Age | Commit message (Collapse) | Author | Files | Lines |
|
of zero)
leave it locked out until an admin unlocks it (but log a message).
Jeremy.
(This used to be commit 14bd2a9ffc30d55d9737b4819797db8c38b46c66)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
my (C) to a header file that was at least 50% mine :-).
Jeremy.
(This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
|
|
Jeremy.
(This used to be commit 9ac4945012e0bd54519b8c81d4c36e88cea28fce)
|
|
core dump) but compiles and links correctly. I will run the full set of
tests on the ldap sam and the tdb sam for password history tomorrow.
Jeremy.
(This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249)
|
|
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
|
|
===================================================================
--- pdb_ldap.c (revision 1095)
+++ pdb_ldap.c (working copy)
@@ -1134,6 +1134,19 @@
return NT_STATUS_OK;
}
+static void append_attr(char ***attr_list, const char *new_attr)
+{
+ int i;
+
+ for (i=0; (*attr_list)[i] != NULL; i++)
+ ;
+
+ (*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2));
+ SMB_ASSERT((*attr_list) != NULL);
+ (*attr_list)[i] = strdup(new_attr);
+ (*attr_list)[i+1] = NULL;
+}
+
/**********************************************************************
Get SAM_ACCOUNT entry from LDAP by username.
*********************************************************************/
@@ -1149,6 +1162,7 @@
int rc;
attr_list = get_userattr_list( ldap_state->schema_ver );
+ append_attr(&attr_list, MODIFY_TIMESTAMP_STRING);
rc = ldapsam_search_suffix_by_name(ldap_state, sname, &result, attr_list);
free_attr_list( attr_list );
@@ -1194,6 +1208,7 @@
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBASAMACCOUNT:
attr_list = get_userattr_list(ldap_state->schema_ver);
+ append_attr(&attr_list, MODIFY_TIMESTAMP_STRING);
rc = ldapsam_search_suffix_by_sid(ldap_state, sid, result, attr_list);
free_attr_list( attr_list );
Index: login_cache.c
===================================================================
--- login_cache.c (revision 1095)
+++ login_cache.c (working copy)
@@ -95,10 +95,13 @@
&entry->bad_password_count,
&entry->bad_password_time) == -1) {
DEBUG(7, ("No cache entry found\n"));
+ SAFE_FREE(entry);
SAFE_FREE(databuf.dptr);
return NULL;
}
+ SAFE_FREE(databuf.dptr);
+
DEBUG(5, ("Found login cache entry: timestamp %12u, flags 0x%x, count %d, time %12u\n",
(unsigned int)entry->entry_timestamp, entry->acct_ctrl,
entry->bad_password_count, (unsigned int)entry->bad_password_time));
(This used to be commit c0bf8425f4b9ee30ffc878704bde980d8c51ed05)
|
|
winbind_sid_to_gid. For the consistency check, local_sid_to_gid must set the
name_type it found.
Volker
(This used to be commit 5070c1b68f2add16916ba3135984f6e70bbe42cf)
|
|
Samba 3.0.4.
If we fail a query for the members of the 'administrators' group (and we may well just have the IDL wrong), this destroys later parts of the domain logon process.
For reasons I can't understand, the client-side 'heck, what happened'
bailout causes the connection to the DC to be dropped, and causes the
mandetory profile not to be loaded. (This also only occours after a reboot)
Return the members of 'administrators', and it all works fine.
The reason we hit this is because we run winbindd (to support
pam_winbind) on our DC, and the winbindd lookup in sid_to_gid was
messing things up. As we don't care what type of thing this is,
provided it exists in the group mapping db, we should not bother
winbindd here.
Andrew Bartlett
(This used to be commit d626b5c6d401e72296cf570e50f324c145fd70e0)
|
|
Don't use non-consts in a structure initialization.
Jeremy.
(This used to be commit 455ed258b3457ad5b7d3dad14b64781ab98f00dc)
|
|
types.
Jeremy.
(This used to be commit d97b9146a137d43278f3125bafe8a453da82f4ce)
|
|
sid type is WKN_GROUP, not alias. Added some more known types.
Jeremy.
(This used to be commit 538b66f4e97e5e7b989e5533080f601d5b04c75e)
|
|
use it.
