summaryrefslogtreecommitdiff
path: root/source3/passdb/secrets.c
AgeCommit message (Collapse)AuthorFilesLines
2003-07-19Fix memleakVolker Lendecke1-3/+3
(This used to be commit defc71d4cb9bb1efcb39157bad2806f73b3cc3f5)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-12/+12
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-01Different fix for memleak just committed. This belongs intoVolker Lendecke1-2/+0
tdb_search_list_free. Volker (This used to be commit 0f3822c8e71426983b960ad49511efa8707159f9)
2003-07-01Fix two memory leaks. tdb_search_keys allocates space for the keyVolker Lendecke1-0/+2
strings. Running 'net cache list' or secrets_get_trusted_domains through valgrind gives a *huge* amount of invalid reads of one byte beyond the indicated string length in libc's strncpy. Annoying... Volker (This used to be commit 0f8933ae778064ff58cdc832ce52c843631435bb)
2003-06-25large change:Gerald Carter1-2/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-21Fix memory leak. secrets_fetch allocates memory.Volker Lendecke1-0/+2
Volker (This used to be commit 2ec8d1ff88d3984a317a4a53ca3a299e8a68a9d7)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-04-22Merge mimir's trusted domain code from HEAD -> 3.0, plus some memoryAndrew Bartlett1-37/+55
leak fixes. (secrets.c portion) Andrew Bartlett (This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-12/+90
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-03-17Merge from HEAD - make winbindd locking sane again:Andrew Bartlett1-18/+2
Original message: This patch attemptes to clean up winbindd's mutex locking. The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
2003-02-01Merge of signed/unsigned fixes from HEAD.Andrew Bartlett1-2/+2
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-8/+24
Jeremy. (This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
2003-01-14Merge indirection, signed/unsigned and uninitialiased-value fixes from HEAD.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 2a1adb8f81d8966e8919fffb9b4c69f3e6acd44f)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-13merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+30
server = DC1 * (This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
2002-11-08Merge from HEAD:Andrew Bartlett1-6/+9
- change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
2002-10-04Add a timeout to tdb_lock_bystring(). Ensure we never have more thanJeremy Allison1-49/+11
MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit 9fe3c0b90d4bff2217e3cb5a34b4683ca314c06e)
2002-10-01Updates from Samba HEAD:Andrew Bartlett1-5/+5
- Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett (This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-4/+90
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-3/+59
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-23/+169
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-10make sure we use consistent keys in secrets.tdb by uppercasing domainAndrew Tridgell1-0/+4
names (This used to be commit 4cb7b6954b96e6964743e65413e122f7b4d39052)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-28/+0
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-03-02Fix up the trusted domains secrets code so as to have a slight chance ofAndrew Bartlett1-12/+10
working. (This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
2002-03-01The beginning of trusted and trusting domain support fromAndrew Bartlett1-3/+89
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-02-22made the domain secret key in secrets.tdb domain specific. This allowsAndrew Tridgell1-2/+14
you to join a 2nd domain then leave the old domain rather than the other way around (This used to be commit b26b6aef64e1042c9867a13761ded0c3c6f9670f)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-09Fixed up atomic update code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-0/+41
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-05Add a couple of extra debugs for the secrets.tdb stuffAndrew Bartlett1-2/+8
(This used to be commit c76c1f6904510d6ecca3453f91433420f22b7bd6)
2001-12-05auto-init secrets.tdbAndrew Tridgell1-0/+5
(This used to be commit aff916e543f1c70aa5fe0fc07dda21e772625097)
2001-12-04This comment no longer applies.Andrew Bartlett1-1/+0
(This used to be commit 153c4a56b0b5473a1efb208551f36480cdb5d264)
2001-11-24added "net join" commandAndrew Tridgell1-3/+33
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-17Tidyups when I was doing the big merge...Jeremy Allison1-5/+10
