Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The test in extract_pw_from_buffer was incorrect: It tested if the
first byte of the new password was 0 (a 1/256 chance for the random
passwords), not if the password was allocated.
Andrew Bartlett
|
|
Guenther
|
|
|
|
functions.
|
|
|
|
|
|
remove some unused functions.
|
|
By random I don't mean 'nice stream of ASCII chars, but pure random
passwords containing invalid UTF16 sequences etc.
Andrew Bartlett
|
|
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
|
|
|
|
UTF-16 input
The input checking is important, as otherwise we could set the wrong
password.
Andrew Bartlett
|
|
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
|
|
middle.
(This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
|
|
(This used to be commit c41bd3005f5f0b9cfd3709fc9217b4a401d265b4)
|
|
Conflicts:
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/makefile.pm
source/heimdal_build/config.mk
source/lib/events/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/registry/config.mk
source/lib/socket_wrapper/config.mk
source/lib/tdb/config.mk
source/lib/tls/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/scripting/ejs/config.mk
source/smbd/process_model.mk
(This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit c46b7e90e347da76156ddcae4866adb88e9fec21)
|
|
(This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6)
|
|
Never install generated prototype files. It's easier to break the
API when using them and they're not easily readable for 3rd party users.
Conflicts:
source/auth/config.mk
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/config_mk.pm
source/build/smb_build/main.pl
source/build/smb_build/makefile.pm
source/dsdb/config.mk
source/lib/charset/config.mk
source/lib/tdr/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/torture/config.mk
(This used to be commit 6c659689ed4081f1d7a6253c538c7f01784197ba)
|
|
(This used to be commit 89f7c74924965071981bbe7e05ff69847b0a3a03)
|
|
(This used to be commit a1715b1f48ba44bd94844418cc9299649aaf1a5e)
|
|
(This used to be commit 47d05ecf6fef66c90994f666b8c63e2e7b5a6cd8)
|
|
(This used to be commit e886f1bc0dc694971979716d1991535c7d2e08de)
|
|
(This used to be commit a07050be33d9c8e8033063b393162884075fa2af)
|
|
(This used to be commit d37136b7abfbba75ef2e5ab855eb3382b9648b8c)
|
|
(This used to be commit f6420d933b5b011d428974f3a2a57edf19e6f482)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
documentation.
Andrew Bartlett
(This used to be commit 6679003c0553804333f0090a91e1fe53837ceb47)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
metze
(This used to be commit e788709835fa13b512fbf38951c9d0ca9bc3df18)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
Andrew Bartlett
(This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
|
|
fix RPC-LSA on AIX.
(This used to be commit 6cce709d08579f4e00b44b692332a557b0ea3b86)
|
|
took a _LONG_ time to find.
The problem was that when encoding/decoding password buffers we use
the pull/push string functions, which by default align unicode
strings. But on solaris sparc the buffer is not aligned always (its a
stack variable, an array of uint8_t). That perfectly OK in C, so we
just tell the pull/push functions not to auto-align.
(This used to be commit bb7835eced00607eb6b1725be6d96a6dcb842049)
|
|
always at it as first private dependencies
metze
(This used to be commit 135d096776b53ae09ffc2b4f767dfbd18139570f)
|
|
happier now
(This used to be commit 18542f184f75074e56a9793a9e3b6c6d747bb9e6)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
metze
(This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
|
|
(This used to be commit 8a7047c102cdbcf746dcdf8a52554816b7770026)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
(This used to be commit 7146c1600f29c349e5bb78f810e7e170b535dd37)
|
|
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
|
- build gensec_ntlmssp always static for now, because torture/auth/ntlmssp.c
needs to access functions from it
metze
(This used to be commit 43733c9556c1c92336780206e3f71bdee6e43eee)
|
|
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
|