Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-01-27 | Second part of fix for bug #7072 - Accounts can't be unlocked from ldap. | Jeremy Allison | 1 | -1/+2 | |
Missed read of entry_timestamp (was entry->entry_timestamp). Jeremy. | |||||
2010-01-27 | Fix bug #7072 - Accounts can't be unlocked from ldap. | Jeremy Allison | 1 | -7/+15 | |
Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE struct contains two time_t entries, but was being written to and read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers. This would break on machines with a 64-bit time_t. Use correct int sizes for tdb_pack/tdb_unpack. We have to fix this properly before 2037 :-). Jeremy. | |||||
2010-01-23 | s3: Remove some pointless uses of string_sid_talloc | Volker Lendecke | 1 | -8/+6 | |
2010-01-21 | s3:pdb_ldap: Fix large paged search. | Volker Lendecke | 1 | -0/+1 | |
Fix bug #6981 (Paged Search with DirX LDAP server broken). (cherry picked from commit 0a3b576c0a4298cbe600ad8943e401e3a0639359) | |||||
2010-01-14 | s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value. | Stefan Metzmacher | 1 | -1/+1 | |
See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1) | |||||
2010-01-12 | s3: Remove a pointless if-statement | Volker Lendecke | 1 | -3/+2 | |
2010-01-10 | s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_rid | Volker Lendecke | 1 | -4/+2 | |
2010-01-10 | s3: Replace most calls to sid_append_rid() by sid_compose() | Volker Lendecke | 7 | -38/+30 | |
2010-01-07 | s3:passdb: store the plain nt passwords hashes in history, not salted md5 | Michael Adam | 1 | -5/+10 | |
This is in order to be able to do challenge response with the history, so that this can be checked when an invalid password was entered: If the given password is wrong but in the history, then the bad password count should not be updated... The "lucky" bit here is that the md5 has and the nt hash (md4) both are 16 bytes long. This is part of the fix for bug #4347 . Michael | |||||
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymore | Volker Lendecke | 1 | -24/+19 | |
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd: pwHistLen==0 was checked above | Volker Lendecke | 1 | -2/+4 | |
2010-01-07 | s3: Add a paranoia check to pdb_set_plaintext_passwd() | Volker Lendecke | 1 | -0/+5 | |
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd() by removing a redundant condition | Volker Lendecke | 1 | -22/+11 | |
if (current_history_len != pwHistLen) { if (current_history_len < pwHistLen) { } } The second "if" is a bit pointless here | |||||
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytes | Volker Lendecke | 1 | -5/+2 | |
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_array | Volker Lendecke | 1 | -5/+2 | |
2010-01-07 | s3: Make use of talloc_array in pdb_set_plaintext_passwd() | Volker Lendecke | 1 | -2/+3 | |
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd() a bit | Volker Lendecke | 1 | -66/+63 | |
Remove an indentation by the early return in + if (pwHistLen == 0) { + /* Set the history length to zero. */ + pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED); + return true; + } | |||||
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd() slightly | Volker Lendecke | 1 | -56/+83 | |
No functional change, this just removes an indentation level by the early "return True;" in + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) { + /* + * No password history for non-user accounts + */ + return true; + } Volker | |||||
2010-01-07 | s3:pdb_set_pw_history: free the old history before setting the new. | Michael Adam | 1 | -0/+1 | |
This is not strictly necessary, since this only leaks into the struct samu, and this is not so long-lived in the code path that changes the password, but it definitely correct and does not harm. Michael | |||||
2010-01-07 | s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the check | Michael Adam | 1 | -3/+3 | |
to enhance readability and denbuggability. Michael | |||||
2009-11-29 | s3: "startsmbfilepwent" only looks at the inode -- is that enough? | Volker Lendecke | 1 | -4/+2 | |
2009-11-29 | s3: Pass the "fake dir create times" parameter to sys_*stat | Volker Lendecke | 1 | -2/+4 | |
Step 0 to restore it as a per-share paramter | |||||
2009-11-19 | s3:pdb_ldap: fix a comment typo | Michael Adam | 1 | -1/+1 | |
Michael | |||||
