summaryrefslogtreecommitdiff
path: root/source3/smbd/chgpasswd.c
AgeCommit message (Collapse)AuthorFilesLines
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-10/+10
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-18/+40
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-29This commit is number 1 of 4.Andrew Bartlett1-0/+6
In particular this commit focusses on: Adding the new 'pass changed now' helper function. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. (This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)
2001-10-02Fixed up the change password bug when not using PAM.Jeremy Allison1-16/+32
The problem is we were trying to use mask_match as a generic wildcard matcher for UNIX strings (like the password prompts). We can't do that - we need a unix_wild_match (re-added into lib/util.c) as the ms_fnmatch semantics for empty strings are completely wrong. This caused partial reads to be accepted as correct passwd change responses when they were not.... Also added paranioa test to stop passwd change being done as root with no %u in the passwd program string. Jeremy. (This used to be commit 9333bbeb7627c8b21a3eaeae1683c34e17d14bf0)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-29Fix up a number of intertwined issues:Andrew Bartlett1-47/+46
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
2001-09-26Update for new pdb_set_plaintext_passwd() interface.Andrew Bartlett1-6/+1
(This used to be commit ce676f8bfc6222df1e05b164420efab30eb1b2e1)
2001-09-10made a couple of local fns staticAndrew Tridgell1-5/+11
(This used to be commit f0851202a852bed28fbd2446b44ce2b977ddacd8)
2001-07-23Fix case insensitive password change code.Jeremy Allison1-1/+1
Fixed crash bug with un-zeroed talloced memory. Jeremy. (This used to be commit eea1c30df246e081e672d7132345d0fd35ad9841)
2001-07-07You can't dump_data() a function pointer...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 4f7b2f51b071ee02b9a2ac7decd9fa7d9e078c1a)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+4
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-20Fixed W2K SP2 joining a Samba PDC hosted domain.Jeremy Allison1-1/+1
Jermey. (This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
2001-05-07Patch from Simo:Gerald Carter1-5/+5
o sed 's/pdb_clear_sam/pdb_free_sam/g' o add pdb_reset_sam() o password changing should be ok now as well. (This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
2001-05-04Big cleanup of passdb and backends.Jean-François Micouleau1-54/+44
I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
2001-05-02Had to add a "pam password change" parameter (defaults to "off") and inlinedJeremy Allison1-54/+42
the pam password change code to ensure that existing and working password chat scripts don't break with 2.2.1. PAM password changing has to be explicitly requested. Allowed wildcards in pam password change matching (matches password chat script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to stop warnings. Don't worry - the const changes are isolated and don't cause any other warnings :-). Jeremy. (This used to be commit 47b4d82536c09bffe3a0d9917fa31d935f1be7d8)
2001-04-30Based on an original PAM patch by Andrew Bartlett, re-written by me toJeremy Allison1-0/+21
remove global static PAM variables, and to tidy up the PAM internals code. Now looks like the rest of Samba. Still needs testing. Jeremy. (This used to be commit 1648ac64a75de74d1a1575eb49cccc4f75488bfa)
2001-03-11Remove "BYTE" - we already have uint8 - don't need more conflicts withJeremy Allison1-3/+3
system header files... Jeremy. (This used to be commit 31e0ce310ec38b3a3a05b344d6450d442c6be471)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-4/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-94/+92
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-06-23Delete OriginalDir stuff.Tim Potter1-11/+15
(This used to be commit 3d0f1845c8cefccfabcfd35694264c1e5f52c3af)
2000-06-09clean up oplock capability code ready for Linux codeAndrew Tridgell1-3/+1
(This used to be commit 70dcc791b45ac64fc536ef449e4e6b53b2b68fd4)
2000-05-10more merging voodooAndrew Tridgell1-0/+4
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison1-1/+1
