| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
|
|
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
(This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
|
|
J.F.
(This used to be commit 706acb17cffd8d6a84209dadb97916f0346cd174)
|
|
don't overwrite backend values with defaults values.
J.F.
(This used to be commit a204a9adb84c41658def08cb75670995aec02baa)
|
|
LDAP database were being initialised using unix_to_nt_time on -1, rather
than -1 as an NTTIME (which is very different).
Problems solved (hopefully):
* "Access Denied" when accessing an NT share in a Samba controlled domain.
* "Your password has expired" sometimes when logging in.
(This used to be commit 740d8388cb6dfebb26681a45fd1b293383d08a6d)
|
|
- cleanup
- #defined report to sprintf as it's #defined to another function in
other uses of cmd_lsarpc.c
(This used to be commit 8fb2ff247a2fe0ec5ce0c232d8a3da9774f7e6ae)
|
|
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
|
|
parameter is "builtin rid file".
Copyright 1999 Bertl <bp@vpnet.at>
(This used to be commit 80d36778432d42eb265ed9428f27a27250ba5e08)
|
|
as they are generic "file line-by-line" reading routines. lines with
"#" at the front are ignored (as comments). this code started out as
the password file reading code.
(This used to be commit ef6df590fdf65a6d94b343998bac3a4d48ae07e0)
|
|
anyway!)
(This used to be commit 91d5bda9ad22c922a918f0942dcbff04202b9991)
|
|
found by Bertl <bs@vpnet.at>
(This used to be commit 389c17a225884b39d097dc0851a794d3669fdc31)
|
|
(This used to be commit baab30815238a803badeafa1ed8f029d7782242f)
|
|
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
|
|
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug.
Note that the Get_Pwnam() function now returns a const struct passwd *
as a hint to other developers not to change entries in the struct
passwd.
(This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958)
|
|
(This used to be commit 899fc053c50448db65092d9f25fea99433cfb29f)
|
|
next problem: user group adding not supported so an "access denied"
message is reported instead of "ok" when a new user is created.
(This used to be commit f5f61bd477b4910cb90675c926381342c30a5b16)
|
|
used to add workstation to domain. unix account db not modified: only
SAM password db is used.
(This used to be commit 129a9a4d4b74897ed753a697a3aed9b194c25568)
|
|
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
(This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
|
|
should instead have &&.
(This used to be commit 1143fd4297b946d4ffd3c6ca104188cdcb48fac8)
|
|
(This used to be commit 65b0abe8b7594ff6c662da86dc2e35bd83a2d13d)
|
|
(This used to be commit 5b1d0789007bfcb09326643eb271746cee386846)
|
|
using smbpasswd command.
(This used to be commit 62d499f83256c6e8b3308dc4bd8e9f5df873b14b)
|
|
results in garbage. with no password length argument doing dump_data(
100, password, strlen(password)) is the next best alternative.
(This used to be commit 073c8652c13408b883fc73203e5558b1a9a64d62)
|
|
(This used to be commit 167b0b20e33bef4af5deaff961937dd5fadf481d)
|
|
(This used to be commit eb63fbdb68f1189593e68272e05d7ebf76652c4c)
|
|
resolved.
(This used to be commit d59a2e669aed7ee33fdca8b8ec126b1c0a984981)
|
|
Copyright (C) Benjamin Kuit <bj@mcs.uts.edu.au> 1999.
(This used to be commit fdf61e1dabc2c977ee5cf1e9d60e3380f19840da)
|
|
pwdb_sam_map_names() was using a "blank" static string instead of
a NULL pointer for nt names. NULL means over-ride, so the nt name
got left as "blank".
this causes nt clients to terminate with extreme prejudice.
(This used to be commit ddd350198202d6a1d2c715b3dce7db3a5d76a63a)
|
|
to resolution of unix name to nt name being unnecessarily _inside_
another loop.
(This used to be commit d455c9d2c9f60289d78d0331228f5922152070bf)
|
|
endlessly repeating a network SAMLOGON (hoping it to change, hmmm...).
( Guess what I found in pwdb_init_sam...
unix_to_nt_time(&user->logon_time, (time_t)-1);
unix_to_nt_time(&user->logoff_time, (time_t)-1);
unix_to_nt_time(&user->kickoff_time, (time_t)-1);
... )
(This used to be commit e9c79c85e6d1352693ab13e907b07d4706975891)
|
|
* Added new APIs for modifying groups.
* RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1
for each new user/group.
* RIDs are now consistently in hex
* Fixed bugs reported by Allan Bjorklund <allan@umich.edu>:
- ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect
- Missing ldap_connect() in getusergroups functions
- ldap_next_entry was being called too early while retrieving a sam_struct
- LDAP globals should be extern in sampassldap.c
* Fixed bugs reported by Martin Hofbauer <mh@bacher.at>
- Newly added workstation trust accounts had attributes DU rather than W.
- User dn's were forced to start with "uid=XX" rather than using the existing
dn.
(This used to be commit 91c77f5432169553572bb4d85ad5f09d17524f20)
|
|
change it now?" message when you login to a Samba Controlled domain.
The fix is a hard coded 42 days from right now until you need to
change you pasword again time (see passdb/sampassdb.c:pwdb_smb_to_sam())
Also fixed getsmbfilepwent() so that it will read in the last password
change time correctly.
* Related to this lib/util_pwdb.c:StrnCaseCmp() returns 0 if the
strings match. Chouldn't this be the pther way? Oh well. I
didn't change the return code as it was used in several
other cases (see lib/util_pwdb.c:pwdb_get_last_set_time())
(This used to be commit 175e598dccd042c0f8b045db45fbe3ae928a7387)
|
|
(This used to be commit 2cce78aa00f31b79d51aaf46da72019b926e8226)
|
|
(This used to be commit f4b8a283065a7c1ae233a0ae01ac76f32fea6b31)
|
|
(This used to be commit f36cf3b6a70d0a91bce923ab51780d20d69e3bd6)
|
|
(This used to be commit f11eb4165836ce8d15a453d37c4e07913562d778)
|
|
(This used to be commit 2bc031e8fafeafdc58c6a8056597b647d00657ae)
|
|
of a private/smbpasswd file, this will not be the case for other
database APIs. removed startsmbdb and endsmbpwdb calls because
add_smbpwd_entry() and mod_smbpwd_entry() don't need them.
(This used to be commit 8b36c7c08ffa408506c35219e6453a595cbc3a4f)
|
|
(This used to be commit 2c438c86cbb38833b3abd4fbead6324687633b25)
|
|
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
(This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
|
|
a call _outside_ of this was _also_ calling getpwnam. the calls to
getsmbpwnam() were therefore overwriting the static buffer.
(This used to be commit c5ba5fa6feab2884a23b8bcb5dcb349ee1a7c139)
|
|
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
(This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
|
|
added their replacements, added sam password database API modules
(This used to be commit b1d1c1337c69c6f6bf25ab932a1a6a757e3ea2ae)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
would only be a domain group rid. it can also be a local group rid,
which causes us problems in attempting to turn a unix gid into the
correct rid (domain group or local group).
sooo.... the fix is _in_ there, we just can't use it because it causes
link / knock-on problems in nmbd.
(This used to be commit e4ee6538709c33000774eb1676608f2dd67d5a30)
|
|
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
|
|
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
|
|
(This used to be commit 90a24664318da97a6e8cfe4622a8573c0e3cbe5e)
|
|
(This used to be commit 06b9100c1c1590bad392a8d9bdd79a6c554a3cac)
|
