Age | Commit message (Collapse) | Author | Files | Lines |
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
|
|
Guenther
|
|
Guenther
|
|
This is closer to the structure I want for a common struct
auth_usersupplied_info.
Andrew Bartlett
|
|
This is closer to the structure I want for a common struct
auth_usersupplied_info.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
This was just TALLOC_ZERO_P
|
|
By an oversight, the patchset for #4347 made the unlocking of a locked
account after the lockout duration ineffective.
Thanks to Björn for finding this!
Michael
|
|
Adding this comment makes me think, I could also
have changed make_server_info_sam() talloc_move
instead of talloc_steal, but that would have
changed the signature... Well the comment is a
first step. :-)
Michael
|
|
|
|
|
|
This conforms to the behaviour of Windows 2003:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
This is supposed to fixes Bug #4347 .
Michael
|
|
incrementation
This is a preparatory patch for the last part in fixing bug #4347 .
Michael
|
|
pdb_update_sam_account
Log what went wrongl, and also call pdb_update_sam_account inside
become_root/unbecome_root: do the logging outside.
Michael
|
|
Michael
|
|
for use after sam_password_ok() has been called.
Michael
|
|
So that a later talloc_free would not harm. I could have used
talloc_move instead of talloc steal in make_server_info_sam(),
but this would have required a change of the signature.
Michael
|
|
This is in preparation to extending check_sam_security to also check
against the password history before updating the bad password count.
This way, sam_password_ok can more easily be reused for that purpose.
Michael
|
|
This way it is more explicit that there is no allocated data here
that may leak.
Michael
|
|
data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but
copies 16 bytes from mem_ctx into the newly allocated data blob.
This can not have been intentional. A blank uint8_t array of
length 16 is allocated by passing NULL instead of mem_ctx.
And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated
blank 16 byte array to mem_ctx - so this is what must have been
intended.
Michael
|
|
and removing bool variables and several checks.
Michael
|
|
Michael
|
|
Karolin
|
|
Jeremy.
|
|
|
|
This is particuarly in the netlogon client (but not server at this
stage)
|
|
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
|
|
|
|
|
|
account logon.
Jeremy.
(This used to be commit 10da498a2349bf5944183adf5a9284eafa2b8b74)
|
|
"nss_token" from my point of view much better reflects what this flag actually
represents
(This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
|
|
talloc_steal and talloc_free on the sam account already.
Guenther
(This used to be commit dbc7237a8a566f3e86bd6e4b48593b93c5bfb94e)
|
|
Karolin
(This used to be commit 906e19bad40ba0c0a473ec2601e9eb0fff169f83)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
using the "lanman auth = no". Tested by Guenter Kukkukk.
(This used to be commit 611fdd95a583ebd22ffa17e2f39c5a1bb0936c63)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
expire a password if it's explicitly set as ACB_PWNOTREQ.
Jeremy.
(This used to be commit 2ea5a6bd334e31201aa6f93f5c51e42924d36ebd)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
- make sure never to free an uninitialised variable
- ensure to free result on getpwnam_alloc failure
Andrew Bartlett
(This used to be commit 5fe3328e66661371182cc1c3b6e239797c3b4f93)
|
|
talloc_free()'ed at the end of a session.
Rework the passwd cache code to use talloc_unlink and
talloc_reference, to more carefully manage the cache.
Andrew Bartlett
(This used to be commit e3e0ec25e67308de314aa61852905ee42aa2c8fe)
|
|
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
|
|
can return NULL. Ensure we check all returns correctly.
Jeremy.
(This used to be commit 6c61dc8ed6d84f310ef391fb7700e93ef42c4afc)
|
|
localtime() can return NULL.
Volker
(This used to be commit 07c5dcb8633e6fadb596dc5a22d8d31b2e16a3ef)
|
|
auth_sam
and auth_domain. Thanks for Simo to point this out.
Volker
(This used to be commit 293b89dfb109d6e220ced433f025cf987aa1f500)
|