1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

115 Commits

Author SHA1 Message Date
Gerald Carter
335b10ef10 r283: removing --with-cracklib after discussion with abartklet @ sambaXP
(This used to be commit df94b0471e)
2007-10-10 10:51:16 -05:00
Jeremy Allison
c9b7cbbfa5 Added strstr_m() function. Use in all places where we might run into mb
(should fix the mb service name problem, can't remember the bugid).
Jeremy.
(This used to be commit 94a272b9a8)
2004-03-09 00:17:14 +00:00
Gerald Carter
19cc1a9f20 remerge andrew's cracklib patch from HEAD and fix a compile warnings
(This used to be commit b60f6ec30d)
2004-02-02 00:08:35 +00:00
Andrew Bartlett
36abff1609 Revise our server-side password change code to cope with the various
different feilds that different clients send.  (For example, not all clients
send both password types).

This also cleans up the code to make it clearer what is really going on,
and to make better use of common functions.

Andrew Bartlett
(This used to be commit 934e9f3bd0)
2004-01-26 09:03:09 +00:00
Gerald Carter
1dce4ebed8 revert the cracklib changes until post 3.0.2
(This used to be commit 6202e0fa72)
2004-01-14 17:34:41 +00:00
Andrew Bartlett
f203358fdb On systems without a working cracklib, ensure we don't include the header
(the actual call to crack was already in this #ifdef)

Andrew Bartlett
(This used to be commit 4a01f3dbb4)
2004-01-12 21:12:47 +00:00
Andrew Bartlett
b75b755a2b First stab at cracklib support (password quality checking) in Samba 3.0
This adds a configure test, that tries to find out if we have a working
cracklib installation, and tries to pick up the debian hints on where
the dictionary might be found.  Default is per my Fedora Core 1 system -
I'm not sure how much it changes.

Andrew Bartlett
(This used to be commit bc770edb78)
2004-01-12 12:18:11 +00:00
Jeremy Allison
12c97a786e Patch penguin. Cleaning out old mbp patch.
Jeremy.
(This used to be commit d75db0bf1e)
2004-01-06 22:34:06 +00:00
Jeremy Allison
73034f9116 Added "passwd chat timeout" parameter. Docs to follow.
Jeremy.
(This used to be commit 16097f2072)
2003-11-24 20:18:47 +00:00
Jeremy Allison
94f59f5492 More tuning from cachegrind. Change most trim_string() calls to trim_char(0,
as that's what they do. Fix string_replace() to fast-path ascii.
Jeremy.
(This used to be commit f35e9a8b90)
2003-09-05 19:59:55 +00:00
Jeremy Allison
3c1c2ddf9a Fix UNIX passwd sync properly. I've finally understood
the as_root parameter has bugger all to do with who you *currently*
are, and everything to do with who you run the script as. Doh !
Jeremy.
(This used to be commit 17a241d9f7)
2003-09-04 18:02:17 +00:00
Herb Lewis
cc865e1edc get rid of unused call
(This used to be commit 244c61b1dd)
2003-08-15 01:36:35 +00:00
Jeremy Allison
ba12e6bb5f Wrap calls to change_oem_password() in become_root()/unbecome_root() pairs
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
(This used to be commit 1734d43eb5)
2003-07-31 01:33:44 +00:00
Tim Potter
402fbc518a spelling
(This used to be commit 865c112756)
2003-05-14 00:46:43 +00:00
Simo Sorce
c823b191ab And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978)
2003-05-12 18:12:31 +00:00
Andrew Bartlett
ad0d6509a7 Merge from HEAD:
- Make ReadDirName return a const char*.

