mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Updates from Samba HEAD:
- Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett
This commit is contained in:
parent
d8d351eb01
commit
83973c3893
@ -70,7 +70,7 @@ SWATDIR = @swatdir@
|
||||
# the directory where lock files go
|
||||
LOCKDIR = @lockdir@
|
||||
|
||||
# the directorty where pid files go
|
||||
# the directory where pid files go
|
||||
PIDDIR = @piddir@
|
||||
# man pages language(s)
|
||||
man_langs = "@manlangs@"
|
||||
|
@ -167,7 +167,7 @@
|
||||
#undef HAVE_IMMEDIATE_STRUCTURES
|
||||
#undef HAVE_CUPS
|
||||
#undef WITH_SAM
|
||||
#undef WITH_LDAP_SAM
|
||||
#undef WITH_LDAP_SAMCONFIG
|
||||
#undef WITH_NISPLUS_SAM
|
||||
#undef WITH_TDB_SAM
|
||||
#undef LINUX_QUOTAS_1
|
||||
|
@ -634,6 +634,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
|
||||
/* Also the place to keep the 'password' no matter what
|
||||
crazy struct it started in... */
|
||||
fstrcpy(this_crypted, pass->pw_passwd);
|
||||
fstrcpy(this_salt, pass->pw_passwd);
|
||||
|
||||
#ifdef HAVE_GETSPNAM
|
||||
{
|
||||
@ -645,8 +646,10 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
|
||||
perhaps for IPC password changing requests */
|
||||
|
||||
spass = getspnam(pass->pw_name);
|
||||
if (spass && spass->sp_pwdp)
|
||||
if (spass && spass->sp_pwdp) {
|
||||
fstrcpy(this_crypted, spass->sp_pwdp);
|
||||
fstrcpy(this_salt, spass->sp_pwdp);
|
||||
}
|
||||
}
|
||||
#elif defined(IA_UINFO)
|
||||
{
|
||||
@ -704,9 +707,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
|
||||
}
|
||||
#endif
|
||||
|
||||
/* extract relevant info */
|
||||
fstrcpy(this_salt, pass->pw_passwd);
|
||||
|
||||
#if defined(HAVE_TRUNCATED_SALT)
|
||||
/* crypt on some platforms (HPUX in particular)
|
||||
won't work with more than 2 salt characters. */
|
||||
|
1699
source/configure
vendored
1699
source/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -2215,6 +2215,23 @@ AC_ARG_WITH(sam,
|
||||
##
|
||||
########################################################################################
|
||||
|
||||
#################################################
|
||||
# check for a LDAP password database configuration backwards compatibility
|
||||
AC_MSG_CHECKING(whether to use LDAP SAM 2.2 compatible configuration)
|
||||
AC_ARG_WITH(ldapsam,
|
||||
[ --with-ldapsam Include LDAP SAM 2.2 compatible configuration (default=no)],
|
||||
[ case "$withval" in
|
||||
yes)
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(WITH_LDAP_SAMCONFIG)
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT(no)
|
||||
;;
|
||||
esac ],
|
||||
AC_MSG_RESULT(no)
|
||||
)
|
||||
|
||||
#################################################
|
||||
# check for a TDB password database
|
||||
AC_MSG_CHECKING(whether to use TDB SAM database)
|
||||
|
@ -233,7 +233,7 @@
|
||||
#undef HAVE_IMMEDIATE_STRUCTURES
|
||||
#undef HAVE_CUPS
|
||||
#undef WITH_SAM
|
||||
#undef WITH_LDAP_SAM
|
||||
#undef WITH_LDAP_SAMCONFIG
|
||||
#undef WITH_NISPLUS_SAM
|
||||
#undef WITH_TDB_SAM
|
||||
#undef LINUX_QUOTAS_1
|
||||
|
@ -643,8 +643,8 @@ void string_free(char **s)
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
set a string value, allocing the space for the string, and deallocating any
|
||||
existing space
|
||||
set a string value, deallocating any existing space, and allocing the space
|
||||
for the string
|
||||
****************************************************************************/
|
||||
BOOL string_set(char **dest,const char *src)
|
||||
{
|
||||
@ -724,7 +724,7 @@ void pstring_sub(char *s,const char *pattern,const char *insert)
|
||||
|
||||
/* similar to string_sub, but it will accept only allocated strings
|
||||
* and may realloc them so pay attention at what you pass on no
|
||||
* pointers inside strings, no pstrings or const must be passed
|
||||
* pointers inside strings, no pstrings or const may be passed
|
||||
* as string.
|
||||
*/
|
||||
|
||||
@ -830,7 +830,7 @@ void all_string_sub(char *s,const char *pattern,const char *insert, size_t len)
|
||||
|
||||
/****************************************************************************
|
||||
similar to all_string_sub but for unicode strings.
|
||||
return a new allocate unicode string.
|
||||
return a new allocated unicode string.
|
||||
similar to string_sub() but allows for any character to be substituted.
|
||||
Use with caution!
