1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00

65658 Commits

Author SHA1 Message Date
Volker Lendecke
e65197e56f s3: Remove smbd_server_fd from receive_smb_raw
This is only called from client code
2010-08-17 22:44:03 +02:00
Volker Lendecke
a58cea0026 s3: Lift smbd_server_fd() from receive_smb_raw_talloc 2010-08-17 22:44:03 +02:00
Volker Lendecke
1f0afe1aed s3: Lift smbd_server_fd() from read_smb_length_return_keepalive 2010-08-17 22:44:03 +02:00
Volker Lendecke
7d164498db s3: Lift smbd_server_fd() from read_data()
All callers have appropriate debug messages themselves
2010-08-17 22:44:03 +02:00
Volker Lendecke
9671547d17 s3: Lift smbd_server_fd() from read_fd_with_timeout() 2010-08-17 22:44:03 +02:00
Matthias Dieter Wallnöfer
786c41b095 s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also here the new password change syntax 2010-08-17 19:24:23 +02:00
Matthias Dieter Wallnöfer
4c8edc8f5e s4:kdc/kpasswdd.c - let the user change his own password with his own rights
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.

NOTICE: I had to extract the old password from the SAMDB since I was unable to
find it somewhere else (authinfo for example).
2010-08-17 18:45:34 +02:00
Matthias Dieter Wallnöfer
cd711da6ca s4:samr RPC server - samr_password.c - make real user password changes work
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
2010-08-17 18:45:34 +02:00
Matthias Dieter Wallnöfer
2a423e0547 s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform password sets 2010-08-17 18:45:34 +02:00
Matthias Dieter Wallnöfer
eb345ebedf s4:samdb_set_password/samdb_set_password_sid - make more arguments "const" 2010-08-17 18:45:33 +02:00
Matthias Dieter Wallnöfer
d72d7f9c5f s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support the password change control
And introduce parameters to pass the old password hashes.
2010-08-17 18:45:33 +02:00
Matthias Dieter Wallnöfer
35954bb310 s4:password_hash LDB module - perform the adaptions to understand the new password change control 2010-08-17 18:45:33 +02:00
Matthias Dieter Wallnöfer
23bd3a7417 s4:acl LDB module - support password changes over the DSDB_CONTROL_PASSWORD_CHANGE_OID control
This control is used from the SAMR and "kpasswd" password changes. It is
strictly private and means "this is a password change and not a password set".
2010-08-17 18:45:33 +02:00
Matthias Dieter Wallnöfer
895a9fbbfb s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the control
This contains the NT and/or LM hash of the password specified by the user.
2010-08-17 18:45:32 +02:00
Matthias Dieter Wallnöfer
bbb9dc806e s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
2010-08-17 18:45:32 +02:00
Stefan Metzmacher
7eebcebbab Revert "waf: enable gccdeps in developer mode"
This reverts commit 61930f50cbace4741500d8b53fc11a4ef3e0d4f8.

This breaks the build with older gcc versions
gcc --version
gcc (SUSE Linux) 4.3.2 [gcc-4_3-branch revision 141291]
(This is SLES 11)

Please only enable it if thet compiler supports it.

metze
2010-08-17 17:32:13 +02:00
Stefan Metzmacher
656607943d s4:selftest: recreate $SELFTEST_PREFIX/s4client with each make test run
Otherwise just fill the disks of the build-farm hosts.

