Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit d01a9e5974d80ee8be2f7a20aeaae5826325d035)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
(This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
|
|
(This used to be commit 67db8f03c5c9e81e11b5f3276b50ee23e09a2659)
|
|
Jeremy.
(This used to be commit 6399cf490dffbd162afa06f18cdd6e0364db567d)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
going through the server manager.
(This used to be commit 52f5abae4667d841be7ca8f5ff0f25ba6d027067)
|
|
(This used to be commit d31e1b63b5a13ec585da18971e85c9eaa941ed33)
|
|
(This used to be commit 9081af4fe584d222c00587d6d3c81e12d6611222)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
|
|
Jeremy.
(This used to be commit c51cfc7f0d3ad1614ca1e0330c8707f7b263b8e6)
|
|
According to the incorruptible judges find and grep, the latter won.
Mmm - procrastination. (-:
(This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
|
|
Jeremy.
(This used to be commit e78a114425129d980f79db812dbea368123913ed)
|
|
can't redefine them. damn.
(This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
|
|
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
|
|
server manager first. Just use the -U parameter to smbpasswd when joining
the domain:
smbpasswd -r PDC -j DOMAIN -U administrator%password
Should also work with domain users with the 'add workstation to domain'
user right.
(This used to be commit 937b96feaa276f8dd626f2d640f03dc4c55f48c6)
|
|
smbpasswd as non-root
(This used to be commit ab635202655712a05b812ff40550d00d00552853)
|
|
o sed 's/pdb_clear_sam/pdb_free_sam/g'
o add pdb_reset_sam()
o password changing should be ok now as well.
(This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
|
|
I did some basic tests but I have probably broken something. Notably the
password changing. So don't cry ;-)
J.F.
(This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
|
|
(This used to be commit ed2dfae0e503367671c54ad8f1f49ac3af0b1c6a)
|
|
(This used to be commit 9db84de46a3823878c2a9356ac4ae4fd179d5847)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
(the user can come from optarg, so we can't free it)
(This used to be commit 56ffb58effe80f7c62a9de6ba4f634d995fbc4e6)
|
|
source/lib/smbpasswd.c
- Only call load_interfaces() when doing a network related
operation. This means you can add, remove, enable or disable
smbpasswd entries without a network. Changing passwords always
requires a network.
(This used to be commit e2193c3a360562dd66a16c8f23f8cf3eed20b8cf)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
Jeremy.
(This used to be commit bd844fcd3023ab956eb7ab369475955a88bcca14)
|
|
(This used to be commit f3a4f81a5e51e411f1c7c6245597cca01e9ad5b2)
|
|
(This used to be commit 16355a9c66a2bdab1feb8914a40bbea5272bb170)
|
|
it
(This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
|
|
Jeremy.
(This used to be commit 54440428e5dbf5c1e673e881d3a9364e64ad2ad7)
|
|
libsmb/clientgen.c: Fixes for Win2k smbclient browsing.
Other fixes implement smbpasswd -x user to delete users. Also allows swat
to do the same.
Jeremy.
(This used to be commit 9f6ad046761adecafba59040baa3abc9f0959e65)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
time out of sending the session setup on Solaris 2.6. No idea.
I'll work on it some tomorrow. This is to fix the "Unable to
setup password vectors" thingy.
Also changed an inet_aton() to inet_addr() as the former is
not very portable :-)
Luke, I set the redir flag to false because the connection to
the smb-agent was failing and smbpasswd bombed. Double check me
on this one.
-jc
(This used to be commit e1d2b174caf5f0c48a8fac25778f72a868ec6eb7)
|
|
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
|
|
smbpasswd so it can be used to set up inter-domain trust account.
(This used to be commit 99ec0620c3bf4af96440c684f880d414659de2e9)
|
|
Added -S (Synchronise) option to smbpasswd, which calls synchronise_passdb.
(This used to be commit 21c92d24977015f0368480f44f67366f7c412343)
|
|
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
|
|
* Added SEC_CHAN_BDC
* Added -b switch to smbpasswd (for a BDC (server) trust account).
* Propagate sec_chan into the various functions which change trust account
passwords, so they can be used for domain control and inter-domain
trusts.
(This used to be commit 6f2b37bfc5fc8d56b275883d0ed2c5179aa60ccd)
|
|
root if the ACB_PWLOCK bit is set (on a per-user basis). he also added
an extra smbpasswd option so that this bit can be modified from
command-line.
(This used to be commit 534fe319d9de8da2ed7e911dbba3c7df08193efa)
|
|
using smbpasswd command.
(This used to be commit 62d499f83256c6e8b3308dc4bd8e9f5df873b14b)
|
|
multiple interfaces. (Jeremy already committed this in SAMBA_2_0).
(This used to be commit f530e289c6f69961c51511e0220fdd886fbd2c78)
|
|
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
|
|
(This used to be commit 4b5bd4e18cee72aeb76909cf85b1f932393fcfc8)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
groupdb/groupdb.c: Fixed compile error caught by IRIX compiler.
utils/smbpasswd.c: Fixed SunOS optind, optarg problem.
Jeremy.
(This used to be commit 30af39ae1edf51d5d06a1764982e5df431c142ac)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|
|
Jeremy.
(This used to be commit 7aa644c2f996433f8ec125bfd4221aec49bece2b)
|
|
(This used to be commit 5be3c37f50eac35cad3eadf0d24e7a4ee04c075e)
|