diff options
author | Luke Leighton <lkcl@samba.org> | 2000-01-03 00:41:53 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-01-03 00:41:53 +0000 |
commit | 174299b8dd3072ee0b90ebb9a7fa92efcad69bb2 (patch) | |
tree | c18476c094cf054c97c363880827abc6b29e23ba /source/smbd | |
parent | 9ef8fddaa6080e4942bc2268b89e61c3fb1ccd3d (diff) | |
download | samba-174299b8dd3072ee0b90ebb9a7fa92efcad69bb2.tar.gz |
removed dependency of smbd on the smb password database api.
the _only_ function smbd calls is pass_check(), and for some
_weird_ reason, that is in the passdb/ directory.
nasty debugging of an rpcclient incident. the "usr_creds"
need to be told what they are dealing with (ptr_ntc = 1, for
NT creds to be used). i forgot. wasted an hour.
Diffstat (limited to 'source/smbd')
-rw-r--r-- | source/smbd/chgpasswd.c | 154 | ||||
-rw-r--r-- | source/smbd/lanman.c | 67 | ||||
-rw-r--r-- | source/smbd/password.c | 216 | ||||
-rw-r--r-- | source/smbd/reply.c | 80 | ||||
-rw-r--r-- | source/smbd/server.c | 28 |
5 files changed, 275 insertions, 270 deletions
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index 8a8d090b997..dad895ed803 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -561,58 +561,13 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, uchar *pass1, uchar *pass2 } /*********************************************************** - Code to check and change the OEM hashed password. -************************************************************/ -BOOL pass_oem_change(char *user, - uchar *lmdata, uchar *lmhash, - uchar *ntdata, uchar *nthash) -{ - UNISTR2 new_passwd; - struct smb_passwd *sampw; - BOOL ret = check_oem_password( user, lmdata, lmhash, ntdata, nthash, - &sampw, - &new_passwd); - - /* now we check to see if we are actually allowed to change the - password. */ - - if (ret && (sampw->acct_ctrl & ACB_PWLOCK)) - { - ret = False; - } - - /* - * At this point we have the new case-sensitive plaintext - * password in the fstring new_passwd. If we wanted to synchronise - * with UNIX passwords we would call a UNIX password changing - * function here. However it would have to be done as root - * as the plaintext of the old users password is not - * available. JRA. - */ - - if ( ret && lp_unix_password_sync()) - { - ret = chgpasswd(user,"", (char*)new_passwd.buffer, True); - } - - if (ret) - { - ret = change_oem_password( sampw, &new_passwd, False ); - } - - ZERO_STRUCT(new_passwd); - - return ret; -} - -/*********************************************************** Code to check the OEM hashed password. this function ignores the 516 byte nt OEM hashed password but does use the lm OEM password to check the nt hashed-hash. ************************************************************/ -BOOL check_oem_password(char *user, +static BOOL check_oem_password(char *user, uchar *lmdata, uchar *lmhash, uchar *ntdata, uchar *nthash, struct smb_passwd **psmbpw, UNISTR2 *new_passwd) @@ -630,7 +585,7 @@ BOOL check_oem_password(char *user, BOOL nt_pass_set = (ntdata != NULL && nthash != NULL); become_root(False); - *psmbpw = smbpw = getsmbpwnam(user); + (*psmbpw) = smbpw = getsmbpwnam(user); unbecome_root(False); if (smbpw == NULL) @@ -639,7 +594,7 @@ BOOL check_oem_password(char *user, return False; } - if (smbpw->acct_ctrl & ACB_DISABLED) + if (IS_BITS_SET_ALL(smbpw->acct_ctrl, ACB_DISABLED)) { DEBUG(0,("check_lanman_password: account %s disabled.\n", user)); return False; @@ -753,31 +708,104 @@ BOOL check_oem_password(char *user, } /*********************************************************** + Code to check and change the OEM hashed password. +************************************************************/ +BOOL pass_oem_change(char *user, + uchar *lmdata, uchar *lmhash, + uchar *ntdata, uchar *nthash) +{ + UNISTR2 new_passwd; + struct smb_passwd *sampw = NULL; + BOOL ret = check_oem_password( user, lmdata, lmhash, ntdata, nthash, + &sampw, + &new_passwd); + + /* now we check to see if we are actually allowed to change the + password. */ + + if (ret && (sampw == NULL || + IS_BITS_SET_ALL(sampw->acct_ctrl,ACB_PWLOCK))) + { + if (sampw == NULL) + { + DEBUG(3,("pass_oem_change: account %s not known\n", + user)); + } + else + { + DEBUG(3,("pass_oem_change: account %s disabled (%x)\n", + user, sampw->acct_ctrl)); + } + ret = False; + } + + /* + * At this point we have the new