton.ac.uk to add %p (NIS server path) substitution. Fix for warnings under RH5. gcc 2.8. Jeremy. (This used to be commit e58ab3bbe6e939ba678ad5482e58e0191c8dcbcb)
1998-01-22This is *not* a big change (although it looks like one).Jeremy Allison1-1/+1
This is merely updating the Copyright statements from 1997 to 1998. It's a once a year thing :-). NO OTHER CHANGES WERE MADE. Jeremy. (This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c)
1998-01-17charcnv.c: Added codepage 866 support onto the file system. PatchJeremy Allison1-4/+8
from Max Khon <max@iclub.nsu.ru>. chgpasswd.c: Allow old RAP change password to work with encrypted passwords. Samba can now allow Windows 95/NT clients to securely change the Lanman password ! (But not the NT hash - that gets lost). ipc.c: smbdes.c: smbpass.c: Support for the above. server.c: #ifdef'ed out fix for NT redirector bug. util.c: Fix NIS bug with server name. Jeremy. (This used to be commit cd9fad92d0316e5a0007ba3c5668906dc2f011f1)
1997-11-22fixed some typecasts of (char *) to (unsigned char *)Andrew Tridgell1-4/+4
(This used to be commit c98ba8c748bd852ff609cec5510cd5a013f51fd2)
1997-11-10Rolled back tree state to 11:59pm 8th November 1997 EST toJeremy Allison1-1/+1
remove problems. Jeremy (This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)
1997-11-09attempting to mark up 32 bit error codes, needed for NT domains.Luke Leighton1-1/+1
separated out smb server-mode password validation into a separate file. added called and calling netbios names to client gen state: referenced section in rfc1002.txt. created workstation trust account checking code in ntclient.c there might be a bug in reply_session_setup_andX. i indented and added { } around single-line if statements: the lm password checking code now doesn't look right (around the GUEST_SESSSETUP bits). *no code semantics have been changed by the indentation process*. (This used to be commit f27966957fa7f16d337a4a58719239d036deab4c)
1997-11-08mod_smbpasswd() was junking the smbpasswd file...Luke Leighton1-97/+99
uninitialised variable warnings. (This used to be commit 1b0bd98bb3bfd3d8cd02e8983e825199e839ec05)
1997-11-06following a cvs error, i am rewriting this monster-commit. with bad grace.Luke Leighton1-41/+401
Modified Files: --------------- Makefile: adding extra files ipc.c : send_trans_reply() - alignment issue. this makes the alignment the same as that in NT. this should be looked at by people who understand the SMB stuff better than i. api_fd_commands[] - added samr and wkssvc pipes. loadparm.c : lp_domain_controller() changed to mean "samba is a domain controller". it's a "yes/no" parameter, now. no, it isn't used _anywhere_. namedbwork.c nameelect.c : if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the host _and_ workgroup announcements. yes, you must do both: nt does. namelogon.c : important NETLOGON bug in SAMLOGON request parsing, which may be the source of some people's problems with logging on to the Samba PDC. password.c : get_smbpwnam() renamed to get_smbpwd_entry(). pipes.c : added samr and wkssvc pipes. proto.h : usual. can we actually _remove_ proto.h from the cvs tree, and have it as one of the Makefile dependencies, or something? reply.c : get_smbpwnam() renamed to get_smbpwd_entry() - also changed response error code when logging in from a WORKSTATION$ account. yes, paul is right: we need to know when to return the right error code, and why. server.c : added call to reset_chain_pnum(). #ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy, you'd be proud: i did a compile without NTDOMAIN, and caught a link error for this function. smb.h : defines and structures for samr and wkssvc pipes. smbpass.c : modified get_smbpwnam() to get_smbpwd_entry() and it now takes two arguments. one for the name; if this is null, it looks up by smb_userid instead. oh, by the way, smb_userids are actually domain relative ids (RIDs). concatenate a RID with the domain SID, and you have an internet globally unique way of identifying a user. we're using RIDs in the wrong way.... added mod_smbpwnam() function. this was based on code in smbpasswd.c rpc_pipes/lsaparse.c : added enum trusted domain parsing. this is incomplete: i need a packet trace to write it properly. rpc_pipes/pipe_hnd.c : added reset_chain_pnum() function. rpc_pipes/pipenetlog.c : get_smbpwnam() function renamed to get_smbpwd_entry(). arcfour() issues. removed capability of get_md4pw() function to automatically add workstation accounts. this should either be done using smbpasswd -add MACHINE$, or by using \PIPE\samr. rpc_pipes/pipe_util.c : create_pol_hnd() - creates a unique LSA Policy Handle. overkill function: uses a 64 bit sequence number; current unix time and the smbd pid. rpc_pipes/smbparse.c : arcfour() issues. smb_io_unistr2() should advance by uni_str_len not uni_max_len. smb_io_smb_hdr_rb() - request bind uses uint16 for the context id, and uint8 for the num_syntaxes. oops, i put these both as uint32s. Added Files: ------------ rpc_pipes/lsa_hnd.c : on the samr pipe, allocate and associate an LSA Policy Handle with a SID. you receive queries with the LSA Policy Handle, and have to turn this back into a SID in order to answer the query... rpc_pipes/pipesamr.c rpc_pipes/samrparse.c \PIPE\samr processing. samr i presume is the SAM Replication pipe. rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c \PIPE\wkssvc processing. the Workstation Service pipe? holy cow. (This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-02loadparm.c :Luke Leighton1-0/+217
