summaryrefslogtreecommitdiff
path: root/source4/passdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-2/+4
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r11316: Kill off a bit more of the old secrets system...Andrew Bartlett1-35/+1
Andrew Bartlett (This used to be commit c46ef43224ce0384297ffe1934f9ff0a00a4be45)
2007-10-10r10513: Reduce some use of pstring. The main reason some parts of the code stillJelmer Vernooij1-5/+5
use pstring is next_token() now. (This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
2007-10-10r10491: First step towards wbinfo -t: This issues a name request for the primaryVolker Lendecke1-0/+43
domain and gets the DC's name via a mailslot call. Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And as everything is async anyway, the semantics should not be too much of a problem. Volker (This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
2007-10-10r9357: Remove DBGC_CLASS cruft copied over from Samba 3. I would like toTim Potter1-3/+0
replace this with something funkier. (This used to be commit 8d376d56c78894b9bbd27ed7fa70da415c0cd038)
2007-10-10r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytabAndrew Bartlett1-51/+0
support in Heimdal. This removes the 'ext_keytab' step from my Samba4/WinXP client howto. In doing this work, I realised that the replay cache in Heimdal is currently a no-op, so I have removed the calls to it, and therefore the mutex calls from passdb/secrets.c. This patch also includes a replacement 'magic' mechanism detection, that does not issue extra error messages from deep inside the GSSAPI code. Andrew Bartlett (This used to be commit c19d5706f4fa760415b727b970bc99e7f1abd064)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij1-1/+1
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6573: Start on my project to implement an NT4 compatible BDC in Samba4.Andrew Bartlett1-0/+11
This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2007-10-10r5781: Fix build.Tim Potter1-1/+1
(This used to be commit 35354456b2ab2fa173359fa16d8accb13a8fac7d)
2007-10-10r5585: LDB interfaces change:Simo Sorce1-2/+2
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-0/+2
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5296: - only include the tdb headers where they are neededAndrew Tridgell1-0/+1
- removed the u32 hack in events.c as I think this was only needed as tdb.h defines u32. Metze, can you check that this hack is indeed no longer needed on your suse system? (This used to be commit 6f79432fe656164d4770dbce114a30dda5e7bf9a)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell1-1/+1
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r4682: A LDB-based secrets implementation in Samba4.Andrew Bartlett1-0/+22
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett1-1/+1
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r3971: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 234166606dc86b9e98226cff94b3869ec173671e)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell1-0/+1
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3359: Add magic auto-initialisation hooks here, to match the rest ofAndrew Bartlett1-0/+8
secrets. (Which will, I am assured, go away). Andrew Bartlett (This used to be commit 415ba959271f6f97d6fe3b923e49a58611edf8bd)
2007-10-10r3181: shutdown the secrets db on exit so we don't constantly get talloc ↵Andrew Tridgell1-0/+6
leak warnings (This used to be commit 11713da2efc6d45c5594289efa0b6c0e594e6d2e)
2007-10-10r3014: got rid of the old intra-smbd messaging system in preparation for the ↵Andrew Tridgell1-3/+0
new one (This used to be commit 283e38aeb210e048302dc2759a75879cfc81eeb5)
2007-10-10r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that theAndrew Tridgell1-6/+6
caller doesn't have to worry about the constraint of only opening a database a single time in a process. These wrappers will ensure that only a single open is done, and will auto-close when the last instance is gone. When you are finished with a database pointer, use talloc_free() to close it. note that this code does not take account of the threads process model, and does not yet take account of symlinks or hard links to tdb files. (This used to be commit 04e1171996612ddb15f84134cadded68f0d173b2)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett1-0/+29
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.Andrew Bartlett1-2/+2
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
2007-10-10r960: convert 'unsigned int' to uint_t in the most placesStefan Metzmacher1-3/+3
metze (This used to be commit 18062d2ed9fc9224c43143c10efbf2f6f1f5bbe0)
2007-10-10r826: removed a pile of old code, in preparation for a new ACL handling ↵Andrew Tridgell1-368/+1
system. I'd like to get rid of DOM_SID completely soon (This used to be commit e306e27cf333e176195a47b19e3de591b4a59650)
2007-10-10r685: The SAM is dead! Long live the new SAM! ;-)Andrew Bartlett13-8477/+0
This commit kills passdb, which was only hosting the auth subsystem. With the work tridge has done on Samba4's SAM backend, this can (and now is) all hosted on ldb. The auth_sam.c file now references this backend. You will need to assign your users passwords in ldb - adding a new line: unicodePwd: myPass to a record, using ldbedit, should be sufficient. Naturally, this assumes you have had your personal SAMR provisioning tutorial from tridge. Everybody else can still use the anonymous logins. Andrew Bartlett (This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
2007-10-10r665: merge over the new build system from my tmp branchStefan Metzmacher1-3/+6
to the main SAMBA_4_0 tree. NOTE: that it's not completely ready, but it's functional:-) metze (This used to be commit c78a2ddb28ec50d6570a83b1f66f18a5c3621731)
2007-10-10r506: got rid of unused function secrets_get_trusted_domains()Andrew Tridgell1-132/+0
(This used to be commit bb74a94e2610620987a44ab7289115a8ee361529)
2007-10-10r42: importing .cvsignore filesGerald Carter1-2/+0
