1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

387 Commits

Author SHA1 Message Date
Andreas Schneider
d41702abe0 s3:passdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-19 09:58:37 +00:00
Pavel Filipenský
12478c24b0 s3:passdb: s/BURN_PTR_SIZE/BURN_STR/ in samu_destroy()
This makes sure that strlen(user->plaintext_pw) is not called twice.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Pavel Filipenský
ad9044a17a s3:passdb: Zero memory using BURN_FREE_STR() in get_trust_pw_hash2()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Andreas Schneider
68b7863f19 s3:passdb: Correctly burn the plaintext_pw with samu_destroy()
memset() can be removed from the optimizer.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
16e97c5e2d s3:passdb: Remove trailing whitespaces
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Ralph Boehme
25043ebb2e source3: move lib/substitute.c functions out of proto.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-11-11 13:49:32 +00:00
Andreas Schneider
0f13044634 s3:passdb: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-29 02:19:35 +00:00
Andreas Schneider
521f77c667 auth:creds: Add obtained arg to cli_credentials_set_kerberos_state()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Volker Lendecke
a01f680e43 passdb: Add error checks in samu_set_unix_internal()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-27 13:24:35 +00:00
Volker Lendecke
8323c83473 passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Andreas Schneider
1298280a22 auth:creds: Rename CRED_USE_KERBEROS values
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-03 15:25:37 +00:00
Matthew DeVore
c2ac923c6a s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-28 00:56:34 +00:00
Noel Power
fba666cf2a s3/passed: clang: Fix 'Value stored during its initialization is never read'
Fixes:

source3/passdb/passdb.c:2502:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
        NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
                 ^~~~~~   ~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-26 18:41:27 +00:00
Volker Lendecke
6438819609 passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:24 +01:00
Stefan Metzmacher
d961ae9d14 s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.

At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.

In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-24 18:40:14 +01:00
Chris Lamb
06df7ae927 Correct "somthing" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Uri Simchoni
fb4778f4e9 passdb: add linefeed to debug message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11763

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  1 15:24:35 CET 2016 on sn-devel-144
2016-03-01 15:24:35 +01:00
Michael Adam
8ff3257c4c s3:passdb: move my_sam_name() from passdb to util_name.c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Stefan Metzmacher
12aaafd297 s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() first
NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2()
code.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
2014-12-18 06:46:05 +01:00
Andrew Bartlett
37f5d822d6 passdb: Use common code in cli_credentials_set_machine_account_db_ctx()
This avoids some duplication in setting the machine account passsword
for the domain member and DC case.

This does not yet remove the duplication, that requires a bigger
restructure of the various routines used here to obtain the machine
and domain trust secrets.

Also no longer used is the timeout/2 code to not set the previous
password.  It is now always passed to the caller.

Andrew Bartlett

Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-17 12:57:07 +02:00
Stefan Metzmacher
270f7b3441 s3:passdb: add pdb_get_trust_credentials()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2014-09-27 19:42:37 +02:00
Garming Sam
e23c7adb1a param: rename lp function and variable from 'guestaccount' to 'guest_account'
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07 16:19:10 -08:00
Andreas Schneider
6366ebb79b s3-lib: Add grpname to talloc_sub_specified().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-21 15:00:44 -08:00
Michael Adam
1ee95e4cb1 s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12 18:36:02 +02:00
Volker Lendecke
64ed94cf94 s3: Use hex_encode_buf
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May  4 20:32:37 CEST 2012 on sn-devel-104
2012-05-04 20:32:37 +02:00
Volker Lendecke
b0221ce0d8 s3: Use hex_encode_buf 2012-05-04 18:44:29 +02:00
Andrew Bartlett
4471778d78 s3-passdb: Remove unused sampass->pass_must_change_time
There is no need to call pdb_set_pass_must_change_time() because
nothing ever consults that value.  It is always calculated from the
domain policy.

Also, this means we no longer store the value in LDAP.  The value
would only ever be set when migrating from tdbsam or smbpasswd, not on
password changes, so would become incorrect over time.

Andrew Bartlett
2012-04-19 12:34:33 +02:00
Simo Sorce
995d156726 s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-10-12 19:28:12 +02:00
Amitay Isaacs
ae9a3274bc passdb: Call with correct backend methods instead of default methods
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13 12:30:48 +10:00
Jeremy Allison
ee34c25c8a First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems
Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);

and replace with their _m equivalents, as they are identical.
2011-07-19 13:19:29 -07:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Günther Deschner
d8cfca3a9b s3: only include tdb headers where needed.
Guenther
2011-05-06 10:48:10 +02:00
Jeremy Allison
cabd9e70e2 Simple +1 changes in hardcoded lengths when changing from safe_strcpy to strlcpy. 2011-05-04 12:12:14 -07:00
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
49fcf653b1 s3-includes: only include system/passwd.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
96487959e9 lib/util/util_pw: share more code between lib/util/util_pw.c and source3/lib/username.c
Guenther
2011-03-30 01:13:06 +02:00
Volker Lendecke
943aac2e36 s3: Add "len" to pdb_set_hours 2011-02-19 11:32:49 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Andrew Bartlett
a92b653af9 s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:24:55 +02:00
Günther Deschner
f6f3bb1813 s3-passdb: move get_logon_hours_from_pdb() into samr server.
Guenther
2010-05-18 21:43:05 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
2010-05-18 00:44:26 +02:00
Volker Lendecke
2ea2d2a81e s3: Fix bug 5198 -- parse chfn(1)-change gecos field 2010-02-13 17:23:43 +01:00
Volker Lendecke
b99046fed1 s3: Make pdb_copy_sam_account also copy the group sid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-08 11:23:23 +01:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place.
Guenther
2009-10-13 10:21:46 +02:00
Günther Deschner
9f15ef11bd s3-account_policy: add pdb_policy_type enum.
Guenther
2009-07-14 12:12:18 +02:00
Günther Deschner
28ef5c3ece s3-pdb_tdb: give 'unknown_str' the proper name 'comment' and set comment in passdb.
pdb_{get,set}_comment were already existing in the API but were never used.

Guenther
2009-06-29 22:36:12 +02:00