summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2010-01-07s3:passdb: store the plain nt passwords hashes in history, not salted md5Michael Adam1-5/+10
This is in order to be able to do challenge response with the history, so that this can be checked when an invalid password was entered: If the given password is wrong but in the history, then the bad password count should not be updated... The "lucky" bit here is that the md5 has and the nt hash (md4) both are 16 bytes long. This is part of the fix for bug #4347 . Michael
2010-01-07s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymoreVolker Lendecke1-24/+19
2010-01-07s3: Simplify pdb_set_plaintext_passwd: pwHistLen==0 was checked aboveVolker Lendecke1-2/+4
2010-01-07s3: Add a paranoia check to pdb_set_plaintext_passwd()Volker Lendecke1-0/+5
2010-01-07s3: Simplify pdb_set_plaintext_passwd() by removing a redundant conditionVolker Lendecke1-22/+11
if (current_history_len != pwHistLen) { if (current_history_len < pwHistLen) { } } The second "if" is a bit pointless here
2010-01-07s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytesVolker Lendecke1-5/+2
2010-01-07s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_arrayVolker Lendecke1-5/+2
2010-01-07s3: Make use of talloc_array in pdb_set_plaintext_passwd()Volker Lendecke1-2/+3
2010-01-07s3: Simplify pdb_set_plaintext_passwd() a bitVolker Lendecke1-66/+63
Remove an indentation by the early return in + if (pwHistLen == 0) { + /* Set the history length to zero. */ + pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED); + return true; + }
2010-01-07s3: Simplify pdb_set_plaintext_passwd() slightlyVolker Lendecke1-56/+83
No functional change, this just removes an indentation level by the early "return True;" in + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) { + /* + * No password history for non-user accounts + */ + return true; + } Volker
2010-01-07s3:pdb_set_pw_history: free the old history before setting the new.Michael Adam1-0/+1
This is not strictly necessary, since this only leaks into the struct samu, and this is not so long-lived in the code path that changes the password, but it definitely correct and does not harm. Michael
2010-01-07s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the checkMichael Adam1-3/+3
to enhance readability and denbuggability. Michael
2009-11-29s3: "startsmbfilepwent" only looks at the inode -- is that enough?Volker Lendecke1-4/+2
2009-11-29s3: Pass the "fake dir create times" parameter to sys_*statVolker Lendecke1-2/+4
Step 0 to restore it as a per-share paramter
2009-11-19s3:pdb_ldap: fix a comment typoMichael Adam1-1/+1
Michael
2009-11-19s3: shortcut uid_to_sid when "ldapsam:trusted = yes"Michael Adam1-0/+75
The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael
2009-11-14s3:passdb: remove the uid_to_rid method - we only need uid_to_sidMichael Adam3-39/+1
Michael
2009-11-14s3:pdb_default_uid_to_sid: fix some debug statements.Michael Adam1-3/+3
Michael
2009-11-13s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()Michael Adam1-0/+2
not only the persistent idmap cache. Michael
2009-11-13s3:smbd: make idmap cache persistent for "ldapsam:trusted".Michael Adam1-0/+4
This stores the mappings found in the idmap cache (which lives inside gencache). This cache is already read in sid_to_Xid() and Xid_to_sid() for ldapsam:trusted, this fills the opposite direction, massively reducing the number of ldap roundtrips across smbd restarts. Michael
2009-11-13Fix large paged searchVolker Lendecke1-0/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2009-11-03s3: Remove debug_ctx()Volker Lendecke1-28/+28
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed.
2009-11-02s3:ldap: don't search when no values where foundBjörn Jacke1-1/+1
2009-10-31ѕ3:ldap: search for account policies in objectclass sambaDomain, not *Björn Jacke1-1/+6
2009-10-29s3-secrets: use autogenerated code for TRUSTED_DOM_PASS struct parsing from ↵Günther Deschner1-220/+36
a tdb. Guenther
2009-10-28s3-passdb: move open_schannel_session_store() to passdb/secrets_schannel.c.Günther Deschner2-63/+63
Guenther
2009-10-28s3-passdb: add secrets_delete_generic().Günther Deschner1-0/+16
Guenther
2009-10-20s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw().Günther Deschner1-2/+2
Thanks Volker for the hint. Guenther
2009-10-20s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well.Günther Deschner1-0/+1
This is to finally pass RPC-LSA-LOOKUPNAMES test. Guenther
2009-10-20s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames.Günther Deschner1-0/+8
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-10-15Fix valgrind memory leak in bug #6814 - Fixes for problems reported by valgrindJeremy Allison1-0/+1
Jeremy.
2009-10-13s3: Fix some nonempty blank linesVolker Lendecke1-5/+5
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner2-7/+10
Guenther
2009-09-21s3:secrets_schannel: revert to using version 1Stefan Metzmacher1-3/+9
It doesn't really matter if the entries have invalid context in it. Older versions of samba refuse to open the file if the version doesn't match. If we can't parse individual records, we'll fail schannel binds, but the clients are supposed to reestablish the netlogon secure channel by doing ServerReqChallenge/ServerAuthenticate* again. This will just overwrite the old record. metze
2009-09-02s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.Günther Deschner1-0/+46
Note that this only is tried with editposix=yes. Guenther
2009-08-27s3-schannel: remove remaining code that was using "struct dcinfo".Günther Deschner1-167/+0
Guenther
2009-08-27s3-schannel: upgrade old format schannel_store.tdb.Günther Deschner1-4/+9
Guenther
2009-08-27s3-schannel: add simple wrappers to fetch and store schannel auth info.Günther Deschner2-0/+69
Guenther
2009-08-27s3-schannel: make open_schannel_session_store() public.Günther Deschner1-1/+1
Guenther
2009-08-03s3-pdb_ldap: Make ldapsam_alias_memberships behave like the tdbsam equivalent.Günther Deschner1-0/+7
This lets samr_GetAliasMembership return with NT_STATUS_OK when called with 0 sids (just what w2k3 does). Guenther
2009-07-31Rename LOOKUP_NAME_EXPLICIT to LOOKUP_NAME_NO_NSSVolker Lendecke1-4/+8
It took me a bit to understand what this flag does. I hope this is a bit clearer, at least it is to me.
2009-07-29s3:passdb: use transaction_wrapped write in tdbsam_new_rid()Michael Adam1-1/+2
Now all tdb writes in passdb use transactions. Michael
2009-07-29s3:secrets: use transaction wrapped store in get rand seed.Michael Adam1-2/+2
Now secrets.tdb is only writen with transactions. Michael
2009-07-29s3:dbwrap: change dbwrap_change_uint32_atomic() to return NTSTATUS not uint32_t.Michael Adam1-3/+5
Michael
2009-07-17Fix Coverity CIDs 887, 888. Don't pass NULL's to functionsJeremy Allison1-4/+3
that deref them. Jeremy.
2009-07-14s3-passdb: fix wbc build warning.Günther Deschner1-2/+2
Guenther
2009-07-14Fix bug 5886Volker Lendecke1-8/+26
Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker
2009-07-14s3-account_policy: add pdb_policy_type enum.Günther Deschner5-42/+46
Guenther
2009-07-13s3-pdb_ads: set correct pdb field with the value from 'accountExpires' ↵Günther Deschner1-1/+1
attribute. Guenther
2009-07-13libds: merge the UF<->ACB flag mapping functions.Günther Deschner1-3/+3
Guenther