1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Updates from Samba HEAD:

- Fix segfaults in the 'net ads' commands when no password is provided
 - Readd --with-ldapsam for 2.2 compatability.  This conditionally compiles the
   old options, but the actual code is available on all ldap systems.
 - Fix shadow passwords (as per work with vl)
 - Fix sending plaintext passwords to unicode servers (again vl)
 - Add a bit of const to secrets.c functions
 - Fix some spelling and grammer by vance.
 - Document the -r option in smbgroupedit.

There are more changes in HEAD, I'm only merging the changes I've been involved
with.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 0001-01-01 00:00:00 +00:00
parent d8d351eb01
commit 83973c3893
15 changed files with 970 additions and 873 deletions

View File

@ -70,7 +70,7 @@ SWATDIR = @swatdir@
# the directory where lock files go
LOCKDIR = @lockdir@
# the directorty where pid files go
# the directory where pid files go
PIDDIR = @piddir@
# man pages language(s)
man_langs = "@manlangs@"

View File

@ -167,7 +167,7 @@
#undef HAVE_IMMEDIATE_STRUCTURES
#undef HAVE_CUPS
#undef WITH_SAM
#undef WITH_LDAP_SAM
#undef WITH_LDAP_SAMCONFIG
#undef WITH_NISPLUS_SAM
#undef WITH_TDB_SAM
#undef LINUX_QUOTAS_1

View File

@ -634,6 +634,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
/* Also the place to keep the 'password' no matter what
crazy struct it started in... */
fstrcpy(this_crypted, pass->pw_passwd);
fstrcpy(this_salt, pass->pw_passwd);
#ifdef HAVE_GETSPNAM
{
@ -645,8 +646,10 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
perhaps for IPC password changing requests */
spass = getspnam(pass->pw_name);
if (spass && spass->sp_pwdp)
if (spass && spass->sp_pwdp) {
fstrcpy(this_crypted, spass->sp_pwdp);
fstrcpy(this_salt, spass->sp_pwdp);
}
}
#elif defined(IA_UINFO)
{
@ -704,9 +707,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
}
#endif
/* extract relevant info */
fstrcpy(this_salt, pass->pw_passwd);
#if defined(HAVE_TRUNCATED_SALT)
/* crypt on some platforms (HPUX in particular)
won't work with more than 2 salt characters. */

1699
source/configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -2215,6 +2215,23 @@ AC_ARG_WITH(sam,
##
########################################################################################
#################################################
# check for a LDAP password database configuration backwards compatibility
AC_MSG_CHECKING(whether to use LDAP SAM 2.2 compatible configuration)
AC_ARG_WITH(ldapsam,
[ --with-ldapsam Include LDAP SAM 2.2 compatible configuration (default=no)],
[ case "$withval" in
yes)
AC_MSG_RESULT(yes)
AC_DEFINE(WITH_LDAP_SAMCONFIG)
;;
*)
AC_MSG_RESULT(no)
;;
esac ],
AC_MSG_RESULT(no)
)
#################################################
# check for a TDB password database
AC_MSG_CHECKING(whether to use TDB SAM database)

View File

@ -233,7 +233,7 @@
#undef HAVE_IMMEDIATE_STRUCTURES
#undef HAVE_CUPS
#undef WITH_SAM
#undef WITH_LDAP_SAM
#undef WITH_LDAP_SAMCONFIG
#undef WITH_NISPLUS_SAM
#undef WITH_TDB_SAM
#undef LINUX_QUOTAS_1

