The branch, v3-3-stable has been updated via dd1357cb2ab3957da4be1c7429b604b7d68840a2 (commit) via f6b5a6e819e8f2b21aebe1eedddfac8b03a5ee4a (commit) via 457afede50b4a039e1afcfeffbebca20a0f4f4d5 (commit) via 39e375d606790f246745b4795a2dbcf8617fbc38 (commit) from 07dece84fbff76de2278605e254089b6f7a18163 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log ----------------------------------------------------------------- commit dd1357cb2ab3957da4be1c7429b604b7d68840a2 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Mon Aug 25 13:03:15 2008 +0200 winbindd: use set_auth_errors() in winbindd_dual_check_machine_acct as well. Guenther (cherry picked from commit bb9c59e892cc9d3047bde89a15cc341e2bd21bc5) (cherry picked from commit fba93f94761203163b3e3811fc3fcbeec576d30b) commit f6b5a6e819e8f2b21aebe1eedddfac8b03a5ee4a Author: Günther Deschner <[EMAIL PROTECTED]> Date: Mon Aug 25 13:15:41 2008 +0200 winbindd: move set_auth_errors to util functions. Guenther (cherry picked from commit ae3fa60c4546c7420722d8f422c22bbfd623ff5b) (cherry picked from commit 84215f1c0ebfc1e613f4255ce9bdf941ae688adb) commit 457afede50b4a039e1afcfeffbebca20a0f4f4d5 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Mon Aug 25 11:36:56 2008 +0200 auth: Fix build warning. Guenther (cherry picked from commit 4661ef625a6522d6f859b83e3e3702f01d0b952f) (cherry picked from commit 60649a74cdf2594bc89c301025f86d23caba91c2) commit 39e375d606790f246745b4795a2dbcf8617fbc38 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Fri Aug 22 00:20:46 2008 +0200 rpc_server: make it a little more obvious what flags we send to a client. Guenther (cherry picked from commit f3791e03ab09cadb1f54e32e67f4dfb3cf42e708) (cherry picked from commit 14e022b95140441850f7ef4bded8ee82deae2d6f) ----------------------------------------------------------------------- Summary of changes: source/auth/pampass.c | 5 +++-- source/rpc_server/srv_netlog_nt.c | 11 ++++++++++- source/winbindd/winbindd_misc.c | 5 +---- source/winbindd/winbindd_pam.c | 12 ------------ source/winbindd/winbindd_proto.h | 1 + source/winbindd/winbindd_util.c | 12 ++++++++++++ 6 files changed, 27 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/pampass.c b/source/auth/pampass.c index 58921bd..9345eed 100644 --- a/source/auth/pampass.c +++ b/source/auth/pampass.c @@ -63,6 +63,7 @@ typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_resp * Macros to help make life easy */ #define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL +#define COPY_FSTRING(s) (s[0]) ? SMB_STRDUP(s) : NULL /******************************************************************* PAM error handler. @@ -327,7 +328,7 @@ static int smb_pam_passchange_conv(int num_msg, DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply)); #endif reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING(current_reply); + reply[replies].resp = COPY_FSTRING(current_reply); found = True; break; } @@ -355,7 +356,7 @@ static int smb_pam_passchange_conv(int num_msg, DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply)); pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword); reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING(current_reply); + reply[replies].resp = COPY_FSTRING(current_reply); #ifdef DEBUG_PASSWORD DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply)); #endif diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 7ece482..4e211cf 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -521,7 +521,16 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - srv_flgs = 0x000001ff; + /* 0x000001ff */ + srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; if (lp_server_schannel() != false) { srv_flgs |= NETLOGON_NEG_SCHANNEL; diff --git a/source/winbindd/winbindd_misc.c b/source/winbindd/winbindd_misc.c index 01a4054..50936c0 100644 --- a/source/winbindd/winbindd_misc.c +++ b/source/winbindd/winbindd_misc.c @@ -86,10 +86,7 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *do "good" : "bad")); done: - state->response.data.auth.nt_status = NT_STATUS_V(result); - fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); - state->response.data.auth.pam_error = nt_status_to_pam(result); + set_auth_errors(&state->response, result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", state->response.data.auth.nt_status_string)); diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c index 4beef85..a7911f6 100644 --- a/source/winbindd/winbindd_pam.c +++ b/source/winbindd/winbindd_pam.c @@ -381,18 +381,6 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state, return find_our_domain(); } -static void set_auth_errors(struct winbindd_response *resp, NTSTATUS result) -{ - resp->data.auth.nt_status = NT_STATUS_V(result); - fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result)); - - /* we might have given a more useful error above */ - if (*resp->data.auth.error_string == '\0') - fstrcpy(resp->data.auth.error_string, - get_friendly_nt_error_msg(result)); - resp->data.auth.pam_error = nt_status_to_pam(result); -} - static void fill_in_password_policy(struct winbindd_response *r, const struct samr_DomInfo1 *p) { diff --git a/source/winbindd/winbindd_proto.h b/source/winbindd/winbindd_proto.h index 0e0db3e..c5b7b07 100644 --- a/source/winbindd/winbindd_proto.h +++ b/source/winbindd/winbindd_proto.h @@ -590,6 +590,7 @@ void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain); void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain); void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain); void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain); +void set_auth_errors(struct winbindd_response *resp, NTSTATUS result); /* The following definitions come from winbindd/winbindd_wins.c */ diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c index 4668d37..83c5053 100644 --- a/source/winbindd/winbindd_util.c +++ b/source/winbindd/winbindd_util.c @@ -1544,3 +1544,15 @@ void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain) } #endif /* HAVE_KRB5_LOCATE_PLUGIN_H */ + +void set_auth_errors(struct winbindd_response *resp, NTSTATUS result) +{ + resp->data.auth.nt_status = NT_STATUS_V(result); + fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result)); + + /* we might have given a more useful error above */ + if (*resp->data.auth.error_string == '\0') + fstrcpy(resp->data.auth.error_string, + get_friendly_nt_error_msg(result)); + resp->data.auth.pam_error = nt_status_to_pam(result); +} -- Samba Shared Repository