| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
(cherry picked from commit 60262369fc2ae19f6d9263e35b5db9b09b603a1b)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f)
(cherry picked from commit 864c0b58aec55e37cf304b28c762a5259fc0ec67)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
(cherry picked from commit 6f9ed71a87e4ed5665ee8999ebf987e2165629c6)
|
|
|
|
|
|
|
|
| |
What a difference a name makes... :-). Just because something is missnamed
SA_RIGHT_SAM_OPEN_DOMAIN, when it should actually be SA_RIGHT_SAM_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
(cherry picked from commit 8a985bcfe4aee7e602601fe78a94757dce645fcc)
|
|
|
|
|
|
|
|
|
|
|
|
| |
libnet_samsync_delta().
We absolutely need to avoid messing with the sync_context as that breaks the
stream of replication data coming from the DC (only replicates ~350 instead of
~4000 groups).
Guenther
(cherry picked from commit e3f7057b0942793543c215ab45176c4280bd7d51)
(cherry picked from commit efa7f6bff9bec89214dab368ff5efc61fa1cc212)
|
|
|
|
|
|
|
|
|
| |
where all the other W_ERROR_xyz macros are found as well.
Michael
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 76a460aecab6d5a03af9b8b5d97cba15d364cfde)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit e9d5405948e35a8eec0b49cc6c066278cb523397)
(cherry picked from commit 3d13df93f0ffaa518a576191a0715add878a7635)
|
|
|
|
|
| |
This used to be commit fda8abac in master.
(cherry picked from commit 5994c90ff8754b64a3a6658e28bd94f6a91a441b)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 250caa1f2f285063249b2c4a7266196938d24761)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 8241669521772cc75a9ca278a7f9a57256907ded)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 8e11901f92b2ecb976f0c24c5eb96fb6b8127207)
|
|
|
|
|
| |
Jeremy
(cherry picked from commit fc04faf9668bf0176ffd8d5c20e65aa83d63021b)
|
|
|
|
|
|
| |
attribute warn_unused_result. Start to fix these.
Jeremy.
(cherry picked from commit dfd983881341bfbc811199901ae3d8fe973649c1)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 2bb91392b46e347fe3b6803d10b10d8b40e4a4a6)
(cherry picked from commit 134893ef2b12b4b039c717588a8172613f6d1955)
|
|
|
|
|
|
|
|
|
|
| |
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
(cherry picked from commit 6a993cb333675f4079d439fa334edee2df604933)
(cherry picked from commit 8314ce63ff77f0472d4249adcea87123b3b3f5c2)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 2dfeb2d5970f52e4948e22a2a4e4f47479a550dc)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 60222a78c00ad9d1d09789024184c430bff0f68b)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 650077c22b2e67815c9a2fd8a1cc56986c0aaced)
|
|
|
|
|
| |
Guenther
(cherry picked from commit bc3a277455dd4557e796ddc0bef0f52a11f889e7)
|
|
|
|
|
| |
Guenther
(cherry picked from commit f479fdc29813c3452fd22c4a2780f0bc5066e664)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 82dfb92cae1ffc52a92ea27ba96dc875ce0ae4a1)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 3e529fb619384e694e01204ca305e2a13724defd)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 0e99fe1855c66e9743725d43ba92ec59f35f5b55)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 0d23b13370db9d4ab0a3c81fca4a28e15802fe68)
|
|
|
|
|
| |
Guenther
(cherry picked from commit e96bcb7c2a49f95dee2a50adb1ed3ba77b1cbe07)
|
|
|
|
|
| |
Guenther
(cherry picked from commit a5f3bbbef1cdee91562e6f497cb612be78af7dd2)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 59b58d79af5aea62a6b7e60eb4b34141fd4d6356)
|
|
|
|
|
| |
Guenther
(cherry picked from commit a8fdca6963c4028ea8c65110945e78291f19031a)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 7ab18764a88cb4ff555ce21b50d58a19ba47d540)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 1f239e17dd43667507b6b49006c9fe61c2cda289)
|
|
|
|
|
| |
Guenther
(cherry picked from commit c0c5dfbe4a305e18af69f094a25062cb222b7fd1)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 8aa7b1e4d8706bddb6da1b455f16484ca35fc17e)
|
|
|
|
|
| |
Guenther
(cherry picked from commit eee6e2039b476c5bc257b1987335e250fd002e5c)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 34eb55b9a8c83c739c1e3f540515e435b2b1a365)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 919f03a1755e6865a4d0edbdc50168355c03f346)
|
|
|
|
|
| |
Guenther
(cherry picked from commit 8889173e7dbc7fb56e854640e60baae0c7477fa2)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit a48abdaa811c76e64a3383fe970e62b7bbb3582c)
(cherry picked from commit 38f37ebb2478e62007e1eeb38054ad4f6949824a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch. In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file. What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false. So I think the
rid_crypt param should be false in fetch_database().
If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash(). I believe this is what is scrambling my passwords.
These methods were refactored somewhere in the 3.3 branch. Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false. I think that's correct. But the
second bug has carried through in the sam_account_from_delta()
function:
208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
211 }
212
213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field. So the LanMan and NT hashes look like they're being put in
the opposite fields."
Fix this by removing the rid_crypt parameter.
Jeremy.
(cherry picked from commit 3690f2d87549840b5408771d2596069ff1732fc5)
|
|
|
|
|
|
|
| |
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
(cherry picked from commit 16e9a454404a5a70985caf15d1b987fe6332d195)
|
|
|
|
| |
(cherry picked from commit ab37affd6edec0d80109a7b635bc7fdb3b84eb6b)
|
|
|
|
|
|
|
|
|
|
|
|
| |
With gcc 4.1.3 on Ubuntu 7.10 the following build warning occurs:
Compiling libnet/libnet_samsync_keytab.c
cc1: warnings being treated as errors
libnet/libnet_samsync_keytab.c: In function â\200\230fetch_sam_entries_keytabâ\200\231:
libnet/libnet_samsync_keytab.c:102: warning: â\200\230entry.enctypeâ\200\231 is used uninitialized in this function
Fixed by initializing to ENCTYPE_NULL
(cherry picked from commit 52f8463962d266d904b60919a6a40c0b76de34ef)
|
|
|
|
|
|
| |
Michael
(cherry picked from commit 81cc1af1e699e454fbb1d12636d002f845231006)
(cherry picked from commit 3ea63ec10c37460253fbe68d63576e0cd8783c11)
|
|
|
|
|
|
| |
Michael
(cherry picked from commit 96d1c780bf9524b929e6026776602a5288aea73d)
(cherry picked from commit 298e5b663b1d6b469d130041dbed151801a45d1e)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
(cherry picked from commit f2648a5d7e894d89802915c1a83908dde19e7c13)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
(cherry picked from commit 2b57bd45cd8cd123dabb642b81d73c313e3bdc91)
|
|
|
|
| |
Guenther
|
|
|
|
| |
Michael
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
metze
|
|
|
|
|
|
|
| |
Don't leak temporary data to callers but use a temporary context
that is freed at the end.
Michael
|