[SCM] Samba Shared Repository - branch v3-3-stable updated - release-3-2-0pre2-3816-gdd1357c

Karolin Seeger kseeger at samba.org
Mon Aug 25 13:41:32 GMT 2008


The branch, v3-3-stable has been updated
       via  dd1357cb2ab3957da4be1c7429b604b7d68840a2 (commit)
       via  f6b5a6e819e8f2b21aebe1eedddfac8b03a5ee4a (commit)
       via  457afede50b4a039e1afcfeffbebca20a0f4f4d5 (commit)
       via  39e375d606790f246745b4795a2dbcf8617fbc38 (commit)
      from  07dece84fbff76de2278605e254089b6f7a18163 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable


- Log -----------------------------------------------------------------
commit dd1357cb2ab3957da4be1c7429b604b7d68840a2
Author: Günther Deschner <gd at samba.org>
Date:   Mon Aug 25 13:03:15 2008 +0200

    winbindd: use set_auth_errors() in winbindd_dual_check_machine_acct as well.
    
    Guenther
    (cherry picked from commit bb9c59e892cc9d3047bde89a15cc341e2bd21bc5)
    (cherry picked from commit fba93f94761203163b3e3811fc3fcbeec576d30b)

commit f6b5a6e819e8f2b21aebe1eedddfac8b03a5ee4a
Author: Günther Deschner <gd at samba.org>
Date:   Mon Aug 25 13:15:41 2008 +0200

    winbindd: move set_auth_errors to util functions.
    
    Guenther
    (cherry picked from commit ae3fa60c4546c7420722d8f422c22bbfd623ff5b)
    (cherry picked from commit 84215f1c0ebfc1e613f4255ce9bdf941ae688adb)

commit 457afede50b4a039e1afcfeffbebca20a0f4f4d5
Author: Günther Deschner <gd at samba.org>
Date:   Mon Aug 25 11:36:56 2008 +0200

    auth: Fix build warning.
    
    Guenther
    (cherry picked from commit 4661ef625a6522d6f859b83e3e3702f01d0b952f)
    (cherry picked from commit 60649a74cdf2594bc89c301025f86d23caba91c2)

commit 39e375d606790f246745b4795a2dbcf8617fbc38
Author: Günther Deschner <gd at samba.org>
Date:   Fri Aug 22 00:20:46 2008 +0200

    rpc_server: make it a little more obvious what flags we send to a client.
    
    Guenther
    (cherry picked from commit f3791e03ab09cadb1f54e32e67f4dfb3cf42e708)
    (cherry picked from commit 14e022b95140441850f7ef4bded8ee82deae2d6f)

-----------------------------------------------------------------------

Summary of changes:
 source/auth/pampass.c             |    5 +++--
 source/rpc_server/srv_netlog_nt.c |   11 ++++++++++-
 source/winbindd/winbindd_misc.c   |    5 +----
 source/winbindd/winbindd_pam.c    |   12 ------------
 source/winbindd/winbindd_proto.h  |    1 +
 source/winbindd/winbindd_util.c   |   12 ++++++++++++
 6 files changed, 27 insertions(+), 19 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/pampass.c b/source/auth/pampass.c
index 58921bd..9345eed 100644
--- a/source/auth/pampass.c
+++ b/source/auth/pampass.c
@@ -63,6 +63,7 @@ typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_resp
  *  Macros to help make life easy
  */
 #define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL
+#define COPY_FSTRING(s) (s[0]) ? SMB_STRDUP(s) : NULL
 
 /*******************************************************************
  PAM error handler.
@@ -327,7 +328,7 @@ static int smb_pam_passchange_conv(int num_msg,
 					DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply));
 #endif
 					reply[replies].resp_retcode = PAM_SUCCESS;
-					reply[replies].resp = COPY_STRING(current_reply);
+					reply[replies].resp = COPY_FSTRING(current_reply);
 					found = True;
 					break;
 				}
@@ -355,7 +356,7 @@ static int smb_pam_passchange_conv(int num_msg,
 					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
 					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
 					reply[replies].resp_retcode = PAM_SUCCESS;
-					reply[replies].resp = COPY_STRING(current_reply);
+					reply[replies].resp = COPY_FSTRING(current_reply);
 #ifdef DEBUG_PASSWORD
 					DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
 #endif
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 7ece482..4e211cf 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -521,7 +521,16 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	srv_flgs = 0x000001ff;
+	/* 0x000001ff */
+	srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+		   NETLOGON_NEG_PERSISTENT_SAMREPL |
+		   NETLOGON_NEG_ARCFOUR |
+		   NETLOGON_NEG_PROMOTION_COUNT |
+		   NETLOGON_NEG_CHANGELOG_BDC |
+		   NETLOGON_NEG_FULL_SYNC_REPL |
+		   NETLOGON_NEG_MULTIPLE_SIDS |
+		   NETLOGON_NEG_REDO |
+		   NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
 
 	if (lp_server_schannel() != false) {
 		srv_flgs |= NETLOGON_NEG_SCHANNEL;
diff --git a/source/winbindd/winbindd_misc.c b/source/winbindd/winbindd_misc.c
index 01a4054..50936c0 100644
--- a/source/winbindd/winbindd_misc.c
+++ b/source/winbindd/winbindd_misc.c
@@ -86,10 +86,7 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *do
                   "good" : "bad"));
 
  done:
-	state->response.data.auth.nt_status = NT_STATUS_V(result);
-	fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
-	fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
-	state->response.data.auth.pam_error = nt_status_to_pam(result);
+	set_auth_errors(&state->response, result);
 
 	DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", 
 						state->response.data.auth.nt_status_string));
diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c
index 4beef85..a7911f6 100644
--- a/source/winbindd/winbindd_pam.c
+++ b/source/winbindd/winbindd_pam.c
@@ -381,18 +381,6 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
 	return find_our_domain();
 }
 
-static void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
-{
-	resp->data.auth.nt_status = NT_STATUS_V(result);
-	fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
-
-	/* we might have given a more useful error above */
-	if (*resp->data.auth.error_string == '\0')
-		fstrcpy(resp->data.auth.error_string,
-			get_friendly_nt_error_msg(result));
-	resp->data.auth.pam_error = nt_status_to_pam(result);
-}
-
 static void fill_in_password_policy(struct winbindd_response *r,
 				    const struct samr_DomInfo1 *p)
 {
diff --git a/source/winbindd/winbindd_proto.h b/source/winbindd/winbindd_proto.h
index 0e0db3e..c5b7b07 100644
--- a/source/winbindd/winbindd_proto.h
+++ b/source/winbindd/winbindd_proto.h
@@ -590,6 +590,7 @@ void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
 void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
 void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
 void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
+void set_auth_errors(struct winbindd_response *resp, NTSTATUS result);
 
 /* The following definitions come from winbindd/winbindd_wins.c  */
 
diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index 4668d37..83c5053 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -1544,3 +1544,15 @@ void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain)
 }
 
 #endif /* HAVE_KRB5_LOCATE_PLUGIN_H */
+
+void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
+{
+	resp->data.auth.nt_status = NT_STATUS_V(result);
+	fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
+
+	/* we might have given a more useful error above */
+	if (*resp->data.auth.error_string == '\0')
+		fstrcpy(resp->data.auth.error_string,
+			get_friendly_nt_error_msg(result));
+	resp->data.auth.pam_error = nt_status_to_pam(result);
+}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list