summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2001-10-03switched over to a new method of handling uppercase/lowercase mappingsAndrew Tridgell1-0/+2
for unicode strings. The new method relies on 3 files that are mmap'd at startup to provide the mapping tables. The upcase.dat and lowcase.dat tables should be the same on all systems. The valid.dat table says what characters are valid in 8.3 names, and differs between systems. I'm committing the japanese valid.dat here, in future we need some way of automatically installing and choosing a appropriate table. This commit also adds my mini tdb based gettext replacement in intl/lang_tdb.c. I have not enabled this yet and have not removed the old gettext code as the new code is still being looked at by Monyo. Right now the code assumes that the upcase.dat, lowcase.dat and valid.dat files are installed in the Samba lib directory. That is not a good choice, but I'll leave them there until we work out the new install directory structure for Samba 3.0. simo - please look at the isvalid_w() function and think about using it in your new mangling code. That should be the final step to correctly passing the chargen test code from monyo. (This used to be commit 1c221994f118dd542a158b2db51e07d04d0e9314)
2001-10-02Fixed up the change password bug when not using PAM.Jeremy Allison1-16/+32
The problem is we were trying to use mask_match as a generic wildcard matcher for UNIX strings (like the password prompts). We can't do that - we need a unix_wild_match (re-added into lib/util.c) as the ms_fnmatch semantics for empty strings are completely wrong. This caused partial reads to be accepted as correct passwd change responses when they were not.... Also added paranioa test to stop passwd change being done as root with no %u in the passwd program string. Jeremy. (This used to be commit 9333bbeb7627c8b21a3eaeae1683c34e17d14bf0)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter44-94/+2
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-10-01honor the ACB_PWNOEXP flag in smbpasswdAndrew Tridgell1-2/+1
(This used to be commit 70b7c900c907c4620faa7d82845296298b3820ff)
2001-10-01- fix handling of 0 last_change_time and must_change_timeAndrew Tridgell1-31/+32
- move the arbitrary 21 day timeout to local.h (This used to be commit 11075f543470c3283accce0246d0b2983420695a)
2001-09-30Small changes to register_vuid ahead of a larger restructure.Andrew Bartlett1-3/+3
(This used to be commit 7802bc94e78932d24eb6658edc14d0d051246208)
2001-09-29undef the code for nowSimo Sorce1-2/+2
(This used to be commit 5ab220efd7a1532e11370cb0fc9854d610a7f3d7)
2001-09-29further devel and test kit.Simo Sorce1-67/+264
first tests show it still does not work. work in progress... (This used to be commit a4c746ac474e2e4cead78076ffe2109fab74aefe)
2001-09-29Fix up a number of intertwined issues:Andrew Bartlett5-61/+80
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
2001-09-27get out unicode_from_buffer and buffer_from_unicode, unneeded.Simo Sorce1-112/+139
store mangled filename in dos charset and unmangled in unicode. clean ups still lot to do. againg compiled but not yet tested. (This used to be commit 2d1aabb6d4bf23985a9ce0f7e065292aacedc80a)
2001-09-27minor fixesSimo Sorce1-10/+5
(This used to be commit 57e639bbdd115b51362caf7e3db4ba34ccdeddc2)
2001-09-26OpenSSL merge from 2.2Gerald Carter1-9/+19
(This used to be commit efc6df5a3914da9e7b792ccaccd1403c72c09f78)
2001-09-26Kill of the reply.c end of the workstaion trust account mess.Andrew Bartlett2-169/+61
Fix the NT errror codes, this time in line with WinXP/2k. - Return the normal error codes, expect for bad user/bad password. These map to logon failure, as a quick security hack. We follow suit. Simplfy some of the password extraction code, the auth subsytem has the intelegence to sort this stuff out, no need to do it here. Move to 'global_encrypted_passwords_negotiated' to determine the use of unencrypted hacks, replacing the current mess. Andrew Bartlett (This used to be commit c04f063573c61d8ef3f43815bbb9b6b076dc23eb)
