1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

100 Commits

Author SHA1 Message Date
Andrew Bartlett
add8505fde s3-passdb Make pdb_element_is_changed available to all passdb modules
This will allow pdb_samba4 to use this

Andrew Bartlett
2011-08-13 12:30:49 +10:00
Andrew Bartlett
6e6aaacedb lib/util Move bitmap.c to lib/util 2011-07-08 11:23:23 +02:00
Andrew Bartlett
d5e6a47f06 s3-talloc Change TALLOC_P() to talloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Jeremy Allison
309a8fd7c6 Fix bug #7054 - X account flag does not work when pwdlastset is 0.
Don't allow pass_last_set_time to be set to zero (which means
"user must change password on next logon") if user object doesn't
allow password change.

Don't automatically allow user object password change if
"user must change password on next logon" is set.

Jim please check.

Jeremy.
2011-05-24 20:14:35 +02:00
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed.
Guenther
2011-03-30 01:13:07 +02:00
Volker Lendecke
943aac2e36 s3: Add "len" to pdb_set_hours 2011-02-19 11:32:49 +01:00
Volker Lendecke
ead7ffa1a7 s3: Add "code_page" to struct samu 2011-02-15 21:12:22 +01:00
Volker Lendecke
d9d0fef862 s3: Add "country_code" to struct samu 2011-02-15 21:12:22 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Simo Sorce
0a7ff14617 s3:passdb Export function to calculate the proper primary group sid
Don't keep it buried in passdb, this function need to be available
for use in places where we do not want to construct an artificial
samu struct just to play tricks.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07 22:53:08 +10:00
Simo Sorce
d85d85b851 s3:passdb Fix memory leak
We were allocating this passwd structure on sampass, but never freeing
it nor assigning it to unix_pw where it could be reused.
2010-05-29 10:54:08 -04:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Andrew Bartlett
a92b653af9 s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:24:55 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
2010-05-18 00:44:26 +02:00
Stefan Metzmacher
9fbbaa560a s3:passdb: avoid sid_to_gid() if the sid is "domain users"
If the call fails we would use the "domain users" sid anyway.

metze
2010-03-25 21:25:27 +01:00
Stefan Metzmacher
4dc2be2264 s3:passdb: only use gid_to_sid() result if the result is a group of our local sam
Otherwise retry with pdb_gid_to_sid().

metze
2010-02-09 12:57:01 +01:00
Stefan Metzmacher
e10d086956 s3:passdb: speed up pdb_get_group_sid()
Use the cached version gid_to_sid() instead
of pdb_gid_to_sid().

And also avoid the expensive lookup_sid() call
for wellkown domain groups.

metze
2010-02-08 11:23:23 +01:00
Volker Lendecke
004e3e400d s3: Hide some uses of pdb_get_init_flags (which I would love to remove...) 2010-02-05 21:11:17 +01:00
Stefan Metzmacher
0c93aa3cd5 s3:passdb: fix a type Domain Users has RID -513
metze
2010-02-04 15:19:50 +01:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Michael Adam
017ccd0bda s3:passdb: store the plain nt passwords hashes in history, not salted md5
This is in order to be able to do challenge response with the history,
so that this can be checked when an invalid password was entered:
If the given password is wrong but in the history, then the bad password
count should not be updated...

The "lucky" bit here is that the md5 has and the nt hash (md4) both are
16 bytes long.

This is part of the fix for bug #4347 .

Michael
2010-01-07 16:51:17 +01:00
Volker Lendecke
5e2fc28b63 s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymore 2010-01-07 11:07:54 +01:00
Volker Lendecke
2a11f3b3d7 s3: Simplify pdb_set_plaintext_passwd: pwHistLen==0 was checked above 2010-01-07 11:07:54 +01:00
Volker Lendecke
ec0998ada5 s3: Add a paranoia check to pdb_set_plaintext_passwd() 2010-01-07 11:07:54 +01:00
Volker Lendecke
a3f522202d s3: Simplify pdb_set_plaintext_passwd() by removing a redundant condition
if (current_history_len != pwHistLen) {
     if (current_history_len < pwHistLen) {
     }
}

The second "if" is a bit pointless here
2010-01-07 11:07:54 +01:00
Volker Lendecke
7633837026 s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytes 2010-01-07 11:07:53 +01:00
Volker Lendecke
864ed92954 s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_array 2010-01-07 11:07:53 +01:00
Volker Lendecke
e7290255f5 s3: Make use of talloc_array in pdb_set_plaintext_passwd() 2010-01-07 11:07:53 +01:00
Volker Lendecke
7ba006430f s3: Simplify pdb_set_plaintext_passwd() a bit
Remove an indentation by the early return in

+       if (pwHistLen == 0) {
+               /* Set the history length to zero. */
+               pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+               return true;
+       }
2010-01-07 11:07:52 +01:00
Volker Lendecke
ca6c1cdd5f s3: Simplify pdb_set_plaintext_passwd() slightly
No functional change, this just removes an indentation level by the early
"return True;" in

+       if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
+               /*
+                * No password history for non-user accounts
+                */
+               return true;
+       }

Volker
2010-01-07 11:07:52 +01:00
Michael Adam
2fad148b27 s3:pdb_set_pw_history: free the old history before setting the new.
This is not strictly necessary, since this only leaks into the
struct samu, and this is not so long-lived in the code path that
changes the password, but it definitely correct and does not harm.

Michael
2010-01-07 11:07:51 +01:00
Günther Deschner
9f15ef11bd s3-account_policy: add pdb_policy_type enum.
Guenther
2009-07-14 12:12:18 +02:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
2009-04-14 16:23:35 +10:00
Volker Lendecke
b1677505a5 Fix some nonempty blank lines 2009-02-08 13:53:49 +01:00
Volker Lendecke
2b3d03d6f1 Remove unix_homedir from struct user_struct
This makes pdb_get_unix_homedir unused. I wonder if that was ever really used...
(This used to be commit 36bfd32f1f)
2008-05-05 18:28:58 +02:00
Günther Deschner
7dfeae6073 Use netr_SamInfo3 in remaining places.
Guenther
(This used to be commit 92fca97951)
2008-02-17 02:12:01 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec)
2007-12-15 22:09:36 +01:00
Jeremy Allison
66298d8080 More pstring elimination.
Jeremy.
(This used to be commit 15074de938)
2007-11-20 17:18:16 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687e)
2007-10-10 12:22:01 -05:00
Jim McDonough
dc1f0804dd r19058: Implement "user cannot change password", and complete "user must change
password at next logon" code.  The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it.  The "can change" and "must change" times are now calculated
based on the "last set" time and policies.

We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero).  Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
2007-10-10 12:15:06 -05:00
Jim McDonough
e04dda6a2a r18722: Fix up password change times. The can change and must change times are
calculated based on the last change time, policies, and acb flags.

Next step will be to not bother storing them.  Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e5)
2007-10-10 12:00:52 -05:00
Gerald Carter
3c222089ed r18684: pdb_get_group_sid() has to use the Get_Pwnam_alloc() call
to ensure it finds the Unix user.
(This used to be commit 4cea9bfca1)
2007-10-10 12:00:47 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Jeremy Allison
795c99d6b8 r16381: Now samu can't be null don't check it on set. Klockwork
related fix.
Jeremy.
(This used to be commit 2e5a881478)
2007-10-10 11:18:50 -05:00
Jeremy Allison
f9147c4e40 r16241: Fix Klocwork #106 and others like it.
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
2007-10-10 11:17:27 -05:00