summaryrefslogtreecommitdiff
path: root/source3/libnet
AgeCommit message (Collapse)AuthorFilesLines
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-29Fix coverity CID#117 - resource leak in error path.Jeremy Allison1-24/+53
Jeremy.
2009-01-29Fix coverity CID#116. Resource leak on error path.Jeremy Allison1-2/+4
Jeremy.
2009-01-29Fix coverity CID#115. Resource leak in error path.Jeremy Allison1-1/+4
Jeremy.
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam1-1/+1
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-06s3-samr: avoid all init_samr_user* functions.Günther Deschner1-4/+4
Guenther
2008-12-23Fix another "format not a string literal and no format arguments" warning.Jeremy Allison1-2/+5
Jeremy
2008-12-22In gcc version 4.3.2 we get warnings for functions declared withJeremy Allison1-2/+1
attribute warn_unused_result. Start to fix these. Jeremy.
2008-12-13s3:libnet_join: use DS_FORCE_REDISCOVERYStefan Metzmacher1-0/+1
metze
2008-12-13s3:libnet_join: call saf_join_store() after a the join.Stefan Metzmacher1-1/+4
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
2008-12-11s3-libnet: fix DEBUG statement in libnet_keytab.Günther Deschner1-1/+1
Guenther
2008-12-09s3-libnet: fix build warning (missing prototype).Günther Deschner1-2/+2
Guenther
2008-11-29s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze.Günther Deschner1-16/+29
Guenther
2008-11-29s3-libnetjoin: remove unused md4_trust_password, found by metze.Günther Deschner1-5/+0
Guenther
2008-11-28s3-samr: fix init_samr_user_info{23,24} callers.Günther Deschner1-1/+2
Guenther
2008-11-21s3-libnetjoin: fix build warning.Günther Deschner1-1/+1
Guenther
2008-11-21s3-libnetjoin: try to show a better error message upon invalid configuration.Günther Deschner1-11/+50
Guenther
2008-11-18s3-libnet-samsync: store samsync sequence number state in keytab.Günther Deschner1-1/+52
Guenther
2008-11-18s3-libnet-samsync: refactor libnet_samsync.Günther Deschner1-57/+66
Guenther
2008-11-18s3-libnet-samsync: pass back sequence number from fetch_sam_entries_keytab.Günther Deschner1-1/+16
Guenther
2008-11-18s3-libnet-samsync: use netr_DatabaseDeltas unless full replication enforced.Günther Deschner1-1/+12
Guenther
2008-11-18s3-libnet-samsync: pass sequence number pointer to process routine.Günther Deschner6-0/+8
Guenther
2008-11-18s3-libnet-samsync: move all modules to startup,process,finish callbacks.Günther Deschner6-71/+153
Guenther
2008-11-18s3-libnet-samsync: call init and close ops function where appropriate.Günther Deschner1-1/+23
Guenther
2008-11-18s3-libnet-samsync: use samsync_ops.Günther Deschner6-60/+34
Guenther
2008-11-18s3-libnet-samsync: add samsync_ops to all samsync modules.Günther Deschner5-0/+21
Guenther
2008-11-18s3-libnet-samsync: add samsync_ops.Günther Deschner1-0/+18
Guenther
2008-11-18s3-libnet: move add_to_keytab_entries to libnet_keytab.Günther Deschner4-87/+93
Guenther
2008-11-18s3-libnet-samsync: add support for partial replication.Günther Deschner2-12/+124
Guenther
2008-11-17s3-libnet-samsync: use enctype 23 for vampired keytab entries.Günther Deschner1-1/+1
Guenther
2008-11-10s3-netlogon: fix type of parameters string in user delta.Günther Deschner1-3/+3
Guenther
2008-11-04s3-libnet_samsync: print new line in display output.Günther Deschner1-3/+3
Guenther
2008-10-22Fix net rpc vampire, based on an *amazing* piece of debugging work by ↵Jeremy Allison5-45/+50
"Cooper S. Blake" <the_analogkid@yahoo.com>. "I believe I have found two bugs in the 3.2 code and one bug that carried on to the 3.3 branch. In the 3.2 code, everything is located in the utils/net_rpc_samsync.c file. What I believe is the first problem is that fetch_database() is calling samsync_fix_delta_array() with rid_crypt set to true, which means the password hashes are unencrypted from the RID encryption. However, I believe this call is redundant, and the corresponding call for samdump has rid_crypt set to false. So I think the rid_crypt param should be false in fetch_database(). If you follow the code, it makes its way to sam_account_from_delta() where the password hashes are decrypted a second time by calling sam_pwd_hash(). I believe this is what is scrambling my passwords. These methods were refactored somewhere in the 3.3 branch. Now the net_rpc_samsync.c class calls rpc_vampire_internals, which calls libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with rid_crypt always set to false. I think that's correct. But the second bug has carried through in the sam_account_from_delta() function: 208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { 209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); 210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); 211 } 212 213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { 214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); 215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); If you look closely you'll see that the nt hash is going into the lm_passwd variable and the decrypted value is being set in the lanman hash, and the lanman hash is being decrypted and put into the nt hash field. So the LanMan and NT hashes look like they're being put in the opposite fields." Fix this by removing the rid_crypt parameter. Jeremy.