added "domain hosts allow" and "domain hosts deny". these are to be used to specify which workstations can log in to a samba PDC from. it is also used to check whether to add an initial machine password into the smbpasswd database or not smbpass.c : added capability to add a machine password to the smbpasswd database. ***** the default uid is zero ***** rpc_pipes/pipenetlog.c : use of "domain hosts allow/deny" parameters to allow login access. proto.h : usual. (This used to be commit 2e7d3410306640aa6402e0506430a53988cc583e)
1997-09-14This commit does 3 main things:Andrew Tridgell1-6/+0
1) put the encryption code in by default, with no #ifdef. It is still disabled by default so you need to add "encrypt passwords = yes" in smb.conf but at least all binaries will have it. 2) cleanup the kanji code so it compiles with no warnings 3) get rid of lots of uses of ugly non-portable C code. The main offender being things like "register" but also remove uses of the "const" keyword as there are compilers out there that don't support it and even those that do often complain about its usage. Users don't like warnings :-( There is still some work to do. We need to replace the md4 code with our own implementation. The current code (from rfc1186) is PD but is not very portable. The new RFC (rfc1320) is more portable but adds copyright restrictions. I'll do a from-scratch MD4 soon. We also need to test that what I've implemented is portable. It should be, but I'm too tired right now to test it on anything other than intel linux. (This used to be commit db917c62c14315afe6f0745a8097c1bca25cbf07)
1997-07-08Makefile: Added AIX targets from Ole Holm Nielsen <Ole.H.Nielsen@uni-c.dk>Samba Release Account1-1/+1
chgpasswd.c: Added Samba/GPL notice (for obvious reasons). clitar.c: Updated Copyright date to include 1997 (for obvious reasons). getsmbpass.c: Updated Copyright date to include 1997 (for obvious reasons). includes.h: Added stropts for solaris. loadparm.c: Changed comment for hide files option. nameconf.c: Updated Copyright date to include 1997 (for obvious reasons). nmbd.c: Updated Copyright date to include 1997 (for obvious reasons). pcap.c: Updated Copyright date to include 1997 (for obvious reasons). proto.h: Re-added accidentaly deleted smb_shm_ calls. quotas.c: Added AIX quota patch from Ole Holm Nielsen <ohnielse@fysik.dtu.dk> server.c: Optimization on calling is_hidden_path. Updated Copyrights. smb.h: Changed DEFAULT_FILES_TO_HIDE from "*/.*" to ".*". smbpass.c: Updated Copyright date to include 1997 (for obvious reasons). ufc.c: Updated Copyright date to include 1997 (for obvious reasons). util.c: Added last component code to is_in_path(). Jeremy (jallison@whistle.com) (This used to be commit 9385ae1005f13c8ed51f1319e3949b5c8571e62d)
1996-10-04- changed the umask handling. We now set the umask to 0 and explicitlyAndrew Tridgell1-1/+1
set the mode on all created files. I think this is a better policy. - change the debug levels on some items - fix a charset handling bug which affected foreign and extended charset users - no longer switch back to the original directory when idle, instead switch to / as the original directory may not be readable by ordinary users. - fix some bugs where the create mode of files was not being explicitly set (it was relying on the umask and using fopen). Not a big bug as it only affected obscure commands like the messaging ops. - got rid of the lock code in the lpq cache as its no longer needed - rewrote smbrun to be faster and to remove the security hole. We now don't actually need a external smbrun binary, its all done by smbd. - add a more explicit warning about uids and gids of -1 or 65535 (This used to be commit 5aa735c940ccdb6acae5f28449d484181c912e49)
1996-07-24minor cleanupsAndrew Tridgell1-4/+2
(This used to be commit 7c8fd43b4e78f439406c3bb4478adf99ae17172f)
1996-07-18minor cleanups ready for another releaseAndrew Tridgell1-2/+1
(This used to be commit 153d324c7be345ae87f99e62123e9a7dbaf74aee)
1996-06-10got rid of a lot of redundent header files as we now globally generateAndrew Tridgell1-1/+0
prototypes automatically using "make proto". This is much less prone to error than the old method of manually adding prototypes (This used to be commit b551dc98f7cc194a5fc2e67a4ebae7fd67a01bbc)
1996-06-04a huge pile of changes :-)Andrew Tridgell1-2/+1
The biggest thing is the integration of Lukes new nmbd. Its still largely untested, so we will really need some feedback I've also added auto prototype generation and cleaned up a lot of minor things as a result (This used to be commit 0d8dcfa13c527ec2c8aca39ba49c09e4e694b26c)
1996-05-29cleanups to make thinsg compile cleanlyAndrew Tridgell1-2/+2
(This used to be commit 39fbeb04ae938594c380d97ebe67c012fa0dd51a)
1996-05-04Initial version imported to CVS Samba Release Account1-0/+304
(This used to be commit 291551d80711daab7b7581720bcd9a08d6096517)