summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
AgeCommit message (Collapse)AuthorFilesLines
2002-01-20Kill off another ugly wart from the side of the passdb subsystem.Andrew Bartlett1-0/+2
This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-0/+16
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-02Actually enforce the passdb API.Andrew Bartlett1-1/+1
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-8/+8
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter1-2/+0
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-19Cosmetic fix for debug statement.Tim Potter1-2/+1
(This used to be commit 507ef80f48a8fca762e41be5cdb80ce86544da3f)
2001-11-09This change updates lp_guestaccount() to be a *global* paramater, rather thanAndrew Bartlett1-5/+6
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
2001-11-08Change to guest logon code.Andrew Bartlett1-9/+9
This changes the way we process guest logons - we now treat them as normal logons, but set the 'guest' flag. In particular this is needed becouse Win2k will do an NTLMSSP login with username "", therefore missing our previous guest connection code - this is getting a pain to do as a special case all over the shop. Tridge: We don't seem to be setting a guest bit for NTLMSSP, in either the anonymous or authenticated case, can you take a look at this? Also some cleanups in the check_password() code that should make some of the debugs clearer. Various other minor cleanups: - change the session code to just take a vuser, rather than having to do a vuid lookup on vuser.vuid - Change some of the global_client_caps linking - Better debug in authorise_login(): show the vuid. Andrew Bartlett (This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)
2001-11-04Fix segfault. sup_tok might not always be with us.Andrew Bartlett1-3/+5
(This used to be commit 1f409a1f3fb0906f1ff985b96bb7a65f56253046)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-6/+18
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-19/+32
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-2/+2
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-1/+1
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-30Small changes to register_vuid ahead of a larger restructure.Andrew Bartlett1-3/+3
(This used to be commit 7802bc94e78932d24eb6658edc14d0d051246208)
2001-09-17move to SAFE_FREE()Simo Sorce1-4/+4
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-09-15Kill off the //server/share%user hack in share level security.Andrew Bartlett1-8/+0
This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
2001-08-20a bunch of fixes from the sflight to seattleAndrew Tridgell1-1/+0
in particular: - fixed NT status code for a bunch of ops - fixed handling of protocol levels in ms_fnmatch (This used to be commit 3eba9606f71f90bfd9820af26f8676277ed22390)
2001-08-17Restore a debug I think I dropped earlierAndrew Bartlett1-0/+2
(This used to be commit dc635bde2262b248f58d3ce52c2575dae8546571)
2001-08-17smbd/auth_server: Doco, we want to use cli_nt_error here soonAndrew Bartlett1-3/+0
smbd/password.c: We don't use globals here anymore smbd/reply.c: Tidyness, global_myworkgroup must die! smbd/service.c: Move some of the make_connection code into a helper function. (This used to be commit 15c87e404fcaff9e360a40b8b673938c6e611daf)
2001-08-17Style cleanup for the last vuid change.Andrew Bartlett1-1/+1
Style, doco and DEBUG() fixes for auth_smbpasswd.c (In particular for the account control call). Andrew Bartlett (This used to be commit 3d91c119420973d7dd1af416a1e26efa113dc626)
2001-08-17One less getpwnam() call...Andrew Bartlett1-10/+3
Andrew Bartlett (This used to be commit 204da7ba96b0c562bab5e5536728a0378077bdc7)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-1072/+0
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-08-01Pidfile check can be read-only. Removed old ifdef in password.cJeremy Allison1-24/+3
Jeremy. (This used to be commit d82efc61ef16533c5652a5d4a9863f8317cb4ea2)
2001-07-24Convert other parameters (read list, write list, valid users...) to the ↵Simo Sorce1-13/+22
P_LIST format. changed functions to use list instead of strings addedd lp_list_substitute function (This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507)
2001-07-17move the global_machine_password_needs_changing where we need it.Simo Sorce1-0/+2
(This used to be commit 8a2f6fbacd275acc7b356169f4022df4860a813e)
2001-07-16Test if machine password has expired.Simo Sorce1-0/+6
This test was lost somehow... (This used to be commit 065d8f69d5f4a8ffc062bc5592386ee1ac652969)
