| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
|
| |
|
|
| |
J.F.
|
| |
|
|
|
|
| |
don't overwrite backend values with defaults values.
J.F.
|
| |
|
|
|
|
|
|
|
| |
LDAP database were being initialised using unix_to_nt_time on -1, rather
than -1 as an NTTIME (which is very different).
Problems solved (hopefully):
* "Access Denied" when accessing an NT share in a Samba controlled domain.
* "Your password has expired" sometimes when logging in.
|
| |
|
|
|
|
|
| |
- cleanup
- #defined report to sprintf as it's #defined to another function in
other uses of cmd_lsarpc.c
|
| | |
|
| |
|
|
|
| |
parameter is "builtin rid file".
Copyright 1999 Bertl <bp@vpnet.at>
|
| |
|
|
|
|
| |
as they are generic "file line-by-line" reading routines. lines with
"#" at the front are ignored (as comments). this code started out as
the password file reading code.
|
| |
|
|
| |
anyway!)
|
| |
|
|
| |
found by Bertl <bs@vpnet.at>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug.
Note that the Get_Pwnam() function now returns a const struct passwd *
as a hint to other developers not to change entries in the struct
passwd.
|
| | |
|
| |
|
|
|
| |
next problem: user group adding not supported so an "access denied"
message is reported instead of "ok" when a new user is created.
|
| |
|
|
|
| |
used to add workstation to domain. unix account db not modified: only
SAM password db is used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
|
| |
|
|
| |
should instead have &&.
|
| | |
|
| | |
|
| |
|
|
| |
using smbpasswd command.
|
| |
|
|
|
| |
results in garbage. with no password length argument doing dump_data(
100, password, strlen(password)) is the next best alternative.
|
| | |
|
| | |
|
| |
|
|
| |
resolved.
|
| |
|
|
| |
Copyright (C) Benjamin Kuit <bj@mcs.uts.edu.au> 1999.
|
| |
|
|
|
|
|
|
| |
pwdb_sam_map_names() was using a "blank" static string instead of
a NULL pointer for nt names. NULL means over-ride, so the nt name
got left as "blank".
this causes nt clients to terminate with extreme prejudice.
|
| |
|
|
|
| |
to resolution of unix name to nt name being unnecessarily _inside_
another loop.
|
| |
|
|
|
|
|
|
|
|
|
| |
endlessly repeating a network SAMLOGON (hoping it to change, hmmm...).
( Guess what I found in pwdb_init_sam...
unix_to_nt_time(&user->logon_time, (time_t)-1);
unix_to_nt_time(&user->logoff_time, (time_t)-1);
unix_to_nt_time(&user->kickoff_time, (time_t)-1);
... )
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added new APIs for modifying groups.
* RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1
for each new user/group.
* RIDs are now consistently in hex
* Fixed bugs reported by Allan Bjorklund <allan@umich.edu>:
- ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect
- Missing ldap_connect() in getusergroups functions
- ldap_next_entry was being called too early while retrieving a sam_struct
- LDAP globals should be extern in sampassldap.c
* Fixed bugs reported by Martin Hofbauer <mh@bacher.at>
- Newly added workstation trust accounts had attributes DU rather than W.
- User dn's were forced to start with "uid=XX" rather than using the existing
dn.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change it now?" message when you login to a Samba Controlled domain.
The fix is a hard coded 42 days from right now until you need to
change you pasword again time (see passdb/sampassdb.c:pwdb_smb_to_sam())
Also fixed getsmbfilepwent() so that it will read in the last password
change time correctly.
* Related to this lib/util_pwdb.c:StrnCaseCmp() returns 0 if the
strings match. Chouldn't this be the pther way? Oh well. I
didn't change the return code as it was used in several
other cases (see lib/util_pwdb.c:pwdb_get_last_set_time())
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
of a private/smbpasswd file, this will not be the case for other
database APIs. removed startsmbdb and endsmbpwdb calls because
add_smbpwd_entry() and mod_smbpwd_entry() don't need them.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
|
| |
|
|
|
| |
a call _outside_ of this was _also_ calling getpwnam. the calls to
getsmbpwnam() were therefore overwriting the static buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
|
| |
|
|
| |
added their replacements, added sam password database API modules
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
|
| |
|
|
|
|
|
|
|
| |
would only be a domain group rid. it can also be a local group rid,
which causes us problems in attempting to turn a unix gid into the
correct rid (domain group or local group).
sooo.... the fix is _in_ there, we just can't use it because it causes
link / knock-on problems in nmbd.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
