summaryrefslogtreecommitdiffstats
path: root/source3/libnet
Commit message (Collapse)AuthorAgeFilesLines
* s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner2009-04-281-5/+5
| | | | | | Guenther (cherry picked from commit b5bec1a6d73f5939b306e157937d027a7286163c) (cherry picked from commit c7d5e0a19057b6ad7301a390fc766bb438967eb2)
* Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+Jeremy Allison2009-04-281-1/+1
| | | | | | | | What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy. (cherry picked from commit 1994a8a5db5c3abd6292b81aa975e7b8fe8311d0)
* s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett2009-04-151-18/+14
| | | | | | Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 574a6a8c350a4bab3f42f3f9cfb382db721d69b5) (cherry picked from commit 7e6d6eeff3e082d7223264c17cb27c2ab89df9aa)
* s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett2009-04-151-2/+2
| | | | | | | | | | | | | | Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 20501876735fc4656083747ba8aa0de9da8fb820) (cherry picked from commit 6673ad24d48ad44fa76497f0327b13e82721d0a1)
* s3-libnet-samsync: return appropriate error code in fetch_sam_entry().Günther Deschner2009-04-151-22/+25
| | | | | | Guenther (cherry picked from commit 5cdf75e679a45dcc3dad56e54f5c9f7d7ea23200) (cherry picked from commit 7cf7c00663a41de202d695fb1f8dab7c3906e165)
* s3-libnet-samsync: use smb_create_user().Günther Deschner2009-04-151-46/+6
| | | | | | Guenther (cherry picked from commit e18f57fd36102212a3662823c58408da01d067ed) (cherry picked from commit 2a0f4fd1b4fa58f5cf89595e93053abc6101817d)
* s3-libnet-samsync: some pure cosmetics.Günther Deschner2009-04-151-0/+30
| | | | | | Guenther (cherry picked from commit e4802bfcad0402fce1e942e22d5533b3c14ada80) (cherry picked from commit 32c7e6c9e5a2a02b6972293c9d5233f4797899c8)
* s3-libnet-samsync: use parent talloc context for libnet_samsync_passdb.Günther Deschner2009-04-151-26/+28
| | | | | | Guenther (cherry picked from commit af78240cbe68282190980cd6c367a8fc2a4438a6) (cherry picked from commit c9bee2d4f982f677ced90ba18dc6326560139ed0)
* s3-libnet: only call libnet_dssync_process() startup and shutdown callbacks ↵Günther Deschner2009-04-151-12/+16
| | | | | | | | when filled in. Guenther (cherry picked from commit 264b28ec0962c355ee90f9ac67fcf07cd84c5c7b) (cherry picked from commit 7c553eb319de84a3510d348d3f927d11253aaacf)
* s3-libnet: Fix Bug #6193: avoid messing with sync_context in ↵Günther Deschner2009-04-151-3/+0
| | | | | | | | | | | | libnet_samsync_delta(). We absolutely need to avoid messing with the sync_context as that breaks the stream of replication data coming from the DC (only replicates ~350 instead of ~4000 groups). Guenther (cherry picked from commit e3f7057b0942793543c215ab45176c4280bd7d51) (cherry picked from commit 16cba3ec22ca424db0f98185e179c718794bc563)
* s3: remove POLICY_HND.Günther Deschner2009-04-151-3/+3
| | | | | | Guenther (cherry picked from commit 531af136f9dd5c6050f78948837294aed02de440) (cherry picked from commit 91216ffa95b4ed53e54b11665e96b911cb4e4ab5)
* s3: move definition of W_ERROR_NOT_OK_GOTO_DONE down to libcli/util/werror.hMichael Adam2009-02-261-6/+0
| | | | Michael
* s3-libnet: fix coverity #848 (UNINIT).Günther Deschner2009-02-191-1/+1
| | | | Guenther
* s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.Volker Lendecke2009-02-031-2/+5
|
* Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz2009-02-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
* Fix coverity CID#117 - resource leak in error path.Jeremy Allison2009-01-291-24/+53
| | | | Jeremy.
* Fix coverity CID#116. Resource leak on error path.Jeremy Allison2009-01-291-2/+4
| | | | Jeremy.
* Fix coverity CID#115. Resource leak in error path.Jeremy Allison2009-01-291-1/+4
| | | | Jeremy.
* s3: make better use of ccache by not including version.h in every C-file.Michael Adam2009-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
* s3-samr: avoid all init_samr_user* functions.Günther Deschner2009-01-061-4/+4
| | | | Guenther
* Fix another "format not a string literal and no format arguments" warning.Jeremy Allison2008-12-231-2/+5
| | | | Jeremy
* In gcc version 4.3.2 we get warnings for functions declared withJeremy Allison2008-12-221-2/+1
| | | | | attribute warn_unused_result. Start to fix these. Jeremy.
