The branch, v3-4-stable has been updated
via 22c2bb5f8db06656e3fc74d3f1ba226c1e5c824c (commit)
via d834a29ac59f3634392b0ab1e39a2b5ca0b527d2 (commit)
via a8e6233b080c80b4fdcc57f0bfd0e1453253fcbb (commit)
via 210cda9cdb7248addd827a8a1f7126cf7e8637ab (commit)
via 9a899b5542dc38b6fc501f6264abcadd2ecbea8a (commit)
via ec864a5b008ba68ec3bffe489fd9776fc133c225 (commit)
from 83f80b73bffc790613b6fdfaf09b29cb0bfbdc33 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit 22c2bb5f8db06656e3fc74d3f1ba226c1e5c824c
Author: Karolin Seeger <ksee...@samba.org>
Date: Thu Sep 3 09:38:00 2009 +0200
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit a0f2336ed6f5adb29d636eb880b0f6cd6cfc70f3)
commit d834a29ac59f3634392b0ab1e39a2b5ca0b527d2
Author: Günther Deschner <g...@samba.org>
Date: Wed Jun 24 00:33:44 2009 +0200
s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.
Note that this only is tried with editposix=yes.
Guenther
(cherry picked from commit 272e389ff63d929fc6b06305e00fa042d71dbec0)
commit a8e6233b080c80b4fdcc57f0bfd0e1453253fcbb
Author: Volker Lendecke <v...@samba.org>
Date: Thu Apr 23 14:23:23 2009 +0200
Fix an uninitialized variable
Fix bug #6684.
(cherry picked from commit b8cd1cff2dfad726cf6dab368dfcc31a29952889)
(cherry picked from commit 050ded0624a49f2ffb53dcd88a93fd1d8c17595e)
commit 210cda9cdb7248addd827a8a1f7126cf7e8637ab
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 30 11:39:41 2009 +0200
s3:libwbclient: Fix bug 6349, initialize domain info struct
(cherry picked from commit e1a50994800ce311925214254c0a471a9f32c1f7)
commit 9a899b5542dc38b6fc501f6264abcadd2ecbea8a
Author: Simo Sorce <i...@samba.org>
Date: Sat Aug 29 19:31:02 2009 -0400
s3-smbpasswd: Fix Bug #6584: allow DOM\user when changing passwords
remotely.
Signed-off-by: Günther Deschner <g...@samba.org>
(cherry picked from commit 8cb103372be4eb3232e5e13b67f63562e5506c7e)
commit ec864a5b008ba68ec3bffe489fd9776fc133c225
Author: Günther Deschner <g...@samba.org>
Date: Tue Sep 1 11:58:05 2009 +0200
wbclient: Fix Bug #6680: always activate handling of large (> 256 byte)
ntlmv2 blobs in wbcAuthenticateUserEx().
Guenther
(cherry picked from commit dadc57b140b4379f9f2f6fafe40332061df4d5a5)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 4 +++
nsswitch/libwbclient/wbc_pam.c | 19 ++++++++++++---
nsswitch/libwbclient/wbc_util.c | 2 +
source3/libnet/libnet_dssync.c | 2 +
source3/libsmb/passchange.c | 19 +++++++++++++--
source3/passdb/pdb_ldap.c | 46 +++++++++++++++++++++++++++++++++++++++
6 files changed, 85 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6c131a8..9dd59f5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -44,6 +44,7 @@ o Yannick Bergeron <burgerg...@hotmail.com>
o Günther Deschner <g...@samba.org>
* BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation.
* BUG 6607: Fix crash bug in spoolss_addprinterex_level_2.
+ * BUG 6680: Fix authentication failure from Windows 7 when domain joined.
o Olaf Flebbe <fle...@nix.science-computing.de>
@@ -372,6 +373,7 @@ o Jeremy Allison <j...@samba.org>
o Günther Deschner <g...@samba.org>
+ * BUG 4296: Clean up group membership while deleting a user.
* BUG 5456: Fix "net ads testjoin".
* BUG 6253: Use correct value for password expiry calculation in
pam_winbind.
@@ -383,6 +385,7 @@ o Günther Deschner <g...@samba.org>
o Volker Lendecke <v...@samba.org>
* BUG 4699: Remove pidfile on clean shutdown.
+ * BUG 6349: Initialize domain info struct.
* BUG 6449: 'net rap user add' crashes without -C option.
@@ -398,6 +401,7 @@ o Andreas Schneider <m...@cynapses.org>
o Simo Sorce <i...@samba.org>
* BUG 6081: Make it possible to change machine account sids.
* BUG 6333: Consolidate create/delete account paths in pdbedit.
