Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
|
|
The whole routine was just one if-branch. Do an early return instead.
|
|
|
|
This is to introduce a new format of the password history, maintaining backwards
compatibility: The old format was 16 byte hash + 16 byte md5(salt + nt hash).
The new format is 16 zero bytes and 16 bytes nt hash.
This will allow us to respect the last X entries of the nt password history
when deciding whether to increment the bad password count.
This is part of the fix for bug #4347 .
Michael
|
|
|
|
|
|
|
|
Guenther
|
|
|
|
Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed
from sys_read() to sys_recv(). read_socket_with_timeout() is called
with non-fd's (with a pty in chgpasswd.c and with a disk file in
lib/dbwrap_file.c via read_data()). recv works for the disk file,
but not the pty. Change the name of read_socket_with_timeout() to
read_fd_with_timeout() to make this clear (and add comments).
Jeremy.
|
|
Guenther
|
|
|
|
It is a bad idea to just tell everyone that an account is disabled without
really having checked the password first.
Found by torture test.
Guenther
|
|
Guenther
|
|
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
|
|
|
|
metze
|
|
|
|
|
|
Thanks to Jason Mader for sending the compiler output :-)
Volker
(This used to be commit 7a57c2da1a6cc0fcea0b4d949c696219f1822694)
|
|
(This used to be commit 448a8fe6c15bc4e85149d1ae821f0ebc2e3edde5)
|
|
(This used to be commit 90554799afa42855c3e7b87dc632e67f0952f988)
|
|
(This used to be commit f9c8ac83ff42137d2101d3bb17e5dcc3c3d70a8f)
|
|
Guenther
(This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
|
|
All callers are replaced by Get_Pwnam_alloc
(This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
|
|
system).
Jeremy.
(This used to be commit 545cd2139cfc9484b733693814d4724d37125942)
|
|
Jeremy.
(This used to be commit 898c56c0ead6331721de9645ce55608cbe7cf34d)
|
|
precedence.
Jeremy.
(This used to be commit 446ebae76d6796b30e4c71ff7190337c28637be6)
|
|
<vorlon@debian.org>.
Recent versions of Linux-PAM support localization of user prompts,
so Samba must use the C locale when invoking PAM (directly or via
/usr/bin/passwd) to ensure that password chat values match the prompts in a
locale-invariant fashion.
Jeremy.
(This used to be commit bc13e939546a5bcb78925a6b117e89fde20f6451)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
Jeremy.
(This used to be commit eaf14c701b08e9eff5b94bf57af68cb29142d7fc)
|
|
Jeremy.
(This used to be commit c15819b75751a1e15cfed2ef94dae10ee72d769c)
|
|
Each cli struct has it's own local copy of this variable,
so use that in client code. In the smbd server, add one
static to smbd/proccess.c and use that inside smbd. Fix
a bunch of places where smb_rw_error could be set by
calling read_data() in places where we weren't reading
from the SMB client socket (ie. winbindd).
Jeremy.
(This used to be commit 255c2adf7b6ef30932b5bb9f142ccef4a5d3d0db)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Make sure we honour the directive not to allow machine password changes.
(This used to be commit 436555f05ceae34d8df2356d1066b6b5e0a07c41)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
Guenther
(This used to be commit e99696c97052d4ba962e11fcb7b6ea530350913d)
|
|
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
|
|
(This used to be commit e56e3c19e1244e2b7409d57a030ca8b7ec446932)
|
|
Jeremy.
(This used to be commit c66620770d2154543a6ec99d369771b339df5463)
|
|
HSM is interested in. Tested on both IRIX and SLES9.
(This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
|
|
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
(This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
|
|
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
|
|
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
(This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
|
|
to make full use of the new talloc() interface. Discussed with Volker
and Jeremy.
* remove the internal mem_ctx and simply use the talloc()
structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
upcoming changes. Groups will most likely be replaced with a
'struct samg' in the future.
Note that there are now passbd API changes. And for the most
part, the wrapper functions remain the same.
While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs. The code also needs more testing under valgrind to
ensure it's not leaking memory.
But it's a start......
(This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
|
|
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
|
|
Guenther
(This used to be commit 58baf718be90d750f51cf51a25714fcdcd5679b7)
|