1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

34 Commits

Author SHA1 Message Date
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
ffdfcfb514 s3-dsgetdcname: always pass in messaging context.
Volker, please check.

Guenther
2010-09-23 10:26:25 -07:00
Günther Deschner
102a70e809 s3-util: use shared dom_sid_dup.
Guenther
2010-09-20 14:05:07 -07:00
Stefan Metzmacher
08cf7ac7a0 s3:libnet/libnet_samsync.c: we also need some ndr_pull functions
metze
2010-08-08 11:05:18 +02:00
Günther Deschner
80b47fcb0a s3-libnet: better separate headers.
Guenther
2010-07-13 22:40:46 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.
Guenther
2009-11-26 20:03:17 +01:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code
This is particuarly in the netlogon client (but not server at this
stage)
2009-04-14 16:23:44 +10:00
Andrew Bartlett
df8e1908ef Use common samsync delta decryption functions in libnet_samsync.c
Andrew Bartlett
2009-04-14 16:23:43 +10:00
Andrew Bartlett
fe0f0e5670 Adapt to common crypto functions: sam_pwd_hash() -> sam_rid_crypt() 2009-04-14 16:23:42 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
2009-04-14 16:23:35 +10:00
Günther Deschner
e3f7057b09 s3-libnet: Fix Bug #6193: avoid messing with sync_context in libnet_samsync_delta().
We absolutely need to avoid messing with the sync_context as that breaks the
stream of replication data coming from the DC (only replicates ~350 instead of
~4000 groups).

Guenther
2009-03-25 16:09:13 +01:00
Günther Deschner
c8b0196c95 s3-libnet: fix build warning (missing prototype).
Guenther
2008-12-09 15:07:47 +01:00
Günther Deschner
b8769141e6 s3-libnet-samsync: refactor libnet_samsync.
Guenther
2008-11-18 16:05:29 +01:00
Günther Deschner
6aaf220f9e s3-libnet-samsync: use netr_DatabaseDeltas unless full replication enforced.
Guenther
2008-11-18 16:05:10 +01:00
Günther Deschner
9051351509 s3-libnet-samsync: pass sequence number pointer to process routine.
Guenther
2008-11-18 16:05:03 +01:00
Günther Deschner
8c67159755 s3-libnet-samsync: move all modules to startup,process,finish callbacks.
Guenther
2008-11-18 16:04:54 +01:00
Günther Deschner
677921b9a3 s3-libnet-samsync: call init and close ops function where appropriate.
Guenther
2008-11-18 16:04:46 +01:00
Günther Deschner
eef8de5c88 s3-libnet-samsync: use samsync_ops.
Guenther
2008-11-18 16:04:39 +01:00
Günther Deschner
1a48107cc4 s3-libnet-samsync: add support for partial replication.
Guenther
2008-11-18 15:59:24 +01:00
Jeremy Allison
f53578daf4 Fix net rpc vampire, based on an *amazing* piece of debugging work by "Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch.  In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file.  What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false.  So I think the
rid_crypt param should be false in fetch_database().

If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash().  I believe this is what is scrambling my passwords.

These methods were refactored somewhere in the 3.3 branch.  Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false.  I think that's correct.  But the
second bug has carried through in the sam_account_from_delta()
function:

 208         if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
 209                 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
 210                 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
 211         }
 212
 213         if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
 214                 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
 215                 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);

If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field.  So the LanMan and NT hashes look like they're being put in
the opposite fields."

Fix this by removing the rid_crypt parameter.
Jeremy.
2008-10-22 13:21:23 -07:00
Günther Deschner
fd3ba988dc s3-nbt: fix remaining callers of ndr_push/pull_struct_blob.
Guenther
2008-09-23 09:49:56 +02:00
Günther Deschner
3ea5c185ad build: fix some no previous prototype warnings.
Guenther
(This used to be commit 51062534fd)
2008-07-30 18:10:46 +02:00
Günther Deschner
92df9ae393 net_vampire: use bool for last_query information in samsync.
Guenther
(This used to be commit fa1976e23a)
2008-06-27 01:59:26 +02:00
Günther Deschner
adef1b004b net_vampire: add code to vampire a SAM database to a keytab file.
Guenther
(This used to be commit ee6e422c0e)
2008-06-24 23:40:14 +02:00
Günther Deschner
48a680ecf2 net_vampire: more libnet_samsync restructuring.
Guenther
(This used to be commit 3bcda522f0)
2008-06-23 23:38:53 +02:00
Günther Deschner
8725626ec8 net_vampire: prepend libnet_ to the public samsync functions.
Guenther
(This used to be commit f020c947cf)
2008-06-23 23:38:52 +02:00
Günther Deschner
ddf6e73b1f net_vampire: move pull_netr_AcctLockStr() to libnet.
Guenther
(This used to be commit 8ec64a96e4)
2008-06-23 23:38:52 +02:00
Günther Deschner
fefcb70f87 net_vampire: add error and result_message to samsync_context.
Guenther
(This used to be commit e0b1172004)
2008-06-17 19:55:16 +02:00
Günther Deschner
49b269f50f net_vampire: add domain_name to samsync_context.
Guenther
(This used to be commit 7e7f07ec59)
2008-06-17 19:55:10 +02:00
Günther Deschner
45bce6e505 net_vampire: fix samsync_process_database().
Turns out the password hashes are not rid encrypted in the samsync reply.

Guenther
(This used to be commit 7d8d60bcba)
2008-06-17 10:49:14 +02:00
Günther Deschner
0d0043697d net_vampire: fix build warning.
Guenther
(This used to be commit eb4232fec0)
2008-06-17 10:49:14 +02:00
Günther Deschner
ccdcbc2efe net_vampire: move some samsync functions to libnet.
Guenther
(This used to be commit b3b6af0a3e)
2008-06-17 10:49:13 +02:00
Günther Deschner
61b68fc43c samsync: add samsync_fix_delta_array()
This code is vastly based on samba4 code.

Guenther
(cherry picked from commit 5b68be9699)
(This used to be commit 2c53d87de4)
2008-06-13 12:23:50 +02:00