1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-31 17:18:04 +03:00
Commit Graph

133 Commits

Author SHA1 Message Date
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Günther Deschner
58db720e27 s3-auth: run minimal_includes.pl
Guenther
2011-05-05 02:05:26 +02:00
Günther Deschner
7e73214ebf s3-auth: use auth.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Andrew Bartlett
fc956cfcbb s3:auth Rename user_info->domain -> user_info->mapped.domain_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
2010-06-07 23:34:28 +10:00
Andrew Bartlett
7a021df96d s3:auth Rename user_info->internal_username -> user_info->mapped.account_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
2010-06-07 23:34:28 +10:00
Simo Sorce
33c633df0b s3:auth make it easier to trace auth modules 2010-05-29 17:08:10 -04:00
Volker Lendecke
5792ccc7c8 s3: Move check_sam_security to auth/check_sam.c 2010-04-11 22:59:46 +02:00
Volker Lendecke
04f9e33de1 s3: Make check_sam_security public 2010-04-11 22:59:46 +02:00
Volker Lendecke
a0c175eca9 s3: Replace "auth_context" by "challenge" in need_to_increment_bad_pw_count args 2010-04-11 22:59:45 +02:00
Volker Lendecke
19c0086553 s3: Replace "auth_context" by "challenge" in sam_password_ok args 2010-04-11 22:59:45 +02:00
Volker Lendecke
a2d1e5e0f7 s3: Remove the make_auth_methods routine
This was just TALLOC_ZERO_P
2010-04-11 13:53:19 +02:00
Michael Adam
8573471154 s3:auth: fix account unlock regression introduced with fix for bug #4347
By an oversight, the patchset for #4347 made the unlocking of a locked
account after the lockout duration ineffective.
Thanks to Björn for finding this!

Michael
2010-01-14 15:48:09 +01:00
Michael Adam
444ecac2d2 s3:auth: add comment to nulling out stolen sampass
Adding this comment makes me think, I could also
have changed make_server_info_sam() talloc_move
instead of talloc_steal, but that would have
changed the signature... Well the comment is a
first step. :-)

Michael
2010-01-12 16:19:56 +01:00
Volker Lendecke
081573091b s3: Remove the typedef for "auth_serversupplied_info" 2010-01-10 20:56:16 +01:00
Volker Lendecke
9bb4766bba s3: Remove the typedef for "auth_usersupplied_info" 2010-01-10 20:56:16 +01:00
Michael Adam
dc68982711 s3:auth: don't update the bad pw count if pw is among last 2 history entries
This conforms to the behaviour of Windows 2003:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

This is supposed to fixes Bug #4347 .

Michael
2010-01-07 16:51:18 +01:00
Michael Adam
46111dc4e4 s3:auth:check_sam_security: introduce a bool var to control pad_pw_count incrementation
This is a preparatory patch for the last part in fixing bug #4347 .

Michael
2010-01-07 16:51:18 +01:00
Michael Adam
7248873b48 s3:auth:check_sam_security: improve calling and logging of pdb_update_sam_account
Log what went wrongl, and also call pdb_update_sam_account inside
become_root/unbecome_root: do the logging outside.

Michael
2010-01-07 11:07:57 +01:00
Michael Adam
5ad1b7e0c5 s3:auth:check_sam_security: fix a leading tab/ws mixup
Michael
2010-01-07 11:07:57 +01:00
Michael Adam
970317c413 s3:auth:check_sam_security: create (and use) a common exit point
for use after sam_password_ok() has been called.

Michael
2010-01-07 11:07:56 +01:00
Michael Adam
de4fb80bee s3:auth:check_sam_security: null out sampass after it has been stolen.
So that a later talloc_free would not harm. I could have used
talloc_move instead of talloc steal in make_server_info_sam(),
but this would have required a change of the signature.

Michael
2010-01-07 11:07:56 +01:00
Michael Adam
3634859450 s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not sampass
This is in preparation to extending check_sam_security to also check
against the password history before updating the bad password count.
This way, sam_password_ok can more easily be reused for that purpose.

Michael
2010-01-07 11:07:56 +01:00
Michael Adam
c0f404a2e4 s3:auth: use data_blob_null instead of data_blob(NULL, 0) in sam_password_ok()
This way it is more explicit that there is no allocated data here
that may leak.

Michael
2010-01-07 11:07:56 +01:00
Michael Adam
0172587d8d s3:auth:sam_password_ok: fix allocation of a data blob.
data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but
copies 16 bytes from mem_ctx into the newly allocated data blob.
This can not have been intentional. A blank uint8_t array of
length 16 is allocated by passing NULL instead of mem_ctx.
And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated
blank 16 byte array to mem_ctx - so this is what must have been
intended.