* s3:libnet_join: use DS_FORCE_REDISCOVERYStefan Metzmacher2008-12-131-0/+1
| | | | metze
* s3:libnet_join: call saf_join_store() after a the join.Stefan Metzmacher2008-12-131-1/+4
| | | | | | | | metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
* s3-libnet: fix DEBUG statement in libnet_keytab.Günther Deschner2008-12-111-1/+1
| | | | Guenther
* s3-libnet: fix build warning (missing prototype).Günther Deschner2008-12-091-2/+2
| | | | Guenther
* s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze.Günther Deschner2008-11-291-16/+29
| | | | Guenther
* s3-libnetjoin: remove unused md4_trust_password, found by metze.Günther Deschner2008-11-291-5/+0
| | | | Guenther
* s3-samr: fix init_samr_user_info{23,24} callers.Günther Deschner2008-11-281-1/+2
| | | | Guenther
* s3-libnetjoin: fix build warning.Günther Deschner2008-11-211-1/+1
| | | | Guenther
* s3-libnetjoin: try to show a better error message upon invalid configuration.Günther Deschner2008-11-211-11/+50
| | | | Guenther
* s3-libnet-samsync: store samsync sequence number state in keytab.Günther Deschner2008-11-181-1/+52
| | | | Guenther
* s3-libnet-samsync: refactor libnet_samsync.Günther Deschner2008-11-181-57/+66
| | | | Guenther
* s3-libnet-samsync: pass back sequence number from fetch_sam_entries_keytab.Günther Deschner2008-11-181-1/+16
| | | | Guenther
* s3-libnet-samsync: use netr_DatabaseDeltas unless full replication enforced.Günther Deschner2008-11-181-1/+12
| | | | Guenther
* s3-libnet-samsync: pass sequence number pointer to process routine.Günther Deschner2008-11-186-0/+8
| | | | Guenther
* s3-libnet-samsync: move all modules to startup,process,finish callbacks.Günther Deschner2008-11-186-71/+153
| | | | Guenther
* s3-libnet-samsync: call init and close ops function where appropriate.Günther Deschner2008-11-181-1/+23
| | | | Guenther
* s3-libnet-samsync: use samsync_ops.Günther Deschner2008-11-186-60/+34
| | | | Guenther
* s3-libnet-samsync: add samsync_ops to all samsync modules.Günther Deschner2008-11-185-0/+21
| | | | Guenther
* s3-libnet-samsync: add samsync_ops.Günther Deschner2008-11-181-0/+18
| | | | Guenther
* s3-libnet: move add_to_keytab_entries to libnet_keytab.Günther Deschner2008-11-184-87/+93
| | | | Guenther
* s3-libnet-samsync: add support for partial replication.Günther Deschner2008-11-182-12/+124
| | | | Guenther
* s3-libnet-samsync: use enctype 23 for vampired keytab entries.Günther Deschner2008-11-171-1/+1
| | | | Guenther
* s3-netlogon: fix type of parameters string in user delta.Günther Deschner2008-11-101-3/+3
| | | | Guenther
* s3-libnet_samsync: print new line in display output.Günther Deschner2008-11-041-3/+3
| | | | Guenther
* Fix net rpc vampire, based on an *amazing* piece of debugging work by ↵Jeremy Allison2008-10-225-45/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Cooper S. Blake" <the_analogkid@yahoo.com>. "I believe I have found two bugs in the 3.2 code and one bug that carried on to the 3.3 branch. In the 3.2 code, everything is located in the utils/net_rpc_samsync.c file. What I believe is the first problem is that fetch_database() is calling samsync_fix_delta_array() with rid_crypt set to true, which means the password hashes are unencrypted from the RID encryption. However, I believe this call is redundant, and the corresponding call for samdump has rid_crypt set to false. So I think the rid_crypt param should be false in fetch_database(). If you follow the code, it makes its way to sam_account_from_delta() where the password hashes are decrypted a second time by calling sam_pwd_hash(). I believe this is what is scrambling my passwords. These methods were refactored somewhere in the 3.3 branch. Now the net_rpc_samsync.c class calls rpc_vampire_internals, which calls libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with rid_crypt always set to false. I think that's correct. But the second bug has carried through in the sam_account_from_delta() function: 208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { 209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); 210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); 211 } 212 213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { 214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); 215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); If you look closely you'll see that the nt hash is going into the lm_passwd variable and the decrypted value is being set in the lanman hash, and the lanman hash is being decrypted and put into the nt hash field. So the LanMan and NT hashes look like they're being put in the opposite fields." Fix this by removing the rid_crypt parameter. Jeremy.
* Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij2008-10-191-1/+1
| | | | Samba 4.
* s3: fix s3 drsuapi callers.Günther Deschner2008-10-171-1/+1
| | | | Guenther
* s4-build: fix drsuapi callers.Günther Deschner2008-10-161-4/+11
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-08-28 20:41:42 +0000