case-sensitive plaintext + * password in the fstring new_passwd. If we wanted to synchronise + * with UNIX passwords we would call a UNIX password changing + * function here. However it would have to be done as root + * as the plaintext of the old users password is not + * available. JRA. + */ + + if ( ret && lp_unix_password_sync()) + { + ret = chgpasswd(user,"", (char*)new_passwd.buffer, True); + } + + if (ret) + { + ret = change_oem_password( sampw, &new_passwd, + ntdata != NULL, False ); + } + + ZERO_STRUCT(new_passwd); + + return ret; +} + +/*********************************************************** Code to change the oem password. Changes both the lanman and NT hashes. override = False, normal override = True, override XXXXXXXXXX'd password ************************************************************/ -BOOL change_oem_password(struct smb_passwd *smbpw, UNISTR2 *new_passwd, BOOL override) +BOOL change_oem_password(struct smb_passwd *smbpw, UNISTR2 *new_passwd, + BOOL unicode, BOOL override) { - int ret; - uchar new_nt_p16[16]; - uchar new_p16[16]; + int ret; + uchar new_nt_p16[16]; + uchar new_p16[16]; - nt_lm_owf_genW(new_passwd, new_nt_p16, new_p16); + DEBUG(100,("change_oem_password: %d\n", __LINE__)); - smbpw->smb_passwd = new_p16; - smbpw->smb_nt_passwd = new_nt_p16; - - /* Now write it into the file. */ - become_root(0); - ret = mod_smbpwd_entry(smbpw,override); - unbecome_root(0); + if (unicode) + { + nt_lm_owf_genW(new_passwd, new_nt_p16, new_p16); + } + else + { + nt_lm_owf_gen((char*)new_passwd->buffer, new_nt_p16, new_p16); + } - ZERO_STRUCTP(new_passwd); + DEBUG(100,("change_oem_password: %d\n", __LINE__)); + dbgflush(); - return ret; + smbpw->smb_passwd = new_p16; + smbpw->smb_nt_passwd = new_nt_p16; + + DEBUG(100,("change_oem_password: %d\n", __LINE__)); + dbgflush(); + + /* Now write it into the file. */ + become_root(0); + ret = mod_smbpwd_entry(smbpw,override); + unbecome_root(0); + + ZERO_STRUCTP(new_passwd); + + return ret; } /**************************************************************************** @@ -803,7 +831,7 @@ BOOL update_smbpassword_file(char *user, char *password) /* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */ - ret = change_oem_password( smbpw, &newpw, True); + ret = change_oem_password( smbpw, &newpw, True, True); if (!ret) { DEBUG(3,("change_oem_password returned False\n")); diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index 3cb3a9e5494..0a2b847e808 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -523,7 +523,7 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, return; } - if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + if ((p=(char *)malloc(8192*sizeof(char))) == NULL) { DEBUG(0,("fill_printq_info: malloc fail !\n")); desc->errcode=NERR_notsupported; fclose(f); @@ -628,7 +628,7 @@ static int get_printerdrivernumber(int snum) return(0); } - if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + if ((p=(char *)malloc(8192*sizeof(char))) == NULL) { DEBUG(3,("get_printerdrivernumber: malloc fail !\n")); fclose(f); return 0; @@ -723,7 +723,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, if (init_package(&desc,1,count)) { desc.subcount = count; fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); - } else if(uLevel == 0) { + } else if (uLevel == 0) { /* * This is a *disgusting* hack. * This is *so* bad that even I'm embarrassed (and I @@ -794,17 +794,17 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; if (uLevel > 0) { - if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { + if ((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } memset(queue,0,queuecnt*sizeof(print_queue_struct*)); - if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { + if ((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } memset(status,0,queuecnt*sizeof(print_status_struct)); - if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { + if ((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } @@ -951,7 +951,7 @@ static int get_server_info(uint32 servertype, /* Filter the servers/domains we return based on what was asked for. */ /* Check to see if we are being asked for a local list only. */ - if(local_list_only && ((s->type & SV_TYPE_LOCAL_LIST_ONLY) == 0)) { + if (local_list_only && ((s->type & SV_TYPE_LOCAL_LIST_ONLY) == 0)) { DEBUG(4,("r: local list only")); ok = False; } @@ -1519,6 +1519,9 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param char *p = skip_string(param+2,2); fstring user; fstring pass1,pass2; + uchar pwbuf[516]; + uchar nt_pw[16]; + uchar lm_pw[16]; fstrcpy(user,p); @@ -1554,12 +1557,11 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * Older versions of Windows seem to do this. */ - if (password_ok(user, global_myworkgroup, pass1,strlen(pass1), NULL, 0, - NULL, NULL) && - chgpasswd(user,pass1,pass2,False)) - { - SSVAL(*rparam,0,NERR_Success); - } + nt_lm_owf_gen(pass1, nt_pw, lm_pw); + if (msrpc_sam_ntchange_pwd("\\\\.", user, lm_pw, nt_pw, pass2)) + { + SSVAL(*rparam,0,NERR_Success); + } /* * If the plaintext change failed, attempt @@ -1567,21 +1569,22 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param * after trying the samr method. */ - if(SVAL(*rparam,0) != NERR_Success) - { - struct smb_passwd *sampw = NULL; + if (SVAL(*rparam,0) != NERR_Success) + { + if (make_oem_passwd_hash(pwbuf, pass1, 16, NULL, False) && + msrpc_sam_ntpasswd_set("\\\\.", user, + pwbuf, pass2, /* lm pw */ + NULL, NULL)) /* nt pw */ + { + SSVAL(*rparam,0,NERR_Success); + } + } - if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) && - change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2)) - { - SSVAL(*rparam,0,NERR_Success); - } - } + ZERO_STRUCT(pwbuf); + ZERO_STRUCT(pass1); + ZERO_STRUCT(pass2); - bzero(pass1,sizeof(fstring)); - bzero(pass2,sizeof(fstring)); - - return(True); + return(True); } /**************************************************************************** @@ -1605,13 +1608,13 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * /* * Check the parameter definition is correct. */ - if(!strequal(param + 2, "zsT")) { + if (!strequal(param + 2, "zsT")) { DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2)); return False; } p = skip_string(p, 1); - if(!strequal(p, "B516B16")) { + if (!strequal(p, "B516B16")) { DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p)); return False; } @@ -1634,7 +1637,9 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * */ (void)Get_Pwnam( user, True); - if (pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL)) + if (msrpc_sam_ntpasswd_set("\\\\.", user, + (uchar*) data, (uchar *)&data[516], /* lm pw */ + NULL, NULL)) /* nt pw */ { SSVAL(*rparam,0,NERR_Success); } @@ -2264,7 +2269,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param /* With share level security vuid will always be zero. Don't depend on vuser being non-null !!. JRA */ user_struct *vuser = get_valid_user_struct(vuid); - if(vuser != NULL) + if (vuser != NULL) DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid, vuser->name)); *rparam_len = 6; @@ -3114,7 +3119,7 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char * rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); - if(!rdata || !rparam) { + if (!rdata || !rparam) { DEBUG(0,("api_reply: malloc fail !\n")); return -1; } diff --git a/source/smbd/password.c b/source/smbd/password.c index 2d45c372298..5a1605f35bf 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -54,6 +54,114 @@ void add_session_user(char *user) } } +/**************************************************************************** +validate a password with the password server +****************************************************************************/ +static BOOL check_server_security(char *user, char *domain, + char *pass, int passlen, + char *ntpass, int ntpasslen) +{ + struct cli_state *cli; + static unsigned char badpass[24]; + static BOOL tested_password_server = False; + static BOOL bad_password_server = False; + + if(lp_security() != SEC_SERVER) + return False; + + DEBUG(10,("check_server_security\n")); + + cli = server_client(); + + if (!cli->initialised) + { + DEBUG(1,("password server %s is not connected\n", cli->desthost)); + return False; + } + + if(badpass[0] == 0) + memset(badpass, 0x1f, sizeof(badpass)); + + if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) { + /* + * Very unlikely, our random bad password is the same as the users + * password. */ + memset(badpass, badpass[0]+1, sizeof(badpass)); + } + + /* + * Attempt a session setup with a totally incorrect password. + * If this succeeds with the guest bit *NOT* set then the password + * server is broken and is not correctly setting the guest bit. We + * need to detect this as some versions of NT4.x are broken. JRA. + */ + + if(!tested_password_server) { + if (cli_session_setup(cli, global_myname, + user, (char *)badpass, sizeof(badpass), + (char *)badpass, sizeof(badpass), domain)) { + + /* + * We connected to the password server so we + * can say we've tested it. + */ + tested_password_server = True; + + if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) { + DEBUG(0,("server_validate: password server %s allows users as non-guest \ +with a bad password.