2008-10-19Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij1-1/+1
Samba 4.
2008-10-17s3: fix s3 drsuapi callers.Günther Deschner1-1/+1
Guenther
2008-10-16s4-build: fix drsuapi callers.Günther Deschner1-4/+11
Guenther
2008-10-06If name_to_fqdn fails, retry with the dns domain the DC gave usVolker Lendecke1-3/+8
This is a workaround for the cases where you want to join under a netbios name that is different from your hostname, i.e. a name that can not be found in /etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
2008-10-04"gwen/cc" does not like the double const :-)Volker Lendecke1-1/+1
2008-09-23s3-ndr: add stub smb_iconv_convenience to some ndr_ functions.Günther Deschner1-1/+1
Guenther
2008-09-23s3-nbt: fix remaining callers of ndr_push/pull_struct_blob.Günther Deschner2-5/+5
Guenther
2008-09-15Fixed "uninitialized variable" build warningSteven Danneman1-0/+1
With gcc 4.1.3 on Ubuntu 7.10 the following build warning occurs: Compiling libnet/libnet_samsync_keytab.c cc1: warnings being treated as errors libnet/libnet_samsync_keytab.c: In function ‘fetch_sam_entries_keytab’: libnet/libnet_samsync_keytab.c:102: warning: ‘entry.enctype’ is used uninitialized in this function Fixed by initializing to ENCTYPE_NULL
2008-08-29libnet_join: streamline logic of libnet_join_post_processing()Michael Adam1-9/+11
Michael (This used to be commit 81cc1af1e699e454fbb1d12636d002f845231006)
2008-08-29libnet: fix join by creating keytab after changing the config.Michael Adam1-10/+11
Michael (This used to be commit 96d1c780bf9524b929e6026776602a5288aea73d)
2008-08-29kerberos: use KRB5_KT_KEY macro where appropriate.Günther Deschner1-27/+3
Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
2008-08-29kerberos: move the KRB5_KEY* macros to header file.Günther Deschner1-10/+0
Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
2008-08-11libnetjoin: support kerberized joining/unjoing (fix #5416).Günther Deschner1-19/+41
Guenther (This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
2008-08-08libnet samsync ldif: fix the build without LDAP.Michael Adam1-0/+15
Michael (This used to be commit 32df05bd1f49f2290ad69f84d5a47207b1469629)
2008-08-07Fix "might be used uninitialized" warnings.Jeremy Allison2-3/+4
Jeremy. (This used to be commit 5abd12eec1c9b6d30af5ec1ba16c0922e78d5bea)
2008-08-04libnet_keytab: fix the build with heimdalStefan Metzmacher1-6/+38
metze (This used to be commit ba18af00cc79a4e92372d3c1151061f200bc0655)
2008-08-01libnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync().Michael Adam1-2/+9
Don't leak temporary data to callers but use a temporary context that is freed at the end. Michael (This used to be commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25)