summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/password_hash.c
AgeCommit message (Collapse)AuthorFilesLines
2009-07-19[SAMBA 4] Some cosmetic changes for the LDB modulesMatthias Dieter Wallnöfer1-6/+7
Some corrections which make the code a bit more readable (no functional changes here)
2009-07-16s4:dsdb Handle dc/domain/forest functional levels properlyAndrew Bartlett1-3/+4
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-07-09s4:dsdb Allow unicodePwd to be set when adding a userAndrew Bartlett1-85/+84
Windows 7 sets it's join password using the unicodePwd attribute (as a quoted, utf16 string), and does so during the LDAPAdd of the object. Previously, this code only handled unicodePwd for modifies. Andrew Bartlett
2009-03-16s4:password_hash Only store the LM hash if 'lanman auth = yes'Andrew Bartlett1-1/+2
The clients that do only lanman auth are on their way out, the passwords are case insensitive, it does not support unicode and we should not store such a poor hash of the password if we can avoid it. Andrew Bartlett
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-10/+7
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-3/+3
consistency with Samba 3.
2009-02-10added a workaround to the handling of unicodePwd for Win7-betaAndrew Tridgell1-1/+30
The Win7-beta domain process has changed. It no longer uses SAMR for setting the password, and instead uses a ldap modify on a SASL encrypted ldap connection. We didn't handle that as the unicodePwd attribute has a dual use, holding the nt style MD4 hases for DRS replication, but holding a UTF-16 plaintext password for a LDAP modify. This patch copes with the ldap unicodePwd modify by recognising the format and creating the correct attributes on the fly. Note that this assumes we will never get a unicodePwd attribute set in NT MD4 format with the first 2 and last 2 bytes set to 0x22 0x00. Andrew Bartlett is looking at a more robust solution, possibly using a flag to say that this modify came via ldap, and not internal ldb calls.
2009-01-30Fix all other modules to use ldb_module.h instead of ldb_private.hSimo Sorce1-117/+159
The only 2 modules escaping the rule so far are rootdse and partitions
2008-12-05s4:password_hash: really catch the clearTextPasswordAttr case...Stefan Metzmacher1-1/+1
This fixes the creation of the user object for incoming trusts in dcesrv_lsa_CreateTrustedDomain_base(). And now w2k3 trust samba4 just fine:-) metze
2008-10-31use the new CH_UTF16_MUNGED charset for utf16 password buffersAndrew Tridgell1-1/+1
now to work out how to test this ...
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-3/+3
make them wrappers around convert_string{,talloc}_convenience().
2008-10-18Add TALLOC_CTX pointer to strhex_to_data_blob for consistency with SambaJelmer Vernooij1-4/+2
3.
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-63/+132
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-09-29LDB ASYNC: samba4 modulesSimo Sorce1-445/+286
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-07-24password_hash: fix the callers after drsblobs.idl changesStefan Metzmacher1-33/+41
metze (This used to be commit fac7c79afae05a88ecc2a63c8eb9f2fd53ab7ce6)
2008-07-23password_hash: add generation of the Primary:Kerberos-Newer-Keys blobStefan Metzmacher1-3/+216
But it's still of by default until we now what triggers this generation. It could be that the value is always generated but the KDC only uses it when in a specific funtional level, but it could also be that it's only generated in a specific functional level. metze (This used to be commit 08618bbd508ede0bb9e1922fae562cffdca41cbd)
2008-07-23password_hash: order the supplementalCredentials Packages in the same order ↵Stefan Metzmacher1-13/+55
like windows metze (This used to be commit ca9cd81a1798fb15195566422b3cad7c282fce89)
2008-07-23password_hash: split the generation of krb5 keys into a different functionStefan Metzmacher1-92/+69
metze (This used to be commit 4ad73a0bf8952783d3d9a7339c0c4fd8ca28981a)
2008-07-23password_hash: simplify the logic if we have cleartext we always generate ↵Stefan Metzmacher1-2/+2
the hashes metze (This used to be commit 5edff84429ef0d03b47a438e18861d26c97e17b6)
2008-07-23password_hash: fix callers after idl change for package_PrimaryKerberosStefan Metzmacher1-7/+0
metze (This used to be commit 1bf552856f3a930c4716ceb73d9ba9adf7502d3d)
2008-07-23password_hash: check the SUPPLEMENTAL_CREDENTIALS_SIGNATUREStefan Metzmacher1-2/+11
metze (This used to be commit 19b8c8e37bafab050ab61266c35006efada2947c)
2008-07-23password_hash: ignore reserved value, but still set it like windows doesStefan Metzmacher1-8/+4
metze (This used to be commit 5b860572686167d0291161f6597f143e538e2f3a)
2008-07-23password_hash: don't add zero padding as w2k8 also don't add itStefan Metzmacher1-10/+0
metze (This used to be commit 26e9169d454349795ad0bc64d7f65059541ab89e)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-16/+16
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-03-19IndentAndrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit d2b5f40d80008ca3269118915409333755b6eac3)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-1/+1
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-02-20Fix use of some modules (needed _PUBLIC_).Jelmer Vernooij1-1/+1
(This used to be commit ce332130ea77159832da23bab760fa26921719e2)
2008-02-20Use struct-based rather than function-based initialization for ldb modules ↵Jelmer Vernooij1-7/+1
everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b)
2008-01-01r26640: Janitorial: Remove some more uses of global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit c863f4ebde8efa1a695b4469142d6719e30bc419)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-2/+2
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-5/+15
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26540: Revert my previous commit after concerns raised by Andrew.Jelmer Vernooij1-2/+2
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21r26539: Remove unnecessary statics.Jelmer Vernooij1-2/+2
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+2
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-0/+2
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r26229: Set loadparm context as opaque pointer in ldb, remove more uses of ↵Jelmer Vernooij1-1/+1
global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-23/+30
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-1/+1
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-1/+1
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-1/+1
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-11/+11
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r24780: More work allowing libutil to be used by external users.Jelmer Vernooij1-2/+1
(This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190)
2007-10-10r24731: Remove unused code - if we hit these error conditions, then we areAndrew Bartlett1-10/+0
dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23412: We don't need hdb.h here any moreAndrew Bartlett1-1/+0
(This used to be commit 1abda90f15bcfb56ac56b01fd2b7343fade3843c)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-2/+6
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r21470: generate Primary:WDigest blob with precalculated digest-md5 hashes:Stefan Metzmacher1-6/+383
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true for how the hashes are supposed to be (but w2k3 doesn't to some correctly...) this is a verify nice tool to test the hash genaration, but you need to add support for "" realm strings... http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c metze (This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
generated by cgit (git 2.34.1) at 2024-11-08 12:15:46 +0000