summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
AgeCommit message (Collapse)AuthorFilesLines
1999-03-25SAM database "set user info".Luke Leighton1-13/+24
---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
1999-03-19going to start adding inter-domain trust logons soon.Luke Leighton1-123/+130
(This used to be commit f9f594c03e220a0d902c5c3c5835948348b19fee)
1999-03-12cli_setup_creds new arguments added.Luke Leighton1-1/+3
(This used to be commit 5fa3a3f710cfd3a51641d560a96bd08f92afca32)
1998-12-14server_cryptkey() now calling cli_connectserverlist(). stupid microsoftLuke Leighton1-74/+4
idiotic *SMBSERVER connectionism added to cli_connect_serverlist(). also added check for protocol < LANMAN2. (This used to be commit c2bcb3a286f22ed4f0f55da2a3eb2bff17906fb1)
1998-12-07removed nt_pipe_fnum from struct cli_state. need to be able to callLuke Leighton1-9/+10
LsaLookupSids etc from within SamrQueryAliasMembers, for example. fnum is now a parameter to client functions. thanks to mike black for starting the ball rolling. (This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
1998-12-03moved get_unixgroups it will be needed by the unix instance of the groupLuke Leighton1-49/+0
DB API (This used to be commit ef58e48bc9af338ed6c734205d4faf82371284ac)
1998-11-29weekend work. user / group database API.Luke Leighton1-6/+6
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-21try to use *SMBSERVER to connect to password server if the firstAndrew Tridgell1-13/+11
session_request fails. (This used to be commit ab2370e7ac770f1e32b8d726ab955457fcc8c2d7)
1998-11-21smbd/password.c: Added *SMBSERVER fix is name is too long.Jeremy Allison1-1/+9
web/swat.c: Changed '?' to help. Jeremy. (This used to be commit 631913ea856926a77304692c74a1bd27faead179)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison1-1/+1
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-106/+8
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-09converted smbclient to use clientgen.c rather than clientutil.cAndrew Tridgell1-1/+0
I did this when I saw yet another bug report complaining about smbclient intermittently missing files. Rather than applying more patches to smbclient it was better to move to the more robust clientgen.c code. The conversion wasn't perfect, I probably lost some features of smbclient while doing it, but at least smbclient should be consistent now. It if fails it should _always_ fail rather than giving people the false impression of a reliable utility. the tar stuff seems to work, but hasn't had much testing as I never use it myself. I'm sure someone will find bugs in my conversion of smbtar.c. It was quite tricky as it did a lot of its own SMB calls. It now uses clientgen.c exclusively. smbclient is still quite messy, but at least it doesn't build its own SMB packets. I haven't touched smbmount as I never use it. Mike, do you want to convert smbmount to use clientgen.c? (This used to be commit e14ca7765ace1b721dad8eca4a527a4e4a8f1ab8)
1998-11-07codepages/codepage_def.936: Updated comment.Jeremy Allison1-89/+73
param/loadparm.c: Removed "networkstation user login", "domain controller", and "domain sid" parameters. passdb/passdb.c: Removed "networkstation user login" code and changed bug test code to only check once for a bad password server. This will stop the complaints of many "bad login" audit records in NT PDC logs. utils/smbpasswd.c: Removed check for "domain controller". Jeremy. (This used to be commit d6e6e936b5dd90dd8fc38d9404efbe5c546c15e5)
1998-10-21Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode.Jeremy Allison1-3/+4
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh ! smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles. Jeremy. (This used to be commit 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80)
1998-10-19- dce/rpc codeLuke Leighton1-7/+16
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
1998-10-16!pass -> pass != NULL is wrong: !pass -> pass == NULL is correct. oops.Luke Leighton1-2/+2
(This used to be commit 866e1018180a70ff2ffa39e6a5ce5f187eca2764)
1998-10-16made pass_check_smb() available for dce/rpc use.Luke Leighton1-25/+34
(This used to be commit 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09)
1998-10-16cli_nt_session_open() encrypt arg removedLuke Leighton1-1/+1