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-04-30- removed all our old wildcard matching code and replaced it with aAndrew Tridgell1-1/+1
call to ms_fnmatch(). This also removes all the Win9X semantics stuff and a bunch of other associated cruft. - moved the stat cache code into statcache.c - fixed the uint16 alignment requirements of ascii_to_unistr() and unistr_to_ascii() - trans2 SMB_FIND_FILE_BOTH_DIRECTORY_INFO returns the short name as unicode always (at least thats what NT4 does) - fixed some errors in the in-memory tdb code. Still ugly, but doesn't crash as much (This used to be commit 03e9cea004bbba72161a5323cf3b4556c94aed8e)
2000-04-18ReadDirName calls vfs->readdirname calls dos_readdirname.Luke Leighton1-5/+5
replaced with readdirname. ditto for OpenDir and CloseDir. (This used to be commit a0afe0d5f8378463b1e47cd779aee3af98c1940a)
2000-03-21indent update to make t easier to see setuid mods in TNG. someLuke Leighton1-455/+558
code from these modules i had to leave out (nothing to do withj setuid) (This used to be commit 96717211edcc389daa4494907251ffb79ffa56d9)
2000-01-05Moved check_plaintext_password() into smbd/chgpasswd.c from smbd/ipc.c.Jeremy Allison1-0/+43
configure configure.in include/config.h.in: Added <sys/un.h> autoconf code for Luke's UNIX domain sockets code. Jeremy. (This used to be commit 210d61db08136122f51a93428607fccd582c9e7d)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-127/+150
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-11-20modified domain_client_validate to take trust account name / type. thisLuke Leighton1-1/+2
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and SEC_CHAN_WKSTA. modified check_domain_security to determine if domain name is own domain, and to use wksta trust account if so, otherwise check "trusting domains" parameter and use inter-domain trust account if so, otherwise return False. (This used to be commit 97ec74e1fa99d773812d2df402251fafb76b181c)
1999-11-04samuserset <username> -p password. YESSSSS :)Luke Leighton1-67/+0
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no). (This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
1999-11-04adding experimental set user password command to rpcclient, it returnsLuke Leighton1-0/+31
error wrong password against nt. ???? (This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
1999-06-13Moved code that changes the pw_passwd entry (i.e shadow password andTim Potter1-1/+1
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug. Note that the Get_Pwnam() function now returns a const struct passwd * as a hint to other developers not to change entries in the struct passwd. (This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958)
1999-06-02Fixing core dump bug with unix password sync, caused by a NULLMatthew Chapman1-5/+7
connection_struct in a call to OpenDir. JF, you fixed a similar bug in printing/nt_printing.c, I think your fix is incorrect as global configuration files should not go through a VFS. (This used to be commit 0e0c310a3ea102c61e74b604bcc793a82554a828)
1999-03-25SAM database "set user info".Luke Leighton1-24/+37
---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
1999-03-19Beau Kuiper: provided patch so that passwords could only be changed byLuke Leighton1-0/+8
root if the ACB_PWLOCK bit is set (on a per-user basis). he also added an extra smbpasswd option so that this bit can be modified from command-line. (This used to be commit 534fe319d9de8da2ed7e911dbba3c7df08193efa)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-3/+1
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-11UNICODE issues.Luke Leighton1-1/+1
(This used to be commit 6a437cfb33f24913e0c1f8484c0b08ef317e513b)
1999-02-10use jeremy's versions of the UNICODE routines.Luke Leighton1-1/+1
(This used to be commit c5109ff782be8774db47a92b48ca6335ec8d6065)
1999-02-08UNICODE byte ordering issue: typecast to uint16* replaced with SSVAL()Luke Leighton1-1/+1
(This used to be commit 9084b7e33dfe717bd8d5604ee71d137e3baef0f5)
1998-11-29weekend work. user / group database API.Luke Leighton1-1/+1
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-23changed string_sub() to replace " ; and ` in the inserted string with _Andrew Tridgell1-4/+4