metze
2010-08-17 17:32:13 +02:00
Stefan Metzmacher
39f99e7d53 s4:selftest: run ldapi tests in 'dc:local' environment
metze
2010-08-17 17:32:11 +02:00
Nadezhda Ivanova
38e41728c5 s4-tests: Added tests for acl checks on search requests 2010-08-17 17:05:42 +03:00
Volker Lendecke
c360822226 s3: Directly call write_data from print_job_write() 2010-08-17 15:31:49 +02:00
Volker Lendecke
3aba8e9b7e s3: Remove unused "pos" arg from print_job_write 2010-08-17 15:31:49 +02:00
Andreas Schneider
feb22e0897 s3-samr: Correctly fix the transition from enum to uint32_t.
What type an enum is depends on the implementation, the compiler and
probably the compiler options. sizeof(enum) is normally not sizeof(int)!
2010-08-17 13:48:05 +02:00
Andrew Tridgell
56f04188df s4-ldb: ensure element flags are zero in ldb search return
the distinguishedName element was getting an uninitialised flags value
2010-08-17 21:21:51 +10:00
Andrew Tridgell
bb2ba90663 s4-ldbwrap: ensure session_info in ldb opaque remains valid
A DRS DsBind handle can be re-used in a later connection. This implies
reuse of the session_info for the connection. If the first connection
is shutdown then the session_info in the sam context on the 2nd
connection must remain valid.
2010-08-17 21:21:51 +10:00
Andrew Tridgell
8835a360ca s4-rpcserver: log unknown RPC calls at debug level 3
This was added as we are occasionally getting an encrypted unknown
netlogon call, and I'm having trouble looking at it in wireshark
2010-08-17 21:21:51 +10:00
Andrew Tridgell
2688375ffe s4-netlogon: added SEC_CHAN_RODC
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
2010-08-17 21:21:51 +10:00
Andrew Tridgell
82c171aa55 s4-net: use an encrypted ldap session when setting passwords
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:51 +10:00
Andrew Tridgell
896f10301c s4-dsdb: check the type of session_info from the opaque
we saw a crash with a bad pointer here, and this may help track it
down

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:51 +10:00
Andrew Tridgell
21729b63f0 s4-drs: allow getncchanges from RODC with WRIT_REP set
w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
45a2b408ba s4-drs: added domain_sid to DRS security checks
we need the domain_sid to determine if the account is a RODC for our
domain

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
84bedf4028 s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER
check more than the user_sid, and also check for the right rid value

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
4e9daa0f03 s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNT
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
df14f645b3 s4-dsdb: cope with cracknames of form dnsdomain\account
this is used by w2k8r2 when doing a RODC dcpromo

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
f6e0b151a3 s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumber
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
0caf347098 s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATION
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
9e27201b24 s4-ldb: added LDB_FLAG_INTERNAL_MASK
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
6baa834ebe s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.

This will allow us to use some of the other flags bits for internal
markers on elements

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
527042f78b s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add
this control disables the system only check for nTDSDSA add operations

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
974279b67d s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OID
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
2010-08-17 21:21:50 +10:00
Andrew Tridgell
eed3838b48 s4-ldapserver: support controls on ldap add and rename
we need to pass the controls down to the add and rename ldb operations

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Andrew Tridgell
191d632e23 s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OID
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.

There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:49 +10:00
Andrew Tridgell
dcd9fcc7b3 s4-ldap: use common functions for ldap flag controls encode/decode
many controls are simple present/not-present flags, and don't need
their own parsers

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:49 +10:00
Günther Deschner
16ad1bbb4e s3-dcerpc: try to fix the non gssapi build.
Guenther
2010-08-17 13:18:34 +02:00
Günther Deschner
36cfadcf6a s3-dcerpc: fix c++ build warning.
Guenther
2010-08-17 13:06:36 +02:00
Günther Deschner
35052d71d3 s3-dcerpc: fix uninitialized variable in cli_get_session_key().
Simo, please check.

Guenther
2010-08-17 13:06:13 +02:00
Günther Deschner
ff17516732 s3-util: remove unused variable.
Guenther
2010-08-17 13:04:32 +02:00
Simo Sorce
0a89722671 s3-ads: Remove unused function and file 2010-08-17 06:48:56 -04:00
Stefan Metzmacher
aca7b22e96 s3:winbindd: don't ignore 'result' in wb_dsgetdcname_done()
Ignoring it could cause a segfault in winbindd_getdcname_recv()

metze
2010-08-17 12:46:53 +02:00
Volker Lendecke
40ae8b74b6 s3: Remove smbd_server_fd() from write_data()
This completely removes the DEBUG(0, ..) error message from write_data(). I've
gone through all callers of write_data() and made sure that they have their own
equivalent error message printing.
2010-08-17 12:46:53 +02:00
Simo Sorce
f40ef7e24c s3-dcerpc: Use common send functions for ntlmssp too
Remove unused function.
2010-08-17 06:33:14 -04:00