summaryrefslogtreecommitdiff
path: root/source3/passdb/secrets.c
AgeCommit message (Collapse)AuthorFilesLines
2004-02-08(merge from 3.0)Andrew Bartlett1-1/+7
When we set a domain sid, force get_global_sam_sid() to do it's work again. This should ensure that the value it returns is always consistant. Andrew Bartlett (This used to be commit fb13c61d4eee943e44632a0d1ba57b19602d67a4)
2004-01-15Remove unused function.Rafal Szczesniak1-13/+0
rafal (This used to be commit 2d2c36cc3f691f31506fbd97e74cf225a2ef85c5)
2004-01-14Comment and formatting fix.Rafal Szczesniak1-2/+3
rafal (This used to be commit 336720416abd1f6d62f9a6748ae6a0454976c9d4)
2004-01-13sync HEAD with recent changes in 3.0Gerald Carter1-0/+38
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
2003-10-30First round of merging various UUID structures.Jim McDonough1-11/+10
This eliminates RPC_UUID. It creates the following struct: struct uuid { uint32 time_low; uint16 time_mid; uint16 time_hi_and_version; uint8 clock_seq[2]; uint8 node[6]; }; which replaces RPC_UUID and various random struct uuid definitions and a flat version: #define UUID_FLAT_SIZE 16 typedef struct uuid_flat { uint8 info[UUID_FLAT_SIZE]; } UUID_FLAT; which pretty much looks like GUID (which I will start eliminating). I want us to use the FLAT one only on the wire (perhaps in files, too?), and I want it to be obvious to the coder that it is the FLAT version. This leaves a couple of compiler warnings, where GUID isn't completely replaced by FLAT_UUID yet...I'll get to those soon. (This used to be commit 1532b5d2e3c61df232b16394acedf6eac387588b)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-4/+57
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-3/+3
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-16/+17
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-04-28Merge memory leak fixes in our trusted domain list from 3.0 to HEADAndrew Bartlett1-7/+11
(This used to be commit c7f06f3a480feb1c7b1a44d16c05e1c238800b15)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett1-12/+90
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-04-06Don't bail if we have a badly formed record, just move on to the next one.Andrew Bartlett1-1/+1
(This used to be commit febd966b10b23238c93444256b8ad30b50b20ef8)
2003-03-17Fix invalid SAFE_FREE() of talloc()ed memory.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 21add5f97d0d112094e34a02e6319991a1d2af4d)
2003-03-14Fresh meat in trusted domains code:Rafal Szczesniak1-30/+47
- packing/unpacking utility functions for trusted domain password struct; can be used to prepare buffer to store in secrets.tdb or (soon) passdb backend - similiar functions for DOM_SID - respectively modified secrets_(fetch|store) routines - new auth mapping code utilising introduced is_trusted_domain function - added tdb (un)packing of single bytes Rafal (This used to be commit 5281ee7e84421b9be746aed2f1718ceaf2a2fe3d)
2003-03-11This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett1-23/+7
The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
2003-02-01A couple more signed/unsigned issues.Andrew Bartlett1-2/+2
(This used to be commit 01d78b828b89f04b70b53ded01a7f4b356979317)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-8/+24
Jeremy. (This used to be commit 3d04872499332ef2d8e7479b924afc8fc1ac29d7)
2003-01-13Always initialise this variable - and don't set the 'must change now' if it wasAndrew Bartlett1-0/+1
last changed at '0'. We need to actually change this password sometime... Andrew Bartlett (This used to be commit 740bf439d2d1512127c873cf0e57697161d6566b)
2003-01-02BIG patch...Andrew Bartlett1-1/+1
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-12merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+30
server = DC1 * (This used to be commit 6b18ca9511ddcf1718f222af3f61491d1e5f3b60)
2002-11-07Merge of scalable printing code fix... Needs testing.Jeremy Allison1-6/+9
Also tidied up some of Richard's code (I don't think he uses the compiler flags -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual like I do :-) :-). Jeremy. (This used to be commit 10024ed06e9d91f24fdc78d59eef2f76bf395438)
2002-10-04Add a timeout to tdb_lock_bystring(). Ensure we never have more thanJeremy Allison1-49/+11
MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit bb58a08af459b4abae9d53ab98c15f40638ce52b)
2002-09-28Add const.Andrew Bartlett1-1/+1
(This used to be commit f7dd66e88dba947a167d9a14c96810854dfc5c9d)
2002-09-27Minor updates:Andrew Bartlett1-4/+4
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as *only* trying an old-style join. This means that we can rely on it not prompting for a password on the build farm. Andrew Bartlett (This used to be commit 31bdbeef0ea6f30247cd3b30cfea57b34102abe6)
2002-09-18We had a race condition when changing a machine acount password as weJeremy Allison1-1/+21
