summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/password_hash.c
AgeCommit message (Collapse)AuthorFilesLines
2008-01-01r26640: Janitorial: Remove some more uses of global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit c863f4ebde8efa1a695b4469142d6719e30bc419)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-2/+2
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-5/+15
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26540: Revert my previous commit after concerns raised by Andrew.Jelmer Vernooij1-2/+2
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21r26539: Remove unnecessary statics.Jelmer Vernooij1-2/+2
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+2
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-0/+2
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r26229: Set loadparm context as opaque pointer in ldb, remove more uses of ↵Jelmer Vernooij1-1/+1
global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-23/+30
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-1/+1
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-1/+1
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-1/+1
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-11/+11
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r24780: More work allowing libutil to be used by external users.Jelmer Vernooij1-2/+1
(This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190)
2007-10-10r24731: Remove unused code - if we hit these error conditions, then we areAndrew Bartlett1-10/+0
dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23412: We don't need hdb.h here any moreAndrew Bartlett1-1/+0
(This used to be commit 1abda90f15bcfb56ac56b01fd2b7343fade3843c)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-2/+6
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r21470: generate Primary:WDigest blob with precalculated digest-md5 hashes:Stefan Metzmacher1-6/+383
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true for how the hashes are supposed to be (but w2k3 doesn't to some correctly...) this is a verify nice tool to test the hash genaration, but you need to add support for "" realm strings... http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c metze (This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
2007-10-10r21441: create a union for the PrimaryKerberosBlob contentStefan Metzmacher1-35/+45
so that ndr_pull will fail if version isn't 3 and we notice if the format changes... metze (This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
2007-10-10r21434: - get rid of "krb5Key"Stefan Metzmacher1-357/+731
- use "sambaPassword" only as virtual attribute for passing the cleartext password (in unix charset) into the ldb layer - store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos blob to match w2k and w2k3 - aes key support is disabled by default, as we don't know exacly how longhorn stores them. use password_hash:create_aes_key=yes to force creation of them. - store the cleartext password in the Primary:CLEARTEXT blob if configured TODO: - find out how longhorn stores aes keys - find out how the Primary:WDigest blob needs to be constructed (not supported by w2k) metze (This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
2007-10-10r21395: fix commentsStefan Metzmacher1-7/+7
metze (This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
2007-10-10r21364: cosmetic change: it's nicer to use the KEYTYPE_ macroStefan Metzmacher1-2/+2
for the keytype field... metze (This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
2007-10-10r21362: rename:Stefan Metzmacher1-28/+28
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r20902: don't crash if the object isn't there yetStefan Metzmacher1-0/+4
metze (This used to be commit 4588e2522b11f707e608488c782f6988fd97628a)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-2/+2
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-4/+2
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-10/+10
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r19332: ldb_parse_tree leaksSimo Sorce1-1/+1
(This used to be commit 3e0e2787c1da1c3831e21b163e1370001d725a3d)
2007-10-10r19329: fixed a leak in the password hash moduleAndrew Tridgell1-1/+1
(This used to be commit 3f48bcb0585684686ba7601eb7614589a1bc2f5d)
2007-10-10r19321: Merge from release branch:Andrew Bartlett1-6/+6
Always set the krb5key from the ntPwdHash, even if we don't have the cleartext password in sambaPassword. This fixes kerberos after a vampire. Andrew Bartlett (This used to be commit 1d4d2271c9b944db3a9a2eba971aec5bcd9cf100)
2007-10-10r19308: Merge samsync fixes from SAMBA_4_0_RELEASEAndrew Bartlett1-1/+15
Andrew Bartlett (This used to be commit 331003239972d80864211377e864f7e469bd3d77)
2007-10-10r18240: Make it clearer when we store the plaintext password.Andrew Bartlett1-5/+12
Store the plaintext password in userPassword in the LDAP backend so that the OpenLDAP server can use DIGEST-MD5. Andrew Bartlett (This used to be commit 1b02c604b2c55e1c9e15ac1f266e7df74d619dbd)
2007-10-10r17955: Don't search for the dnsDomain attribute, it is invented (not in theAndrew Bartlett1-7/+23
AD schema). Andrew Bartlett (This used to be commit fac27e4dddc98288dc765e135db6b168fbec760c)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17830: Set the default_basedn (hey, it comes from the "default" naming ↵Simo Sorce1-1/+1
contex :-) once at connection time, after modules have been loaded. Introduce a function to retrieve the value where needed. (This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-1/+1
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-11/+11
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17514: Simplify the way to set ldb errors and add anotherSimo Sorce1-38/+30
helper function to set them. (This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
2007-10-10r17505: we are setting the timeout with the provide function right after.Simo Sorce1-1/+0
(This used to be commit 6520e3c83acfbb7b6aa63d1cbebe8f8801db292f)
2007-10-10r17288: Don't mess with entries in the local password prefix, and fix constAndrew Bartlett1-5/+21
warnings. Andrew Bartlett (This used to be commit 4569c58a42e1d65ae71ee57e391b9e3dbaba2218)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce1-33/+33
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce1-52/+52
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-1/+1
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16784: - make some function in ldb static, they not need to be exported ↵Simo Sorce1-4/+4
anywhere - fix a bad segfault Andrew please make test before committing. Simo. (This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88)
2007-10-10r16769: Working on fixing the RPC-SAMR test against Samba4. This fixesAndrew Bartlett1-66/+106
password changes which only include the LM and NT hash, such as the original ChangePassword. It also fixes setting passwords on the BUILTIN domain. Finally, the msDS-KeyVersionNumber is only incremented if not explicity set by the modify. Andrew Bartlett (This used to be commit e957f6f4c61c121f79ad518822691e4fd4bf4341)
2007-10-10r16240: Add better error reporting in the password_hash moduleAndrew Bartlett1-5/+13
Remove duplicate attribute in search request Search for the domain by NDR-encoded SID, not string (consistant with the rest of the C code, and helps partially-constructed LDAP backends). Use the default basedn for the domain search. Andrew Bartlett (This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a)
2007-10-10r16036: Add a couple of new functions to corretly deal with timeouts.Simo Sorce1-2/+9
Check timeouts are correctly verified. Some minor fixed and removal of unused code. (This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
2007-10-10r15999: password_hash module changes:Andrew Bartlett1-8/+16
- Quiet some IBM Checker warnings (enum mismatch) - Only search for the attributes we need - fix comments - fix copyrights Andrew Bartlett (This used to be commit ee6fe3a80fd5038c2b141bf8a85139f99ac96e4d)