Michael
2010-01-07 11:07:56 +01:00
Michael Adam
7ac18c743b s3:auth:sam_password_ok: enhance readability (imho) by adding some pointers
and removing bool variables and several checks.

Michael
2010-01-07 11:07:55 +01:00
Michael Adam
b5fcb34d6c s3:check_sam_security: untangle assignment from statement
Michael
2010-01-07 11:07:55 +01:00
Karolin Seeger
71018ebe53 s3:auth: Fix typo in debug message.
Karolin
2009-12-07 14:38:18 +01:00
Jeremy Allison
74c405db40 Tidyup prompted by #6554 - Wrong deallocation in sam_account_ok.
Jeremy.
2009-07-16 09:54:14 -07:00
Andrew Bartlett
8ee7b4ce29 s3:auth Fix segfault: Always initialise returned session keys 2009-04-19 21:50:13 +02:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code
This is particuarly in the netlogon client (but not server at this
stage)
2009-04-14 16:23:44 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
2009-04-14 16:23:35 +10:00
Volker Lendecke
1cbc58d3be Fix some nonempty blank lines 2009-02-10 21:55:13 +01:00
Jelmer Vernooij
cb78d4593b Cope with changed signature of http_timestring(). 2008-10-11 23:57:44 +02:00
Jeremy Allison
ee6b168e6e Fix bug #5555. Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon.
Jeremy.
(This used to be commit 10da498a23)
2008-06-24 16:37:15 -07:00
Volker Lendecke
64ddd381b7 Rename server_info->was_mapped to server_info->nss_token
"nss_token" from my point of view much better reflects what this flag actually
represents
(This used to be commit b121a5acb2)
2008-05-07 14:47:29 +02:00
Günther Deschner
e3731bd148 Fix crash bug in check_sam_security() when make_server_info_sam() did a
talloc_steal and talloc_free on the sam account already.

Guenther
(This used to be commit dbc7237a8a)
2008-03-20 00:54:20 +01:00
Karolin Seeger
95eb2f2eba Fix typo.
Karolin
(This used to be commit 906e19bad4)
2008-02-05 16:23:09 +01:00
Jeremy Allison
42cfffae80 Remove next_token - all uses must now be next_token_talloc.
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f3936)
2007-12-07 17:32:32 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Gerald Carter
99b031e190 r25401: BUG 4982: Don't delete lanman hashes on invalid logins when
using the "lanman auth = no".  Tested by Guenter Kukkukk.
(This used to be commit 611fdd95a5)
2007-10-10 12:31:02 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Jeremy Allison
55ac16ba74 r23358: Fix from Justin Maggard <jmaggard@infrant.com> - ensure we don't
expire a password if it's explicitly set as ACB_PWNOTREQ.
Jeremy.
(This used to be commit 2ea5a6bd33)
2007-10-10 12:23:09 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687e)
2007-10-10 12:22:01 -05:00
Andrew Bartlett
ccc06f8441 r22022: - Clarify the comments
- make sure never to free an uninitialised variable

- ensure to free result on getpwnam_alloc failure

Andrew Bartlett
(This used to be commit 5fe3328e66)
2007-10-10 12:19:03 -05:00
Andrew Bartlett
fb3835846e r22020: Make it more clear that both the vuser struct and it's contents are
talloc_free()'ed at the end of a session.

Rework the passwd cache code to use talloc_unlink and
talloc_reference, to more carefully manage the cache.

Andrew Bartlett
(This used to be commit e3e0ec25e6)
2007-10-10 12:19:03 -05:00
Jim McDonough
dc1f0804dd r19058: Implement "user cannot change password", and complete "user must change
password at next logon" code.  The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it.  The "can change" and "must change" times are now calculated
based on the "last set" time and policies.

We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero).  Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
2007-10-10 12:15:06 -05:00
Jeremy Allison
a1e0a0e928 r16230: Fix Klocwork #861 and others. localtime and asctime
can return NULL. Ensure we check all returns correctly.
Jeremy.
(This used to be commit 6c61dc8ed6)
2007-10-10 11:17:26 -05:00
Volker Lendecke
0372e03722 r16204: Fix Klocwork # 14
localtime() can return NULL.

Volker
(This used to be commit 07c5dcb863)
2007-10-10 11:17:25 -05:00
Volker Lendecke
5ab7e77bc7 r15476: Transfer the was_mapped flag from user_info to server_info also in auth_sam
and auth_domain. Thanks for Simo to point this out.

Volker
(This used to be commit 293b89dfb1)
2007-10-10 11:16:52 -05:00