summaryrefslogtreecommitdiff
path: root/source3/passdb/secrets.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-41/+0
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20644: Make some functions static, thanks to Michael Adam <ma@sernet.de> ↵Volker Lendecke1-3/+3
for the hint. (This used to be commit f1f5d035db067b85e55b1c4009407b47dedcf975)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-0/+42
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r18654: Rename "struct uuid" => "struct GUID" for consistency.Jelmer Vernooij1-8/+8
(This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-21/+172
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16197: Fix Klocwork id 1338Volker Lendecke1-2/+3
(This used to be commit 963ae5bd144b90e71331a88029698a1a6dc52190)
2007-10-10r16076: Fix for machine password timeout overflow from Shlomi YaakobovichJeremy Allison1-1/+1
<Shlomi@exanet.com>. Jeremy. (This used to be commit 5cd234a1fff1e9d025eea6600649e56c997eafc2)
2007-10-10r15888: Fix bug #3804 from jason@ncac.gwu.eduJeremy Allison1-2/+2
Invalid comparisons. Jeremy. (This used to be commit 9890a31c5f4a8911b0f56eee67cfbcc46f15ee43)
2007-10-10r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring ↵Volker Lendecke1-2/+2
does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
2007-10-10r14103: Fix a memleak found by valgrind (!!)Volker Lendecke1-0/+1
(This used to be commit b880602c4c1b13fbb5931b8e00c22209a722e0d5)
2007-10-10r14102: Fix Coverity bug # 70Volker Lendecke1-0/+4
(This used to be commit 56dc19879c6514cbdd0b1fd186c8bdeb61bf151a)
2007-10-10r14088: Fix Coverity bug #20. Don't deref possible null.Jeremy Allison1-6/+9
Jeremy. (This used to be commit 7f3ace5481e55ef845da28b9c0613a2ea0de0de4)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-11/+11
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13548: Always use the get_remote_macinhe_name() as the keyJeremy Allison1-2/+4
for the creds store. This should fix the problems Jerry reported (but I have still to run tests :-). Jeremy. (This used to be commit 43f095a38d66caa774d80fe32e1b96ec25dd1f07)
2007-10-10r13542: Don't reuse a pointer we just freed (Doh!).Jeremy Allison1-2/+2
Jeremy. (This used to be commit e755155b0e665cb6d10c28fe7fc6c1f6699d18e6)
2007-10-10r13538: Make sure we store all 16 bytes of credentials sessionJeremy Allison1-5/+6
key and delete records that are old. We will need this for the full 16 byte session key support. Jeremy. (This used to be commit cef240d571f9ba1cdf596cd4cab4ec0790f943a0)
2007-10-10r13519: Fix the credentials chaining across netlogon pipe disconnects.Jeremy Allison1-4/+10
I mean it this time :-). Jeremy. (This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
2007-10-10r13407: Change the credentials code to be more like the Samba4 structure,Jeremy Allison1-0/+1
makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-101/+63
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13310: first round of server affinity patches for winbindd & net ads joinGerald Carter1-29/+0
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
2007-10-10r13190: Fix #3458 from Andriy Gapon <avg@icyb.net.ua>. Don'tJeremy Allison1-1/+1
access free'd memory. Jerry please pick up for 3.0.21b ! Jeremy. (This used to be commit c0ba64297a00d75cd537693425c6b544e70578c1)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-1/+1
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r12043: It's amazing the warnings you find when compiling on a 64-bitJeremy Allison1-11/+9
box with gcc4 and -O6... Fix a bunch of C99 dereferencing type-punned pointer will break strict-aliasing rules errors. Also added prs_int32 (not uint32...) as it's needed in one place. Find places where prs_uint32 was being used to marshall/unmarshall a time_t (a big no no on 64-bits). More warning fixes to come. Thanks to Volker for nudging me to compile like this. Jeremy. (This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c)
2007-10-10r10792: Fix the "schannel not stored across client disconnects" problem.Jeremy Allison1-0/+209
Based on the Samba4 solution - stores data in $samba/private/schannel_store.tdb. This tdb is not left open but open and closed on demand. Jeremy. (This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
2007-10-10r10658: It's so nice to have CVSIN to blame for this kind of bugs :-)Volker Lendecke1-1/+1
Volker (This used to be commit cf06a090a3fe6ed1f769aa9744637833bdc3b7d0)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-7/+59
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-0/+65
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6595: This is Volkers new-talloc patch. Just got the go-ahead fromJeremy Allison1-1/+2
Volker to commit. Woo Hoo ! Jeremy. (This used to be commit 316df944a456f150944761dab34add5e8c4ab699)
2007-10-10r5767: Get rid of some compiler warningsVolker Lendecke1-14/+5
(This used to be commit 66471de977a56cbe58921f61da28cc7dcbc6e93e)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-5/+5
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3948: Fix incorrect declaration. Bug #2083.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 05b905a28f349a2741e0963e41ad624a8f0b9fb8)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-31/+29
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-13/+13
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-02-08When we set a domain sid, force get_global_sam_sid() to do it's work again.Andrew Bartlett1-1/+7
This should ensure that the value it returns is always consistant. Andrew Bartlett (This used to be commit a4392ede33019b7584bf6a2d8445adb5191e640f)
2004-01-07Don't duplicate pulling the 'IPC' username from secrets.tdb, insteadAndrew Bartlett1-1/+39
just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+53
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-4/+4
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-07-19Fix memleakVolker Lendecke1-3/+3
(This used to be commit defc71d4cb9bb1efcb39157bad2806f73b3cc3f5)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-12/+12
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-01Different fix for memleak just committed. This belongs intoVolker Lendecke1-2/+0
tdb_search_list_free. Volker (This used to be commit 0f3822c8e71426983b960ad49511efa8707159f9)
2003-07-01Fix two memory leaks. tdb_search_keys allocates space for the keyVolker Lendecke1-0/+2
strings. Running 'net cache list' or secrets_get_trusted_domains through valgrind gives a *huge* amount of invalid reads of one byte beyond the indicated string length in libc's strncpy. Annoying... Volker (This used to be commit 0f8933ae778064ff58cdc832ce52c843631435bb)
2003-06-25large change:Gerald Carter1-2/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-21Fix memory leak. secrets_fetch allocates memory.Volker Lendecke1-0/+2
Volker (This used to be commit 2ec8d1ff88d3984a317a4a53ca3a299e8a68a9d7)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-04-22Merge mimir's trusted domain code from HEAD -> 3.0, plus some memoryAndrew Bartlett1-37/+55
leak fixes. (secrets.c portion) Andrew Bartlett (This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-12/+90
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-03-17Merge from HEAD - make winbindd locking sane again:Andrew Bartlett1-18/+2
Original message: This patch attemptes to clean up winbindd's mutex locking. The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
2003-02-01Merge of signed/unsigned fixes from HEAD.Andrew Bartlett1-2/+2
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-8/+24
Jeremy. (This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
2003-01-14Merge indirection, signed/unsigned and uninitialiased-value fixes from HEAD.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 2a1adb8f81d8966e8919fffb9b4c69f3e6acd44f)