summaryrefslogtreecommitdiff
path: root/source3/smbd/chgpasswd.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23682: Old patch I forgot in one of my 3.0.25 trees.Simo Sorce1-0/+16
Make sure we honour the directive not to allow machine password changes. (This used to be commit 436555f05ceae34d8df2356d1066b6b5e0a07c41)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-2/+2
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r19094: Fix debug statement.Günther Deschner1-1/+1
Guenther (This used to be commit e99696c97052d4ba962e11fcb7b6ea530350913d)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-26/+19
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r16248: Fix Coverity ID 297Volker Lendecke1-0/+5
(This used to be commit e56e3c19e1244e2b7409d57a030ca8b7ec446932)
2007-10-10r15887: Ensure we use sys_write so we're not interrupted.Jeremy Allison1-1/+1
Jeremy. (This used to be commit c66620770d2154543a6ec99d369771b339df5463)
2007-10-10r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-basedJames Peach1-1/+2
HSM is interested in. Tested on both IRIX and SLES9. (This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
2007-10-10r14600: Refactor capability interface from being IRIX-specific to using onlyJames Peach1-1/+1
the POSIX interface. Note that this removes support for inherited capabilities. This wasn't used, and probably should not be. (This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-3/+3
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-1/+3
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-25/+25
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-1/+1
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13444: Add REJECT_REASON_OTHER for samr_chgpasswd_user3Günther Deschner1-0/+10
Guenther (This used to be commit 58baf718be90d750f51cf51a25714fcdcd5679b7)
2007-10-10r13442: Implement samr_chgpasswd_user3 server-side.Günther Deschner1-3/+13
Guenther (This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-10/+3
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13291: NT checks the minimum password age dynamically. That means we have ↵Volker Lendecke1-5/+21
to ignore the sambapwdmustchange field if we can access the corresponding account policy and calculate it dynamically based on the pwdlastset field. Volker (This used to be commit b02b1d3ef3bceec1957d025c642e306a65310d22)
2007-10-10r12938: Fix for #3408 (change password fails) from William Jojo ↵Jeremy Allison1-3/+7
<jojowil@hvcc.edu>. Jeremy. (This used to be commit 5fc0ef80876a666c285585f8b55e1909e8f2e0bf)
2007-10-10r12279: unix_mask_match has been broken for *ever*... (How).Jeremy Allison1-1/+1
Ensure it returns a BOOL. Jerry (and anyone else) please check this, I think all uses are now correct but could do with another set of eyes. Essential for 3.0.21 release. Jeremy. (This used to be commit 0c7b8a7637e760fcb6629092f36b610b8c71f5c9)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-2/+2
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9545: (Hopefully the last) fixes for DIR -> SMB_STRUCT_DIR.Jeremy Allison1-4/+4
Jeremy. (This used to be commit b242f278601e1a23c9116009482e802326d418f7)
2007-10-10r8454: Fix Bug #2502Günther Deschner1-11/+0
Removing deprecated lp_min_password_length (the same functionality is provided by the account policy). Note that we now allow to set passwords less then 5 chars (if the admins decides to do so by setting the account policy). Thanks to Daniel Beschorner <db@unit-netz.de> Guenther (This used to be commit fd91378925f7e3541df4f31bd461dabc1da523a9)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-2/+2
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r5961: final round of compiler warning fixes based on feedback from Jason MaderGerald Carter1-2/+2
(This used to be commit 9e77da9320c900b3e437d534e31fa5ff81e9acfd)
2007-10-10r5905: Fix two warnings found by AIX. They might actually be bugs on 64-bitVolker Lendecke1-1/+2
platforms. Volker (This used to be commit f7218d1c66ae91fa79f5a40e0ba618beba038bbc)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-2/+2
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-2/+2
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4337: Produce a slightly different error message is lanman authentication isAndrew Bartlett1-3/+8
disabled, rather than simply unavailable. Andrew Bartlett (This used to be commit 1c70583a19c9f741a41d08c0b994fccb66eeb0bf)
2007-10-10r3954: bring Samba3 into line with the Samba4 password change codeAndrew Tridgell1-18/+11
(This used to be commit 04a6573f894800b9d939d9b4be48790437352804)
