1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-28 17:47:29 +03:00

316 Commits

Author SHA1 Message Date
Andrew Bartlett
f70fb819b2 This is a farily large patch (3300 lines) and reworks most of the AuthRewrite
code.

In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.

Major Changes:
	- Fully malloc'ed structures.
	  - Massive rework of the code so that all structures are made and destroyed
	    using malloc and free, rather than hanging around on the stack.
	- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
	   to be declared 'invalid' without the chance that people might get ROOT by
	   default.

	- kill off some of the "DOMAIN\user" lookups.  These can be readded at a more
	  appropriate place (probably domain_client_validate.c) in the future. They
	  don't belong in session setups.

	- Massive introduction of DATA_BLOB structures, particularly for passwords.

	- Use NTLMSSP flags to tell the backend what its getting, rather than magic
	  lenghths.

	- Fix winbind back up again, but tpot is redoing this soon anyway.

	- Abstract much of the work in srv_netlog_nt back into auth helper functions.

This is a LARGE change, and any assistance is testing it is appriciated.

Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.

Needs testing with a wide variety of MS clients.

Andrew Bartlett
-
Andrew Bartlett
cea6b6cb22 Fix up smbpasswd -e/-d so that it doesn't change the password under you any
more.

(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)

Adds a new local flag:  LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.

Andrew Bartlett
-
Andrew Bartlett
c95f5aeb93 This commit is number 4 of 4.
In particular this commit focuses on:

Actually adding the 'const' to the passdb interface, and the flow-on changes.

Also kill off the 'disp_info' stuff, as its no longer used.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username

---

This finishes this line of commits off, your tree should now compile again :-)

Andrew Bartlett
-
Andrew Bartlett
8f607810eb This commit is number 2 of 4.
In particular this commit focuses on:

The guts of the moving about inside passdb.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes allow for the introduction of  a large dose of 'const' to
the Samba tree.

There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username

passdb/

	- Kill off disp_info stuff, it isn't used any more - Kill off
	support for writing to the old smbpasswd format, it isn't relevent
	to Samba 3.0

	- Move around and modify the pdb_...() helper functions, adding
	one that sets the last changed  time to 'now' and that sets the
	must change time appropriately.

	- Remove the ugly forced update of the LCT- value in
	pdb_smbpasswd.  - Remove the implicit modification of the ACB
	flags when both NT and LM passwords are set.

	- Removed substation in pdb_getsampwnam output, as a single
	password change will render them  inoperable in any case (they
	will be substituted and stored)

	- Added a default RID to the init_sam_from_pw() function, based on
	our rid algorithm.

	- Added checks that an smbpasswd stored user has a uid-based RID.

	- Fail to store tdb based users without a RID

lib/
    - Change the substituion code to use global_myname if there is
      no connection (and therefore no called name) at the present time.
-
Andrew Bartlett
a8971a5448 This commit is number 1 of 4.
In particular this commit focusses on:

Adding the new 'pass changed now' helper function.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
-
Jeremy Allison
29730027d8 Fixes from John Trostel (modified somewhat by me) to ensure that all lookup_XX
functions correctly deal with the SID_NAME_TYPE. One fix for connection user
lookup in LSA.
Jeremy.
-
Tim Potter
5805cfef78 Added a comment about not changing the magic timestamp values without
knowing what you are doing!
-
Jeremy Allison
a71d9d98b0 Ensure accessing NT member servers works with a Samba PDC. Don't
change these timestamp settings without good reason.
Remove CLEAR_IF_FIRST flag is tdb is read-only.
Jeremy.
-
Andrew Tridgell
ead3d41f1a set ACB_PWNOEXP by default on new accounts. -
Jeremy Allison
94403d8417 Fixed the bug with member servers in a Samba PDC hosted domain not allowing
other access. Problem was max time was being set to 0xffffffff, instead of
0x7fffffff.
Jeremy.
-
Tim Potter
2d0922b0ea Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. -
Andrew Tridgell
11075f5434 - fix handling of 0 last_change_time and must_change_time
- move the arbitrary 21 day timeout to local.h
-
Andrew Bartlett
6b45e342fd This is the passdb section of the previously mentioned commit.
Of particular note is the change to pdb_free_sam() to take its sam argument by
reference, allowing it to be NULLified by the SAFE_FREE() macro, and the
changed to local_password_change() both to make it work and to remove the
duplicate code that caused so much breakage over the last few days.