View File

@ -643,8 +643,8 @@ void string_free(char **s)
}
/****************************************************************************
set a string value, allocing the space for the string, and deallocating any
existing space
set a string value, deallocating any existing space, and allocing the space
for the string
****************************************************************************/
BOOL string_set(char **dest,const char *src)
{
@ -724,7 +724,7 @@ void pstring_sub(char *s,const char *pattern,const char *insert)
/* similar to string_sub, but it will accept only allocated strings
* and may realloc them so pay attention at what you pass on no
* pointers inside strings, no pstrings or const must be passed
* pointers inside strings, no pstrings or const may be passed
* as string.
*/
@ -830,7 +830,7 @@ void all_string_sub(char *s,const char *pattern,const char *insert, size_t len)
/****************************************************************************
similar to all_string_sub but for unicode strings.
return a new allocate unicode string.
return a new allocated unicode string.
similar to string_sub() but allows for any character to be substituted.
Use with caution!
****************************************************************************/
@ -1203,7 +1203,7 @@ BOOL str_list_copy(char ***dest, char **src)
lsize += S_LIST_ABS;
rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1)));
if (!rlist) {
DEBUG(0,("str_list_copy: Unable to allocate memory"));
DEBUG(0,("str_list_copy: Unable to re-allocate memory"));
str_list_free(&list);
return False;
}
@ -1225,7 +1225,7 @@ BOOL str_list_copy(char ***dest, char **src)
return True;
}
/* return true if all the elemnts of the list matches exactly */
/* return true if all the elements of the list match exactly */
BOOL str_list_compare(char **list1, char **list2)
{

View File

@ -114,7 +114,14 @@ int ads_kinit_password(ADS_STRUCT *ads)
char *s;
int ret;
asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm);
if (asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm) == -1) {
return KRB5_CC_NOMEM;
}
if (!ads->auth.password) {
return KRB5_LIBOS_CANTREADPWD;
}
ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset);
if (ret) {

View File

@ -184,12 +184,8 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
char *pass, char *workgroup)
{
uint32 capabilities = cli_session_setup_capabilities(cli);
fstring pword;
int passlen;
char *p;
passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_ASCII);
set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
@ -202,7 +198,7 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
SSVAL(cli->outbuf,smb_vwv8,0);
SIVAL(cli->outbuf,smb_vwv11,capabilities);
p = smb_buf(cli->outbuf);
p += clistr_push(cli, p, pword, -1, STR_TERMINATE); /* password */
p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */

View File

@ -207,6 +207,10 @@ typedef struct
int iLockSpinTime;
char *szLdapMachineSuffix;
char *szLdapUserSuffix;
#ifdef WITH_LDAP_SAMCONFIG
int ldap_port;
char *szLdapServer;
#endif
int ldap_ssl;
char *szLdapSuffix;
char *szLdapFilter;
@ -596,7 +600,7 @@ static struct enum_list enum_ldap_ssl[] = {
{LDAP_SSL_OFF, "off"},
{LDAP_SSL_OFF, "Off"},
{LDAP_SSL_START_TLS, "start tls"},
{LDAP_SSL_START_TLS, "start_tls"},
{LDAP_SSL_START_TLS, "Start_tls"},
{-1, NULL}
};
@ -1003,6 +1007,10 @@ static struct parm_struct parm_table[] = {
{"Ldap Options", P_SEP, P_SEPARATOR},
#ifdef WITH_LDAP_SAMCONFIG
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0},
{"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
#endif
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@ -1177,7 +1185,7 @@ static void init_printer_values(void)
"lp -i %p-%j -H hold");
string_set(&sDefault.szLpresumecommand,
"lp -i %p-%j -H resume");
#endif /* SYSV */
#endif /* HPUX */
break;
case PRINT_QNX:
@ -1244,7 +1252,6 @@ static void init_globals(void)
string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE);
string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
Globals.szPassdbBackend = str_list_make("smbpasswd unixsam", NULL);
/* use the new 'hash2' method by default */
string_set(&Globals.szManglingMethod, "hash2");
@ -1367,6 +1374,14 @@ static void init_globals(void)
a large number of sites (tridge) */
Globals.bHostnameLookups = False;
#ifdef WITH_LDAP_SAMCONFIG
string_set(&Globals.szLdapServer, "localhost");
Globals.ldap_port = 636;
Globals.szPassdbBackend = str_list_make("ldapsam unixsam", NULL);
#else
Globals.szPassdbBackend = str_list_make("smbpasswd unixsam", NULL);
#endif /* WITH_LDAP_SAMCONFIG */
string_set(&Globals.szLdapSuffix, "");
string_set(&Globals.szLdapMachineSuffix, "");
string_set(&Globals.szLdapUserSuffix, "");
@ -1582,6 +1597,11 @@ FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
#ifdef WITH_LDAP_SAMCONFIG
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
#endif
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
FN_GLOBAL_STRING(lp_ldap_machine_suffix, &Globals.szLdapMachineSuffix)
FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix)