(This used to be commit 5d7ee320cca80558a4b71295ef8b7de02f21554a)
|
|
(This used to be commit b1825184d313b97c7fa232990f60962aa86e7e17)
|
|
metze
(This used to be commit 908d8a412559997256f51caa30da254f0768f114)
|
|
get_global_sam_name().
Error case: Adding a domain user to a XP local group did a lsalookupname on
the user without domain prefix, and this then failed.
Jerry: This is a must-fix before 3.0.3.
Volker
(This used to be commit f35e353454b6825da1de138a3f0d8106787e938b)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
Volker
(This used to be commit 6e18bed17093e0b1792f68817096e64e0e841f26)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
cache entry time comparisons in password lockout. Fixes problems where
pdb_ldap tries to delete the operational attribute modifyTimestamp when
deleting a user account.
(This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f)
|
|
Jeremy.
(This used to be commit 85d9c92fd53a65fccca3720a3b06d69ef28f9981)
|
|
* updateing WHATSNEW with vl's change
(This used to be commit a7e2730ec4389e0c249886a8bfe1ee14c5abac41)
|
|
(This used to be commit aa220cffa7b3507452ffed51c048333c7cde0ca2)
|
|
(This used to be commit 2b757b6adf0b4e5c799cc8943e8fd96cc94c24bc)
|
|
some platforms (FreeBSD in this case) don't define timezone according to
posix. This is what I wanted to do anyway.
Spotted by Andrzej Tobola <san@iem.pw.edu.pl>
(This used to be commit bc13e35db0b8b265f87553d4df1c7326710cb3fa)
|
|
Jeremy.
(This used to be commit 00fa66df3edeb92ec5efd49bd61f98691e74877a)
|
|
bad time locally, updating the directory only for hitting the policy limit
or resetting.
This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit. It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.
The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends. tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
|
|
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring. There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
|
|
A windows DC does not reply to DCNAME\\Administrator, only to
DOMAIN\\Administrator. Fix that.
Without winbind we are wrong as domain members, we should forward the request
DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that
nicely.
Volker
(This used to be commit 7ed61edbbedbdee25f750aa30c13479764aa1af2)
|
|
(This used to be commit f6bb3304fc5ef298a921b9ee5ad2f6444b0e72bc)
|
|
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit 191b43159e7358541be9a3deac8c447885145442)
|
|
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
|
|
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.
For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.
Andrew Bartlett
(This used to be commit 9ffc490fce215dcaed8ebfc1db85f5017a692ca4)
|
|
(This used to be commit 84fe24e64ee405bb25878c1e5fdf50592eb75f73)
|
|
(This used to be commit 9a79f9fbcb43085e419dbccd670a54256d01cb4b)
|
|
(This used to be commit 600fcd534b6e101b6a12774946b0e9814c6f54a8)
|
|
(This used to be commit 557f598c63f64c1c5b982a9057c0eea2a2ff2ee5)
|
|
(This used to be commit 730c07cac2166812f4a2da5cfba7152d168b2bdd)
|
|
Jelmer, can you look at the sql and xml backends please to verify?
(This used to be commit b7706f7e258516d83646aca8c367508bc1c8f0dd)
|
|
(This used to be commit cfe80f0df7ecfa6c689b03b9bed80ea80701a4c1)
|
|
(This used to be commit ee8f142b874a5bd365e59f68fb48ff3fec82fcda)
|
|
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes.
(This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
|
|
the prototype at the beginning, and change some comments so diffs to HEAD
aren't filled with useless info.
(This used to be commit 7b40f6c464ecbd40ab3fdf32b53da1e61475d2e7)
|
|
more testing tomorrow but initial results seem ok
(This used to be commit daee8d7feee4a08d6c204e2de3f346b6d10640e6)
|
|
Jeremy.
(This used to be commit e914230a2d1a7b515bd7859d655d6555b7d3e67e)
|
|
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
|
|
Volker
(This used to be commit 6c78a096a5c4a8ae21e846505f6ac2df826d5cbd)
|
|
Volker
(This used to be commit 38c9b775ce029e1d480d89d4adb0d1bd45a28fe6)
|
|
This should ensure that the value it returns is always consistant.
Andrew Bartlett
(This used to be commit a4392ede33019b7584bf6a2d8445adb5191e640f)
|
|
in pdb_encode_acct_ctrl() (All current callers are fine)
Andrew Bartlett
(This used to be commit 01be89eb438567cfe0a002a247fe2d314b01f9da)
|