IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The problem is we were trying to use mask_match as a generic
wildcard matcher for UNIX strings (like the password prompts).
We can't do that - we need a unix_wild_match (re-added into lib/util.c)
as the ms_fnmatch semantics for empty strings are completely wrong.
This caused partial reads to be accepted as correct passwd change
responses when they were not....
Also added paranioa test to stop passwd change being done as root
with no %u in the passwd program string.
Jeremy.
equivalence table for a server. This was inspired by the chargen win32
code from monyo.
This takes a *long* time to run against a Samba server due to the case
insensitive comparisons in the filesystem. That makes it a N^2
operation, and N is 64k. It is linear on NT.
this is because some platforms such as HP-UX do not have any msgfmt
command.
if someone updates po file,
then he has to update gmo files manually and commit.
Of particular note is the change to pdb_free_sam() to take its sam argument by
reference, allowing it to be NULLified by the SAFE_FREE() macro, and the
changed to local_password_change() both to make it work and to remove the
duplicate code that caused so much breakage over the last few days.
- Small change in behaviour: when LOCAL_ADD_USER is set, the user doesn't
actually exist locally but does exist in the passdb we don't attempt to do a
GetPwnam(). (How the entry got there is another matter, and most passdbs won't
allow this anyway).
Andrew Bartlett
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
error in here...
Now you can change local passwords again. There is stil somthing broken about
remote (via windows/sampasswd) password changing.
I shall have to revise my testing, I honestly don't know how this slipped
through the net.
MERGE for 2.2.2.
Sorry,
Andrew Bartlett
- call pdb_reset_sam() after each getent call.
Fix bug in get_group_alias_entries(), were if num_entries was zero this caused
talloc() to return NULL, failing a test below with NT_STATUS_NO_MEMORY.
Fix pdb_reset_sam() to correctly initalise the sam structure.
Move default value code into a single place, likewise for sam freeing code.
- should make things easier if we decide to malloc other strings, or get more
non-zero default values.
Finally, add a function in init a sam struct from a getpwnam() return.
Andrew Bartlett
Fix the NT errror codes, this time in line with WinXP/2k.
- Return the normal error codes, expect for bad user/bad password. These map
to logon failure, as a quick security hack. We follow suit.
Simplfy some of the password extraction code, the auth subsytem has the
intelegence to sort this stuff out, no need to do it here.
Move to 'global_encrypted_passwords_negotiated' to determine the use of
unencrypted hacks, replacing the current mess.
Andrew Bartlett
This whole area needs to be cleaned up. Should this kind of passowrd
change/check be permitted with encrypt passwords = yes?
In any case I've also had trouble testing this, as I can't find the right
software/configuration to exersise this behaviour. But its better than the
previous situation. Any assistance greatly appriciated.
Andrew Bartlett
decode_pw_buffer() and the samr password changing routines.
And yes, I know that we can lost some information in the Unicode->UTF->Unicode
bit of this, but its worth the code cleanup.
This also takes into account the possability of multibyte passwords.
Andrew Bartlett
Also attempt to make some of the syntax clearer, its confusing enought for the
compiler... (it thinks that there is use of an unitilaised variable)
In fact there is, see next patch...