2001-09-26Process the workstation trust account code INSIDE the authenticaion subsystem,Andrew Bartlett1-5/+20
just like any other logon. Matching code removal in reply.c to follow. Andrew Bartlett (This used to be commit da4873d889928e9bd88e736e26e4e77e87bcd931)
2001-09-26Rearrange the order of the checks in auth_smbpasswd.c, always check passwordsAndrew Bartlett1-73/+111
first. Add password expiry and 'must change before first logon' support. - This requires that the passdb be up to the job to supply the info. (This used to be commit 53c1c5091ea4e3ccc294f8b6f132be78c11c431f)
2001-09-26Fix this to use the plaintext password code directly, like SWAT does.Andrew Bartlett1-7/+11
This whole area needs to be cleaned up. Should this kind of passowrd change/check be permitted with encrypt passwords = yes? In any case I've also had trouble testing this, as I can't find the right software/configuration to exersise this behaviour. But its better than the previous situation. Any assistance greatly appriciated. Andrew Bartlett (This used to be commit 37655b42897031f754d436435e64a2548de756b5)
2001-09-26Update for new pdb_set_plaintext_passwd() interface.Andrew Bartlett1-6/+1
(This used to be commit ce676f8bfc6222df1e05b164420efab30eb1b2e1)
2001-09-26Update build_options.c in line with new configure options.Andrew Bartlett1-6/+10
(This used to be commit 3f10b045666479e3e1981b09fcaa0d0810422fcb)
2001-09-25- the inactive core of the new mangling code that use tdbSimo Sorce1-0/+357
- some more utils for unicode string manipulation (This used to be commit 4ade36446e7dee1c3828d8c822f047c6e891a644)
2001-09-25fixed a typoAndrew Tridgell1-1/+1
(This used to be commit 11a2808e10bb7885da04c19c261d3876c31ac08d)
2001-09-25Log sys_acl_set_XX at level 2 not zero.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 4a54a633c59a18b387427e89266e294bdddf8574)
2001-09-24Change log message to 2 from zero when failing to create directory.Jeremy Allison1-1/+1
Stops spurious profile creation messages. Jeremy. (This used to be commit fa74d07207fa9024b6ebdb10686b032ef6673d18)
2001-09-23Lets call an NTSTATUS an nt_status, not an ecode.Andrew Bartlett1-6/+6
(This used to be commit b6048e28ab996ba5581cfa3b50401c0f775befdd)
2001-09-23Zero out these pstrings before we start: makes for much easier debugging.Andrew Bartlett1-2/+2
(This used to be commit d417b6b5cbdbb244cc683387d73a9200eef53427)
2001-09-23Fix up NT_STATUS return for session setups, Win2k objects to anything otherAndrew Bartlett2-9/+7
than NT_STATUS_LOGON_FAILURE. This also brings us (almost) back in line with their implementation. Kill off SMBENCRYPT() macro Kill off 'nt smb support' paramater - tridge okayed this one. Andrew Bartlett (This used to be commit 67947bf6e31ee9758f8a2186f83031ba21b716f2)
2001-09-22Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison1-0/+11
Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-09-21Attempt to make quotas work with RH7.1, and with other Linuxen... This isJeremy Allison1-68/+125
*HARD*, dammit ! Jeremy. (This used to be commit 59a4684201fb72989698db5ac8169bd8880bd9a7)
2001-09-21fixed the error code handling in can_delete() by converting it toAndrew Tridgell1-19/+22
NTSTATUS. This gets the right error codes in SMBunlink (This used to be commit c82f7828c05c747a5782d10c68cc2df80d4071bd)
2001-09-20Move pass_check.c over to NTSTATUS, allowing full NTSTATUS from PAM to wire!Andrew Bartlett1-3/+3
Add the ability for swat to run in non-root-mode (ie non-root from inetd). - we still need some of the am_root() calls fixed however. (This used to be commit 2c2317c56ee13abdbdbc866363c3b52dab826e3c)
2001-09-20We are not meant to touch the username, so use the pass->pw_name output ratherAndrew Bartlett1-6/+6
than Get_Pwnam(user, True). (This used to be commit bf81f0021328da97afe58cc17317b15ec1b3cc96)
2001-09-20Rearrange the ordering of the checks in make_connection(). The new order hasAndrew Bartlett1-37/+56
some sainity, avoiding things like 'root preexec' when the connection would otherwise already be denied (max connections). This does change behaviour, but I think its for the best. Andrew Bartlett (This used to be commit 99e8a263ada41de2662a0290fda3dd9df3ac0cd4)