View File

@ -954,9 +954,9 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
make_a_mod(mods, ldap_op, "primaryGroupID", temp);
/* displayName, cn, and gecos should all be the same
* most easily accomplished by giving them the same OID
* gecos isn't set here b/c it should be handled by the
* add-user script
* most easily accomplished by giving them the same OID
* gecos isn't set here b/c it should be handled by the
* add-user script
*/
make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
@ -1730,8 +1730,23 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
if (location) {
ldap_state->uri = talloc_strdup(pdb_context->mem_ctx, location);
#ifdef WITH_LDAP_SAMCONFIG
} else {
ldap_state->uri = "ldap://localhost";
int ldap_port = lp_ldap_port();
/* remap default port is no SSL */
if ( (lp_ldap_ssl() == LDAP_SSL_OFF) && (ldap_port == 636) ) {
ldap_port = 389;
}
ldap_state->uri = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() ? "ldap" : "ldaps", lp_ldap_server(), ldap_port);
if (!ldap_state->uri) {
return NT_STATUS_NO_MEMORY;
}
#else
} else {
ldap_state->uri = "ldaps://localhost";
#endif
}
(*pdb_method)->private_data = ldap_state;

View File

@ -95,7 +95,7 @@ BOOL secrets_delete(const char *key)
return tdb_delete(tdb, kbuf) == 0;
}
BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid)
BOOL secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
{
fstring key;
@ -104,7 +104,7 @@ BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid)
return secrets_store(key, sid, sizeof(DOM_SID));
}
BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)
{
DOM_SID *dyn_sid;
fstring key;
@ -128,7 +128,7 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
return True;
}
BOOL secrets_store_domain_guid(char *domain, GUID *guid)
BOOL secrets_store_domain_guid(const char *domain, GUID *guid)
{
fstring key;
@ -137,7 +137,7 @@ BOOL secrets_store_domain_guid(char *domain, GUID *guid)
return secrets_store(key, guid, sizeof(GUID));
}
BOOL secrets_fetch_domain_guid(char *domain, GUID *guid)
BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid)
{
GUID *dyn_guid;
fstring key;
@ -227,7 +227,7 @@ BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock)
the above call.
************************************************************************/
BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;

View File

@ -277,8 +277,13 @@ struct cli_state *net_make_ipc_connection(unsigned flags)
} else {
nt_status = connect_to_ipc(&cli, &server_ip, server_name);
}
SAFE_FREE(server_name);
return cli;
if (NT_STATUS_IS_OK(nt_status)) {
return cli;
} else {
return NULL;
}
}
static int net_user(int argc, const char **argv)

View File

@ -309,15 +309,24 @@ static int rpc_join_usage(int argc, const char **argv)
* Main 'net_rpc_join()' (where the admain username/password is used) is
* in net_rpc_join.c
* Assume if a -U is specified, it's the new style, otherwise it's the
* old style
* old style. If 'oldstyle' is specfied explicity, do it and don't prompt.
**/
int net_rpc_join(int argc, const char **argv)
{
if ((net_rpc_join_oldstyle(argc, argv) == 0))
return 0;
return net_rpc_join_newstyle(argc, argv);
struct functable func[] = {
{"oldstyle", net_rpc_join_oldstyle},
{NULL, NULL}
};
if (argc == 0) {
if ((net_rpc_join_oldstyle(argc, argv) == 0))
return 0;
return net_rpc_join_newstyle(argc, argv);
}
return net_run_function(argc, argv, func, rpc_join_usage);
}

View File

@ -52,6 +52,7 @@ static void usage(void)
printf(" -c SID change group\n");
printf(" -u unix group\n");
printf(" -d description group description\n");
printf(" -r rid RID of new group\n");
printf(" -x group delete this group\n");
printf("\n");
printf(" -t[b|d|l] type: builtin, domain, local \n");