[PATCH] allow passdb backend to change trusted domain object password with clear text

Andrew Bartlett abartlet at samba.org
Fri Apr 7 20:58:20 UTC 2017

On Fri, 2017-04-07 at 13:22 -0700, Jeremy Allison via samba-technical
> On Fri, Apr 07, 2017 at 11:08:44PM +0300, Alexander Bokovoy wrote:
> > I'll see what I can do there but this code is a copy/paste from
> > another
> > helper we have for NT/LM hash pass-through. Guenther already asked
> > me to
> > consider how I can going these two functions in a common piece that
> > could be called for both cases, so I'll do refactoring for this
> > too.
> Thanks. That other code might be wrong too :-).

Sadly I found during the audit work that the pattern is the standard
way internal IPC is done in source3, so the pattern is repeated often.

When working in this area, please take care regarding the remote_client
address and the local_server address.  We did find cases in Samba where
this was reversed, and the two parameters are easy to swap as they are
the same type.

Additionally, when backporting or forward porting, carefully check the
parameters as we worked to ensure they were consistently ordered, but
that means some function definitions changed. 


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list