 - Small change in behaviour:  when LOCAL_ADD_USER is set, the user doesn't
actually exist locally but does exist in the passdb we don't attempt to do a
GetPwnam().  (How the entry got there is another matter, and most passdbs won't
allow this anyway).

Andrew Bartlett
-
Andrew Bartlett
1f83184f88 How the heck I missed this I don't know, but somehow I got a copy-and-paste
error in here...

Now you can change local passwords again.  There is stil somthing broken about
remote (via windows/sampasswd) password changing.

I shall have to revise my testing, I honestly don't know how this slipped
through the net.

MERGE for 2.2.2.

Sorry,
Andrew Bartlett
-
Jeremy Allison
65bf4a36ef Merge HEAD and 2.2 - try frantically to keep in sync.
Jeremy.
-
Andrew Bartlett
a41fb44f5e Fix memory leak in get_sampwd_entries(), reindent for clarity.
- call pdb_reset_sam() after each getent call.

Fix bug in get_group_alias_entries(), were if num_entries was zero this caused
talloc() to return NULL, failing a test below with NT_STATUS_NO_MEMORY.

Fix pdb_reset_sam() to correctly initalise the sam structure.

Move default value code into a single place, likewise for sam freeing code.
 - should make things easier if we decide to malloc other strings, or get more
 non-zero default values.

Finally, add a function in init a sam struct from a getpwnam() return.

Andrew Bartlett
-
Gerald Carter
247b9c3eba merge from 2.2 -
Andrew Bartlett
33e3591b2d Add a new interface pdb_set_plaintext_passwd() to the passdb. This simply
interfaces to the existing set NT and LM functions, but ensures we always do it
in the same way.

This also allows for the possibility for the unix password sync code to be
hidden behind the passdb interface as some stage.
-
Andrew Bartlett
e0e05cb5a5 We don't use a modified 'user' in any case, so don't modifiy it. -
Jeremy Allison
611bf806d5 Fixup passdb stuff to add new nisplus and ldap backends.
Jeremy.
-
Simo Sorce
64d35e94fe move to SAFE_FREE() -
Tim Potter
42417a425b String length fix from Toomas Soome <tsoome@ut.ee> -
Tim Potter
4a01e24030 Started a cleanup of smbpasswd related stuff. I've created a new file
lib/smbpasswd.c which will contain routines related to manipulating
smbpasswd entries.

 - renamed and moved pdb_{get,set}hexpwd() functions
 - renamed and moved pdb_{decode,encode}acct_ctrl() functions
 - started hiding references to the cruftalicious
   NEW_PW_FORMAT_SPACE_PADDED_LEN constant
 - started gradual rename of references to acct_ctrl to acb_info which is
   the nomenclature used in MSDN and header files

There's still more work to be done.  Currently there are several places
where smbpasswd entries are iterated etc.  Ideally this should all happen
through the passdb system.
-
Andrew Tridgell
9bae57cfe3 fixed some compilation errors in cli_netlogon.c - tim, you need to rerun configure to get the new NTSTATUS stuff right -
Andrew Tridgell
c04c67fec8 more warning fixes on solaris -
Tim Potter
45254ae23b Fixed typo in debug message. -
Jeremy Allison
ed5a1f70c6 Wrapped dlerror() in the same way as the other dlxxx() calls.
Jeremy.
-
Andrew Tridgell
c41fc06376 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn. -
Jean-François Micouleau
c29dfdc46a very nasty bug !
J.F.
-
Jean-François Micouleau
62a7a567fd fixes to the group mapping code.
Not ready yet.