+ * BUG 6584: Allow DOM\user when changing passwords remotely.
o Jelmer Vernooij <jel...@samba.org>
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 61ce2a1..422665a 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -423,15 +423,24 @@ wbcErr wbcAuthenticateUserEx(const struct
wbcAuthUserParams *params,
request.data.auth_crap.lm_resp_len =
MIN(params->password.response.lm_length,
sizeof(request.data.auth_crap.lm_resp));
- request.data.auth_crap.nt_resp_len =
- MIN(params->password.response.nt_length,
- sizeof(request.data.auth_crap.nt_resp));
if (params->password.response.lm_data) {
memcpy(request.data.auth_crap.lm_resp,
params->password.response.lm_data,
request.data.auth_crap.lm_resp_len);
}
- if (params->password.response.nt_data) {
+ request.data.auth_crap.nt_resp_len =
params->password.response.nt_length;
+ if (params->password.response.nt_length >
sizeof(request.data.auth_crap.nt_resp)) {
+ request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+ request.extra_len = params->password.response.nt_length;
+ request.extra_data.data = talloc_zero_array(NULL, char,
request.extra_len);
+ if (request.extra_data.data == NULL) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ memcpy(request.extra_data.data,
+ params->password.response.nt_data,
+ request.data.auth_crap.nt_resp_len);
+ } else if (params->password.response.nt_data) {
memcpy(request.data.auth_crap.nt_resp,
params->password.response.nt_data,
request.data.auth_crap.nt_resp_len);
@@ -477,6 +486,8 @@ done:
if (response.extra_data.data)
free(response.extra_data.data);
+ talloc_free(request.extra_data.data);
+
return wbc_status;
}
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index 5c5034e..c39023f 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -262,6 +262,8 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
BAIL_ON_WBC_ERROR(wbc_status);
}
+ ZERO_STRUCTP(info);
+
r = info_string;
/* Short Name */
diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c
index 746b096..ce6ad58 100644
--- a/source3/libnet/libnet_dssync.c
+++ b/source3/libnet/libnet_dssync.c
@@ -667,6 +667,8 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
dn_count = 1;
}
+ status = NT_STATUS_OK;
+
for (count=0; count < dn_count; count++) {
status = libnet_dssync_build_request(mem_ctx, ctx,
dns[count],
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 7f0389f..f3cb9d6 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -31,10 +31,24 @@ NTSTATUS remote_password_change(const char *remote_machine,
const char *user_nam
struct cli_state *cli;
struct rpc_pipe_client *pipe_hnd;
struct sockaddr_storage ss;
+ char *user, *domain, *p;
NTSTATUS result;
bool pass_must_change = False;
+ user = talloc_strdup(talloc_tos(), user_name);
+ SMB_ASSERT(user != NULL);
+ domain = talloc_strdup(talloc_tos(), "");
+ SMB_ASSERT(domain != NULL);
+
+ /* allow usernames of the form domain\\user or domain/user */
+ if ((p = strchr_m(user,'\\')) || (p = strchr_m(user,'/')) ||
+ (p = strchr_m(user,*lp_winbind_separator()))) {
+ *p = 0;
+ domain = user;
+ user = p+1;
+ }
+
*err_str = NULL;
if(!resolve_name( remote_machine, &ss, 0x20)) {
@@ -139,7 +153,7 @@ NTSTATUS remote_password_change(const char *remote_machine,
const char *user_nam
return result;
}
} else {
- result = cli_init_creds(cli, user_name, "", old_passwd);
+ result = cli_init_creds(cli, user, domain, old_passwd);
if (!NT_STATUS_IS_OK(result)) {
cli_shutdown(cli);
return result;
@@ -163,8 +177,7 @@ NTSTATUS remote_password_change(const char *remote_machine,
const char *user_nam
result = cli_rpc_pipe_open_ntlmssp(cli,
&ndr_table_samr.syntax_id,
PIPE_AUTH_LEVEL_PRIVACY,
- "", /* what domain... ? */
- user_name,
+ domain, user,
old_passwd,
&pipe_hnd);
} else {
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index cf4889b..71d4030 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -5187,6 +5187,18 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods
*my_methods,
return NT_STATUS_OK;
}
+static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods,
+ TALLOC_CTX *tmp_ctx,
+ uint32 group_rid,
+ uint32 member_rid);
+
+static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ struct samu *user,
+ DOM_SID **pp_sids,
+ gid_t **pp_gids,
+ size_t *p_num_groups);
+
static NTSTATUS ldapsam_delete_user(struct pdb_methods *my_methods, TALLOC_CTX
*tmp_ctx, struct samu *sam_acct)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates
*)my_methods->private_data;
@@ -5241,6 +5253,40 @@ static NTSTATUS ldapsam_delete_user(struct pdb_methods
*my_methods, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
+ /* try to remove memberships first */
+ {
+ NTSTATUS status;
+ struct dom_sid *sids = NULL;
+ gid_t *gids = NULL;
+ size_t num_groups = 0;
+ int i;
+ uint32_t user_rid = pdb_get_user_rid(sam_acct);
+
+ status = ldapsam_enum_group_memberships(my_methods,
+ tmp_ctx,
+ sam_acct,
+ &sids,
+ &gids,
+ &num_groups);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto delete_dn;
+ }
+
+ for (i=0; i < num_groups; i++) {
+
+ uint32_t group_rid;
+
+ sid_peek_rid(&sids[i], &group_rid);
+
+ ldapsam_del_groupmem(my_methods,
+ tmp_ctx,
+ group_rid,
+ user_rid);
+ }
+ }
+
+ delete_dn:
+
rc = smbldap_delete(ldap_state->smbldap_state, dn);
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
--
Samba Shared Repository
