Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-02 | s3: Allow previous password to be stored and use it to check tickets | Matthieu Patou | 1 | -4/+77 | |
This patch is to fix bug 7099. It stores the current password in the previous password key when the password is changed. It also check the user ticket against previous password. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3-build: only use ndr_security.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-29 | s3:passdb Fix memory leak | Simo Sorce | 1 | -0/+1 | |
We were allocating this passwd structure on sampass, but never freeing it nor assigning it to unix_pw where it could be reused. | |||||
2010-05-21 | s3:dom_sid Global replace of DOM_SID with struct dom_sid | Andrew Bartlett | 15 | -221/+221 | |
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-21 | s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types | Andrew Bartlett | 5 | -229/+229 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-18 | s3-passdb: move get_logon_hours_from_pdb() into samr server. | Günther Deschner | 1 | -23/+0 | |
Guenther | |||||
2010-05-18 | s3:split secrets.c to put machine account secrets in a new file | Andrew Bartlett | 2 | -366/+398 | |
This helps the s3compat effort by allowing these functions to be replaced by functions that query the cli_credentials and secrets.ldb APIs. Also, this changes a couple of DOM_SID to struct dom_sid along the way. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-18 | s3: Remove use of iconv_convenience. | Jelmer Vernooij | 2 | -11/+11 | |
2010-05-18 | s3-tldap: only include tldap when actually needed. | Günther Deschner | 1 | -0/+2 | |
Guenther | |||||
2010-05-18 | security: merge builtin rid tables. | Günther Deschner | 1 | -18/+18 | |
Guenther | |||||
2010-05-18 | s3-rpc_misc: clean out include/rpc_misc.h. | Günther Deschner | 5 | -13/+13 | |
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther | |||||
2010-05-08 | s3-passdb: moving account_pol.c into passdb. | Günther Deschner | 1 | -0/+453 | |
Guenther | |||||
2010-04-29 | s3-pdb_ldap: fix memleak. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2010-04-28 | s3: Make a debug msg more readable | Volker Lendecke | 1 | -1/+1 | |
2010-03-25 | s3:passdb: avoid sid_to_gid() if the sid is "domain users" | Stefan Metzmacher | 1 | -3/+7 | |
If the call fails we would use the "domain users" sid anyway. metze | |||||
2010-03-25 | Fix some nonempty blank lines | Volker Lendecke | 1 | -3/+3 | |
2010-03-23 | s3-builtin: Add missing builtin groups. | Karolin Seeger | 1 | -0/+8 | |
Karolin | |||||
2010-03-23 | s3-builtin: Add some builtin groups. | Karolin Seeger | 1 | -1/+8 | |
Karolin | |||||
2010-03-16 | s3: Make login_cache_write take a pointer | Volker Lendecke | 2 | -7/+8 | |
2010-03-16 | s3: Make login_cache_read take a pointer, avoid a malloc | Volker Lendecke | 2 | -24/+16 | |
2010-03-16 | s3: Remove a typedef | Volker Lendecke | 2 | -6/+7 | |
2010-03-16 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -7/+7 | |
2010-03-10 | s3-passdb: Fix typo in debug message. | Karolin Seeger | 1 | -1/+1 | |
Karolin | |||||
2010-02-23 | s3:schannel streamline interface | Simo Sorce | 1 | -131/+0 | |
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead. | |||||
2010-02-23 | s3-passdb: Remove obsolete signal type cast. | Andreas Schneider | 1 | -3/+3 | |
2010-02-13 | s3: Fix bug 5198 -- parse chfn(1)-change gecos field | Volker Lendecke | 1 | -1/+34 | |
2010-02-10 | s3: change ldap filter to what really was intended | Björn Jacke | 1 | -1/+1 | |
2010-02-09 | s3:passdb: only use gid_to_sid() result if the result is a group of our ↵ | Stefan Metzmacher | 1 | -4/+16 | |
