summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-10-22Fix net rpc vampire, based on an *amazing* piece of debugging work by ↵Jeremy Allison5-45/+50
"Cooper S. Blake" <the_analogkid@yahoo.com>. "I believe I have found two bugs in the 3.2 code and one bug that carried on to the 3.3 branch. In the 3.2 code, everything is located in the utils/net_rpc_samsync.c file. What I believe is the first problem is that fetch_database() is calling samsync_fix_delta_array() with rid_crypt set to true, which means the password hashes are unencrypted from the RID encryption. However, I believe this call is redundant, and the corresponding call for samdump has rid_crypt set to false. So I think the rid_crypt param should be false in fetch_database(). If you follow the code, it makes its way to sam_account_from_delta() where the password hashes are decrypted a second time by calling sam_pwd_hash(). I believe this is what is scrambling my passwords. These methods were refactored somewhere in the 3.3 branch. Now the net_rpc_samsync.c class calls rpc_vampire_internals, which calls libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with rid_crypt always set to false. I think that's correct. But the second bug has carried through in the sam_account_from_delta() function: 208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { 209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); 210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); 211 } 212 213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { 214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); 215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); If you look closely you'll see that the nt hash is going into the lm_passwd variable and the decrypted value is being set in the lanman hash, and the lanman hash is being decrypted and put into the nt hash field. So the LanMan and NT hashes look like they're being put in the opposite fields." Fix this by removing the rid_crypt parameter. Jeremy.
2008-10-22s3-build: temporarily add asn1_proto file.Günther Deschner1-0/+59
Jelmer, how can we get this autogenerated from samba3 in the non merged-build case ? Guenther
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner7-408/+494
Guenther
2008-10-22s3-asn1/spnego: use OIDs including dots.Günther Deschner1-4/+4
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner13-743/+57
Guenther
2008-10-22s3-spnego: move spnego defines to spnego.hGünther Deschner2-17/+17
Guenther
2008-10-22lib-util: merge from s3 asn1.Günther Deschner1-0/+3
Guenther
2008-10-22lib-util: fix c++ compile warning.Günther Deschner1-1/+1
Guenther
2008-10-22Slightly simplify reply_sesssetup_blob(): Remove an else branchVolker Lendecke1-10/+11
2008-10-22Don't push the data out to the client in reply_sesssetup_blob()Volker Lendecke1-4/+0
Sending the data at this level breaks the assumption at higher levels that req->outbuf == NULL means this request is deferred. It also breaks potential chaining (Kerberos session setup and tcon X in one request)
2008-10-22Remove unused header file.Jelmer Vernooij1-3/+0
2008-10-22Merge branch 'master' of ssh://git.samba.org/data/git/sambaJelmer Vernooij2-4/+7
2008-10-22masktest: Avoid creating new memory context, use dynamic allocation.Jelmer Vernooij1-8/+10
2008-10-22Change some dynamic allocations back to static buffers to fix build.Jelmer Vernooij1-11/+7
2008-10-22Fix a debug message in send_nt_replies()Volker Lendecke1-3/+6
2008-10-22Fix bug 5840: Segfault in "rpcclient lsaaddacctrights"Volker Lendecke1-1/+1
2008-10-22Change buffer size back to 256, just to be sure.Jelmer Vernooij1-1/+1
2008-10-22Repel pstring to nsswitch/.Jelmer Vernooij10-118/+85
2008-10-22Remove pstring usage.Jelmer Vernooij1-10/+4
2008-10-22Remove pstring usages.Jelmer Vernooij4-18/+14
2008-10-22Require separate option for quicktest include list rather than makingJelmer Vernooij2-5/+1
assumptions about it.
2008-10-22Fix path for quicktest.Jelmer Vernooij1-1/+1
2008-10-22Use standard types.Jelmer Vernooij2-24/+24
2008-10-21Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.Jeremy Allison4-16/+71
Jeremy.
2008-10-21Don't include a (relative path) srcdir in samba4-data.mk.Jelmer Vernooij3-6/+8
2008-10-21Fix AC_SEARCH_LIBS_EXT() usage.Jelmer Vernooij1-3/+2
2008-10-21Allow running individual tests in the testsuite, normalize test names, fix ↵Jelmer Vernooij2-6/+13
some tests.
2008-10-21Use socket wrapper for selftest.pl, find binaries correctly.Jelmer Vernooij4-7/+38
2008-10-21Specify skip list to selftest.pl, make make target depend on testJelmer Vernooij4-3/+6
binaries.
2008-10-21Correctly report when merged-build is used in developer mode.Jelmer Vernooij1-0/+1
2008-10-21Merge branch 'selftest' of git://git.samba.org/jelmer/sambaJelmer Vernooij7-1/+58
2008-10-21Merge branch 'master' of git://git.samba.org/sambaJelmer Vernooij1-3/+0
2008-10-21Silence undefined variable warnings.Jelmer Vernooij1-0/+4
2008-10-21Remove unused global variables.Jelmer Vernooij1-3/+0
2008-10-21Automatically enable merged build (for more complete 'make test') when ↵Jelmer Vernooij1-1/+4
possible during developer builds.
2008-10-21Remove duplicate searching of Samba 4 directory for tags.Jelmer Vernooij1-8/+0
2008-10-21Merge branch 'master' of ssh://git.samba.org/data/git/samba into regsrvJelmer Vernooij2-109/+137
2008-10-21Fix double free.Jelmer Vernooij1-1/+0
2008-10-21Fix the build.Jelmer Vernooij2-4/+4
2008-10-21Fix two trivial typosVolker Lendecke1-2/+2
2008-10-21Create a function out of pam_sm_close_session to delete the credentials.Andreas Schneider1-120/+135
This is the way the creds should be deleted. Now we have back a close_session function which can be used for other things.
2008-10-21Delete the krb5 ccname variable from the PAM environment if set.Andreas Schneider1-0/+8
If winbind sets the KRB5CCNAME variable it should unset it when the cache gets destroyed.
2008-10-21Set the right return value if wbc_status is set to an error.Andreas Schneider1-0/+5
2008-10-21Revert "Registry server LDB backend: Don't make copies of the same type"Jelmer Vernooij1-2/+2
The original data pointer may go away so we do want to make copies in this case. This reverts commit 625359b2e266105022309df8985720108ecd6f67.
2008-10-21Merge branch 'master' of ssh://git.samba.org/data/git/samba into regsrvJelmer Vernooij2001-187860/+50560
Conflicts: source4/lib/registry/ldb.c source4/rpc_server/winreg/rpc_winreg.c
2008-10-21Registry server LDB backend: Don't make copies of the same typeMatthias Dieter Wallnöfer1-2/+2
2008-10-21Registry server LDB backend REG_BINARY type: Save it directly in LDBMatthias Dieter Wallnöfer1-3/+5
With this patch the REG_BINARY type is saved directly in a LDB registry database rather than converted in a hex-string.
2008-10-21Registry RPC server: Reintroduce the "key" variable for better readabilityMatthias Dieter Wallnöfer1-22/+34
The "key" variable points to our working key in the hive (h->data).
2008-10-21Registry server LDB backend REG_SZ type: Always use UTF8 encodingMatthias Dieter Wallnöfer1-2/+2
We should save data OS independent in the LDB files.
2008-10-21Registry server LDB backend REG_SZ type: Fix up the empty string problemMatthias Dieter Wallnöfer1-5/+15
This fixes up the empty string problem in a better way without the need of changing the character conversion code.