[PATCH] allow passdb backend to change trusted domain object password with clear text
Andrew Bartlett
abartlet at samba.org
Fri Apr 7 20:58:20 UTC 2017
On Fri, 2017-04-07 at 13:22 -0700, Jeremy Allison via samba-technical
wrote:
> On Fri, Apr 07, 2017 at 11:08:44PM +0300, Alexander Bokovoy wrote:
>
> > I'll see what I can do there but this code is a copy/paste from
> > another
> > helper we have for NT/LM hash pass-through. Guenther already asked
> > me to
> > consider how I can going these two functions in a common piece that
> > could be called for both cases, so I'll do refactoring for this
> > too.
>
> Thanks. That other code might be wrong too :-).
Sadly I found during the audit work that the pattern is the standard
way internal IPC is done in source3, so the pattern is repeated often.
When working in this area, please take care regarding the remote_client
address and the local_server address. We did find cases in Samba where
this was reversed, and the two parameters are easy to swap as they are
the same type.
Additionally, when backporting or forward porting, carefully check the
parameters as we worked to ensure they were consistently ordered, but
that means some function definitions changed.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list