2001-09-20Fix for MiXed and UPPER case usernames with plaintext PAM passwords.Andrew Bartlett1-1/+1
(This used to be commit ba1b411f556bfac8b953c44c81257c7d8fb9817d)
2001-09-20Revert this one: The NTLMv2 checks need the original username as foundAndrew Bartlett1-1/+1
on the wire. (This used to be commit 7c9ae76b3ff4f1ba88ddad570648f32f99e38944)
2001-09-19- Fix up to use sampass->username insted of user_info->smb_usernameAndrew Bartlett1-7/+7
- Fix initial lookup to use the mapped username. (This used to be commit 162b88e2313dbcf0b95300b8f18a3e9b6b6b29bd)
2001-09-19Adding the appropirate files might help...Andrew Bartlett1-0/+714
(These are part of the build_options patch). Andrew Bartlett (This used to be commit 4e5c7724b4e4c132b7b43104d3063d2f7357bae2)
2001-09-19Add the ability to display Samba's build options with smbd -b and as a level 4Andrew Bartlett1-16/+23
DEBUG(). Also included are details like build date/time, location and compiler. This should get most of the options we set, except those that don't affect smbd, like WITH_PAM_SMBPASSWD or WITH_WINBINDD. This work due to Vance Lankhaar <vlankhaar@hotmail.com> Some work needs to be done to make it only rebuild when needed (ie smbd being rebuilt) but its in pretty good shape already. Also fix up some printf() -> d_printf(). Andrew Bartlett (This used to be commit beff1d2beaf4337dba6bfc372c5e09a43cfd791a)
2001-09-19printf() -> d_printf()Andrew Bartlett1-1/+1
(This used to be commit e8bd42edc05226d49ab0b6768f898d883fcf8d1a)
2001-09-19Removed unneeded variable, added comment on deadlock prevention.Jeremy Allison1-9/+9
Jeremy. (This used to be commit 3f52632ac9c45c66613c3a2fd41f1ba73ca3fefc)
2001-09-19removed anti-race code that could cause a classic ABBA deadlockAndrew Tridgell1-21/+1
I'd rather get the connection count wrong with a small probability than deadlock (This used to be commit d4e4e81328a63d6e3396306d5dae6cc45ddd35d7)
2001-09-19added a hook to reopen all tdb's after the server forkAndrew Tridgell1-0/+3
this prevents the fd seek pointer problem (This used to be commit f49518e497deeb46292456c3650769d50ec2a955)
2001-09-19Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c byAndrew Bartlett1-4/+10
simply not doing Get_Pwnam() calls in pass_check.c We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb)
2001-09-19got rid of bogus write list substitution error messagesAndrew Tridgell1-15/+18
(This used to be commit 0deae6c407faa86ea871a219ad52fdd285166274)
2001-09-19don't try to initgroups in non root modeAndrew Tridgell1-0/+4
(This used to be commit 1a04ea247680fa7ad1ae7dc3f9953f753d8cf955)
2001-09-17move to SAFE_FREE()Simo Sorce27-162/+118
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-09-17fixed ctemp in server and client. It turns out that ctemp on NT is ↵Andrew Tridgell1-9/+20
completely broken, and it's pointless to emulate their brokenness completely in this case, but at least this makes us use approximately the same packet format. The spec is complelet wrong in this case (This used to be commit 2d507ec669def6d49304559e53d6c14af9b290a9)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett3-17/+62
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-16Start pushing the NTSTATUS stuff out to the wire for session setups.Andrew Bartlett1-51/+27
Rework the 'map to guest' code, its now possible to follow what its trying to do... Add an NT_STATUS_EQUAL(x,y) macro to make this stuff sane to look at. Andrew Bartlett (This used to be commit d618880661976644a6ee713edf969ad561e82097)
2001-09-15use variables _before_ freeing them!Simo Sorce1-3/+2
thanks to Andreas Moroder for spotting these two. (This used to be commit 01f30ca0ad472eaab8f80ec4278b1d391be3a1ae)
2001-09-15Kill off the //server/share%user hack in share level security.Andrew Bartlett3-93/+21
This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
2001-09-15Oops... For reference, NTLMv2 passwords are > 24 chars in length, whileAndrew Bartlett1-1/+1
NTLMv1 passwords (and old LM passwords) are exactly 24 in lenghth. (This used to be commit 51baa1614d1a338f50dbf8eaa5ea31ab58c11409)