1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

2060 Commits

Author SHA1 Message Date
Andreas Schneider
99859479fc s3:passdb: Do not return OK if we don't have pinfo set up
This prevents a crash in fill_mem_keytab_from_secrets()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 19 00:32:22 CEST 2018 on sn-devel-144
2018-04-19 00:32:22 +02:00
Douglas Bagnall
2a305014b5 s3/py_passdb: initialize optional parameters earlier
It is just a bit easier to see what is happening.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-04-13 07:27:14 +02:00
Volker Lendecke
de48619c15 pdb_nds: Fix CID 1273401 Unused value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-04-07 02:11:20 +02:00
Joe Guo
d28379dc4a wscript_build: fix c modules deps name for Python 3
In wscript_build, the lib name in deps list may have postfix for Python
3. Instead of hard coding the base name directly, need to load correct
name for each Python version with `bld.pyembed_libname`.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Noel Power
c6bba60c8b python3 port for passdb module
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Volker Lendecke
bc16f7dafb pdb_ldap: Fix CID 1363266 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-04-04 00:44:23 +02:00
Andreas Schneider
db31156daf s3:passdb: Fix size types
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-20 23:16:16 +01:00
Stefan Metzmacher
9bbabf628e pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 20 01:29:40 CET 2018 on sn-devel-144
2018-03-20 01:29:40 +01:00
Stefan Metzmacher
c5874b9b68 s3:passdb: add create_builtin_guests()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:49 +01:00
Stefan Metzmacher
efdc617c76 s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
We should not crash if we're called with NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-15 21:54:16 +01:00
Volker Lendecke
4e5c942708 pdb: Fix CID 1427620 Resource leak
It's not exactly a resource leak (we only really realloc if we shrink
dramatically), but assigning the result from tdb_realloc looks nicer.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-17 19:24:11 +01:00
Volker Lendecke
e4f62d4e4b pdb: Fix CID 1427624 Resource leak
It's not exactly a resource leak (we only really realloc if we shrink
dramatically), but assigning the result from tdb_realloc looks nicer.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-17 19:24:11 +01:00
Ralph Boehme
fa3b81b21c pdb_samba_dsdb: set PDB_CAP_TRUSTED_DOMAINS_EX
Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:07 +01:00
Ralph Boehme
f8bcd37058 pdb_samba_dsdb: implement pdb_samba_dsdb_del_trusted_domain
Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:07 +01:00
Ralph Boehme
a55643701b pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusted_domain
Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:07 +01:00
Stefan Metzmacher
3091ea3b7a pdb_samba_dsdb: implement PDB_CAP_TRUSTED_DOMAINS_EX related functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:07 +01:00
Stefan Metzmacher
6f9232e26c pdb_samba_dsdb: implement pdb_samba_dsdb_enum_trusteddoms()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:07 +01:00
Volker Lendecke
6423ca4bf2 lib: Use messaging_send_all instead of message_send_all
Just a global search&replace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:13 +01:00
Volker Lendecke
fc2f0023a0 messaging: Remove the "n_sent" arg from message_send_all
The only user of this is an informative message in smbcontrol. I don't think
that's worth the effort.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
3c5027556a passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-13 23:54:46 +01:00
Andreas Schneider
f56ce215c7 s3:passdb: Fix a memory leak in secrets_fetch_or_upgrade_domain_info()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 13 14:05:46 CET 2017 on sn-devel-144
2017-11-13 14:05:46 +01:00
Andreas Schneider
5274beba4c s3:passdb: Make sure the salt is fully initialized before passing
Otherwise the magic member is not initialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-27 01:00:26 +02:00
Andreas Schneider
d6a418c13f s3:secrets: Do not leak memory of pw and old_pw
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-27 01:00:25 +02:00
Andrew Bartlett
c1e41d489d samdb: Rework samdb_connect_url() to return LDB error code and an error string
This allows debugging of why the LDB failed to start up.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-20 02:25:30 +02:00
Stefan Metzmacher
37e49a2af5 s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC
The reason for the check is for write access as secrets.ldb is the
master database.