	J.F.
-
Gerald Carter
9aefc86e35 merge from 2.2 removing the 'domain XXX' parameters. -
Gerald Carter
96d0e7c330 Patch from Simo:
o sed 's/pdb_clear_sam/pdb_free_sam/g'
  o add pdb_reset_sam()
  o password changing should be ok now as well.
-
Jean-François Micouleau
a4a4c02b12 Big cleanup of passdb and backends.
I did some basic tests but I have probably broken something. Notably the
password changing. So don't cry ;-)

	J.F.
-
Gerald Carter
7703fbb30d fixes from Simo -
Andrew Tridgell
c986a3c51e - fixed some compiler warnings
- fixed slprintf and vsprintf macros
-
Gerald Carter
1c13110873 converted the passdb smbpasswd implementation to using talloc
for memory allocation.  This fixes a long standing seg fault
(i knew i would get around to it one day :) )

Tested with NT4 and Win2k.  Needs a little more testing with the
"create the machine account on the fly" code for NT4.

Simo, this is probably going to break the tdb passdb code.
Can you look at that when you get a chance and see what you think?
-
Jeremy Allison
852b9e15ac New POSIX ACL mapping code. Works with UNIX permissions, now for testing
with real ACLs...
Jeremy.
-
Jeremy Allison
80c18d8849 Fix for crash when doing name lookup with a quoted string. Part of
lookup_name was expecting to be able to write to the string. Changed
lookup_name to use const.
Jeremy.
-
Jeremy Allison
49f0e7e714 Added sys_dlopen/sys_dlsym/sys_dlclose.
Jeremy.
-
Gerald Carter
af3f2a30c6 patches from Simo. Couple of snity things -
Jeremy Allison
31e0ce310e Remove "BYTE" - we already have uint8 - don't need more conflicts with
system header files...
Jeremy.
-
Jeremy Allison
0be41d5158 Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
-
Jeremy Allison
c3a1904564 Merged JF's fixes into HEAD. These are for string parsing and SAMR fixes.
Jeremy.
-
Jeremy Allison
180e4a9cd0 Fixes for POSIX ACLS. ACL merge code.
Jeremy.
-
David O'Neill
44dc339fe7 Changes from APPLIANCE_HEAD:
source/include/proto.h
    source/param/loadparm.c
    source/passdb/passdb.c
    source/rpc_server/srv_samr.c
        - add support for "hide local users" option to HEAD.
-
Gerald Carter
29b3ac8634 updates to the tdbsam implementation.
--jerry
-
Gerald Carter
37a665002c o fixed logon script problems (wrong len in reply to net_sam_logon for
a few strings).  I was the one who broke it obviously.

o changed a few more defaults in the smbpasswd backend with
  respect to times.  Now the logon time becomes '0' and the
  pass_can_change_time is set ot the same as pass_last_set_time

o change Get_Pwnam() call in local_lookup_name to sys_getpwnam()
  as it did not seem necessary to try case permutations in the
  username.

  Tim,  I think this was your code, so you might want to double
  check me.


-- jerry
-
Gerald Carter
4792029a29 Another large patch for the passdb rewrite.
o added BOOL own_memory flag in SAM_ACCOUNT so we could
    use static memory for string pointer assignment or
    allocate a new string

  o added a reference TDB passdb backend.  This is only a reference
    and should not be used in production because
	- RID's are generated using the same algorithm as with smbpasswd
 	- a TDB can only have one key (w/o getting into problems) and we
	  need three.  Therefore the pdb_sam-getpwuid() and
	  pdb_getsampwrid() functions are interative searches :-(

    we need transaction support, multiple indexes, and a nice open
    source DBM.  The Berkeley DB (from sleepycat.com seems to fit
    this criteria now)

  o added a new parameter "private dir" as many places in the code were
    using lp_smb_passwd_file() and chopping off the filename part.
    This makes more sense to me and I will docuement it in the man pages

  o Ran through Insure-lite and corrected memory leaks.  Need for
    a public flogging this time Jeremy (-:



-- jerry
-
David O'Neill
92ff07132b - fix "declaration of 'time' shadows global declaration" warning. -
Jeremy Allison
55c6acce26 Fixed the cut-n-paste bugs in the new passdb backend code that leaked memory.
Jeremy.
-