|
||||
****************************************************************************/
|
||||
@ -1203,7 +1203,7 @@ BOOL str_list_copy(char ***dest, char **src)
|
||||
lsize += S_LIST_ABS;
|
||||
rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1)));
|
||||
if (!rlist) {
|
||||
DEBUG(0,("str_list_copy: Unable to allocate memory"));
|
||||
DEBUG(0,("str_list_copy: Unable to re-allocate memory"));
|
||||
str_list_free(&list);
|
||||
return False;
|
||||
}
|
||||
@ -1225,7 +1225,7 @@ BOOL str_list_copy(char ***dest, char **src)
|
||||
return True;
|
||||
}
|
||||
|
||||
/* return true if all the elemnts of the list matches exactly */
|
||||
/* return true if all the elements of the list match exactly */
|
||||
|
||||
BOOL str_list_compare(char **list1, char **list2)
|
||||
{
|
||||
|
@ -114,7 +114,14 @@ int ads_kinit_password(ADS_STRUCT *ads)
|
||||
char *s;
|
||||
int ret;
|
||||
|
||||
asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm);
|
||||
if (asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm) == -1) {
|
||||
return KRB5_CC_NOMEM;
|
||||
}
|
||||
|
||||
if (!ads->auth.password) {
|
||||
return KRB5_LIBOS_CANTREADPWD;
|
||||
}
|
||||
|
||||
ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset);
|
||||
|
||||
if (ret) {
|
||||
|
@ -184,12 +184,8 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
|
||||
char *pass, char *workgroup)
|
||||
{
|
||||
uint32 capabilities = cli_session_setup_capabilities(cli);
|
||||
fstring pword;
|
||||
int passlen;
|
||||
char *p;
|
||||
|
||||
passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_ASCII);
|
||||
|
||||
set_message(cli->outbuf,13,0,True);
|
||||
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
|
||||
cli_setup_packet(cli);
|
||||
@ -202,7 +198,7 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user,
|
||||
SSVAL(cli->outbuf,smb_vwv8,0);
|
||||
SIVAL(cli->outbuf,smb_vwv11,capabilities);
|
||||
p = smb_buf(cli->outbuf);
|
||||
p += clistr_push(cli, p, pword, -1, STR_TERMINATE); /* password */
|
||||
p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
|
||||
SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
|
||||
p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
|
||||
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
|
||||
|
@ -207,6 +207,10 @@ typedef struct
|
||||
int iLockSpinTime;
|
||||
char *szLdapMachineSuffix;
|
||||
char *szLdapUserSuffix;
|
||||
#ifdef WITH_LDAP_SAMCONFIG
|
||||
int ldap_port;
|
||||
char *szLdapServer;
|
||||
#endif
|
||||
int ldap_ssl;
|
||||
char *szLdapSuffix;
|
||||
char *szLdapFilter;
|
||||
@ -596,7 +600,7 @@ static struct enum_list enum_ldap_ssl[] = {
|
||||
{LDAP_SSL_OFF, "off"},
|
||||
{LDAP_SSL_OFF, "Off"},
|
||||
{LDAP_SSL_START_TLS, "start tls"},
|
||||
{LDAP_SSL_START_TLS, "start_tls"},
|
||||
{LDAP_SSL_START_TLS, "Start_tls"},
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
@ -1003,6 +1007,10 @@ static struct parm_struct parm_table[] = {
|
||||
|
||||
{"Ldap Options", P_SEP, P_SEPARATOR},
|
||||
|
||||
#ifdef WITH_LDAP_SAMCONFIG
|
||||
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0},
|
||||
{"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
|
||||
#endif
|
||||
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
|
||||
@ -1177,7 +1185,7 @@ static void init_printer_values(void)
|
||||
"lp -i %p-%j -H hold");
|
||||
string_set(&sDefault.szLpresumecommand,
|
||||
"lp -i %p-%j -H resume");
|
||||
#endif /* SYSV */
|
||||
#endif /* HPUX */
|
||||
break;
|
||||
|
||||
case PRINT_QNX:
|
||||
@ -1244,7 +1252,6 @@ static void init_globals(void)
|
||||
|
||||
string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE);
|
||||
string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
|
||||
Globals.szPassdbBackend = str_list_make("smbpasswd unixsam", NULL);
|
||||
|
||||
/* use the new 'hash2' method by default */
|
||||
string_set(&Globals.szManglingMethod, "hash2");
|
||||
@ -1367,6 +1374,14 @@ static void init_globals(void)
|
||||
a large number of sites (tridge) */
|
||||
Globals.bHostnameLookups = False;
|
||||
|
||||
#ifdef WITH_LDAP_SAMCONFIG
|
||||
string_set(&Globals.szLdapServer, "localhost");
|
||||
Globals.ldap_port = 636;
|
||||
Globals.szPassdbBackend = str_list_make("ldapsam unixsam", NULL);
|
||||
#else
|
||||
Globals.szPassdbBackend = str_list_make("smbpasswd unixsam", NULL);
|
||||
#endif /* WITH_LDAP_SAMCONFIG */
|
||||
|
||||
string_set(&Globals.szLdapSuffix, "");
|
||||
string_set(&Globals.szLdapMachineSuffix, "");
|
||||
string_set(&Globals.szLdapUserSuffix, "");
|
||||
@ -1582,6 +1597,11 @@ FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
|
||||