local sam Otherwise retry with pdb_gid_to_sid(). metze | |||||
2010-02-08 | s3:pdb_ldap: don't search for the users primary group, if we already know it | Stefan Metzmacher | 1 | -31/+35 | |
metze | |||||
2010-02-08 | s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches. | Stefan Metzmacher | 1 | -7/+29 | |
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze | |||||
2010-02-08 | s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵ | Stefan Metzmacher | 1 | -5/+85 | |
support And also store the gid_to_sid mappings in the idmap_cache. metze | |||||
2010-02-08 | s3:passdb: speed up pdb_get_group_sid() | Stefan Metzmacher | 1 | -5/+28 | |
Use the cached version gid_to_sid() instead of pdb_gid_to_sid(). And also avoid the expensive lookup_sid() call for wellkown domain groups. metze | |||||
2010-02-08 | s3: Make pdb_copy_sam_account also copy the group sid | Volker Lendecke | 1 | -0/+4 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-02-08 | s3: shortcut gid_to_sid when "ldapsam:trusted = yes" | Stefan Metzmacher | 1 | -0/+71 | |
The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze | |||||
2010-02-05 | s3: Make use of ZERO_STRUCTP | Volker Lendecke | 1 | -1/+2 | |
2010-02-05 | s3: Remove a pointless if-statement | Volker Lendecke | 1 | -1/+1 | |
2010-02-05 | s3: Make guest_user_info() static | Volker Lendecke | 1 | -1/+1 | |
2010-02-05 | s3: Hide some uses of pdb_get_init_flags (which I would love to remove...) | Volker Lendecke | 2 | -2/+2 | |
2010-02-05 | s3: Fix some nonempty blank lines | Volker Lendecke | 2 | -35/+34 | |
2010-02-04 | s3:passdb: fix a type Domain Users has RID -513 | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2010-01-27 | Second part of fix for bug #7072 - Accounts can't be unlocked from ldap. | Jeremy Allison | 1 | -1/+2 | |
Missed read of entry_timestamp (was entry->entry_timestamp). Jeremy. | |||||
2010-01-27 | Fix bug #7072 - Accounts can't be unlocked from ldap. | Jeremy Allison | 1 | -7/+15 | |
Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE struct contains two time_t entries, but was being written to and read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers. This would break on machines with a 64-bit time_t. Use correct int sizes for tdb_pack/tdb_unpack. We have to fix this properly before 2037 :-). Jeremy. | |||||
2010-01-23 | s3: Remove some pointless uses of string_sid_talloc | Volker Lendecke | 1 | -8/+6 | |
2010-01-21 | s3:pdb_ldap: Fix large paged search. | Volker Lendecke | 1 | -0/+1 | |
Fix bug #6981 (Paged Search with DirX LDAP server broken). (cherry picked from commit 0a3b576c0a4298cbe600ad8943e401e3a0639359) | |||||
2010-01-14 | s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value. | Stefan Metzmacher | 1 | -1/+1 | |
See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1) | |||||
2010-01-12 | s3: Remove a pointless if-statement | Volker Lendecke | 1 | -3/+2 | |
2010-01-10 | s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_rid | Volker Lendecke | 1 | -4/+2 | |
2010-01-10 | s3: Replace most calls to sid_append_rid() by sid_compose() | Volker Lendecke | 7 | -38/+30 | |
2010-01-07 | s3:passdb: store the plain nt passwords hashes in history, not salted md5 | Michael Adam | 1 | -5/+10 | |
This is in order to be able to do challenge response with the history, so that this can be checked when an invalid password was entered: If the given password is wrong but in the history, then the bad password count should not be updated... The "lucky" bit here is that the md5 has and the nt hash (md4) both are 16 bytes long. This is part of the fix for bug #4347 . Michael | |||||
2010-01-07 | s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymore | Volker Lendecke | 1 | -24/+19 | |