| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 1abda90f15bcfb56ac56b01fd2b7343fade3843c)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true
for how the hashes are supposed to be (but w2k3 doesn't to some correctly...)
this is a verify nice tool to test the hash genaration, but
you need to add support for "" realm strings...
http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c
metze
(This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
|
|
so that ndr_pull will fail if version isn't 3 and we notice
if the format changes...
metze
(This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
|
|
- use "sambaPassword" only as virtual attribute for passing
the cleartext password (in unix charset) into the ldb layer
- store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos
blob to match w2k and w2k3
- aes key support is disabled by default, as we don't know
exacly how longhorn stores them. use password_hash:create_aes_key=yes
to force creation of them.
- store the cleartext password in the Primary:CLEARTEXT blob
if configured
TODO:
- find out how longhorn stores aes keys
- find out how the Primary:WDigest blob needs to be constructed
(not supported by w2k)
metze
(This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
|
|
metze
(This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
|
|
for the keytype field...
metze
(This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
metze
(This used to be commit 4588e2522b11f707e608488c782f6988fd97628a)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
argument.
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
|
|
(This used to be commit 3e0e2787c1da1c3831e21b163e1370001d725a3d)
|
|
(This used to be commit 3f48bcb0585684686ba7601eb7614589a1bc2f5d)
|
|
Always set the krb5key from the ntPwdHash, even if we don't have the
cleartext password in sambaPassword. This fixes kerberos after a
vampire.
Andrew Bartlett
(This used to be commit 1d4d2271c9b944db3a9a2eba971aec5bcd9cf100)
|
|
Andrew Bartlett
(This used to be commit 331003239972d80864211377e864f7e469bd3d77)
|
|
Store the plaintext password in userPassword in the LDAP backend so
that the OpenLDAP server can use DIGEST-MD5.
Andrew Bartlett
(This used to be commit 1b02c604b2c55e1c9e15ac1f266e7df74d619dbd)
|
|
AD schema).
Andrew Bartlett
(This used to be commit fac27e4dddc98288dc765e135db6b168fbec760c)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
contex :-)
once at connection time, after modules have been loaded.
Introduce a function to retrieve the value where needed.
(This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
|
|
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
|
|
to do
(This used to be commit ad75cf869550af66119d0293503024d41d834e02)
|
|
helper function to set them.
(This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
|
|
(This used to be commit 6520e3c83acfbb7b6aa63d1cbebe8f8801db292f)
|
|
warnings.
Andrew Bartlett
(This used to be commit 4569c58a42e1d65ae71ee57e391b9e3dbaba2218)
|
|
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
|
|
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.
Simo.
(This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
|
|
In particular, this removes one use of the LDB_DN_NULL_FAILED macro,
which was being used on more than DNs, had an embedded goto, and
confused the IBM checker.
In the password_hash code, ensure that sambaAttr is not, before
checking the number of values.
In GENSEC, note that this switch value can't occour. This seems to be
the only way to quiet both the IBM checker and gcc, as well as cope
with possibly invalid inputs.
Andrew Bartlet
(This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
|
|
anywhere
- fix a bad segfault
Andrew please make test before committing.
Simo.
(This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88)
|
|
password changes which only include the LM and NT hash, such as the
original ChangePassword.
It also fixes setting passwords on the BUILTIN domain.
Finally, the msDS-KeyVersionNumber is only incremented if not
explicity set by the modify.
Andrew Bartlett
(This used to be commit e957f6f4c61c121f79ad518822691e4fd4bf4341)
|
|
Remove duplicate attribute in search request
Search for the domain by NDR-encoded SID, not string (consistant with
the rest of the C code, and helps partially-constructed LDAP
backends).
Use the default basedn for the domain search.
Andrew Bartlett
(This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a)
|
|
Check timeouts are correctly verified.
Some minor fixed and removal of unused code.
(This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
|
|
- Quiet some IBM Checker warnings (enum mismatch)
- Only search for the attributes we need
- fix comments
- fix copyrights
Andrew Bartlett
(This used to be commit ee6fe3a80fd5038c2b141bf8a85139f99ac96e4d)
|
|
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
|
|
This means that some modules have been disabled as well as they
have not been ported to the async interface
One of them is the ugly objectclass module.
I hope that the change in samldb module will make the MMC happy
without the need of this crappy module, we need proper handling
in a decent schema module.
proxy and ldb_map have also been disabled
ldb_sqlite3 need to be ported as well (currenlty just broken).
(This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
|
|
They have never benn used and make little sense too imo
(This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9)
|
|
I was sick of jumping inot each module for each request,
even the ones not handle by that module.
(This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7)
|
|
Start enhancing it and fix some problems with incorrect evalutaion of the codes
Implement rdn rename (async only)
(This used to be commit 6af1d738b9668d4f0eb6194ac0f84af9e73f8c2e)
|
|
sublte - please have a look at the change if you are not certain you
know the semantics of constant arrays declared on the stack (they must
be static if you return them from the function)
(This used to be commit 1848078fee2041195e3d65fcc090d7b6330b8ea0)
|
|
(This used to be commit 2e9a840bb975f3269de4ca299a3d6e5b19f3cad1)
|
|
It passess all my tests, but I still need to work on a lot of stuff.
Shouldn't impact anybody else work, so I want to commit now and see what happens
Will work to remove the old code from modules and backends soon, and make some
more restyling in ldb internals.
So, if there is something you don't like in this desgin please speak now.
Simo.
(This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce)
|
|
(This used to be commit 3c9434e264710a1fa29adedbe571d5324ecae906)
|
|
Testing various async paths and uncovering bugs
(This used to be commit 099d873ea596ece18efe63b06bc64e7f97a96f82)
|
|
The async path is not yet enabled by default so it should make no harm
(This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89)
|
|
the original, rather than equivilant, enum type.
Andrew Bartlett
(This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
and the builtinDomain objectClasses, when trying to find domain policies.
Andrew Bartlett
(This used to be commit 9fc1196f0ca0235aa764d4ae770e3c31978396fa)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
