summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/password_hash.c
AgeCommit message (Collapse)AuthorFilesLines
2010-12-02s4:password_hash LDB module - allow empty ("") passwordsMatthias Dieter Wallnöfer1-22/+31
This seems to have been broken some time ago - till someone on the mailing list noticed it. I've also added a testsuite (and some additional SamDB python helpers) which should prove this.
2010-11-18s4:password_hash LDB module - remove unused headersMatthias Dieter Wallnöfer1-3/+0
2010-11-13s4:password_hash LDB module - return "ERR_CONSTRAINT_VIOLATION" on password ↵Matthias Dieter Wallnöfer1-6/+9
conversion errors This errors can happen also on a regular basis - then we shouldn't return ERR_OPERATIONS_ERROR (this error code is reserved for very serious failures). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 13 12:37:36 UTC 2010 on sn-devel-104
2010-11-11s4-dsdb Remove incorrectly declared ** variable used as *.Andrew Bartlett1-6/+3
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett
2010-11-11s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8Andrew Bartlett1-1/+5
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett
2010-11-11s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵Matthias Dieter Wallnöfer1-8/+16
according to the "dSHeuristics"
2010-11-11s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵Matthias Dieter Wallnöfer1-16/+77
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't).
2010-11-08s4:password_hash LDB module - introduce a "userPassword" flag which ↵Matthias Dieter Wallnöfer1-15/+37
enables/disables the two "userPassword" behaviours - Enabled: "userPassword" password change behaviour (will later be linked to the "dSHeuristics") - Disabled: "userPassword" plain attribute behaviour (default) Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 8 15:28:06 UTC 2010 on sn-devel-104
2010-11-08s4:password_hash LDB module - deleting password attributes is a little more ↵Matthias Dieter Wallnöfer1-6/+6
complicated
2010-11-08s4:samdb_msg_find_old_and_new_ldb_val - reworkMatthias Dieter Wallnöfer1-4/+11
- don't crash when no values where specified - return ERR_CONSTRAINT_VIOLATION on malformed messages - only check for flags when we are involved in a LDB modify operation
2010-11-08s4:password_hash LDB module - clear the fact that a delete of password ↵Matthias Dieter Wallnöfer1-1/+1
attributes isn't possible
2010-11-05s4:password_hash LDB module - fix indentationMatthias Dieter Wallnöfer1-10/+10
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 5 12:31:28 UTC 2010 on sn-devel-104
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer1-8/+16
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-25ldb: mark the location of a lot more ldb requestsAndrew Tridgell1-8/+14
2010-09-24s4:password_hash LDB module - don't assign "lp_ctx" twiceMatthias Dieter Wallnöfer1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4:password_hash LDB module - perform the adaptions to understand the new ↵Matthias Dieter Wallnöfer1-8/+26
password change control
2010-08-17s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer1-8/+7
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-5/+5
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-15s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵Matthias Dieter Wallnöfer1-43/+72
important failure cases
2010-08-15s4:password_hash LDB module - support this new password set syntaxMatthias Dieter Wallnöfer1-2/+10
2010-08-15s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵Matthias Dieter Wallnöfer1-10/+1
on password change operations This is to match the SAMR password change behaviour.
2010-08-14s4:password_hash LDB module - improve an error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-14s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵Matthias Dieter Wallnöfer1-5/+16
passwords Sooner or later this module should take over all password change actions.
2010-08-14s4:password_hash LDB module - fix wrong error codesMatthias Dieter Wallnöfer1-4/+4
To match the passwords.py test
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-6/+6
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-07s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell1-81/+47
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-05s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OIDStefan Metzmacher1-0/+20
metze
2010-07-05s4:dsdb/password_hash: fix some c++ compiler warningsStefan Metzmacher1-9/+12
metze
2010-06-22s4:password_hash LDB module - fix another problem regarding the lanman hashMatthias Dieter Wallnöfer1-13/+16
When a user only provides only the lanman hash (and nothing else) and the lanman authentication is deactivated then we end in an account with no password attribute at all! Lock this down.
2010-06-12s4:password_hash LDB module - this does really deactivate the MS LAN manager ↵Matthias Dieter Wallnöfer1-5/+9
hash Previously, only the conversion from cleartext to the LM hash was deactivated, and not when the user specified it directly through "dBCSPwd".
2010-06-12s4:password_hash LDB module - fix commentMatthias Dieter Wallnöfer1-1/+1
2010-06-06s4:password_hash LDB module - adapt the module to the new ↵Matthias Dieter Wallnöfer1-17/+6
"ldb_msg_remove_attr" behaviour
2010-05-18s3: Fix some more iconv convenience usages.Jelmer Vernooij1-1/+1
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-12/+2
2010-05-11Revert "s4:password_hash LDB module - don't break the provision"Stefan Metzmacher1-3/+0
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze
2010-05-11Revert "s4:password hash LDB module - check that password hashes are != NULL ↵Stefan Metzmacher1-10/+6
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze
2010-05-11s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵Stefan Metzmacher1-2/+2
it's given Sorry, I removed this logic while cleaning up indentation levels... metze
2010-05-10s4:password_hash LDB module - we might not have a cleartext password at allMatthias Dieter Wallnöfer1-26/+29
When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
2010-05-10s4:password_hash LDB module - quiet a warningMatthias Dieter Wallnöfer1-1/+1
2010-05-10s4:password hash LDB module - check that password hashes are != NULL before ↵Matthias Dieter Wallnöfer1-6/+10
copying them
2010-05-10s4:password_hash LDB module - don't break the provisionMatthias Dieter Wallnöfer1-0/+3
This is to don't break the provision process at the moment. We need to find a better solution.
2010-05-10s4:password_hash - Implement password restrictionsStefan Metzmacher1-0/+195
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze
2010-05-10s4:password_hash - Rework to handle password changesMatthias Dieter Wallnöfer1-138/+450
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5)
2010-05-10s4:password_hash - Rework unique value checksMatthias Dieter Wallnöfer1-49/+71
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py".
2010-05-10s4:password_hash - Various (mostly cosmetic) preworkMatthias Dieter Wallnöfer1-176/+240
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values
2010-05-09dsdb/password_hash: remove usage of msDs-KeyVersionNumberStefan Metzmacher1-37/+1
metze
2010-05-04s4/rodc: Fix the callbacks up the stack to handle referrals on modify requestsAnatoliy Atanasov1-0/+10
2010-02-21s4:password_hash - Fix up request message pointersMatthias Dieter Wallnöfer1-7/+7
For add requests we need the add request messages, for modify requests we need the modify request messages.
generated by cgit (git 2.34.1) at 2024-11-18 16:44:02 +0000