| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2008-10-22 | s3-samr-server: fix access check in _samr_QuerySecurity(). | Günther Deschner | 1 | -1/+1 | |
| Guenther | |||||
| 2008-10-22 | s3-build: fix the build. | Günther Deschner | 1 | -2/+2 | |
| Guenther | |||||
| 2008-10-22 | Fix net rpc vampire, based on an *amazing* piece of debugging work by ↵ | Jeremy Allison | 5 | -45/+50 | |
| "Cooper S. Blake" <the_analogkid@yahoo.com>. "I believe I have found two bugs in the 3.2 code and one bug that carried on to the 3.3 branch. In the 3.2 code, everything is located in the utils/net_rpc_samsync.c file. What I believe is the first problem is that fetch_database() is calling samsync_fix_delta_array() with rid_crypt set to true, which means the password hashes are unencrypted from the RID encryption. However, I believe this call is redundant, and the corresponding call for samdump has rid_crypt set to false. So I think the rid_crypt param should be false in fetch_database(). If you follow the code, it makes its way to sam_account_from_delta() where the password hashes are decrypted a second time by calling sam_pwd_hash(). I believe this is what is scrambling my passwords. These methods were refactored somewhere in the 3.3 branch. Now the net_rpc_samsync.c class calls rpc_vampire_internals, which calls libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with rid_crypt always set to false. I think that's correct. But the second bug has carried through in the sam_account_from_delta() function: 208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { 209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); 210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); 211 } 212 213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { 214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); 215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); If you look closely you'll see that the nt hash is going into the lm_passwd variable and the decrypted value is being set in the lanman hash, and the lanman hash is being decrypted and put into the nt hash field. So the LanMan and NT hashes look like they're being put in the opposite fields." Fix this by removing the rid_crypt parameter. Jeremy. | |||||
| 2008-10-22 | s3-asn1: make all of s3 asn1 code do a proper asn1_init() first. | Günther Deschner | 7 | -408/+494 | |
| Guenther | |||||
| 2008-10-22 | s3-asn1/spnego: use OIDs including dots. | Günther Deschner | 1 | -4/+4 | |
| Guenther | |||||
| 2008-10-22 | s3: use shared asn1 code. | Günther Deschner | 13 | -743/+57 | |
| Guenther | |||||
| 2008-10-22 | s3-spnego: move spnego defines to spnego.h | Günther Deschner | 2 | -17/+17 | |
| Guenther | |||||
| 2008-10-22 | Slightly simplify reply_sesssetup_blob(): Remove an else branch | Volker Lendecke | 1 | -10/+11 | |
| 2008-10-22 | Don't push the data out to the client in reply_sesssetup_blob() | Volker Lendecke | 1 | -4/+0 | |
| Sending the data at this level breaks the assumption at higher levels that req->outbuf == NULL means this request is deferred. It also breaks potential chaining (Kerberos session setup and tcon X in one request) | |||||
| 2008-10-22 | Remove unused header file. | Jelmer Vernooij | 1 | -3/+0 | |
| 2008-10-22 | Fix a debug message in send_nt_replies() | Volker Lendecke | 1 | -3/+6 | |
| 2008-10-22 | Fix bug 5840: Segfault in "rpcclient lsaaddacctrights" | Volker Lendecke | 1 | -1/+1 | |
| 2008-10-22 | Use standard types. | Jelmer Vernooij | 2 | -24/+24 | |
| 2008-10-21 | Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles. | Jeremy Allison | 4 | -16/+71 | |
| Jeremy. | |||||
| 2008-10-21 | Don't include a (relative path) srcdir in samba4-data.mk. | Jelmer Vernooij | 3 | -6/+8 | |
| 2008-10-21 | Allow running individual tests in the testsuite, normalize test names, fix ↵ | Jelmer Vernooij | 2 | -6/+13 | |
| some tests. | |||||
| 2008-10-21 | Use socket wrapper for selftest.pl, find binaries correctly. | Jelmer Vernooij | 3 | -2/+34 | |
| 2008-10-21 | Specify skip list to selftest.pl, make make target depend on test | Jelmer Vernooij | 4 | -3/+6 | |
