Author: jerry Date: 2005-01-20 17:11:05 +0000 (Thu, 20 Jan 2005) New Revision: 4872
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4872 Log: svn merge -r4866:4867 $SVNURL/branches/SAMBA_3_0 svn merge -r4870:4871 $SVNURL/branches/SAMBA_3_0 Removed: trunk/examples/LDAP/ldapsync.pl trunk/examples/LDAP/smbldap-tools/ Modified: trunk/examples/LDAP/README trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: trunk/examples/LDAP/README =================================================================== --- trunk/examples/LDAP/README 2005-01-20 17:05:10 UTC (rev 4871) +++ trunk/examples/LDAP/README 2005-01-20 17:11:05 UTC (rev 4872) @@ -52,23 +52,13 @@ smbldap-tools/ -------------- -This is a collection of perl scripts (wrapped around the standard -OpenLDAP command line tools) for managing Samba and posix accounts -in an LDAP directory. See the README file included with the scripts -for more details. +The smbldap-tools have been removed from the samba svn +tree. The latest version will continue to be included +in Samba releases. +The smbldap-tools package can be downloaded individually from +http://samba.idealx.org/dist/ -ldapsync.pl ------------ -For more information on these scripts, see - - http://www.mami.net/univr/tng-ldap/howto/ - - -The ldapsync.pl script requires a small command (smbencrypt) -for generating LanMan and NT password hashes which -can be found at ftp://samba.org/pub/samba/contributed/ - !== !== end of README !== Deleted: trunk/examples/LDAP/ldapsync.pl =================================================================== --- trunk/examples/LDAP/ldapsync.pl 2005-01-20 17:05:10 UTC (rev 4871) +++ trunk/examples/LDAP/ldapsync.pl 2005-01-20 17:11:05 UTC (rev 4872) @@ -1,122 +0,0 @@ -#!/usr/bin/perl -w - -# LDAP to unix password sync script for samba-tng -# originally by Jody Haynes <[EMAIL PROTECTED]> -# 12/12/2000 [EMAIL PROTECTED] -# modified for use with MD5 passwords -# 12/16/2000 [EMAIL PROTECTED] -# modified to change lmpassword and ntpassword for samba -# 05/01/2001 [EMAIL PROTECTED] -# modified for being also a /bin/passwd replacement -# -# ACHTUNG!! For servers that support the LDAP Modify password -# extended op (e.g. OpenLDAP), see the "ldap password -# sync" option in smb.conf(5). -# - -$basedn = "ou=Students,dc=univr, dc=it"; -$binddn = "uid=root,dc=univr,dc=it"; -$scope = "sub"; -$passwd = "mysecret"; - -foreach $arg (@ARGV) { - if ($< != 0) { - die "Only root can specify parameters\n"; - } else { - if ( ($arg eq '-?') || ($arg eq '--help') ) { - print "Usage: $0 [-o] [username]\n"; - print " -o, --without-old-password do not ask for old password (root only)\n"; - print " -?, --help show this help message\n"; - exit (-1); - } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { - $oldpass = 1; - } elsif (substr($arg,0) ne '-') { - $user = $arg; - if (!defined(getpwnam($user))) { - die "$0: Unknown user name '$user'\n"; ; - } - } - } -} - -if (!defined($user)) { - $user=$ENV{"USER"}; -} - -if (!defined($oldpass)) { - system "stty -echo"; - print "Old password for user $user: "; - chomp($oldpass=<STDIN>); - print "\n"; - system "stty echo"; - - $ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`; - $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword; - $ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword; - - # Find dn for user $user (maybe check unix password too?) - $dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`; - chomp $dn; - - if ($dn eq '') { - print "Wrong password for user $user!\n"; - exit (-1); - } -} else { - # Find dn for user $user - $dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`; - chomp $dn; -} - -system "stty -echo"; -print "New password for user $user: "; -chomp($pass=<STDIN>); -print "\n"; -system "stty echo"; - -system "stty -echo"; -print "Retype new password for user $user: "; -chomp($pass2=<STDIN>); -print "\n"; -system "stty echo"; - -if ($pass ne $pass2) { - die "Wrong password!\n"; -} else { -# MD5 password -$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]; -$bsalt = "\$1\$"; $esalt = "\$"; -$modsalt = $bsalt.$random.$esalt; -$password = crypt($pass, $modsalt); - -# LanManager and NT clear text passwords -$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`; -chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); -chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); - -$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd"; - -open FILE or die; - -print FILE <<EOF; -dn: $dn -changetype: modify -replace: userPassword -userPassword: {crypt}$password -- -changetype: modify -replace: lmpassword -lmpassword: $lmpassword -- -changetype: modify -replace: ntpassword -ntpassword: $ntpassword -- - -EOF -close FILE; - -} - -exit 0; - Modified: trunk/source/rpc_server/srv_samr_nt.c =================================================================== --- trunk/source/rpc_server/srv_samr_nt.c 2005-01-20 17:05:10 UTC (rev 4871) +++ trunk/source/rpc_server/srv_samr_nt.c 2005-01-20 17:11:05 UTC (rev 4872) @@ -2541,8 +2541,11 @@ if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; + /* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here. + Reverted that change so we will work with RAS servers again */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, - SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_lookup_domain"))) + SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain"))) { return r_u->status; }