Age | Commit message (Collapse) | Author | Files | Lines |
|
Make sure we honour the directive not to allow machine password changes.
(This used to be commit 436555f05ceae34d8df2356d1066b6b5e0a07c41)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
Guenther
(This used to be commit e99696c97052d4ba962e11fcb7b6ea530350913d)
|
|
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
|
|
(This used to be commit e56e3c19e1244e2b7409d57a030ca8b7ec446932)
|
|
Jeremy.
(This used to be commit c66620770d2154543a6ec99d369771b339df5463)
|
|
HSM is interested in. Tested on both IRIX and SLES9.
(This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
|
|
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
(This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
|
|
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
|
|
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
(This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
|
|
to make full use of the new talloc() interface. Discussed with Volker
and Jeremy.
* remove the internal mem_ctx and simply use the talloc()
structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
upcoming changes. Groups will most likely be replaced with a
'struct samg' in the future.
Note that there are now passbd API changes. And for the most
part, the wrapper functions remain the same.
While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs. The code also needs more testing under valgrind to
ensure it's not leaking memory.
But it's a start......
(This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
|
|
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
|
|
Guenther
(This used to be commit 58baf718be90d750f51cf51a25714fcdcd5679b7)
|
|
Guenther
(This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
to ignore
the sambapwdmustchange field if we can access the corresponding account
policy and calculate it dynamically based on the pwdlastset field.
Volker
(This used to be commit b02b1d3ef3bceec1957d025c642e306a65310d22)
|
|
<jojowil@hvcc.edu>.
Jeremy.
(This used to be commit 5fc0ef80876a666c285585f8b55e1909e8f2e0bf)
|
|
Ensure it returns a BOOL.
Jerry (and anyone else) please check this, I think
all uses are now correct but could do with another
set of eyes. Essential for 3.0.21 release.
Jeremy.
(This used to be commit 0c7b8a7637e760fcb6629092f36b610b8c71f5c9)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Jeremy.
(This used to be commit b242f278601e1a23c9116009482e802326d418f7)
|
|
Removing deprecated lp_min_password_length (the same functionality is
provided by the account policy).
Note that we now allow to set passwords less then 5 chars (if the admins
decides to do so by setting the account policy).
Thanks to Daniel Beschorner <db@unit-netz.de>
Guenther
(This used to be commit fd91378925f7e3541df4f31bd461dabc1da523a9)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
(This used to be commit 9e77da9320c900b3e437d534e31fa5ff81e9acfd)
|
|
platforms.
Volker
(This used to be commit f7218d1c66ae91fa79f5a40e0ba618beba038bbc)
|
|
passdb in 3_0 (they are still in trunk).
Guenther
(This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
|
|
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.
Guenther
(This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
|
|
disabled, rather than simply unavailable.
Andrew Bartlett
(This used to be commit 1c70583a19c9f741a41d08c0b994fccb66eeb0bf)
|
|
(This used to be commit 04a6573f894800b9d939d9b4be48790437352804)
|
|
Bugzilla #1903.
(This used to be commit 1327d83d902b6a39096d387d734e73d85ed53f85)
|
|
allow e.g. two umlauts and one ascii char to comply with account-policy
"min password length" of 5.
Thanks to Uwe Morgenroth from CC Compunet and Volker.
TODO: we do check the length against AP_MIN_PASSWORD_LEN *and*
lp_min_passwd_length() - both can have differing values.
(This used to be commit d03683772942e8c32507be210b8fd35bfba2c048)
|
|
(This used to be commit 05a80c37375b3186b02b8430033796ab7a7d68bb)
|
|
(This used to be commit f836be323a233f3a28cbaa04c532e83ea98ead89)
|
|
Heinreichsberger <helmut.heinreichsberger@chello.at>)
(This used to be commit 22cde8f665f7ed52785699a1d58db3271125ab89)
|
|
consists of a 16 byte salt, followed by the 16 byte MD5 hash of
the concatination of the salt plus the NThash of the historical
password. Allows these to be exposed in LDAP without security issues.
Jeremy.
(This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
|
|
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
|
|
(This used to be commit df94b0471eb0628aa27f534134d60b62ed123688)
|
|
(should fix the mb service name problem, can't remember the bugid).
Jeremy.
(This used to be commit 94a272b9a881ec0004c5da2a7242b0a818da5630)
|
|
(This used to be commit b60f6ec30d05e4e5bba9934a416ddc8bc089824f)
|
|
different feilds that different clients send. (For example, not all clients
send both password types).
This also cleans up the code to make it clearer what is really going on,
and to make better use of common functions.
Andrew Bartlett
(This used to be commit 934e9f3bd0e8a938263978ffcd1fef51e42fa5e4)
|
|
(This used to be commit 6202e0fa727a4307f51bf42f5ced401a7c7b8214)
|
|
(the actual call to crack was already in this #ifdef)
Andrew Bartlett
(This used to be commit 4a01f3dbb4a2e744b48bdb86c4d91ee4692d38e5)
|
|
This adds a configure test, that tries to find out if we have a working
cracklib installation, and tries to pick up the debian hints on where
the dictionary might be found. Default is per my Fedora Core 1 system -
I'm not sure how much it changes.
Andrew Bartlett
(This used to be commit bc770edb788f0b6f719011cda683f045b76b7ba5)
|
|
Jeremy.
(This used to be commit d75db0bf1eee9c4341a3ec14c05f82b364a202b3)
|
|
Jeremy.
(This used to be commit 16097f2072085432f4c669d9e008023f36f7afbb)
|
|
as that's what they do. Fix string_replace() to fast-path ascii.
Jeremy.
(This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
|
|
the as_root parameter has bugger all to do with who you *currently*
are, and everything to do with who you run the script as. Doh !
Jeremy.
(This used to be commit 17a241d9f788b63fec091001cb72d34c09cf32a4)
|
|
(This used to be commit 244c61b1dd52121109e6fd7c3514d1a73d1fa303)
|
|
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
(This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
|
|
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
|
|
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
|