| binaries. | |||||
| 2008-10-21 | Correctly report when merged-build is used in developer mode. | Jelmer Vernooij | 1 | -0/+1 | |
| 2008-10-21 | Merge branch 'selftest' of git://git.samba.org/jelmer/samba | Jelmer Vernooij | 6 | -0/+55 | |
| 2008-10-21 | Silence undefined variable warnings. | Jelmer Vernooij | 1 | -0/+4 | |
| 2008-10-21 | Automatically enable merged build (for more complete 'make test') when ↵ | Jelmer Vernooij | 1 | -1/+4 | |
| possible during developer builds. | |||||
| 2008-10-21 | Remove duplicate searching of Samba 4 directory for tags. | Jelmer Vernooij | 1 | -8/+0 | |
| 2008-10-21 | Fix two trivial typos | Volker Lendecke | 1 | -2/+2 | |
| 2008-10-21 | Create a function out of pam_sm_close_session to delete the credentials. | Andreas Schneider | 1 | -120/+135 | |
| This is the way the creds should be deleted. Now we have back a close_session function which can be used for other things. | |||||
| 2008-10-21 | Delete the krb5 ccname variable from the PAM environment if set. | Andreas Schneider | 1 | -0/+8 | |
| If winbind sets the KRB5CCNAME variable it should unset it when the cache gets destroyed. | |||||
| 2008-10-21 | Set the right return value if wbc_status is set to an error. | Andreas Schneider | 1 | -0/+5 | |
| 2008-10-21 | s3-build: fix the build. | Günther Deschner | 1 | -2/+2 | |
| Guenther | |||||
| 2008-10-21 | s3-lsa-server: fix _lsa_GetUserName. | Günther Deschner | 2 | -9/+23 | |
| Guenther | |||||
| 2008-10-20 | Remove the requirement for ldap call made as root. Add in security | Jeremy Allison | 2 | -11/+63 | |
| checks for all SAMR calls. Jeremy. | |||||
| 2008-10-20 | Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba | Jeremy Allison | 18 | -1674/+224 | |
| 2008-10-20 | Fix warnings. | Jeremy Allison | 5 | -32/+34 | |
| Jeremy. | |||||
| 2008-10-20 | s3-rpcclient: fix cmd_lsa build. | Günther Deschner | 1 | -3/+1 | |
| Guenther | |||||
| 2008-10-20 | s3-build: re-run make samba3-idl. | Günther Deschner | 5 | -63/+131 | |
| Guenther | |||||
| 2008-10-20 | idl: merge from s4 lsa.idl to s3. | Günther Deschner | 1 | -20/+40 | |
| Guenther | |||||
| 2008-10-20 | Merge branch 'master' of git://git.samba.org/samba | Jelmer Vernooij | 9 | -8/+12 | |
| Conflicts: source3/include/proto.h | |||||
| 2008-10-20 | Add source4/ to include path because librpc/gen_ndr is still in source?/ | Jelmer Vernooij | 2 | -1/+2 | |
| 2008-10-20 | Fix a valgrind error in idmap_ad_sids_to_unixids() | Volker Lendecke | 1 | -0/+2 | |
| We need to initialize all mappings in case we don't find anything. Simo, please check! Volker | |||||
| 2008-10-20 | s3-samr-server: be consistent when reporting we do password complexity. | Günther Deschner | 1 | -0/+4 | |
| Guenther | |||||
| 2008-10-20 | Add missing prototypes for samba3-specific libndr/util.c | Jelmer Vernooij | 1 | -1/+10 | |
| 2008-10-20 | s3-build: no need to duplicate generated ndr_ prototypes. | Günther Deschner | 4 | -1298/+3 | |
| Guenther | |||||
| 2008-10-20 | s3-build: no need to duplicate generated srv_ prototypes. | Günther Deschner | 5 | -73/+3 | |
| Guenther | |||||
| 2008-10-20 | Include generated header files rather than using manually written | Jelmer Vernooij | 1 | -1577/+32 | |
| prototypes. | |||||
| 2008-10-20 | Remove unused macro CONST_ADD. | Jelmer Vernooij | 1 | -1/+0 | |
| 2008-10-20 | Remove unused define for crypt (now in libreplace). | Jelmer Vernooij | 1 | -4/+0 | |
| 2008-10-20 | Add missing asn1 object. | Jelmer Vernooij | 1 | -1/+1 | |
| 2008-10-20 | Use tables in Samba 3 ndrdump. | Jelmer Vernooij | 2 | -2/+93 | |
| 2008-10-20 | Also build all other Samba 4 binaries during merged build. | Jelmer Vernooij | 1 | -3/+2 | |
| 2008-10-20 | Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypt | Jelmer Vernooij | 5 | -144/+140 | |
| 2008-10-20 | Regenerate pidl output. | Jelmer Vernooij | 7 | -93/+14 | |
 |
index : samba | |
| Unnamed repository; edit this file 'description' to name the repository. | ben |
| summaryrefslogtreecommitdiff |