summaryrefslogtreecommitdiff
path: root/source3/passdb/secrets.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-5/+5
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3948: Fix incorrect declaration. Bug #2083.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 05b905a28f349a2741e0963e41ad624a8f0b9fb8)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-31/+29
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-13/+13
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-02-08When we set a domain sid, force get_global_sam_sid() to do it's work again.Andrew Bartlett1-1/+7
This should ensure that the value it returns is always consistant. Andrew Bartlett (This used to be commit a4392ede33019b7584bf6a2d8445adb5191e640f)
2004-01-07Don't duplicate pulling the 'IPC' username from secrets.tdb, insteadAndrew Bartlett1-1/+39
just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+53
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-4/+4
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-07-19Fix memleakVolker Lendecke1-3/+3
(This used to be commit defc71d4cb9bb1efcb39157bad2806f73b3cc3f5)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-12/+12
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-01Different fix for memleak just committed. This belongs intoVolker Lendecke1-2/+0
tdb_search_list_free. Volker (This used to be commit 0f3822c8e71426983b960ad49511efa8707159f9)
2003-07-01Fix two memory leaks. tdb_search_keys allocates space for the keyVolker Lendecke1-0/+2
strings. Running 'net cache list' or secrets_get_trusted_domains through valgrind gives a *huge* amount of invalid reads of one byte beyond the indicated string length in libc's strncpy. Annoying... Volker (This used to be commit 0f8933ae778064ff58cdc832ce52c843631435bb)
2003-06-25large change:Gerald Carter1-2/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-21Fix memory leak. secrets_fetch allocates memory.Volker Lendecke1-0/+2
Volker (This used to be commit 2ec8d1ff88d3984a317a4a53ca3a299e8a68a9d7)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-04-22Merge mimir's trusted domain code from HEAD -> 3.0, plus some memoryAndrew Bartlett1-37/+55
leak fixes. (secrets.c portion) Andrew Bartlett (This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-12/+90
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-03-17Merge from HEAD - make winbindd locking sane again:Andrew Bartlett1-18/+2
Original message: This patch attemptes to clean up winbindd's mutex locking. The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
2003-02-01Merge of signed/unsigned fixes from HEAD.Andrew Bartlett1-2/+2
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-8/+24
Jeremy. (This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
2003-01-14Merge indirection, signed/unsigned and uninitialiased-value fixes from HEAD.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 2a1adb8f81d8966e8919fffb9b4c69f3e6acd44f)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-13merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+30
server = DC1 * (This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
2002-11-08Merge from HEAD:Andrew Bartlett1-6/+9
- change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
2002-10-04Add a timeout to tdb_lock_bystring(). Ensure we never have more thanJeremy Allison1-49/+11
MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit 9fe3c0b90d4bff2217e3cb5a34b4683ca314c06e)
2002-10-01Updates from Samba HEAD:Andrew Bartlett1-5/+5
- Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett (This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-4/+90
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-3/+59
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-23/+169
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-10make sure we use consistent keys in secrets.tdb by uppercasing domainAndrew Tridgell1-0/+4
names (This used to be commit 4cb7b6954b96e6964743e65413e122f7b4d39052)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-28/+0
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-03-02Fix up the trusted domains secrets code so as to have a slight chance ofAndrew Bartlett1-12/+10
working. (This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
2002-03-01The beginning of trusted and trusting domain support fromAndrew Bartlett1-3/+89
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-02-22made the domain secret key in secrets.tdb domain specific. This allowsAndrew Tridgell1-2/+14
you to join a 2nd domain then leave the old domain rather than the other way around (This used to be commit b26b6aef64e1042c9867a13761ded0c3c6f9670f)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-09Fixed up atomic update code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-0/+41
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-05Add a couple of extra debugs for the secrets.tdb stuffAndrew Bartlett1-2/+8
(This used to be commit c76c1f6904510d6ecca3453f91433420f22b7bd6)
2001-12-05auto-init secrets.tdbAndrew Tridgell1-0/+5
(This used to be commit aff916e543f1c70aa5fe0fc07dda21e772625097)
2001-12-04This comment no longer applies.Andrew Bartlett1-1/+0
(This used to be commit 153c4a56b0b5473a1efb208551f36480cdb5d264)
2001-11-24added "net join" commandAndrew Tridgell1-3/+33
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-17Tidyups when I was doing the big merge...Jeremy Allison1-5/+10
Jeremy. (This used to be commit 9148bb9eaa67de60c3b0b4709a9c05a840c20c66)
2001-09-17move to SAFE_FREE()Simo Sorce1-3/+3
(This used to be commit 64d35e94fe6f7e56353b286162f670c8595a90e6)
2001-09-06got rid of USE_TDB_MMAP_FLAG as its not needed any moreAndrew Tridgell1-1/+1
(This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47)
2001-08-24get rid of compiler warningsHerb Lewis1-1/+1
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-07-30Added "use mmap" for HPUX.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 840802f10677cb0009cb4df4c37c7d01aa5edacd)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+1
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-06Changes to use new genrand code that got missed while I was in Japan.Jeremy Allison1-0/+29
Jeremy. (This used to be commit 5a15831b9ae79ce1ce34d5574fe5da114d184e45)
2001-06-04use LDSHFLAGS not -shared in several placesAndrew Tridgell1-1/+1
(This used to be commit 8ec9c87b5d1a7dae17d5b1a30f58effaf5e69e4b)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)