IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Zero out these members of struct secrets_domain_info1_password:
DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Zero out these members of struct secrets_domain_info1_password:
DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If domain or username are empty strings (""), we need to free them.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This makes sure that strlen(user->plaintext_pw) is not called twice.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 11 06:34:56 UTC 2022 on sn-devel-184
It was introduced in 2002. Probably we no longer need to support
password upgrade from samba-2.2.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 8 19:03:08 UTC 2022 on sn-devel-184
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This helps to avoid timing attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 26 20:16:33 UTC 2022 on sn-devel-184
This will be changed to support UPNs too in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This address an issue if sssd is running and handling nsswitch. If we look up
a user with getpwnam("DOMAIN\user") it will return user@REALM in the passwd
structure. We need to be able to deal with that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.
It means that role won't result in ROLE_STANDALONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184
nt_name and comment are allocated via talloc_strdup(). Length
is not guaranteed to be sizeof(fstring) and so rather than use
fstrcpy into a possibly NULL buffer, free original string, then
talloc_strdup() the one provided to us.
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 27 22:07:45 UTC 2021 on sn-devel-184
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Best reviewed with "git show -b", there's a "continue" statement that
changes subsequent indentation.
Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED
Add comments to explain the use of the three lookup
loops.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14571
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Apr 29 09:55:51 UTC 2021 on sn-devel-184
The recently introduced function secrets_store_creds() should always
use 'return false' in case of a failure. It is not only spelling issue
since 'return 1' actually means 'return true'.
Signed-off-by: Pavel Filipensky <pavel.filipensky@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 20 06:42:50 UTC 2021 on sn-devel-184