2009-11-19 | s3: shortcut uid_to_sid when "ldapsam:trusted = yes" | Michael Adam | 1 | -0/+75 | |
The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael | |||||
2009-11-14 | s3:passdb: remove the uid_to_rid method - we only need uid_to_sid | Michael Adam | 3 | -39/+1 | |
Michael | |||||
2009-11-14 | s3:pdb_default_uid_to_sid: fix some debug statements. | Michael Adam | 1 | -3/+3 | |
Michael | |||||
2009-11-13 | s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() | Michael Adam | 1 | -0/+2 | |
not only the persistent idmap cache. Michael | |||||
2009-11-13 | s3:smbd: make idmap cache persistent for "ldapsam:trusted". | Michael Adam | 1 | -0/+4 | |
This stores the mappings found in the idmap cache (which lives inside gencache). This cache is already read in sid_to_Xid() and Xid_to_sid() for ldapsam:trusted, this fills the opposite direction, massively reducing the number of ldap roundtrips across smbd restarts. Michael | |||||
2009-11-13 | Fix large paged search | Volker Lendecke | 1 | -0/+1 | |
Signed-off-by: Michael Adam <obnox@samba.org> | |||||
2009-11-03 | s3: Remove debug_ctx() | Volker Lendecke | 1 | -28/+28 | |
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed. | |||||
2009-11-02 | s3:ldap: don't search when no values where found | Björn Jacke | 1 | -1/+1 | |
2009-10-31 | ѕ3:ldap: search for account policies in objectclass sambaDomain, not * | Björn Jacke | 1 | -1/+6 | |
2009-10-29 | s3-secrets: use autogenerated code for TRUSTED_DOM_PASS struct parsing from ↵ | Günther Deschner | 1 | -220/+36 | |
a tdb. Guenther | |||||
2009-10-28 | s3-passdb: move open_schannel_session_store() to passdb/secrets_schannel.c. | Günther Deschner | 2 | -63/+63 | |
Guenther | |||||
2009-10-28 | s3-passdb: add secrets_delete_generic(). | Günther Deschner | 1 | -0/+16 | |
Guenther | |||||
2009-10-20 | s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw(). | Günther Deschner | 1 | -2/+2 | |
Thanks Volker for the hint. Guenther | |||||
2009-10-20 | s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well. | Günther Deschner | 1 | -0/+1 | |
This is to finally pass RPC-LSA-LOOKUPNAMES test. Guenther | |||||
2009-10-20 | s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames. | Günther Deschner | 1 | -0/+8 | |
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther | |||||
2009-10-15 | Fix valgrind memory leak in bug #6814 - Fixes for problems reported by valgrind | Jeremy Allison | 1 | -0/+1 | |
Jeremy. | |||||
2009-10-13 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -5/+5 | |
2009-10-13 | s3: use enum netr_SchannelType all over the place. | Günther Deschner | 2 | -7/+10 | |
Guenther | |||||
2009-09-21 | s3:secrets_schannel: revert to using version 1 | Stefan Metzmacher | 1 | -3/+9 | |
It doesn't really matter if the entries have invalid context in it. Older versions of samba refuse to open the file if the version doesn't match. If we can't parse individual records, we'll fail schannel binds, but the clients are supposed to reestablish the netlogon secure channel by doing ServerReqChallenge/ServerAuthenticate* again. This will just overwrite the old record. metze | |||||
2009-09-02 | s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user. | Günther Deschner | 1 | -0/+46 | |
Note that this only is tried with editposix=yes. Guenther | |||||
2009-08-27 | s3-schannel: remove remaining code that was using "struct dcinfo". | Günther Deschner | 1 | -167/+0 | |
Guenther | |||||
2009-08-27 | s3-schannel: upgrade old format schannel_store.tdb. | Günther Deschner | 1 | -4/+9 | |
Guenther | |||||
2009-08-27 | s3-schannel: add simple wrappers to fetch and store schannel auth info. | Günther Deschner | 2 | -0/+69 | |
Guenther | |||||
2009-08-27 | s3-schannel: make open_schannel_session_store() public. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-08-03 | s3-pdb_ldap: Make ldapsam_alias_memberships behave like the tdbsam equivalent. | Günther Deschner | 1 | -0/+7 | |
This lets samr_GetAliasMembership return with NT_STATUS_OK when called with 0 sids (just what w2k3 does). Guenther | |||||
2009-07-31 | Rename LOOKUP_NAME_EXPLICIT to LOOKUP_NAME_NO_NSS | Volker Lendecke | 1 | -4/+8 | |
It took me a bit to understand what this flag does. I hope this is a bit clearer, at least it is to me. | |||||
2009-07-29 | s3:passdb: use transaction_wrapped write in tdbsam_new_rid() | Michael Adam | 1 | -1/+2 | |
Now all tdb writes in passdb use transactions. Michael |