But secrets_fetch_or_upgrade_domain_info() just syncs the values
we got from if they got overwritten by secrets_store_machine_pw_sync().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-08-18 06:07:12 +02:00
Stefan Metzmacher
f513c20ee0 s3:secrets: remove unused secrets_store_[prev_]machine_password()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
5f0038fba6 s3:secrets: add infrastructure to use secrets_domain_infoB to store credentials
We now store various hashed keys at change time and maintain a lot of details
that will help debugging failed password changes.

We keep storing the legacy values:
 SECRETS/SID/
 SECRETS/DOMGUID/
 SECRETS/MACHINE_LAST_CHANGE_TIME/
 SECRETS/MACHINE_PASSWORD/
 SECRETS/MACHINE_PASSWORD.PREV/
 SECRETS/SALTING_PRINCIPAL/DES/

This allows downgrades to older Samba versions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
bfe35abc1f s3:secrets: use secrets_delete for all keys in secrets_delete_machine_password_ex()
We just want all values to be removed at the end, it doesn't matter
if they didn't existed before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
dfaadc8192 s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
cf8a4646fe s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
5bc2764fe5 s3:secrets: rewrite secrets_delete_machine_password_ex() using helper variables
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
5b95cb74e7 s3:secrets: replace secrets_delete_prev_machine_password() by secrets_delete()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
45eea321a6 s3:secrets: let secrets_store_machine_pw_sync() delete the des_salt_key when there's no value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
c5ded11237 s3:secrets: make use of secrets_delete() in secrets_store_machine_pw_sync()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
fde4af1c32 s3:secrets: re-add secrets_delete() helper to simplify deleting optional keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
cd1e888773 s3:secrets: rename secrets_delete() to secrets_delete_entry()
secrets_delete_entry() fails if the key doesn't exist.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
4e37d7805b s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
99013685a1 s3:secrets: add some const to secrets_store_domain_guid()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
d37e30cef7 s3:secrets: split out a domain_guid_keystr() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:44 +02:00
Stefan Metzmacher
072dd87e63 s3:secrets: rework des_salt_key() to take the realm as argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:44 +02:00
Stefan Metzmacher
504b446d8d s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c
These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:44 +02:00
Volker Lendecke
4ceba0e18f secrets: Protect against a non-0-terminated ldap password
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-04-22 05:20:20 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Volker Lendecke
848067abbc smbldap: Introduce "smbldap_get_paged_results"
This should be hidden inside smbldap.c, but this is a quick way to
get smbldap_state private to smbldap.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-04-20 10:13:25 +02:00
Volker Lendecke
84b7125b99 smbldap: Introduce "smbldap_get_paged_results"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-04-20 10:13:25 +02:00
Volker Lendecke
46968fc60f smbldap: Introduce "smbldap_get_ldap"
This is a pretty big boiler-plate change. I've renamed the struct member
temporarily to find all accessors. Not sure where this leads in the end, but
the goal is to make struct smbldap_struct private to smbldap.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-04-20 10:13:25 +02:00
Volker Lendecke
4fe2b24b34 smbldap: Move ldapsam_privates to pdb_ldap.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 18 22:52:03 CEST 2017 on sn-devel-144
2017-04-18 22:52:03 +02:00
Volker Lendecke
7459289551 lib: Remove unused winbind_get_groups and _get_sid_aliases
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:18 +02:00
Volker Lendecke
c5e101af2b passdb: Remove pdb_ipa
The version used these days can be found under

https://pagure.io/freeipa/blob/master/f/daemons/ipa-sam

Having a stale copy in Samba only confuses things.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 15 09:18:21 CET 2017 on sn-devel-144
2017-03-15 09:18:21 +01:00
Stefan Metzmacher
d961ae9d14 s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.

At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.

In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-24 18:40:14 +01:00