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
|
||||
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
|
||||
FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
|
||||
|
||||
#ifdef WITH_LDAP_SAMCONFIG
|
||||
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
|
||||
FN_GLOBAL_INTEGER(lp_ldap_port, &Globals.ldap_port)
|
||||
#endif
|
||||
FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
|
||||
FN_GLOBAL_STRING(lp_ldap_machine_suffix, &Globals.szLdapMachineSuffix)
|
||||
FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix)
|
||||
|
@ -1730,8 +1730,23 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
|
||||
|
||||
if (location) {
|
||||
ldap_state->uri = talloc_strdup(pdb_context->mem_ctx, location);
|
||||
#ifdef WITH_LDAP_SAMCONFIG
|
||||
} else {
|
||||
ldap_state->uri = "ldap://localhost";
|
||||
int ldap_port = lp_ldap_port();
|
||||
|
||||
/* remap default port is no SSL */
|
||||
if ( (lp_ldap_ssl() == LDAP_SSL_OFF) && (ldap_port == 636) ) {
|
||||
ldap_port = 389;
|
||||
}
|
||||
|
||||
ldap_state->uri = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() ? "ldap" : "ldaps", lp_ldap_server(), ldap_port);
|
||||
if (!ldap_state->uri) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
#else
|
||||
} else {
|
||||
ldap_state->uri = "ldaps://localhost";
|
||||
#endif
|
||||
}
|
||||
|
||||
(*pdb_method)->private_data = ldap_state;
|
||||
|
@ -95,7 +95,7 @@ BOOL secrets_delete(const char *key)
|
||||
return tdb_delete(tdb, kbuf) == 0;
|
||||
}
|
||||
|
||||
BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid)
|
||||
BOOL secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
|
||||
{
|
||||
fstring key;
|
||||
|
||||
@ -104,7 +104,7 @@ BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid)
|
||||
return secrets_store(key, sid, sizeof(DOM_SID));
|
||||
}
|
||||
|
||||
BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
|
||||
BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)
|
||||
{
|
||||
DOM_SID *dyn_sid;
|
||||
fstring key;
|
||||
@ -128,7 +128,7 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
|
||||
return True;
|
||||
}
|
||||
|
||||
BOOL secrets_store_domain_guid(char *domain, GUID *guid)
|
||||
BOOL secrets_store_domain_guid(const char *domain, GUID *guid)
|
||||
{
|
||||
fstring key;
|
||||
|
||||
@ -137,7 +137,7 @@ BOOL secrets_store_domain_guid(char *domain, GUID *guid)
|
||||
return secrets_store(key, guid, sizeof(GUID));
|
||||
}
|
||||
|
||||
BOOL secrets_fetch_domain_guid(char *domain, GUID *guid)
|
||||
BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid)
|
||||
{
|
||||
GUID *dyn_guid;
|
||||
fstring key;
|
||||
@ -227,7 +227,7 @@ BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock)
|
||||
the above call.
|
||||
************************************************************************/
|
||||
|
||||
BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
|
||||
BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
|
||||
time_t *pass_last_set_time)
|
||||
{
|
||||
struct machine_acct_pass *pass;
|
||||
|
@ -277,8 +277,13 @@ struct cli_state *net_make_ipc_connection(unsigned flags)
|
||||
} else {
|
||||
nt_status = connect_to_ipc(&cli, &server_ip, server_name);
|
||||
}
|
||||
|
||||
SAFE_FREE(server_name);
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
return cli;
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
static int net_user(int argc, const char **argv)
|
||||
|
@ -309,15 +309,24 @@ static int rpc_join_usage(int argc, const char **argv)
|
||||
* Main 'net_rpc_join()' (where the admain username/password is used) is
|
||||
* in net_rpc_join.c
|
||||
* Assume if a -U is specified, it's the new style, otherwise it's the
|
||||
* old style
|
||||
* old style. If 'oldstyle' is specfied explicity, do it and don't prompt.
|
||||
**/
|
||||
|
||||
int net_rpc_join(int argc, const char **argv)
|
||||
{
|
||||
struct functable func[] = {
|
||||
{"oldstyle", net_rpc_join_oldstyle},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
if (argc == 0) {
|
||||
if ((net_rpc_join_oldstyle(argc, argv) == 0))
|
||||
return 0;
|
||||
|
||||
return net_rpc_join_newstyle(argc, argv);
|
||||
}
|
||||
|
||||
return net_run_function(argc, argv, func, rpc_join_usage);
|
||||
}
|
||||
|
||||
|
||||
|
@ -52,6 +52,7 @@ static void usage(void)
|
||||
printf(" -c SID change group\n");
|
||||
printf(" -u unix group\n");
|
||||
printf(" -d description group description\n");
|
||||
printf(" -r rid RID of new group\n");
|
||||
printf(" -x group delete this group\n");
|
||||
printf("\n");
|
||||
printf(" -t[b|d|l] type: builtin, domain, local \n");
|
||||
|
Loading…
Reference in New Issue
Block a user