1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00

1433 Commits

Author SHA1 Message Date
Volker Lendecke
54ae9dfcbc Use sid_string_talloc where we have a tmp talloc ctx
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
2007-12-15 22:09:36 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15 22:09:36 +01:00
Volker Lendecke
105635e23c Use sid_string_talloc where we have a tmp talloc ctx
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-15 22:09:35 +01:00
Stefan Metzmacher
adc31b9235 Revert "Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames."
As it breaks all tests which try to join a new machine account.
So more testing is needed...

metze

This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380.
(This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
2007-12-14 08:28:10 +01:00
Michael Adam
ce76bcff29 Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.
Michael
(This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
2007-12-13 10:15:19 +01:00
Michael Adam
31f221ed93 Rename get_trust_pw() to get_trust_pw_hash().
Michael
(This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13 10:15:19 +01:00
Michael Adam
1084151442 Export logic of get_trust_pw() to new function get_trust_pw_clear().
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.

Michael
(This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
2007-12-13 10:15:18 +01:00
Michael Adam
fe969f9a7f Refactor the lagacy part of secrets_fetch_trust_account_password() out
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.

Michael
(This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc)
2007-12-13 10:15:18 +01:00
Michael Adam
f793c99ca5 Let get_trust_pw() determine the machine_account_name to use.
Up to now each caller used its own logic.

This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.

I hope I have not missed an important point here!

Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13 10:15:17 +01:00
Michael Adam
b99a6b0e8c Remove two unneeded functions.
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.

Michael
(This used to be commit 4788fe392427901f6b1c505e3a743136ac8a91ca)
2007-12-13 10:15:13 +01:00
Michael Adam
951466000c Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.

Michael
(This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
2007-12-13 10:15:13 +01:00
Michael Adam
2ade25279c Fix logic and prevent segfaults in secrets trustdom tdb pack code.
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.

Michael
(This used to be commit 9c24713b402978e74dc8691be5cab71d8666eb41)
2007-12-12 09:47:41 -08:00
Michael Adam
b0469d0b69 Fix secrets_store_trusted_domain_password() after pstring removal.
Jeremy, this small "&" sign has given me a headache... :-)

Michael
(This used to be commit 7590b12a994cc3c5f299ce7f3299c76adad1c599)
2007-12-12 09:47:28 -08:00
Jeremy Allison
7faee02d0d Remove the char[1024] strings from dynconfig. Replace
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
2007-12-10 11:30:37 -08:00
Jeremy Allison
42cfffae80 Remove next_token - all uses must now be next_token_talloc.
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-12-07 17:32:32 -08:00
Jeremy Allison
bcf033b38e Change tdb_unpack "P" to return a malloc'ed string rather
than expect a pstring space to put data into.
Fix the (few) callers.
Jeremy.
(This used to be commit 7722a7d2c63f84b8105aa775b39f0ceedd4ed513)
2007-12-03 14:54:06 -08:00
Jeremy Allison
1cd1c9db3f Remove unused prototype for smbldap_get_single_pstring().
Don't use pstr_sprintf() on an fstring - change to talloc.
Jeremy.
(This used to be commit 6cae4b5fa1bcb848cb2a28daaafeefd6bcd08274)
2007-11-27 22:22:35 -08:00
Michael Adam
96ea32b886 Use the proper boolean constants - the type has been
changed from BOOL to bool.

Michael
(This used to be commit 03673f2cd614526e7720275a5ba0869c68429f4d)
2007-11-27 16:36:06 +01:00
Volker Lendecke
d4bfafa29c Fix bug 5055
(This used to be commit 8bcd2df841bae63e7d58c35d4728b7d853471697)
2007-11-26 15:28:13 +01:00
Volker Lendecke
2b32252b8a Improve debug message
Fix bug 5056, thanks to debian package maintainer
(This used to be commit 5b4ba4bfc54e2fa468abe15383e5b33eb5bd1324)
2007-11-26 14:36:30 +01:00
Jeremy Allison
7ef6c19074 Remove pstrings from pam_smbpass - make local_password_change
return malloced strings.
Jeremy.
(This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
2007-11-21 17:42:52 -08:00
Jeremy Allison
66298d8080 More pstring elimination.
Jeremy.
(This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-11-20 17:18:16 -08:00
Jeremy Allison
51b46147f2 Remove smbldap_get_single_pstring() and all pstrings
from pdb_ldap.c. I don't have an LDAP passdb setup here,
so I'm going to need some help on testing this.
Jeremy.
(This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2)
2007-11-14 16:05:42 -08:00
Stefan Metzmacher
fdc27be1be remove faked_create_user() BUILD_FARM hack as we have nss_wrapper now
metze
(This used to be commit fc98c1904865608509a01911afa46de74873ef41)
2007-11-09 09:53:02 +01:00
Volker Lendecke
33d8317571 static pstring removal
(This used to be commit 5490e2d77233f594a42cb32eda8215014db544e3)
2007-11-05 03:16:58 +01:00
Gerald (Jerry) Carter
88ee61625a Patch 2 of 3 from Debian Samba packagers:
The point is doing the following associations:

- non discardable state data (all TDB files that may need to be backed
  up) go to statedir
- shared data (codepage stuff) go to codepagedir

The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.

