Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit 020d6fa2f780099d662de1a456838ec0ac4d3ca7)
|
|
(This used to be commit af4c3734b5d617352597b1b964745f5b0d334b2d)
|
|
password
(This used to be commit a5807d5784dc903f1ea38a9825240a505688b7be)
|
|
(This used to be commit fc15b56d29b4474032f4d9136313afee60e70cbf)
|
|
(This used to be commit 15df51e8def01009f2ec1e2d08c3129ac39dabdf)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
of commands when specified on command line.
(This used to be commit 39d6b31e14144a3ff4b992d4286b706147e58566)
|
|
(This used to be commit 2fcdc520cee051631bbc2a0c06466d231390f8d5)
|
|
(This used to be commit c26623671e2b0b2e80c6d6383a99880c4f439f04)
|
|
Ignacio you can update your howto ;-)
samsync: a small patch to try chaning challenges.
J.F.
(This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
(This used to be commit e908f304a26b9f1100e301610151a9334bf117b0)
|
|
However this looks like the best spot to init the account policy db...
(fix segfaults on all local smbpasswd ops)
Andrew Bartlett
(This used to be commit 3f3bb62ba63373c3cdf2495f97c7461ed5b373ef)
|
|
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
(This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
|
|
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
|
|
versions defined by libreadline on SCO (!).
(This used to be commit 32480d7aff21ce1c14991e242aaf8a4e14ec6f2a)
|
|
shows all the available options, but explains that you must be root to
use them. Surely this is less confusing?
(This used to be commit 19f5f813995d1cf3874df705ab5e71aa5eb14ae6)
|
|
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
|
|
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
|
|
more.
(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)
Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.
Andrew Bartlett
(This used to be commit cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c)
|
|
Jeremy.
(This used to be commit d01a9e5974d80ee8be2f7a20aeaae5826325d035)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
(This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
|
|
(This used to be commit 67db8f03c5c9e81e11b5f3276b50ee23e09a2659)
|
|
Jeremy.
(This used to be commit 6399cf490dffbd162afa06f18cdd6e0364db567d)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
going through the server manager.
(This used to be commit 52f5abae4667d841be7ca8f5ff0f25ba6d027067)
|
|
(This used to be commit d31e1b63b5a13ec585da18971e85c9eaa941ed33)
|
|
(This used to be commit 9081af4fe584d222c00587d6d3c81e12d6611222)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
|
|
Jeremy.
(This used to be commit c51cfc7f0d3ad1614ca1e0330c8707f7b263b8e6)
|
|
According to the incorruptible judges find and grep, the latter won.
Mmm - procrastination. (-:
(This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
|
|
Jeremy.
(This used to be commit e78a114425129d980f79db812dbea368123913ed)
|
|
can't redefine them. damn.
(This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
|
|
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
|
|
server manager first. Just use the -U parameter to smbpasswd when joining
the domain:
smbpasswd -r PDC -j DOMAIN -U administrator%password
Should also work with domain users with the 'add workstation to domain'
user right.
(This used to be commit 937b96feaa276f8dd626f2d640f03dc4c55f48c6)
|
|
smbpasswd as non-root
(This used to be commit ab635202655712a05b812ff40550d00d00552853)
|
|
o sed 's/pdb_clear_sam/pdb_free_sam/g'
o add pdb_reset_sam()
o password changing should be ok now as well.
(This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
|
|
I did some basic tests but I have probably broken something. Notably the
password changing. So don't cry ;-)
J.F.
(This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
|
|
(This used to be commit ed2dfae0e503367671c54ad8f1f49ac3af0b1c6a)
|
|
(This used to be commit 9db84de46a3823878c2a9356ac4ae4fd179d5847)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
(the user can come from optarg, so we can't free it)
(This used to be commit 56ffb58effe80f7c62a9de6ba4f634d995fbc4e6)
|
|
source/lib/smbpasswd.c
- Only call load_interfaces() when doing a network related
operation. This means you can add, remove, enable or disable
smbpasswd entries without a network. Changing passwords always
requires a network.
(This used to be commit e2193c3a360562dd66a16c8f23f8cf3eed20b8cf)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
Jeremy.
(This used to be commit bd844fcd3023ab956eb7ab369475955a88bcca14)
|
|
(This used to be commit f3a4f81a5e51e411f1c7c6245597cca01e9ad5b2)
|