IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We now store various hashed keys at change time and maintain a lot of details
that will help debugging failed password changes.
We keep storing the legacy values:
SECRETS/SID/
SECRETS/DOMGUID/
SECRETS/MACHINE_LAST_CHANGE_TIME/
SECRETS/MACHINE_PASSWORD/
SECRETS/MACHINE_PASSWORD.PREV/
SECRETS/SALTING_PRINCIPAL/DES/
This allows downgrades to older Samba versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We just want all values to be removed at the end, it doesn't matter
if they didn't existed before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
secrets_delete_entry() fails if the key doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Not currently used - no logic changes inside.
This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.
Updated all known module interface numbers, and added a
WHATSNEW.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
This should be hidden inside smbldap.c, but this is a quick way to
get smbldap_state private to smbldap.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
This is a pretty big boiler-plate change. I've renamed the struct member
temporarily to find all accessors. Not sure where this leads in the end, but
the goal is to make struct smbldap_struct private to smbldap.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
The version used these days can be found under
https://pagure.io/freeipa/blob/master/f/daemons/ipa-sam
Having a stale copy in Samba only confuses things.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 15 09:18:21 CET 2017 on sn-devel-144
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
It seems that this was only used in OneFS. The filesystem parts were
removed in 2012 with 70be41c772.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 9 18:15:20 CET 2017 on sn-devel-144
This is the only user and reduces the dependencies of util_unixsids.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Trever L. Adams <trever.adams@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 04:26:26 CEST 2016 on sn-devel-144
Trying to trim down messages.c a bit: Sending to all processes that are
registered in serverid.tdb and filtering to me is not really logic of general
messaging but more of the serverid code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will prevent some use-after-free's, potentially it might for example fix
bugzilla 11851. Not directly related, but it's a crash related to ldap-backed
user creation.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
All subsystems that include pytalloc.h need to link against
pytalloc-util.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
This changes py_passdb to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This type should not be used directly, it should have been made private
to pytalloc. This then allows removal of the (PyCFunction) cast
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Mar 2 01:04:14 CET 2016 on sn-devel-144
these talloc frames are freed *after* the return instruction and are
never executed. this fixes potential memory leaks.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Mar 1 12:08:40 CET 2016 on sn-devel-144
Useful to take in sync password from other repository.
(Modify MASK_USER_GOOD to include new flag BIT_PWSETNTHASH)
pdbedit -vw show also password hashes .
Split pdb_set_plaintext_passwd in two function:
pdb_set_plaintext_passwd and pdb_update_history.
pdb_update_history update password history and is call from
pdb_set_plaintext_passwd.
Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.
Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