\n", cli->desthost)); + DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \ +use this machine as the password server.\n")); + cli_ulogoff(cli); + + /* + * Password server has the bug. + */ + bad_password_server = True; + return False; + } + cli_ulogoff(cli); + } + } else { + + /* + * We have already tested the password server. + * Fail immediately if it has the bug. + */ + + if(bad_password_server) { + DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \ +with a bad password.\n", cli->desthost)); + DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \ +use this machine as the password server.\n")); + return False; + } + } + + /* + * Now we know the password server will correctly set the guest bit, or is + * not guest enabled, we can try with the real password. + */ + + if (!cli_session_setup(cli, global_myname, + user, pass, passlen, ntpass, ntpasslen, domain)) { + DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + return False; + } + + /* if logged in as guest then reject */ + if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) { + DEBUG(1,("password server %s gave us guest only\n", cli->desthost)); + cli_ulogoff(cli); + return False; + } + + + cli_ulogoff(cli); + + return(True); +} + /**************************************************************************** check if a username/password pair is OK either via the system password @@ -513,111 +621,3 @@ struct cli_state *server_cryptkey(void) return NULL; } -/**************************************************************************** -validate a password with the password server -****************************************************************************/ -BOOL check_server_security(char *user, char *domain, - char *pass, int passlen, - char *ntpass, int ntpasslen) -{ - struct cli_state *cli; - static unsigned char badpass[24]; - static BOOL tested_password_server = False; - static BOOL bad_password_server = False; - - if(lp_security() != SEC_SERVER) - return False; - - DEBUG(10,("check_server_security\n")); - - cli = server_client(); - - if (!cli->initialised) - { - DEBUG(1,("password server %s is not connected\n", cli->desthost)); - return False; - } - - if(badpass[0] == 0) - memset(badpass, 0x1f, sizeof(badpass)); - - if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) { - /* - * Very unlikely, our random bad password is the same as the users - * password. */ - memset(badpass, badpass[0]+1, sizeof(badpass)); - } - - /* - * Attempt a session setup with a totally incorrect password. - * If this succeeds with the guest bit *NOT* set then the password - * server is broken and is not correctly setting the guest bit. We - * need to detect this as some versions of NT4.x are broken. JRA. - */ - - if(!tested_password_server) { - if (cli_session_setup(cli, global_myname, - user, (char *)badpass, sizeof(badpass), - (char *)badpass, sizeof(badpass), domain)) { - - /* - * We connected to the password server so we - * can say we've tested it. - */ - tested_password_server = True; - - if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) { - DEBUG(0,("server_validate: password server %s allows users as non-guest \ -with a bad password.\n", cli->desthost)); - DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \ -use this machine as the password server.\n")); - cli_ulogoff(cli); - - /* - * Password server has the bug. - */ - bad_password_server = True; - return False; - } - cli_ulogoff(cli); - } - } else { - - /* - * We have already tested the password server. - * Fail immediately if it has the bug. - */ - - if(bad_password_server) { - DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \ -with a bad password.\n", cli->desthost)); - DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \ -use this machine as the password server.