Tom Dickson
2003-Oct-21 19:50 UTC
[Samba] PATCH to Samba 3.0.0 to allow interactive --set-auth-user for wbinfo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch is against samba-3.0.0beta3 (tested), but will also apply correctly to 3.0.0 (release) It makes wbinfo ask for a password if there is no password on the command line. So: wbinfo --set-auth-user=Administrator Will make it prompt Password: This is to make it easier to script wbinfo for nas appliances using expect to allow passwords with characters that bash doesn't like: '!*\,% etc. This also prevents the password from being seen by ps auwx which some may consider to be a security risk. - -Tom Dickson InoStor Corporation 13000 Gregg St Poway, CA 92064-7151 inostor.com 858-726-1846 <TEXT OF PATCH> - --- samba-3.0.0beta3/source/nsswitch/wbinfo.c Wed Jul 16 06:24:00 2003 +++ samba-nuevo/source/nsswitch/wbinfo.c Fri Aug 29 13:50:06 2003 @@ -756,8 +756,13 @@ ~ if (password) { ~ *password = 0; ~ password++; - - } else - - password = ""; + } else { + char *thepass = getpass("Password: "); + if (thepass) { + password = thepass; + } else + password = ""; + } ~ /* Store or remove DOMAIN\username%password in secrets.tdb */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - enigmail.mozdev.org iD8DBQE/lY362dxAfYNwANIRAtbrAJ9gogFU66QF0DVufktDP4EYWGJnowCdHPHn 2y4pn9rzg+Gzs/CdPGxq4U8=aJVk -----END PGP SIGNATURE----- -------------- next part -------------- --- samba-3.0.0beta3/source/nsswitch/wbinfo.c Wed Jul 16 06:24:00 2003 +++ samba-nuevo/source/nsswitch/wbinfo.c Fri Aug 29 13:50:06 2003 @@ -756,8 +756,13 @@ if (password) { *password = 0; password++; - } else - password = ""; + } else { + char *thepass = getpass("Password: "); + if (thepass) { + password = thepass; + } else + password = ""; + } /* Store or remove DOMAIN\username%password in secrets.tdb */
Andrew Bartlett
2003-Oct-21 21:57 UTC
[Samba] PATCH to Samba 3.0.0 to allow interactive --set-auth-user for wbinfo
On Wed, 2003-10-22 at 05:50, Tom Dickson wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This patch is against samba-3.0.0beta3 (tested), but will also apply > correctly to 3.0.0 (release) > > It makes wbinfo ask for a password if there is no password on the > command line. > > So: > > wbinfo --set-auth-user=AdministratorMay I quickly remind everybody *never* to use the administrator password for 'set-auth-user'! This is for an *unprivileged* user, who's password gets stored plaintext on a disk, to get around some restrict anonymous issues in certain situations, mostly involving NT4. Most of these have been resolved by the use of Kerberos in winbindd. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net samba.org build.samba.org hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : lists.samba.org/archive/samba/attachments/20031022/f930b3e1/attachment.bin
Gerald (Jerry) Carter
2003-Oct-31 20:32 UTC
[Samba] PATCH to Samba 3.0.0 to allow interactive --set-auth-user for wbinfo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Dickson wrote: | This patch is against samba-3.0.0beta3 (tested), but will also apply | correctly to 3.0.0 (release) | | It makes wbinfo ask for a password if there is no password on the | command line. | | So: | | wbinfo --set-auth-user=Administrator | | Will make it prompt | | Password: Got it. Thanks. cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- hp.com ~ SAMBA Team ---------------------- samba.org ~ GnuPG Key ---- plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - enigmail.mozdev.org iD8DBQE/osbOIR7qMdg1EfYRAk/kAKCjtCiKcygF4p1flI9k7TtRrX3KzgCg21VH AX3nD3SMdYC3LTclqTbKd9Y=qXWk -----END PGP SIGNATURE-----