2001-07-08This removes unused paramaters from various authtication functions, and shouldAndrew Bartlett1-21/+14
not change behaviour. This should make my later diffs smaller, where I actualy start cleaning up this mess... Andrew Bartlett (This used to be commit 04f090c224bb7ac3b53c430a591fce1fc939a81c)
2001-07-04The big character set handling changeover!Andrew Tridgell1-1/+1
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-25Fixed stupid typo that would stop trusted domains working.Jeremy Allison1-4/+3
Jeremy. (This used to be commit fa721b4adfbcac4827251b02f6af7f0b5211c104)
2001-06-22Andrew - please look this over. I've fixed a long standing (maybe 4-5Jeremy Allison1-136/+147
years old) bug when chainging a sessionsetup_and_X and tcon together. The wrong username was being entered into the tdb, even though the correct user was used for accessing files. This is related to the fact that authorise_login() is not used for sessionsetup, but only for tcon auths. Jeremy. (This used to be commit 0187cd6aef7586d7ad4bdc70c50f3f2e7c69519c)
2001-06-14Fixed some return code checks for cli_initialise() from False to NULL.Tim Potter1-1/+1
Spotted by Joe Doran <joed@interlude.eu.org> (This used to be commit 3e3b9bc5380652d882c02e7286258f0aabcaf395)
2001-05-31Fix debug statement so it doesn't use lp_workgroup() either.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 18e652a5e0d30d033be70e512cd94bf867507f64)
2001-05-25i18n fix for domain_client_validate()Tim Potter1-1/+1
(This used to be commit d6dcca7cc9bc5a1948c1b6126ca4f6cb9ccacc52)
2001-05-17Fixes to get pam_auth() functionality working again.Tim Potter1-10/+11
(This used to be commit 083b74c743f0026693fa0fbe665ed08a3ac706b8)
2001-05-07Patch from Simo:Gerald Carter1-9/+9
o sed 's/pdb_clear_sam/pdb_free_sam/g' o add pdb_reset_sam() o password changing should be ok now as well. (This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
2001-05-06Patch from David_Tiller@ccnotes.ccity.com finally applied now I've thoughtJeremy Allison1-70/+77
about it to stop account lockouts with "security=server" mode. Sorry for the delay David. Jeremy. (This used to be commit e8819715038ed49b07ed5639b1b88ad12e994b53)
2001-05-04Big cleanup of passdb and backends.Jean-François Micouleau1-5/+19
I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
2001-05-04merge from 2.2 in password_ok() to ensure that we check theGerald Carter1-1/+1
return code from smb_pam_accountcheck() (This used to be commit d5d6f01aaf8d344bb44dbe047c2f760ca220529e)
2001-04-30Based on an original PAM patch by Andrew Bartlett, re-written by me toJeremy Allison1-25/+19
remove global static PAM variables, and to tidy up the PAM internals code. Now looks like the rest of Samba. Still needs testing. Jeremy. (This used to be commit 1648ac64a75de74d1a1575eb49cccc4f75488bfa)
2001-04-23Added smb_ prefix to all Samba wrapper pam functions.Jeremy Allison1-1/+1
Fixed off by one bug using StrnCpy instead of strdup(). Jeremy. (This used to be commit d4b1c0be2e700c86a4338bb497777f97e3c960a7)
2001-04-22Commit of a modified version of Andrew Bartlett's patch that removes theJeremy Allison1-5/+14
horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
2001-04-18merge from 2.2Andrew Tridgell1-13/+37
(This used to be commit f52a5014ee325f9d91f266f88eac51b6136a75b9)
2001-03-27Bail out early if null passwords and lp_null_passwords not set.Jeremy Allison1-0/+5
Jeremy. (This used to be commit 7c718fc85e3dbfaf0195e352d06a8c682a6036fc)
2001-03-11Moved cruft out of smb.h into ntdomain.h where it belongs. dc structJeremy Allison1-2/+0
now in pipe struct (where used) rather than user_struct. Secured machine account password changing in srv_netlog_nt.c - ensure that only the given machine can change its own password. May need to free this up later for NT admin tools, but this is a fail-safe secure position for now. Jeremy. (This used to be commit 46b12f2275dcd4b3114085160cd456441f9e921e)
2001-03-11Remove "BYTE" - we already have uint8 - don't need more conflicts withJeremy Allison1-1/+1
system header files... Jeremy. (This used to be commit 31e0ce310ec38b3a3a05b344d6450d442c6be471)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-4/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-02-08replaced inet_aton() with inet_addr() to keep Solaris from complaining.Gerald Carter1-3/+9
jerry (This used to be commit 2b18c4484313e77d98c8a7524cf9f5cc2c924dc2)
2001-01-25Fixes from appliance-head for pdc searches.Jeremy Allison1-1/+16
Jeremy. (This used to be commit d04ed97ecab846def8467f313a71ef0e5c4005f6)
2001-01-04Changes from APPLIANCE_HEAD:David O'Neill1-0/+8
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)