| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
added ucs2_to_dos83 function.
the code should be ok now.
further test with japanese and other languages is needed at this point.
|
| | |
|
| |
|
|
|
| |
remove unused structure for tdb data.
fixes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for unicode strings. The new method relies on 3 files that are mmap'd
at startup to provide the mapping tables. The upcase.dat and
lowcase.dat tables should be the same on all systems. The valid.dat
table says what characters are valid in 8.3 names, and differs between
systems. I'm committing the japanese valid.dat here, in future we need
some way of automatically installing and choosing a appropriate table.
This commit also adds my mini tdb based gettext replacement in
intl/lang_tdb.c. I have not enabled this yet and have not removed the
old gettext code as the new code is still being looked at by Monyo.
Right now the code assumes that the upcase.dat, lowcase.dat and
valid.dat files are installed in the Samba lib directory. That is not
a good choice, but I'll leave them there until we work out the new
install directory structure for Samba 3.0.
simo - please look at the isvalid_w() function and think about using
it in your new mangling code. That should be the final step to
correctly passing the chargen test code from monyo.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The problem is we were trying to use mask_match as a generic
wildcard matcher for UNIX strings (like the password prompts).
We can't do that - we need a unix_wild_match (re-added into lib/util.c)
as the ms_fnmatch semantics for empty strings are completely wrong.
This caused partial reads to be accepted as correct passwd change
responses when they were not....
Also added paranioa test to stop passwd change being done as root
with no %u in the passwd program string.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
| |
- move the arbitrary 21 day timeout to local.h
|
| | |
|
| | |
|
| |
|
|
|
| |
first tests show it still does not work.
work in progress...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
store mangled filename in dos charset and unmangled in unicode.
clean ups
still lot to do.
againg compiled but not yet tested.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the NT errror codes, this time in line with WinXP/2k.
- Return the normal error codes, expect for bad user/bad password. These map
to logon failure, as a quick security hack. We follow suit.
Simplfy some of the password extraction code, the auth subsytem has the
intelegence to sort this stuff out, no need to do it here.
Move to 'global_encrypted_passwords_negotiated' to determine the use of
unencrypted hacks, replacing the current mess.
Andrew Bartlett
|
| |
|
|
|
|
| |
just like any other logon. Matching code removal in reply.c to follow.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
first.
Add password expiry and 'must change before first logon' support.
- This requires that the passdb be up to the job to supply the info.
|
| |
|
|
|
|
|
|
|
|
|
| |
This whole area needs to be cleaned up. Should this kind of passowrd
change/check be permitted with encrypt passwords = yes?
In any case I've also had trouble testing this, as I can't find the right
software/configuration to exersise this behaviour. But its better than the
previous situation. Any assistance greatly appriciated.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
- some more utils for unicode string manipulation
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Stops spurious profile creation messages.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
than NT_STATUS_LOGON_FAILURE. This also brings us (almost) back in line with
their implementation.
Kill off SMBENCRYPT() macro
Kill off 'nt smb support' paramater - tridge okayed this one.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
*HARD*, dammit !
Jeremy.
|
| |
|
|
| |
NTSTATUS. This gets the right error codes in SMBunlink
|
| |
|
|
|
| |
Add the ability for swat to run in non-root-mode (ie non-root from inetd).
- we still need some of the am_root() calls fixed however.
|
| |
|
|
| |
than Get_Pwnam(user, True).
|
| |
|
|
|
|
|
|
|
| |
some sainity, avoiding things like 'root preexec' when the connection would
otherwise already be denied (max connections).
This does change behaviour, but I think its for the best.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
on the wire.
|
| |
|
|
| |
- Fix initial lookup to use the mapped username.
|
| |
|
|
|
|
| |
(These are part of the build_options patch).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DEBUG(). Also included are details like build date/time, location and
compiler.
This should get most of the options we set, except those that don't affect
smbd, like WITH_PAM_SMBPASSWD or WITH_WINBINDD.
This work due to Vance Lankhaar <vlankhaar@hotmail.com>
Some work needs to be done to make it only rebuild when needed (ie smbd being
rebuilt) but its in pretty good shape already.
Also fix up some printf() -> d_printf().
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
I'd rather get the connection count wrong with a small probability
than deadlock
|
| |
|
|
| |
this prevents the fd seek pointer problem
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
simply not doing Get_Pwnam() calls in pass_check.c
We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter
what it returns. We also no longer run the password cracker for these logins.
The truly parinod will note the slight difference in call paths, in that we only
call crypt for valid password structs (if not --with-pam). The truly parinoid
don't run SWAT either, so I don't think this is an issue.
Andrew Bartlett
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
completely broken, and it's pointless to emulate their brokenness completely in this case, but at least this makes us use approximately the same packet format. The spec is complelet wrong in this case
|
| |
|
|
|
|
|
|
|
| |
they can have general effect.
Fixed up workstaion support in the rest of samba, so that we can do these
checks.
Pass through the workstation for cli_net_logon(), if supplied.
|