(This used to be commit 63def717992695ed4a4933c2605abe26086fb8c7)
1998-10-16setup_groups() - code clarification. no functional change.Luke Leighton1-13/+19
(This used to be commit dae7c5ea9a139552e1722357172fa1ad0c4a7143)
1998-10-15rpcclient interactive login (with trust account changing if you are root)Luke Leighton1-23/+2
cli_session_setup handles null sessions correctly (This used to be commit 60c0f22a4e84703467006dfe1971384a6294a9aa)
1998-10-15config: Fix crypt prototype on RedHat Linux.Jeremy Allison1-4/+10
include/includes.h: Fix crypt prototype on RedHat Linux. smbd/fileio.c: Fix mmap bug found by WinCE client. smbd/ipc.c: Fix WinCE wierdness with pipes being opened as \server\pipe\lanman smbd/password.c: Fix encrypted null passwords. Jeremy. (This used to be commit 475992730c0ecbf31c09b3518df2f0354cec61da)
1998-10-14dce/rpcLuke Leighton1-4/+4
(This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6)
1998-10-13use level 0 for DEBUG() of malformed password entry in smbpasswdAndrew Tridgell1-4/+4
(This used to be commit bff457b4a469c03977683c4521464c41f74db1ae)
1998-10-06using wrong cli_state in "security = domain" call.Luke Leighton1-47/+51
(This used to be commit 1c08cc2466f7bf615a3508e028f0b65f120d2e5d)
1998-10-04- modified resolve_name() to take a name_typeAndrew Tridgell1-2/+2
- cleaned up resolve_name() (split into separate functions for each resolver) - if can't find local master then use #1B name - support listing of foreign workgroups in /smb/ (This used to be commit a4e607c17d1119925c9d0e1d05e0fe81e9a2d1aa)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-15/+20
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-09-28Changes to test in configure if capabilities are enabled on a system.Jeremy Allison1-1/+1
Changes to get Samba to compile cleanly with the IRIX compiler with the options : -fullwarn -woff 1209,1174 (the -woff options are to turn off warnings about unused function parameters and controlling loop expressions being constants). Split prototype generation as we hit a limit in IRIX nawk. Removed "." code in smbd/filename.c (yet again :-). Jeremy. (This used to be commit e0567433bd72aec17bf5a54cc292701095d25f09)
1998-09-25added rpcclient programLuke Leighton1-2/+13
(This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-05some cleanups to use ZERO_STRUCT() and friendsAndrew Tridgell1-1/+2
(This used to be commit 7b154dc4313324dfad6cf0117b8ce246bf12bf16)
1998-09-05tridge the destroyer returns!Andrew Tridgell1-2/+2
prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
1998-08-31bounds check next_token() to prevent possible buffer overflowsAndrew Tridgell1-2/+2
(This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)
1998-08-27This is the stat cache code - seems to work fine (needs heavyJeremy Allison1-4/+0
NetBench testing though.... :-). Attempts to efficiently reduce the number of stat() calls Samba does. Jeremy. (This used to be commit d0e48a2d8072c3e77a57ac6a2fb5044c05f03b41)
1998-08-24Changed ASSERT macros to SMB_ASSERT macros as some systems alreadyJeremy Allison1-2/+2
have an ASSERT macro defined. Jeremy. (This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
1998-08-15configure: Changes for extra headers.Jeremy Allison1-1/+1
configure.in: Source for header changes. client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile. include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers. include/includes.h: Headers for the above. include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int). lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/debug.c: Fixed signal functs. lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile. libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem_sysv.c: Fixed error messages in sysV stuff. nmbd/asyncdns.c: Fixed signal functs. nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/nttrans.c: Fixed fsp code path. smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem. smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/trans2.c: Fixed core dump bug. smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile. Jeremy. (This used to be commit 1b9cbcd02e575dc0a95fa589f720df30a4acc46b)
1998-08-13Debug output formatting change. I'm trying to combine log lines thatChristopher R. Hertel1-4/+4
