Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit dd3fbd93b6e5fe8b5e3a3727a64a38d5ae46fcbf)
|
|
Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally.
Jeremy.
(This used to be commit 9369d6e907a49da1fbf2a5690118412b8d1a0383)
|
|
One lp_private_dir() has to be used instead of get_dyn_PRIVATE_DIR()
to determine the location of the passdb.tdb.
I noticed this when running make test as a "normal user" from a
build, where I had done "make install" as root before, and so
the passdb.tdb could not be accessed during the startup phase
"CREATE TEST ENVIRONMENT IN ./st ..." in selftest.sh.
Michael
(This used to be commit 1f96389afa7250af7393489fb538b8aed93d815c)
|
|
Jerry, as part of d6cdbfd87 the default location of passdb.tdb has changed from
the private directory to the state directory. I think because passdb.tdb holds
the password hashes, it is reasonable to keep this next to the smbpasswd file.
Please review and potentially push.
Thanks,
Volker
(This used to be commit c9c7607c402c0a9df9796c767b689d207d67d8e4)
|
|
(This used to be commit 476d3abf9c6142d99822212141fc3d843aca4798)
|
|
(This used to be commit 9e80b969fb40766de2c9b1a05d16bf4d4c6e46f7)
|
|
(This used to be commit 84af4fb65677cf137f14f57c8820c77c9d006d89)
|
|
(This used to be commit 02f0b0bd393bd942fc934f251bd6afed8e5424b0)
|
|
(This used to be commit 4baf36784f6496121a6863af0283821785eb0cf1)
|
|
All callers are replaced by Get_Pwnam_alloc
(This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
|
|
Guenther
(This used to be commit 6ccbf67a0c6f117978df55d4e2565d34fddf9317)
|
|
Michael
(This used to be commit 0a9874c1c76c0ccc71caba7ee85a0ee1a91808c5)
|
|
This is a regession introduced by f7efc0eca9426e63b751c07a90265a12bb39cf95.
This calls pdb_get_trusteddom_pw() instead, again.
Michael
(This used to be commit 91be824d2ba0b8dccf42ba2b8555a204aa1fa56c)
|
|
This patch is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit f7efc0eca9426e63b751c07a90265a12bb39cf95)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
|
|
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
|
|
lookupnames."
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380.
(This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
|
|
Michael
(This used to be commit b2e12365b56f24586a7dfcb845f4de51f0b0e7d5)
|
|
Michael
(This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
|
|
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
(This used to be commit 4562342eb84e6fdcec15d8b7ae83aa146aabe2b7)
|
|
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
(This used to be commit 91da12b751b3168dc40049f3e90c10d840393efc)
|
|
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
|
|
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
(This used to be commit 4788fe392427901f6b1c505e3a743136ac8a91ca)
|
|
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
|
|
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.
Michael
(This used to be commit 9c24713b402978e74dc8691be5cab71d8666eb41)
|
|
Jeremy, this small "&" sign has given me a headache... :-)
Michael
(This used to be commit 7590b12a994cc3c5f299ce7f3299c76adad1c599)
|
|
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
than expect a pstring space to put data into.
Fix the (few) callers.
Jeremy.
(This used to be commit 7722a7d2c63f84b8105aa775b39f0ceedd4ed513)
|
|
Don't use pstr_sprintf() on an fstring - change to talloc.
Jeremy.
(This used to be commit 6cae4b5fa1bcb848cb2a28daaafeefd6bcd08274)
|
|
changed from BOOL to bool.
Michael
(This used to be commit 03673f2cd614526e7720275a5ba0869c68429f4d)
|
|
(This used to be commit 8bcd2df841bae63e7d58c35d4728b7d853471697)
|
|
Fix bug 5056, thanks to debian package maintainer
(This used to be commit 5b4ba4bfc54e2fa468abe15383e5b33eb5bd1324)
|
|
return malloced strings.
Jeremy.
(This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
|
|
Jeremy.
(This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
|
|
from pdb_ldap.c. I don't have an LDAP passdb setup here,
so I'm going to need some help on testing this.
Jeremy.
(This used to be commit 00760451b6c2b65f3a8a9187789ca4f270b622a2)
|
|
metze
(This used to be commit fc98c1904865608509a01911afa46de74873ef41)
|
|
(This used to be commit 5490e2d77233f594a42cb32eda8215014db544e3)
|
|
The point is doing the following associations:
- non discardable state data (all TDB files that may need to be backed
up) go to statedir
- shared data (codepage stuff) go to codepagedir
The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.
The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875bb2653e831d314726c3240beb0a96b)
|
|
<ying.li2@hp.com>.
We aren't currently leaking memory, but are leaving it around for
longer than we need to.
Jeremy.
(This used to be commit 25bbc9a6613bef0f3f73ecf634a38a9d56020f40)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
using the "lanman auth = no". Tested by Guenter Kukkukk.
(This used to be commit 611fdd95a583ebd22ffa17e2f39c5a1bb0936c63)
|
|
string.
Jeremy.
(This used to be commit fe30a523dfc77cc373145624246fd3ad5c62b9ac)
|
|
passdb backend = ldapsam.
Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.
Michael
(This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
|
|
(for passdb backen = ldapsam). At a first step, add the hooks,
calling the secrets_ functions.
Michael
(This used to be commit 9c03cdf3a449149c50451a44deb420341e65af34)
|
|
These red bars in vi really hurt my eyes... :-o
Michael
(This used to be commit 2e99e141c3254fe072756697b8db3cbd4e4f1db4)
|