2007-10-10r2899: Change some #if DEBUG_PASSWORD's to #ifdef DEBUG_PASSWORD.Tim Potter1-1/+1
Bugzilla #1903. (This used to be commit 1327d83d902b6a39096d387d734e73d85ed53f85)
2007-10-10r2772: Check correct string length when verifying password-policies. Do notGünther Deschner1-2/+3
allow e.g. two umlauts and one ascii char to comply with account-policy "min password length" of 5. Thanks to Uwe Morgenroth from CC Compunet and Volker. TODO: we do check the length against AP_MIN_PASSWORD_LEN *and* lp_min_passwd_length() - both can have differing values. (This used to be commit d03683772942e8c32507be210b8fd35bfba2c048)
2007-10-10r2333: check the script is not a 0 lenght stringSimo Sorce1-1/+1
(This used to be commit 05a80c37375b3186b02b8430033796ab7a7d68bb)
2007-10-10r2331: check password script code and example from trunkSimo Sorce1-0/+13
(This used to be commit f836be323a233f3a28cbaa04c532e83ea98ead89)
2007-10-10r2013: BUG 1658: little bit of const (patch from : Helmut ↵Gerald Carter1-1/+1
Heinreichsberger <helmut.heinreichsberger@chello.at>) (This used to be commit 22cde8f665f7ed52785699a1d58db3271125ab89)
2007-10-10r1661: Changed the password history format so that each history entryJeremy Allison1-7/+13
consists of a 16 byte salt, followed by the 16 byte MD5 hash of the concatination of the salt plus the NThash of the historical password. Allows these to be exposed in LDAP without security issues. Jeremy. (This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-10/+75
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2007-10-10r283: removing --with-cracklib after discussion with abartklet @ sambaXPGerald Carter1-47/+0
(This used to be commit df94b0471eb0628aa27f534134d60b62ed123688)
2004-03-09Added strstr_m() function. Use in all places where we might run into mbJeremy Allison1-1/+1
(should fix the mb service name problem, can't remember the bugid). Jeremy. (This used to be commit 94a272b9a881ec0004c5da2a7242b0a818da5630)
2004-02-02remerge andrew's cracklib patch from HEAD and fix a compile warningsGerald Carter1-23/+58
(This used to be commit b60f6ec30d05e4e5bba9934a416ddc8bc089824f)
2004-01-26Revise our server-side password change code to cope with the variousAndrew Bartlett1-109/+158
different feilds that different clients send. (For example, not all clients send both password types). This also cleans up the code to make it clearer what is really going on, and to make better use of common functions. Andrew Bartlett (This used to be commit 934e9f3bd0e8a938263978ffcd1fef51e42fa5e4)
2004-01-14revert the cracklib changes until post 3.0.2Gerald Carter1-58/+23
(This used to be commit 6202e0fa727a4307f51bf42f5ced401a7c7b8214)
2004-01-12On systems without a working cracklib, ensure we don't include the headerAndrew Bartlett1-0/+2
(the actual call to crack was already in this #ifdef) Andrew Bartlett (This used to be commit 4a01f3dbb4a2e744b48bdb86c4d91ee4692d38e5)
2004-01-12First stab at cracklib support (password quality checking) in Samba 3.0Andrew Bartlett1-23/+56
This adds a configure test, that tries to find out if we have a working cracklib installation, and tries to pick up the debian hints on where the dictionary might be found. Default is per my Fedora Core 1 system - I'm not sure how much it changes. Andrew Bartlett (This used to be commit bc770edb788f0b6f719011cda683f045b76b7ba5)
2004-01-06Patch penguin. Cleaning out old mbp patch.Jeremy Allison1-22/+24
Jeremy. (This used to be commit d75db0bf1eee9c4341a3ec14c05f82b364a202b3)
2003-11-24Added "passwd chat timeout" parameter. Docs to follow.Jeremy Allison1-3/+6
Jeremy. (This used to be commit 16097f2072085432f4c669d9e008023f36f7afbb)
2003-09-05More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison1-1/+1
as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-09-04Fix UNIX passwd sync properly. I've finally understoodJeremy Allison1-67/+32
the as_root parameter has bugger all to do with who you *currently* are, and everything to do with who you run the script as. Doh ! Jeremy. (This used to be commit 17a241d9f788b63fec091001cb72d34c09cf32a4)
2003-08-15get rid of unused callHerb Lewis1-12/+0
(This used to be commit 244c61b1dd52121109e6fd7c3514d1a73d1fa303)
2003-07-31Wrap calls to change_oem_password() in become_root()/unbecome_root() pairsJeremy Allison1-6/+9
to allow UNIX password change scripts to work correctly. This is safe as the old password has been checked as correct before invoking this. Jeremy. (This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
2003-05-14spellingTim Potter1-2/+2
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-5/+8
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)