 - Consequential changes from that

 - mark our fstring/pstring assumptions in function prototypes

Andrew Bartlett
(This used to be commit 10b53d7c6f)
2003-03-17 22:56:13 +00:00
Tim Potter
3a5a415988 Remove debugging stmt.
(This used to be commit d74382ccfe)
2003-01-15 22:20:16 +00:00
Gerald Carter
99cdb46208 *lots of small merges form HEAD
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
2003-01-15 18:57:41 +00:00
Andrew Bartlett
61b65aad13 Merge from HEAD - eliminated unused arguments.
Andrew Bartlett
(This used to be commit 6dd474d845)
2003-01-14 07:49:15 +00:00
Jeremy Allison
82ecfb9747 Fix erroneous free of SAM_ACCOUNT (make clearer when allocated
memory is being returned).
Jeremy.
(This used to be commit 48774e77ac)
2003-01-08 07:02:21 +00:00
Jeremy Allison
ebf35917bc Fix memory leaks in pdb_ code.
Jeremy.
(This used to be commit 44ab8dc55e)
2003-01-06 21:48:46 +00:00
Andrew Bartlett
6233651ca1 Merge from HEAD - get the test the right way around, so that we can change
passwords over RAP again.

(found by the build farm)

Andrew Bartlett
(This used to be commit 4b1a316e79)
2003-01-05 05:11:02 +00:00
Andrew Bartlett
e3ed8eaa2f Merge from HEAD - move user password changes into the NTSTATUS era, and add
suppport for the 'min password age' and 'min passwd len' concepts.
(This used to be commit d9417b08d1)
2003-01-04 08:45:17 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Andrew Bartlett
6d7195d1d7 Merge passdb from HEAD -> 3.0
The work here includes:
 - metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.

 - volker's group mapping in passdb patch

 - volker's samsync stuff
 - volkers SAMR changes.

 - mezte's connection caching patch

 - my recent changes (fix magic root check, ldap ssl)

Andrew Bartlett
(This used to be commit 2044d60bbe)
2002-11-02 03:47:48 +00:00
Jelmer Vernooij
127e77e6e3 Sync 3.0 branch with head
(This used to be commit 42615b945e)
2002-08-17 15:27:10 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
1a74d8d1f0 This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem.  In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.

This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime.  The 'passdb backend' paramater
has been created (and documented!) to support this.

As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.

This patch also introduces two new backends:  smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd.  These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.

While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly).  Most of this was
to do with % macro expansion on stored data.  It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them.  tdbsam needs
to use a similar system to pdb_ldap in this regard.

This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these.  I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.

Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.

The non-unix-account support in this patch has been proven!  It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!

Other changes:

Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.

pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend).  Extra checks have been added in
some places.

Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.

pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.

The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly.  This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.

Doco:

I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c5)
2002-01-20 14:30:58 +00:00
Andrew Bartlett
f46db61068 Kill off the old varient of 'check_plaintext_password' (new version just
committed in auth/auth_compat.c and use the new version to make the plaintext
password change slightly sane...  (Needs testing).

Andrew Bartlett
(This used to be commit 996d0cd89c)
2002-01-20 09:00:32 +00:00
Andrew Bartlett
c311d24ce3 A nice *big* change to the fundemental way we do things.
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...

This adds a getpwnam_alloc and a getpwuid_alloc to the collection.

These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).

This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.

With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code.  This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).

The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups.  In this case we are getting
groups from the new group mapping DB.  Do we still need to check for private
groups?  I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.

I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided.  As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).

The matching case for getpwent() is dealt with already, in lib/util_getent.c

Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup.  (This picks
up the SPNEGO cases).  The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.

TODO:  Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.

Andrew Bartlett
(This used to be commit 1d86c7f942)
2002-01-17 08:45:58 +00:00
Herb Lewis
61fc7b98a7 Merge from 2.2
If you do not have one more expect than issue when talking to the passwd
program you will not send the last issue.
(This used to be commit 8aafec95cb)
2001-12-04 22:24:17 +00:00
Andrew Bartlett
d9d7f023d8 This commit is number 4 of 4.
In particular this commit focuses on:

Actually adding the 'const' to the passdb interface, and the flow-on changes.

Also kill off the 'disp_info' stuff, as its no longer used.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username

---

This finishes this line of commits off, your tree should now compile again :-)

Andrew Bartlett
(This used to be commit c95f5aeb93)
2001-10-29 07:35:11 +00:00
Andrew Bartlett
2038649e51 This commit is number 3 of 4.
In particular this commit focuses on:

Changing the Get_Pwnam code so that it can work in a const-enforced
environment.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes allow for 'const' in the Samba tree.