really should be together. Chris -)----- (This used to be commit 8880fc58fa61edfd5a83cc75ef627b430b8a4437)
1998-08-10split the system password checking routines out of smbd/password.c andAndrew Tridgell1-1041/+141
into passdb/pass_check.c. This means SWAT no longer needs to link to smbd/password.c (This used to be commit 90d93889d722670cbb517017531264630af759bf)
1998-07-29get rid of the runtime test for broken getgroups() and add a compileAndrew Tridgell1-75/+33
time test instead. This also allows us to get rid of the igroups element of a couple of structures. (This used to be commit 8b25fe734166b76ceebf8d9543c706ebe0fddc96)
1998-07-29merge from the autoconf2 branch to the main branchAndrew Tridgell1-80/+27
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
1998-07-27chgpasswd.c: Fixed up debug calls to stop crashes if ptsname failed.Jeremy Allison1-14/+3
local.h: Kept FSTYPE_STRING as Samba for now. nmbd_browsesync.c: Added bugfix from Matt Chapman mattyc@cyberdude.com - lmb_browserlist is now a struct ubi_dlList not a struct browse_cache_record *. server.c: smb.h: uid.c: password.c: Removed attrs code - it is not used anywhere. Jeremy (This used to be commit ef1af7fe6d5c58ae57b8e4efff0729e1a315da43)
1998-07-09New version of the DFS_AUTH code from Karsten Muuss <muuss@or.uni-bonn.de>Jeremy Allison1-39/+242
Jeremy. (This used to be commit cf7402c5325afd1f9a737facf285cb905702adb2)
1998-07-06password.c: Fixes to allow Win95 clients to have lm encrypted passwordsJeremy Allison1-2/+5
recognised. lib/rpc/client/cli_login.c: Fix debug comment. lib/rpc/parse/parse_misc.c: Fix for passing null pointers. lib/rpc/parse/parse_net.c: Send correct password lengths when called from Win95. Jeremy. (This used to be commit ad1848b35521b3d478ea3226db818a1edef78254)
1998-06-13Makefile: Added ubi_sLinkList.o as the groupname.o file needs it. Added ↵Jeremy Allison1-1/+1
groupname.o includes.h: Added ubi_sLinkList.h include. loadparm.c: Added groupname map parameter. password.c: Fix HPUX big_crypt. username.c: New user_in_list() code. Moved groupname map code to groupname.c lib/rpc/server/srv_util.c: Added lookup_wellknown_sid_from_name(). New groupname map stuff. Note that nothing currently uses this but at compiles ok. Jeremy. (This used to be commit beef636a4d772457816ef068c62ea965d07131f6)
1998-05-27loadparm.c: Added machine password timeout parameter - set to 7 days be default.Jeremy Allison1-4/+5
password.c: Added code to tell server.c when machine password needs changing. server.c: Change machine password in idle cycles if it needs it. smbpassfile.c: Fixed up length calculations for machine password file. smbpasswd.c: Moved domain joining code/machine password changing code. lib/rpc/client/cli_netlogon.c: And this is where it now lives. Jeremy. (This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
1998-05-21Fixed 'revalidate' parameter so it's only considered in security=shareJeremy Allison1-29/+29
mode. Jeremy. (This used to be commit 7727f09ea9055053ed1d3e2af1069ddae245efb4)
1998-05-18chgpasswd.c: Changed back to getsmb... from getsam...Jeremy Allison1-6/+6
ldap.c: Stoped dummy_function being prototyped. loadparm.c: Fixed slprintf sizes. nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved stuff around a lot - stopped any lookups by rid. This needs to be indirected through a function table (soon). password.c: Changed back to getsmb... from getsam... reply.c: Changed back to getsmb... from getsam... slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems. smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam... Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-25/+25
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11ldap back-end database developmentLuke Leighton1-6/+6
Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell1-7/+7
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-05-10Updated OSF1_ENH_SEC mode password handling.John Terpstra1-1/+8
This now tries Enhanced passwords first and if this fails trys Basic mode (ie: Unix /etc/passwd) authentication. This only happens when OSF1_ENH_SEC is defined at compilation. (This used to be commit 29462c8d7a241eb462b1583170a0b5f16096ea3f)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton1-6/+6
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)