| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly
instead.
- Keep a copy of the 'server_info' attached to the vuid. In future use this
for things like the session key, homedir and full name instead of current
copies.
- Try to avoid memory leak/segfault on Realloc failure
- clear up #endif comments
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Basicly, the password and the salt must be taken from the same place in both
passwd and shadow based systems. Taking salt from one, and password from the
other just doesn't work.
So pull them from passwd, then overwrite them if need be.
When modifying this file, watch the #ifdef hell - as vl found out, some
variables are globals - but only with #ifndef WITH_PAM, and the code jumps all
over the place with the password cracker.
Getting double-reviews of any change to this file highly advised, it is one of
our most system-specifc areas of code.
(So now I get to take the blame for this one... :-)
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
Volker, I would like to understand what you are trying to do here...
I'll trust that it's broken (this code is certainly not well tested) but I do
want to keep a close eye on the fixes...
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
| |
'security = user', 'encrypt passwords = no' did not work anymore.
This is on quite a standard SuSE 7.3, ./configure.developer --with-tdbsam.
I can provide a config.log / config.h on demand.
Please re-check for consequences, I don't really oversee that file.
Thanks,
Volker
|
| |
|
|
|
|
|
|
|
|
| |
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
This should remove some confusion from the ./configure, but does not affect the
'real' kerberos support currently residing in smbd/sesssetup.c.
This code is vunerable to a spoofed KDC, and is best replaced by --with-pam and
the pam_krb5 module. This module includes measures to prevent such spoofing.
Andrew Bartlett
|
| |
|
|
|
| |
Ensure make_conection() can only be called as root.
Jeremy.
|
| | |
|
| |
|
|
|
| |
Add the ability for swat to run in non-root-mode (ie non-root from inetd).
- we still need some of the am_root() calls fixed however.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
simply not doing Get_Pwnam() calls in pass_check.c
We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter
what it returns. We also no longer run the password cracker for these logins.
The truly parinod will note the slight difference in call paths, in that we only
call crypt for valid password structs (if not --with-pam). The truly parinoid
don't run SWAT either, so I don't think this is an issue.
Andrew Bartlett
|
| |
|
|
| |
the client code still needs some work
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
not change behaviour.
This should make my later diffs smaller, where I actualy start cleaning up this
mess...
Andrew Bartlett
|
| |
|
|
|
| |
court of king caractacus, was just passing by... :-).
Jeremy.
|
| |
|
|
|
| |
Fixed off by one bug using StrnCpy instead of strdup().
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
|
| |
|
|
|
|
|
| |
all in caps.
rpc_server/srv_srvsvc_nt.c: Added "CONFIGFILE" arg to scripts so path to smb.conf is given.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
jerry
|
| |
|
|
|
|
|
| |
Added patches for random -> sys_random.
Added set_effective_xxx patches for AFS code.
Memory allocation changes in spoolss code.
Jeremy.
|
| |
|
|
|
| |
of doing a system call every time we want to just get our pid.
Jeremy.
|
| |
|
|
| |
code from these modules i had to leave out (nothing to do withj setuid)
|
| | |
|
| |
|
|
|
|
|
|
| |
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug.
Note that the Get_Pwnam() function now returns a const struct passwd *
as a hint to other developers not to change entries in the struct
passwd.
|
| |
|
|
|
| |
results in garbage. with no password length argument doing dump_data(
100, password, strlen(password)) is the next best alternative.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
| |
dumps. It is gone until someone can tell us why its needed and what it
does. (It was only used on OSF1 and core dumped there anyway!)
|
| | |
|
|
|
into passdb/pass_check.c. This means SWAT no longer needs to link to
smbd/password.c
|
