Tom Dickson
2003-Oct-21 19:50 UTC
[Samba] PATCH to Samba 3.0.0 to allow interactive --set-auth-user for wbinfo
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch is against samba-3.0.0beta3 (tested), but will also apply
correctly to 3.0.0 (release)
It makes wbinfo ask for a password if there is no password on the
command line.
So:
wbinfo --set-auth-user=Administrator
Will make it prompt
Password:
This is to make it easier to script wbinfo for nas appliances using
expect to allow passwords with characters that bash doesn't like: '!*\,%
etc. This also prevents the password from being seen by ps auwx which
some may consider to be a security risk.
- -Tom Dickson
InoStor Corporation
13000 Gregg St
Poway, CA 92064-7151
www.inostor.com
858-726-1846
<TEXT OF PATCH>
- --- samba-3.0.0beta3/source/nsswitch/wbinfo.c Wed Jul 16 06:24:00 2003
+++ samba-nuevo/source/nsswitch/wbinfo.c Fri Aug 29 13:50:06 2003
@@ -756,8 +756,13 @@
~ if (password) {
~ *password = 0;
~ password++;
- - } else
- - password = "";
+ } else {
+ char *thepass = getpass("Password: ");
+ if (thepass) {
+ password = thepass;
+ } else
+ password = "";
+ }
~ /* Store or remove DOMAIN\username%password in secrets.tdb */
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows 2000)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/lY362dxAfYNwANIRAtbrAJ9gogFU66QF0DVufktDP4EYWGJnowCdHPHn
2y4pn9rzg+Gzs/CdPGxq4U8=aJVk
-----END PGP SIGNATURE-----
-------------- next part --------------
--- samba-3.0.0beta3/source/nsswitch/wbinfo.c Wed Jul 16 06:24:00 2003
+++ samba-nuevo/source/nsswitch/wbinfo.c Fri Aug 29 13:50:06 2003
@@ -756,8 +756,13 @@
if (password) {
*password = 0;
password++;
- } else
- password = "";
+ } else {
+ char *thepass = getpass("Password: ");
+ if (thepass) {
+ password = thepass;
+ } else
+ password = "";
+ }
/* Store or remove DOMAIN\username%password in secrets.tdb */
Andrew Bartlett
2003-Oct-21 21:57 UTC
[Samba] PATCH to Samba 3.0.0 to allow interactive --set-auth-user for wbinfo
On Wed, 2003-10-22 at 05:50, Tom Dickson wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This patch is against samba-3.0.0beta3 (tested), but will also apply > correctly to 3.0.0 (release) > > It makes wbinfo ask for a password if there is no password on the > command line. > > So: > > wbinfo --set-auth-user=AdministratorMay I quickly remind everybody *never* to use the administrator password for 'set-auth-user'! This is for an *unprivileged* user, who's password gets stored plaintext on a disk, to get around some restrict anonymous issues in certain situations, mostly involving NT4. Most of these have been resolved by the use of Kerberos in winbindd. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031022/f930b3e1/attachment.bin
Gerald (Jerry) Carter
2003-Oct-31 20:32 UTC
[Samba] PATCH to Samba 3.0.0 to allow interactive --set-auth-user for wbinfo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Dickson wrote: | This patch is against samba-3.0.0beta3 (tested), but will also apply | correctly to 3.0.0 (release) | | It makes wbinfo ask for a password if there is no password on the | command line. | | So: | | wbinfo --set-auth-user=Administrator | | Will make it prompt | | Password: Got it. Thanks. cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/osbOIR7qMdg1EfYRAk/kAKCjtCiKcygF4p1flI9k7TtRrX3KzgCg21VH AX3nD3SMdYC3LTclqTbKd9Y=qXWk -----END PGP SIGNATURE-----