Age | Commit message (Collapse) | Author | Files | Lines |
|
with security=share
|
|
This conforms to the behaviour of Windows 2003:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
This is supposed to fixes Bug #4347 .
Michael
|
|
incrementation
This is a preparatory patch for the last part in fixing bug #4347 .
Michael
|
|
This is in order to be able to do challenge response with the history,
so that this can be checked when an invalid password was entered:
If the given password is wrong but in the history, then the bad password
count should not be updated...
The "lucky" bit here is that the md5 has and the nt hash (md4) both are
16 bytes long.
This is part of the fix for bug #4347 .
Michael
|
|
This is to introduce a new format of the password history, maintaining backwards
compatibility: The old format was 16 byte hash + 16 byte md5(salt + nt hash).
The new format is 16 zero bytes and 16 bytes nt hash.
This will allow us to respect the last X entries of the nt password history
when deciding whether to increment the bad password count.
This is part of the fix for bug #4347 .
Michael
|
|
The code I just removed was checked in with e5466fffc286a99f as a bug fix for
https://bugzilla.samba.org/show_bug.cgi?id=3319. With the changes to
is_visible_file made with 9e8b8f8c16612 these lines have become unnecessary,
even with "hide unreadable = yes" dead msdfs symlinks show. This is because we
can not stat(2) them and default to showing them.
Why this change? I have a user who wants to use "hide unreadable" on msdfs
links. Because you can't edit acls on symlinks themselves, the user created the
targets as bogus, empty files that just exist as acl placeholders. With the
code in place that this patch removes, we never allow this to work.
Jeremy, please check! :-)
Thanks,
Volker
|
|
Guenther
|
|
|
|
pdb_update_sam_account
Log what went wrongl, and also call pdb_update_sam_account inside
become_root/unbecome_root: do the logging outside.
Michael
|
|
Michael
|
|
for use after sam_password_ok() has been called.
Michael
|
|
So that a later talloc_free would not harm. I could have used
talloc_move instead of talloc steal in make_server_info_sam(),
but this would have required a change of the signature.
Michael
|
|
This is in preparation to extending check_sam_security to also check
against the password history before updating the bad password count.
This way, sam_password_ok can more easily be reused for that purpose.
Michael
|
|
This way it is more explicit that there is no allocated data here
that may leak.
Michael
|
|
data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but
copies 16 bytes from mem_ctx into the newly allocated data blob.
This can not have been intentional. A blank uint8_t array of
length 16 is allocated by passing NULL instead of mem_ctx.
And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated
blank 16 byte array to mem_ctx - so this is what must have been
intended.
Michael
|
|
and removing bool variables and several checks.
Michael
|
|
Michael
|
|
|
|
|
|
|
|
|
|
|
|
if (current_history_len != pwHistLen) {
if (current_history_len < pwHistLen) {
}
}
The second "if" is a bit pointless here
|
|
|
|
|
|
|
|
Remove an indentation by the early return in
+ if (pwHistLen == 0) {
+ /* Set the history length to zero. */
+ pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+ return true;
+ }
|
|
No functional change, this just removes an indentation level by the early
"return True;" in
+ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
+ /*
+ * No password history for non-user accounts
+ */
+ return true;
+ }
Volker
|
|
|
|
|
|
This is not strictly necessary, since this only leaks into the
struct samu, and this is not so long-lived in the code path that
changes the password, but it definitely correct and does not harm.
Michael
|
|
to enhance readability and denbuggability.
Michael
|
|
Cleanup path should unlock, not cancel existing locked range.
|
|
* Test the SMB1 behavior when multiple lock ranges are requested, pend,
and then are cancelled. The entire LockingAndX request fails.
|
|
we already get them from lib/util/time.h
|
|
|
|
|
|
|
|
we have nt_time_equal doing the same in lib/util/
|
|
There was a second leak in the processing of the out_data.frag
prs_struct. It needs freeing once the current pdu has been returned
asynchronously.
Jeremy.
|
|
This tests ChangeID consistency between spoolss_GetPrinterData,
spoolss_GetPrinterDataEx and spoolss_GetPrinter (level 0).
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
this one was part of an old patch from jpeach.
|
|
metze
|
|
https://bugzilla.samba.org/show_bug.cgi?id=6991 for details
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
https://bugzilla.samba.org/show_bug.cgi?id=6991 for details
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
https://bugzilla.samba.org/show_bug.cgi?id=6991 for details
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
I think this completes commit 50feca550eed7828198b7c0fc5f0e5ddc863313d.
Now result should be handled correctly both for systems that
support EAI_NODATA but returns EAI_NONAME (as my Ubuntu 9.x)
and systems that doesn't support EAI_NODATA at all.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|