There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username
(This used to be commit e7634f81c5)
2001-10-29 07:28:32 +00:00
Andrew Bartlett
ab5d5cfbe0 This commit is number 1 of 4.
In particular this commit focusses on:

Adding the new 'pass changed now' helper function.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
(This used to be commit a8971a5448)
2001-10-29 07:15:51 +00:00
Jeremy Allison
facbdd692d Fixed up the change password bug when not using PAM.
The problem is we were trying to use mask_match as a generic
wildcard matcher for UNIX strings (like the password prompts).
We can't do that - we need a unix_wild_match (re-added into lib/util.c)
as the ms_fnmatch semantics for empty strings are completely wrong.
This caused partial reads to be accepted as correct passwd change
responses when they were not....
Also added paranioa test to stop passwd change being done as root
with no %u in the passwd program string.
Jeremy.
(This used to be commit 9333bbeb76)
2001-10-02 21:58:09 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Andrew Bartlett
81697d5ebe Fix up a number of intertwined issues:
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object.  This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.

This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.

Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored.  Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False.  Now that we check the returns
this bug was spotted.  This could allow different LM and NT passwords.

 - the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.

I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data.  I assume this is from a previous
lot of mass conversion work...

Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.

If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.

Andrew Bartlett
(This used to be commit 762c8758a7)
2001-09-29 13:08:26 +00:00
Andrew Bartlett
c907f33396 Update for new pdb_set_plaintext_passwd() interface.
(This used to be commit ce676f8bfc)
2001-09-26 11:55:13 +00:00
Andrew Tridgell
11bd06e99c made a couple of local fns static
(This used to be commit f0851202a8)
2001-09-10 11:23:41 +00:00
Jeremy Allison
a9ab7eaa5d Fix case insensitive password change code.
Fixed crash bug with un-zeroed talloced memory.
Jeremy.
(This used to be commit eea1c30df2)
2001-07-23 22:06:05 +00:00
Andrew Bartlett
1c3c995221 You can't dump_data() a function pointer...
Andrew Bartlett
(This used to be commit 4f7b2f51b0)
2001-07-07 06:44:50 +00:00
Andrew Tridgell
87fbb7092b The big character set handling changeover!
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
2001-07-04 07:15:53 +00:00
Jeremy Allison
3f1254bee1 Fixed W2K SP2 joining a Samba PDC hosted domain.
Jermey.
(This used to be commit 05a2911403)
2001-06-20 19:55:59 +00:00
Gerald Carter
30c4c04c2f Patch from Simo:
o sed 's/pdb_clear_sam/pdb_free_sam/g'
  o add pdb_reset_sam()
  o password changing should be ok now as well.
(This used to be commit 96d0e7c330)
2001-05-07 14:04:46 +00:00
Jean-François Micouleau
f35157f392 Big cleanup of passdb and backends.
I did some basic tests but I have probably broken something. Notably the
password changing. So don't cry ;-)

	J.F.
(This used to be commit a4a4c02b12)
2001-05-04 15:44:27 +00:00
Jeremy Allison
aac630b382 Had to add a "pam password change" parameter (defaults to "off") and inlined
the pam password change code to ensure that existing and working password
chat scripts don't break with 2.2.1. PAM password changing has to be explicitly
requested.
Allowed wildcards in pam password change matching (matches password chat
script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to
stop warnings. Don't worry - the const changes are isolated and don't
cause any other warnings :-).
Jeremy.
(This used to be commit 47b4d82536)
2001-05-02 23:32:09 +00:00
Jeremy Allison
c3a999409d Based on an original PAM patch by Andrew Bartlett, re-written by me to
remove global static PAM variables, and to tidy up the PAM internals code.
Now looks like the rest of Samba.
Still needs testing.
Jeremy.
(This used to be commit 1648ac64a7)
2001-04-30 21:05:58 +00:00
Jeremy Allison
a2e5dbb112 Remove "BYTE" - we already have uint8 - don't need more conflicts with
system header files...
Jeremy.
(This used to be commit 31e0ce310e)
2001-03-11 00:51:54 +00:00
Jeremy Allison
da3053048c Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158)
2001-03-11 00:32:10 +00:00