were no longer locking the secrets entry. I saw this on a live system. Jeremy. (This used to be commit 660dafcbb2d1029831212a32d995891626a0344c)
2002-09-17Never, *ever* hold a mutex lock in the message database where there mayJeremy Allison1-0/+66
be traversals being attempted. Yes, this was from bitter experience (and an out of control server :-). Also allow callers to break out of a tdb_chainlock with sigalarm if desired. Jeremy. (This used to be commit a7781f91d8c1177210bffc199cd2f3b7ff993eaf)
2002-09-17more const cleanupsAndrew Tridgell1-3/+3
(This used to be commit dfa85f9c48aa3c8d93775df6b6ad2dec9a1692d7)
2002-08-12Update secrets_fetch_domain_guid to generate and store it if it doesn't exist.Jim McDonough1-2/+11
Only does it for PDCs. (This used to be commit 3543f92c39a80c8b6eb7ca3188b87f0f15896f33)
2002-07-31fixed multi-line strings for portabilityAndrew Tridgell1-2/+2
(This used to be commit 9f9e0cbd2c9920b730286f8bf560dc3415c29aa6)
2002-07-30Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough1-0/+32
is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone). (This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
2002-07-26(another patch from mimir)Andrew Bartlett1-2/+17
Add some debugging info to the secrets code. We might review what debug level that should be at, but it's fine for now. Andrew Bartlett (This used to be commit 2b6a318d686ac0b08a30844bf2960703b06d5c90)
2002-07-20More fixes towards warnings on the IRIX compilerAndrew Bartlett1-1/+1
(and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett (This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
2002-05-23Looks like abartlet got a bit overexcited about using const...Jim McDonough1-1/+1
BOOL const secrets_init(...) Broke AIX build. (This used to be commit 37b6bf3aae4fd8ee3af7e5947b3e549dcef754cf)
2002-05-22Updates for sane storage of ldap root DN passwords (tested, with upgradeAndrew Bartlett1-14/+18
from 2.2 format) and LDAP rebind support (untested, I don't have a setup to match). Andrew Bartlett (This used to be commit 4f7ba78c9d50ac584497dcf1d78ce613112742d4)
2002-05-18so here it is the code to introduce seriously debugggging classes.Simo Sorce1-0/+3
this is a first step only passdb stuff has beein "classized". - so what can you do? set debug level to: 1 poasdb:10 that will make all the code run at debug level 1 except the code in passdb/* files that will run at level 10 TODO: fix the man page - also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5 will set every smbd to have a default log level of 3 while passdb stuff will be at level 5 and so no.. minor cosmetic fix to pdbedit is there too (This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
2002-05-17A few more trusted domains updates from mimir.Andrew Bartlett1-13/+34
I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
2002-04-14Partly based on the work by mimir (Rafal SzczesniakAndrew Bartlett1-9/+127
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
2002-03-10make sure we use consistent keys in secrets.tdb by uppercasing domainAndrew Tridgell1-0/+4
names (This used to be commit 4cb7b6954b96e6964743e65413e122f7b4d39052)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-28/+0
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-03-02Fix up the trusted domains secrets code so as to have a slight chance ofAndrew Bartlett1-12/+10
working. (This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
2002-03-01The beginning of trusted and trusting domain support fromAndrew Bartlett1-3/+89
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-02-22made the domain secret key in secrets.tdb domain specific. This allowsAndrew Tridgell1-2/+14
you to join a 2nd domain then leave the old domain rather than the other way around (This used to be commit b26b6aef64e1042c9867a13761ded0c3c6f9670f)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-09Fixed up atomic update code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-0/+41
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-05Add a couple of extra debugs for the secrets.tdb stuffAndrew Bartlett1-2/+8
(This used to be commit c76c1f6904510d6ecca3453f91433420f22b7bd6)
2001-12-05auto-init secrets.tdbAndrew Tridgell1-0/+5
(This used to be commit aff916e543f1c70aa5fe0fc07dda21e772625097)
2001-12-04This comment no longer applies.Andrew Bartlett1-1/+0
(This used to be commit 153c4a56b0b5473a1efb208551f36480cdb5d264)
2001-11-24added "net join" commandAndrew Tridgell1-3/+33
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-17Tidyups when I was doing the big merge...Jeremy Allison1-5/+10
Jeremy. (This used to be commit 9148bb9eaa67de60c3b0b4709a9c05a840c20c66)
2001-09-17move to SAFE_FREE()Simo Sorce1-3/+3
(This used to be commit 64d35e94fe6f7e56353b286162f670c8595a90e6)