(This used to be commit 11717ae912449bde596ff6cf7d8fddcc86548f15)
2004-02-18remove pdb_nisplus, its also removed in samba3, because it was brokenStefan Metzmacher1-1565/+0
metze (This used to be commit db0b2222025d0d1955deed7cfcd10b8579e29869)
2004-02-11as I renamed the PDB subsystem to PASSDB, we need to renameStefan Metzmacher5-6/+6
the static init functions of the modules too:-) metze (This used to be commit 09839de27c9741051b9ebd751c4adcd1c1481cf8)
2004-02-09the subsystem name is 'PASSDB' so name the modules 'passdb_XXX'Stefan Metzmacher1-6/+6
metze (This used to be commit 1516f7974984e46a825c66daae6bc73eb6859700)
2004-02-09fix pdb_ldap build if LDAP support was detectedStefan Metzmacher1-1/+1
metze (This used to be commit 3d50b327ce85d8929db7a3135f927f744ce6b111)
2004-02-03- port AUTH and PASSDB subsystems to newStefan Metzmacher8-104/+375
SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)
2004-02-03- move all SMB server stuff to smb_server/*Stefan Metzmacher1-11/+0
and create the SMB server subsystem - remove unused XML and MYSQL configure tests metze (This used to be commit 956d212c83d8ebd8e31ec109f17dc2105ca72c30)
2003-12-16a fairly large commit!Andrew Tridgell1-12/+30
This adds support for bigendian rpc in the client. I have installed SUN pcnetlink locally and am using it to test the samba4 rpc code. This allows us to easily find places where we have stuffed up the types (such as 2 uint16 versus a uint32), as testing both big-endian and little-endian easily shows which is correct. I have now used this to fix several bugs like that in the samba4 IDL. In order to make this work I also had to redefine a GUID as a true structure, not a blob. From the pcnetlink wire it is clear that it is indeed defined as a structure (the byte order changes). This required changing lots of Samba code to use a GUID as a structure. I also had to fix the if_version code in dcerpc syntax IDs, as it turns out they are a single uint32 not two uint16s. The big-endian support is a bit ugly at the moment, and breaks the layering in some places. More work is needed, especially on the server side. (This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
2003-12-12 * the RPC-ECHO pipe now works in smbd, as long as the data sizesAndrew Tridgell1-2/+2
don't cause fragmented pdus (I'll add fragments shortly) * change data_blob_talloc() to not zero memory when the 2nd argument is NULL. The zeroing just masks bugs, and can't even allow a DOS attack * modified pidl to ensure that [ref] arguments to the out side of functions are allocated when parsing the in side. This allows rpc backends to assume that [ref] variables are all setup. Doesn't work correctly for [ref] arrays yet * changed DLIST_ADD_END() to take the type instead of a tmp variable. This means you don't need to declare a silly tmp variable in the caller (This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
2003-12-10 * removed some unused codeAndrew Tridgell1-349/+0
* updated tdb to latest version from Samba3 * removed some extraneous ';' in tdbutil.c (Thanks to Erlend Aasland for pointing this out) (This used to be commit f3eaf270e57d8d2e2157a6a36e260860c7f71c19)
2003-12-02Initial step at cleaning and splitting up configure.in.Jelmer Vernooij1-0/+11
(This used to be commit 369a9c1ac1ff94a1d3f51eac20a39577f9cf2155)
2003-12-02 * netr_ServerPasswordSet() now works - the test suite changes theAndrew Tridgell1-1/+1
machine account password. * neater handling on value() options in IDL. The auto-print code will now display the right value so you don't need to initialise it in your C code (This used to be commit 3dd978b12bb5571fba4e1839c0f7ee60cf729aa2)
2003-12-01got rid of more group mapping codeAndrew Tridgell3-270/+5
(This used to be commit 2955ce55ee3bd9a8702a446db3ace20c703c451f)
2003-12-01 * got rid of UNISTR2 and everything that depends on itAndrew Tridgell1-8/+0
* removed a bunch of code that needs to be rewritten using the new interfaces (This used to be commit 9b02b486ef5906516f8cad79dbff5e3dd54cde66)
2003-11-28fixed some warningsAndrew Tridgell1-1/+1
(This used to be commit 1c2b8a93c50e3d5485732a2f06847166e883f939)
2003-11-25CVS: ----------------------------------------------------------------------Jelmer Vernooij1-6/+0
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically CVS: CVS: Committing in . CVS: CVS: Modified Files: CVS: Makefile.in configure.in include/includes.h include/ntvfs.h CVS: include/smb.h lib/iconv.c lib/module.c ntvfs/ntvfs_base.c CVS: ntvfs/cifs/vfs_cifs.c ntvfs/ipc/vfs_ipc.c CVS: ntvfs/posix/vfs_posix.c ntvfs/print/vfs_print.c CVS: ntvfs/reference/vfs_ref.c ntvfs/simple/vfs_simple.c CVS: passdb/pdb_interface.c CVS: Added Files: CVS: include/module.h CVS: ---------------------------------------------------------------------- Update to the modules system. Fixed: - get rid of smb_probe_module - merge older updates from 3.0 - introduced register_subsystem() and register_backend() functions - adapt ntvfs and charset to use new register functions - made smb_load_modules() work recursively (e.g. 'preload modules = /usr/lib/samba') - got rid of some old remains Things that still need work: - Did I break tankFS? I don't think so, but I can't test it here :-( - Add 'postload modules = ' (for modules that need to be loaded after fork() in smbd, if applicable) - Convert RPC, auth, passdb, etc to use new register_{subsystem,backend}() functions - Accept wildcards in 'preload modules' option, instead of loading recursively (This used to be commit 7512b9ab1a8b3103f7a6c13f736353c46a26b668)
2003-11-23reduced the number of magic types we need in mkproto.plAndrew Tridgell1-183/+0
In general I prefer "struct foo" to just "foo" for most structures. There are exceptions. (This used to be commit 04eb12b56c653f98801ab29411f47564ab32fa58)
2003-08-13first public release of samba4 codeAndrew Tridgell15-0/+11193
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)