The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875bb2653e831d314726c3240beb0a96b)
2007-11-01 15:53:44 -04:00
Jeremy Allison
101dc36162 Ensure temporary memory is freed - pointed out by "Li, Ying (ESG)" <ying.li2@hp.com>.
We aren't currently leaking memory, but are leaving it around for
longer than we need to.
Jeremy.
(This used to be commit 25bbc9a6613bef0f3f73ecf634a38a9d56020f40)
2007-10-26 17:58:28 -07:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-18 17:40:25 -07:00
Gerald (Jerry) Carter
e5a951325a [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10 15:34:30 -05:00
Gerald Carter
99b031e190 r25401: BUG 4982: Don't delete lanman hashes on invalid logins when
using the "lanman auth = no".  Tested by Guenter Kukkukk.
(This used to be commit 611fdd95a583ebd22ffa17e2f39c5a1bb0936c63)
2007-10-10 12:31:02 -05:00
Jeremy Allison
ab9d7bf4f9 r25165: Use talloc_asprintf_append_buffer with an unmodified
string.
Jeremy.
(This used to be commit fe30a523dfc77cc373145624246fd3ad5c62b9ac)
2007-10-10 12:30:47 -05:00
Michael Adam
e16f8188ea r25092: Add support for storing trusted domain passwords in LDAP for
passdb backend = ldapsam.

Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.

Michael
(This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
2007-10-10 12:30:39 -05:00
Michael Adam
3853c7e144 r25091: Start adding support for storing trusted domain passwords in LDAP
(for passdb backen = ldapsam). At a first step, add the hooks,
calling the secrets_ functions.

Michael
(This used to be commit 9c03cdf3a449149c50451a44deb420341e65af34)
2007-10-10 12:30:39 -05:00
Michael Adam
85811b273d r24991: Kill all those lots of trailing whitespaces from secrets.c.
These red bars in vi really hurt my eyes... :-o

Michael
(This used to be commit 2e99e141c3254fe072756697b8db3cbd4e4f1db4)
2007-10-10 12:30:31 -05:00
Michael Adam
f09b0d72f4 r24990: Kill an incredible amount of trailing whitespaces...
Further reformat get_trust_pw to conform to coding rules.

Michael
(This used to be commit b9e76a479e933084b1ee081ef5d8bd6bdbd7fadf)
2007-10-10 12:30:31 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10 12:28:27 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10 12:28:20 -05:00
Jeremy Allison
6afbd15b67 r23688: Fix bug #4759 reported by Raul <ismell@ismell.org>.
"N" is not a valid format entry for ber_printf, should be "n"
Jeremy.
(This used to be commit f3bb102c24018f0a91f8b51de6fe646c091da6be)
2007-10-10 12:23:45 -05:00
Günther Deschner
39607c9129 r23630: Found out what LSA_LOOKUP_NAMES level 5 means:
only query transitive forest trusts.

Guenther
(This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
2007-10-10 12:23:38 -05:00
James Peach
b1ce226af8 r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10 12:23:23 -05:00
Gerald Carter
9b78af1f64 r23244: Fix loop with nscd and NSS recusive calls.
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
>   winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
>   getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent.  So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ?  But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now.  The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
2007-10-10 12:22:58 -05:00
Gerald Carter
86f79c402d r23194: cherry pick two fixes from SAMBA_3_0_26
* strptime() failure check
* make legcacy sid/uid/gid calls static
(This used to be commit 3c9fb1c6f3263c0ce6edbf2a8824c153317a84a3)
2007-10-10 12:22:53 -05:00
Gerald Carter
fc1f6c7668 r23192: Remove fallback to looking up group mappings by the
Unix name after discussion with Simo.
(This used to be commit 6af4c1a73cdb523e5a81c15128c706a16f76c84d)
2007-10-10 12:22:53 -05:00
Simo Sorce
9826a0074a r23051: sid_to_[ug]id fixes for smbd
(This used to be commit 2d636ad2a33d0ca61bf6022feceed47dd68ef855)
2007-10-10 12:22:17 -05:00
Gerald Carter
53719c6d7d r23046: Few missing merges from cleaning out the Centeris winbindd tree.
Nothing of major interest.  Will fix a few problems with one way trusts.
(This used to be commit 3d48a7e72d9268fd495e0ca4b6e73bed5bb57214)
2007-10-10 12:22:17 -05:00
Jeremy Allison
c15c0f2a47 r23005: If we're running on a system where time_t is 8 bytes
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
(This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
2007-10-10 12:22:13 -05:00
Gerald Carter
78c59b56b7 r22977: Trim noise by removing redundant WARNING log message that
would flood at log level 2.  We know when we're using the legacy
mapping code anyways since it will log an informative msg.
(This used to be commit 51aac0fcb4528df790aa3ae078f9ef639cc01363)
2007-10-10 12:22:12 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10 12:22:01 -05:00
Volker Lendecke
9e30a76c04 r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
return values of some alias-releated pdb functions from BOOL to NTSTATUS

Thanks :-)
(This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
2007-10-10 12:21:57 -05:00