Jeremy. (This used to be commit 9148bb9eaa67de60c3b0b4709a9c05a840c20c66)
2001-09-17move to SAFE_FREE()Simo Sorce1-3/+3
(This used to be commit 64d35e94fe6f7e56353b286162f670c8595a90e6)
2001-09-06got rid of USE_TDB_MMAP_FLAG as its not needed any moreAndrew Tridgell1-1/+1
(This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47)
2001-08-24get rid of compiler warningsHerb Lewis1-1/+1
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-07-30Added "use mmap" for HPUX.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 840802f10677cb0009cb4df4c37c7d01aa5edacd)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+1
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-06Changes to use new genrand code that got missed while I was in Japan.Jeremy Allison1-0/+29
Jeremy. (This used to be commit 5a15831b9ae79ce1ce34d5574fe5da114d184e45)
2001-06-04use LDSHFLAGS not -shared in several placesAndrew Tridgell1-1/+1
(This used to be commit 8ec9c87b5d1a7dae17d5b1a30f58effaf5e69e4b)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-02-14Merge of i18n fixes from appliance branch. Samba can now talk to a networkTim Potter1-3/+10
with a PDC that has international netbios name and domain name. There's still quite a bit of i18n stuff to fix though... (This used to be commit 79045bd72ace9144e7dd73785b1d10a71b0d15aa)
2001-01-11Changes from APPLIANCE_HEAD:David O'Neill1-0/+2
testsuite/printing/psec.c - Use lock directory from smb.conf parameter when peeking at the ntdrivers.tdb file. source/rpc_parse/parse_sec.c - fix typo in debug message source/script/installbin.sh - create private directory as part of 'make install'. source/nsswitch/winbindd_cache.c source/nsswitch/winbindd_idmap.c source/passdb/secrets.c source/smbd/connection.c - always convert tdb key to unix code-page when generating. source/printing/nt_printing.c - always convert tdb key to unix code-page when generating. - don't prepend path to a filename that is NULL in add_a_printer_driver_3(). source/rpc_server/srv_spoolss_nt.c - always convert tdb key to unix code-page when generating. - don't prepend server name to a path/filename that is NULL in the fill_printer_driver_info functions. source/printing/printing.c - always convert tdb key to unix code-page when generating. - move access check for print_queue_purge() outside of job delete loop. source/smbd/unix_acls.c - fix for setting ACLs (this got missed earlier) source/lib/messages.c - trivial sync with appliance_head (This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
2000-12-06updates to the tdbsam implementation.Gerald Carter1-1/+0
--jerry (This used to be commit 29b3ac8634769d01c20bf394eecc536a02e0f36c)
2000-11-27passdb/secrets.c passdb/smbpassfile.c smbd/server.c : Actually *use* the codeJeremy Allison1-3/+12
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb. printing/nt_printing.c: Fix case insensitive name lookups for driver files. John - this should fix the Win9x/WinME problem correctly. Jeremy. (This used to be commit 8f3332a9acf413ac5d12053ca5c52733a4e946cc)
2000-11-21Another large patch for the passdb rewrite.Gerald Carter1-5/+1
o added BOOL own_memory flag in SAM_ACCOUNT so we could use static memory for string pointer assignment or allocate a new string o added a reference TDB passdb backend. This is only a reference and should not be used in production because - RID's are generated using the same algorithm as with smbpasswd - a TDB can only have one key (w/o getting into problems) and we need three. Therefore the pdb_sam-getpwuid() and pdb_getsampwrid() functions are interative searches :-( we need transaction support, multiple indexes, and a nice open source DBM. The Berkeley DB (from sleepycat.com seems to fit this criteria now) o added a new parameter "private dir" as many places in the code were using lp_smb_passwd_file() and chopping off the filename part. This makes more sense to me and I will docuement it in the man pages o Ran through Insure-lite and corrected memory leaks. Need for a public flogging this time Jeremy (-: -- jerry (This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
2000-07-10Fixes for various compile warnings on Solaris 8.Tim Potter1-1/+1
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
2000-06-03moved secrets handling into secrets.cAndrew Tridgell1-0/+43
(This used to be commit e49550b975dd407a1a8538c9885e036e400b7714)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-0/+32
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)