summaryrefslogtreecommitdiff
path: root/source3/smbd/chgpasswd.c
AgeCommit message (Collapse)AuthorFilesLines
2010-01-07s3:smbd:password_in_history: treat entry with 0 salt as 0 + plain nt hashMichael Adam1-6/+24
This is to introduce a new format of the password history, maintaining backwards compatibility: The old format was 16 byte hash + 16 byte md5(salt + nt hash). The new format is 16 zero bytes and 16 bytes nt hash. This will allow us to respect the last X entries of the nt password history when deciding whether to increment the bad password count. This is part of the fix for bug #4347 . Michael
2010-01-07s3: Factor password_in_history() out of check_passwd_history()Volker Lendecke1-25/+41
2010-01-07s3: Fix a typoVolker Lendecke1-1/+1
2010-01-07s3: Avoid a memset(, 0, ) callVolker Lendecke1-2/+1
2009-11-10s3-chgpasswd: split out a check_password_complexity() function.Günther Deschner1-22/+42
Guenther
2009-10-08s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer1-9/+9
2009-09-06Fix bug 6673 - smbpasswd does not work with "unix password sync = yes".Jeremy Allison1-1/+1
Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy.
2009-07-14s3-account_policy: add pdb_policy_type enum.Günther Deschner1-3/+3
Guenther
2009-05-09Pass also sername to check password scriptSimo Sorce1-4/+12
2009-05-08s3-samr: disable check for ACB_DISABLED in check_oem_password().Günther Deschner1-1/+4
It is a bad idea to just tell everyone that an account is disabled without really having checked the password first. Found by torture test. Guenther
2009-05-08s3-samr: rework check_oem_password() to take a struct samu, not to return one.Günther Deschner1-39/+27
Guenther
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-3/+4
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-02-10Remove an unused extern referenceVolker Lendecke1-2/+0
2009-01-08s3:smbd: remove pointless static variables in chgpasswd.cStefan Metzmacher1-9/+10
metze
2008-11-01Use dup2() replacement from libreplace.Jelmer Vernooij1-3/+3
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-1/+1
2008-04-19Fix bug 5398Volker Lendecke1-3/+3
Thanks to Jason Mader for sending the compiler output :-) Volker (This used to be commit 7a57c2da1a6cc0fcea0b4d949c696219f1822694)
2008-04-11Fix bug 5366Volker Lendecke1-1/+6
(This used to be commit 448a8fe6c15bc4e85149d1ae821f0ebc2e3edde5)
2008-02-02read_socket_with_timeout_ntstatus->read_socket_with_timeoutVolker Lendecke1-1/+1
(This used to be commit 90554799afa42855c3e7b87dc632e67f0952f988)
2008-02-02Get rid of read_socket_with_timeoutVolker Lendecke1-5/+14
(This used to be commit f9c8ac83ff42137d2101d3bb17e5dcc3c3d70a8f)
2008-01-17Finally enable pidl generated SAMR & NETLOGON headers and clients.Günther Deschner1-6/+6
Guenther (This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
2007-12-19Remove Get_Pwnam and its associated static variableVolker Lendecke1-1/+5
All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
2007-12-17Fix bug #5121 (unix passwd sync not working on a streams basedJeremy Allison1-7/+7
system). Jeremy. (This used to be commit 545cd2139cfc9484b733693814d4724d37125942)
2007-12-16Remove a static fstring.Jeremy Allison1-20/+30
Jeremy. (This used to be commit 898c56c0ead6331721de9645ce55608cbe7cf34d)
2007-12-15More work on bug #5082, use LC_ALL as this takesJeremy Allison1-2/+2
precedence. Jeremy. (This used to be commit 446ebae76d6796b30e4c71ff7190337c28637be6)
2007-12-14Fix for bug #5082 from Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek ↵Jeremy Allison1-1/+9
<vorlon@debian.org>. Recent versions of Linux-PAM support localization of user prompts, so Samba must use the C locale when invoking PAM (directly or via /usr/bin/passwd) to ensure that password chat values match the prompts in a locale-invariant fashion. Jeremy. (This used to be commit bc13e939546a5bcb78925a6b117e89fde20f6451)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-13/+29
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-11-12Remove all pstrings from smbd/chgpasswd.c.Jeremy Allison1-67/+90
Jeremy. (This used to be commit eaf14c701b08e9eff5b94bf57af68cb29142d7fc)
2007-11-11Three more pstring removals.Jeremy Allison1-3/+7
Jeremy. (This used to be commit c15819b75751a1e15cfed2ef94dae10ee72d769c)
2007-11-05Remove the horror that was the global smb_rw_error.Jeremy Allison1-1/+1
Each cli struct has it's own local copy of this variable, so use that in client code. In the smbd server, add one static to smbd/proccess.c and use that inside smbd. Fix a bunch of places where smb_rw_error could be set by calling read_data() in places where we weren't reading from the SMB client socket (ie. winbindd). Jeremy. (This used to be commit 255c2adf7b6ef30932b5bb9f142ccef4a5d3d0db)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-20/+20
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23682: Old patch I forgot in one of my 3.0.25 trees.Simo Sorce1-0/+16
Make sure we honour the directive not to allow machine password changes. (This used to be commit 436555f05ceae34d8df2356d1066b6b5e0a07c41)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-2/+2
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r19094: Fix debug statement.Günther Deschner1-1/+1
Guenther (This used to be commit e99696c97052d4ba962e11fcb7b6ea530350913d)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-26/+19
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r16248: Fix Coverity ID 297Volker Lendecke1-0/+5
(This used to be commit e56e3c19e1244e2b7409d57a030ca8b7ec446932)
2007-10-10r15887: Ensure we use sys_write so we're not interrupted.Jeremy Allison1-1/+1
Jeremy. (This used to be commit c66620770d2154543a6ec99d369771b339df5463)
2007-10-10r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-basedJames Peach1-1/+2
HSM is interested in. Tested on both IRIX and SLES9. (This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
2007-10-10r14600: Refactor capability interface from being IRIX-specific to using onlyJames Peach1-1/+1
the POSIX interface. Note that this removes support for inherited capabilities. This wasn't used, and probably should not be. (This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-3/+3
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-1/+3
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-25/+25
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-1/+1
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13444: Add REJECT_REASON_OTHER for samr_chgpasswd_user3Günther Deschner1-0/+10
Guenther (This used to be commit 58baf718be90d750f51cf51a25714fcdcd5679b7)
2007-10-10r13442: Implement samr_chgpasswd_user3 server-side.Günther Deschner1-3/+13
Guenther (This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-10/+3
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13291: NT checks the minimum password age dynamically. That means we have ↵Volker Lendecke1-5/+21
to ignore the sambapwdmustchange field if we can access the corresponding account policy and calculate it dynamically based on the pwdlastset field. Volker (This used to be commit b02b1d3ef3bceec1957d025c642e306a65310d22)
2007-10-10r12938: Fix for #3408 (change password fails) from William Jojo ↵Jeremy Allison1-3/+7
<jojowil@hvcc.edu>. Jeremy. (This used to be commit 5fc0ef80876a666c285585f8b55e1909e8f2e0bf)