summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr/samr_password.c
AgeCommit message (Collapse)AuthorFilesLines
2013-06-19build: Build with system md5.h on OpenIndianaAndrew Bartlett1-1/+1
This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2012-12-11s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam1-47/+65
This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-03-29Ensure convert_string_XXX is always called with a valid converted_size pointer.Jeremy Allison1-2/+5
Preparation for cleaning up this API. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
2011-03-25lib/util/charset rename iconv_convenience to iconv_handleAndrew Bartlett1-3/+3
This better reflects what this structure is Andrew Bartlett
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell1-3/+3
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-19source4/rpc_server: Fix prototypes for all functions.Jelmer Vernooij1-0/+1
2010-10-29s4:samr RPC server - fix trailing whitespacesMatthias Dieter Wallnöfer1-37/+37
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer1-0/+1
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer1-1/+0
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-6/+6
2010-08-17s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer1-50/+74
Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
2010-08-17s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer1-3/+3
password sets
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-5/+5
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-28s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵Matthias Dieter Wallnöfer1-1/+1
haven't activated the the lanman auth This is what s3 does.
2010-06-28s4:samr_password.c - add a function which sets the password through ↵Matthias Dieter Wallnöfer1-0/+48
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21.
2010-05-10s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer1-90/+15
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell1-4/+4
This allows for controls to be added easily where they are needed.
2009-11-21s4:samr RPC - Use more LDB constantsMatthias Dieter Wallnöfer1-9/+9
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-3/+3
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-08s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer1-19/+20
2009-09-19more include minimisationAndrew Tridgell1-5/+0
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-05-25cope with lanman auth being disabled in old password change codeAndrew Tridgell1-8/+15
When lanman auth is disabled and a user calls a password change method that requires it we should give NT_STATUS_NOT_SUPPORTED
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-8/+7
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-3/+3
consistency with Samba 3.
2008-11-10s4-samr: merge samr_ChangePasswordUser3 from s3 idl.Günther Deschner1-3/+8
Guenther
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-3/+3
make them wrappers around convert_string{,talloc}_convenience().
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-2/+15
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-38/+50
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-22Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett1-6/+4
UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-3/+3
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2007-12-21r26296: Store loadparm context in DCE/RPC server context.Jelmer Vernooij1-3/+3
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21r26272: Remove global_loadparm in some more places.Jelmer Vernooij1-2/+3
(This used to be commit 1ab76ecc5311fa863e5d04899b6f110899818f55)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-3/+3
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-3/+4
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-5/+5
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r24611: Following up on the re-opening of bug 4817 is it pretty clear thatAndrew Bartlett1-23/+22
machine accounts are not subject to password policy in Win2k3 R2 (at least in terms of password quality). In testing this, I found that Win2k3 R2 has changed the way the old ChangePassword RPC call is handled - the 'cross-checks' between new LM and NT passwords are not required. Andrew Bartlett (This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r21362: rename:Stefan Metzmacher1-3/+3
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij1-5/+5
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-6/+6
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-4/+4
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-2/+2
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r16794: Make Samba4 pass it's own RPC-SAMR test, at least in part. There areAndrew Bartlett1-1/+1
still a couple of unimplemented functions, but this is far better than not testing this at all. In particular, this exercises the password_hash module. Specific changes: - Add support for SetDomainInfo - Add many more info levels to QueryDomainInfo - Set a domain comment in RPC-SAMR, and verify it is kept - Refactor QueryUserInfo not to always serach for all attributes - Add QueryDiplayInfo3 and QueryDomainInfo2 as aliased calls - Make OemChangePassword2 search under the samdb_base_dn(), so it finds the user when partitions are active. - Skip SetSecurity, DisplayIndex, MemberAttributesOfGroup and 'Multiple' alias operations in RPC-SAMR for Samba4 - Add RPC-SAMR as a 'slow' RPC test (it is quite slow) Andrew Bartlett (This used to be commit 01d25c9d6ca8d036d40040e5ee87a330e5b84d55)
2007-10-10r16772: Clarify comment.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit fee07161438e624aa343f31f0c1d5379ead95c06)
2007-10-10r16262: Another basedn fix.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit abf104a0d7c548af0a4744798c53064303a1dc3f)