svn commit: samba r4872 - in trunk: examples/LDAP source/rpc_server

jerry at samba.org jerry at samba.org
Thu Jan 20 17:11:05 GMT 2005 

Author: jerry
Date: 2005-01-20 17:11:05 +0000 (Thu, 20 Jan 2005)
New Revision: 4872

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4872

Log:
svn merge -r4866:4867 $SVNURL/branches/SAMBA_3_0
svn merge -r4870:4871 $SVNURL/branches/SAMBA_3_0

Removed:
   trunk/examples/LDAP/ldapsync.pl
   trunk/examples/LDAP/smbldap-tools/
Modified:
   trunk/examples/LDAP/README
   trunk/source/rpc_server/srv_samr_nt.c


Changeset:
Modified: trunk/examples/LDAP/README
===================================================================
--- trunk/examples/LDAP/README	2005-01-20 17:05:10 UTC (rev 4871)
+++ trunk/examples/LDAP/README	2005-01-20 17:11:05 UTC (rev 4872)
@@ -52,23 +52,13 @@
 smbldap-tools/
 --------------
 
-This is a collection of perl scripts (wrapped around the standard 
-OpenLDAP command line tools) for managing Samba and posix accounts
-in an LDAP directory.  See the README file included with the scripts
-for more details.
+The smbldap-tools have been removed from the samba svn 
+tree.  The latest version will continue to be included 
+in Samba releases.
 
+The smbldap-tools package can be downloaded individually from 
+http://samba.idealx.org/dist/
 
-ldapsync.pl 
------------
-For more information on these scripts, see
-
-	http://www.mami.net/univr/tng-ldap/howto/
-
-
-The ldapsync.pl script requires a small command (smbencrypt) 
-for generating LanMan and NT password hashes which 
-can be found at ftp://samba.org/pub/samba/contributed/
-
 !==
 !== end of README
 !==

Deleted: trunk/examples/LDAP/ldapsync.pl
===================================================================
--- trunk/examples/LDAP/ldapsync.pl	2005-01-20 17:05:10 UTC (rev 4871)
+++ trunk/examples/LDAP/ldapsync.pl	2005-01-20 17:11:05 UTC (rev 4872)
@@ -1,122 +0,0 @@
-#!/usr/bin/perl -w
-
-# LDAP to unix password sync script for samba-tng
-# originally by Jody Haynes <Jody.Haynes at isunnetworks.com>
-# 12/12/2000    milos at interactivesi.com
-#               modified for use with MD5 passwords
-# 12/16/2000	mami at arena.sci.univr.it
-#		modified to change lmpassword and ntpassword for samba
-# 05/01/2001	mami at arena.sci.univr.it
-#		modified for being also a /bin/passwd replacement
-#
-# ACHTUNG!!	For servers that support the LDAP Modify password 
-#		extended op (e.g. OpenLDAP), see the "ldap password 
-#		sync" option in smb.conf(5).  
-#
-
-$basedn = "ou=Students,dc=univr, dc=it";
-$binddn = "uid=root,dc=univr,dc=it";
-$scope = "sub";
-$passwd = "mysecret";
-
-foreach $arg (@ARGV) {
-	if ($< != 0) {
-		die "Only root can specify parameters\n";
-	} else {
-		if ( ($arg eq '-?') || ($arg eq '--help') ) {
-			print "Usage: $0 [-o] [username]\n";
-			print "  -o, --without-old-password	do not ask for old password (root only)\n";
-			print "  -?, --help			show this help message\n";
-			exit (-1);
-		} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
-			$oldpass = 1;
-		} elsif (substr($arg,0) ne '-')  {
-			$user = $arg;
-			if (!defined(getpwnam($user))) {
-				die "$0: Unknown user name '$user'\n";	;
-			}
-		}
-	}
-}
-
-if (!defined($user)) {
-	$user=$ENV{"USER"};
-}
-
-if (!defined($oldpass)) {
-	system "stty -echo";
-	print "Old password for user $user: ";
-	chomp($oldpass=<STDIN>);
-	print "\n";
-	system "stty echo";
-
-	$ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`;
-	$lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword;
-	$ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword;
-
-	# Find dn for user $user (maybe check unix password too?)
-	$dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`;
-	chomp $dn;
-
-	if ($dn eq '') {
-		print "Wrong password for user $user!\n";
-		exit (-1);
-	}
-} else {
-	# Find dn for user $user
-	$dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`;
-	chomp $dn;
-}
-
-system "stty -echo";
-print "New password for user $user: ";
-chomp($pass=<STDIN>);
-print "\n";
-system "stty echo";
-
-system "stty -echo";
-print "Retype new password for user $user: ";
-chomp($pass2=<STDIN>);
-print "\n";
-system "stty echo";
-
-if ($pass ne $pass2) {
-	die "Wrong password!\n";
-} else {
-# MD5 password
-$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
-$bsalt = "\$1\$"; $esalt = "\$";
-$modsalt = $bsalt.$random.$esalt;
-$password = crypt($pass, $modsalt);
-
-# LanManager and NT clear text passwords
-$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`;
-chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
-chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
-
-$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd";
-
-open FILE or die;
-
-print FILE <<EOF;
-dn: $dn
-changetype: modify
-replace: userPassword
-userPassword: {crypt}$password
--
-changetype: modify
-replace: lmpassword
-lmpassword: $lmpassword
--
-changetype: modify
-replace: ntpassword
-ntpassword: $ntpassword
--
-
-EOF
-close FILE;
-
-}
-
-exit 0;
-

Modified: trunk/source/rpc_server/srv_samr_nt.c
===================================================================
--- trunk/source/rpc_server/srv_samr_nt.c	2005-01-20 17:05:10 UTC (rev 4871)
+++ trunk/source/rpc_server/srv_samr_nt.c	2005-01-20 17:11:05 UTC (rev 4872)
@@ -2541,8 +2541,11 @@
 	if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
+	/* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here.  
+	   Reverted that change so we will work with RAS servers again */
+
 	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, 
-		SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_lookup_domain"))) 
+		SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain"))) 
 	{
 		return r_u->status;
 	}

More information about the samba-cvs mailing list