\n")); - return False; - } - } - - /* - * Now we know the password server will correctly set the guest bit, or is - * not guest enabled, we can try with the real password. - */ - - if (!cli_session_setup(cli, global_myname, - user, pass, passlen, ntpass, ntpasslen, domain)) { - DEBUG(1,("password server %s rejected the password\n", cli->desthost)); - return False; - } - - /* if logged in as guest then reject */ - if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) { - DEBUG(1,("password server %s gave us guest only\n", cli->desthost)); - cli_ulogoff(cli); - return False; - } - - - cli_ulogoff(cli); - - return(True); -} - diff --git a/source/smbd/reply.c b/source/smbd/reply.c index f4cee156f86..e706479d581 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -66,6 +66,7 @@ static void overflow_attack(int len) ****************************************************************************/ static void map_nt_and_unix_username(const char *domain, char *user) { +#if 0 DOM_NAME_MAP gmep; fstring nt_username; @@ -73,7 +74,7 @@ static void map_nt_and_unix_username(const char *domain, char *user) * Pass the user through the NT -> unix user mapping * function. */ - + if (lp_server_role() != ROLE_DOMAIN_NONE) { memset(nt_username, 0, sizeof(nt_username)); @@ -92,6 +93,9 @@ static void map_nt_and_unix_username(const char *domain, char *user) fstrcpy(user, gmep.unix_name); } } +#else + DEBUG(1,("map_nt_and_unix_username: NT->Unix map DISABLED\n")); +#endif /* * Pass the user through the unix -> unix user mapping @@ -644,52 +648,46 @@ user %s attempted down-level SMB connection\n", user)); if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0)) guest = True; - /* - * Check with orig_user for security=server and - * security=domain. - */ - - if (!guest && !check_hosts_equiv(user)) - { + if (!guest && !check_hosts_equiv(user)) + { + /* + * Check with orig_user for security=server and + * security=domain. + */ - /* - * If we get here then the user wasn't guest and the remote - * authentication methods failed. Check the SMB authentication - * methods on this local server. - * - */ + DEBUG(10,("Checking SMB password, user %s domain %s\n", + user, domain)); + if(!password_ok(orig_user, domain, + smb_apasswd,smb_apasslen, + smb_ntpasswd,smb_ntpasslen, + NULL, user_sess_key)) + { + DEBUG(0,("SMB LM/NT Password did not match!\n")); - DEBUG(10,("Checking SMB password\n")); - if(!password_ok(user, domain, - smb_apasswd,smb_apasslen, - smb_ntpasswd,smb_ntpasslen, - NULL, user_sess_key)) - { - DEBUG(0,("SMB LM/NT Password did not match!\n")); + if (lp_security() >= SEC_USER) + { + if (lp_map_to_guest() == NEVER_MAP_TO_GUEST) + return(ERROR(ERRSRV,ERRbadpw)); - if (lp_security() >= SEC_USER) - { - if (lp_map_to_guest() == NEVER_MAP_TO_GUEST) - return(ERROR(ERRSRV,ERRbadpw)); + if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) + { + if (Get_Pwnam(user,True)) + return(ERROR(ERRSRV,ERRbadpw)); + } - if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) - { - if (Get_Pwnam(user,True)) - return(ERROR(ERRSRV,ERRbadpw)); - } + /* + * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD + * Then always map to guest account - as done below. + */ + } - /* - * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD - * Then always map to guest account - as done below. - */ - } + if (*smb_apasswd || !Get_Pwnam(user,True)) + pstrcpy(user,lp_guestaccount(-1)); + DEBUG(3,("Registered username %s for guest access\n",user)); + guest = True; + } - if (*smb_apasswd || !Get_Pwnam(user,True)) - pstrcpy(user,lp_guestaccount(-1)); - DEBUG(3,("Registered username %s for guest access\n",user)); - guest = True; - } - } + } if (!Get_Pwnam(user,True)) { DEBUG(3,("No such user %s - using guest account\n",user)); diff --git a/source/smbd/server.c b/source/smbd/server.c index ab55081e4cb..3ec4e93c3ff 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -679,36 +679,10 @@ static void usage(char *pname) codepage_initialise(lp_client_code_page()); - if (!pwdb_initialise(True) || !initialise_password_db()) + if (!pwdb_initialise(True)) { exit(1); } - - if(!initialise_sam_password_db()) - { - exit(1); - } - - if(!initialise_passgrp_db()) - { - exit(1); - } - - if(!initialise_group_db()) - { - exit(1); - } - - if(!initialise_alias_db()) - { - exit(1); - } - - if(!initialise_builtin_db()) - { - exit(1); - } - if (!get_member_domain_sid()) { DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", |