use all_string_sub() if you don't want this. (This used to be commit a3357ab49335106674fe7a7481cd0f146d74fbe5)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison1-3/+3
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-12Fix fd leak in error condition in grantpt code case.Jeremy Allison1-5/+8
Jeremy. (This used to be commit 22df2dae30b815f1c86bd21ac0ccf02da5b85eba)
1998-10-23possible bug in change oem password code: replaced E_P16 and E_md4hashLuke Leighton1-9/+1
with a call to nt_lm_owf_gen. if this still doesn't get the NT hash generated correctly then there may instead be a bug in mod_smbpwd_entry(). (This used to be commit 1c8c644210870fef7ea3eddf411b01a98f991fcc)
1998-10-21Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode.Jeremy Allison1-6/+7
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh ! smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles. Jeremy. (This used to be commit 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80)
1998-10-21signed / unsigned issuesLuke Leighton1-1/+1
(This used to be commit bd2fc6bb85739cb8e7ed2254e2a553486daed054)
1998-10-19- dce/rpc codeLuke Leighton1-108/+215
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
1998-09-25Makefile.in: Fixed bug with continuation line causing proto to fail.Jeremy Allison1-0/+6
Added $(PROGS) $(SPROGS) as targets for make clean. acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES. configure.in: Added sys/capability.h header check. Added function checks for srandom random srand rand. Added HAVE_IRIX_SPECIFIC_CAPABILITIES test. includes.h: Added #include <sys/capability.h>. ntdomain.h: Moved struct acct_info into here from smb.h smb.h: Added KERNEL_OPLOCK_CAPABILITY define. Moved enum action_type into rpcclient.h Moved struct cli_state into client.h Moved struct nt_client_info, struct tar_client_info, struct client_info into rpcclient.h lib/genrand.c: Changed to use sys_random() & friends. lib/smbrun.c: Lose capabilities after fork. lib/system.c: Added set_process_capability(), set_inherited_process_capability() sys_random(), sys_srandom(). lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an 32 bit mounted NFS filesystem. nmbd/nmbd.c: Changed to use sys_random() & friends. nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends. passdb/ldap.c: Missed one pdb_encode_acct_ctrl call. passdb/passdb.c: Changed to Ander's code for ' ' characters. passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ. script/mkproto.awk: Added 'long' to prototypes. smbd/chgpasswd.c: Lose capabilities after fork. smbd/open.c: Do the mmap *after* the kernel oplock. smbd/oplock.c: Removed stub code from kernel oplock path. Added set_process_capability(), set_inherited_process_capability() calls. smbd/reply.c: Initialize count = 0, offset = 0. smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls. tests/summary.c: Ensure we have RANDOM or RAND. utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ. utils/torture.c: Changed to use sys_random() & friends. Jeremy. (This used to be commit e8be306f23963ac00b1a383ebe0cc1421529fb02)
1998-09-17configure configure.in: Added tests for fseek64 and ftell64.Jeremy Allison1-2/+2
config.h.in: Added fseek64 and ftell64. includes.h: Added definition of SMB_BIG_INTEGER. smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. access.c: Tidyup of dbug statement. system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t. asyncdns.c: Tidyup of comment. loadparm.c: Tidyup of set_default_server_announce_type() function definition. ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER. smbpassfile.c: Use sys_fseek(). chgpasswd.c: Tidyup of debug statement. dosmode.c: Changed mode calls to use mode_t. ipc.c: Removal of dead code. nttrans.c: Changed mode calls to use mode_t. open.c: Changed mode calls to use mode_t. pipes.c: Removal of dead code. reply.c: Removal of dead code. trans2.c: Removal of dead code. Changed mode calls to use mode_t. Jeremy. (This used to be commit c381d32e3dc23fe887408016cae821aceb30da2c)
1998-09-05tridge the destroyer returns!Andrew Tridgell1-1/+1
prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)