1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

46 Commits

Author SHA1 Message Date
Stefan Metzmacher
6cbd7d1a32 s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb  5 10:13:02 UTC 2020 on sn-devel-184
2020-02-05 10:13:02 +00:00
Stefan Metzmacher
32f7562147 s4:param: add secrets_db_create() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-05 08:46:39 +00:00
Volker Lendecke
e73ccc06ef Rely on /dev/urandom
This removes quite a bit of code. All reasonable systems have /dev/urandom
these days. Linux, Solaris and the BSDs do.  In case we find a system
without /dev/urandom, we will have to go hunting in other libraries.

The main reason for this is speed: On Ubuntu 14.04 doing direct reads from
/dev/urandom is 2-3 times faster than our md4 based code. On virtualized
FreeBSD 10 the difference is even larger.

My first approach was to use fopen/fread. It was even faster, but less
than twice as fast. So I thought we could save the additional complexity
when having to deal with throwing away buffers when forking and the
additional memory footprint per process.

With this simple generate_random_buffer it will be easier to adapt new
syscalls to get randomness.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 04:25:39 CEST 2015 on sn-devel-104
2015-10-13 04:25:38 +02:00
Volker Lendecke
d6db35d7a5 tdb_wrap: Remove tdb_wrap_open_ again
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-31 22:52:14 +02:00
Volker Lendecke
92d20d77b1 secrets: Avoid passing lp_ctx to tdb_wrap_open in randseed_init
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-31 22:52:13 +02:00
Jelmer Vernooij
ce4531ee31 tdb_wrap: Move to specific directory.
It's a bit confusing to mix low-level and high-level libraries.  We had
multiple libraries in one directory, and there were have circular
dependencies with other libraries outside that directory (in this case,
samba-hostconfig).

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
2012-03-10 23:13:01 +01:00
Andrew Bartlett
01c934c81e lib/util: Add back control of mmap and hash size in tdb for top level build
This passes down a struct loadparm_context to allow these
parameters to be checked.  This may be s3 or s4 context, allowing the
#if _SAMBA_BUILD_ macro to go away safely.

Andrew Bartlett
2011-10-13 14:06:07 +02:00
Andrew Bartlett
1565da7694 s4-param Remove 'secrets database' parameter
This is now just secrets.ldb in the private dir, which remains.
2011-06-06 15:02:39 +10:00
Andrew Bartlett
1475013963 lib/util Move source3 tdb_wrap_open() into the common code.
This #if _SAMBA_BUILD == 3 is very unfortunate, as it means that in
the top level build, these options are not available for these
databases.  However, having two different tdb_wrap lists is a worse
fate, so this will do for now.

Andrew Bartlett
2011-05-06 07:51:24 +02:00
Andrew Bartlett
56a5b7d09e s4-param Rename secrets_init() -> randseed_init()
This only sets up the random number generator callback these days, so
use a different database for that.

(All secrets data in Samba4 is in secrets.ldb)

Andrew Bartlett
2011-05-03 07:37:07 +02:00
Andrew Bartlett
67905b41a9 s4-param Rename private_path() -> lpcfg_private_path()
This is consistent with lock_path()

Andrew Bartlett
2011-04-29 16:38:14 +10:00
Andrew Tridgell
8dc92c8f71 ldb: use #include <ldb.h> for ldb
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10 06:51:07 +01:00
Andrew Bartlett
5cd9495fb3 s4-param Refactor secrets code to not require an event context.
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.

Andrew Bartlett
2010-10-11 13:02:15 +00:00
Jelmer Vernooij
e2f3e10b1a ldb-samba: Rename samdb_relative_path to ldb_relative_path, as it's not samdb-specific. 2010-10-10 23:45:23 +02:00
Andrew Bartlett
f03913e2cc s4-kerberos Move 'set key into keytab' code out of credentials.
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.

Andrew Bartlett
2010-09-24 09:25:44 +10:00
Andrew Tridgell
5bbfe2b42f s4-secrets: fixed shadowed variable warning
we already have a 'v' in scope
2010-09-15 15:39:35 +10:00
Andrew Tridgell
94fb6120d8 s4-secrets: fetch secure channel type with domain SID
The secure channel type is needed to work out what DC to connect to

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15 15:39:34 +10:00
Matthias Dieter Wallnöfer
b5d872704c s4:param/secrets.c - reorganise imports 2010-09-11 18:04:50 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Andrew Bartlett
cc7c572b3d s4:secrets Ensure secrets.ldb uses the same hooks as the rest of Samba
This ensures that, for example, the utf8 functions are the same,
the GUID handler is the same and the NOSYNC flag is applied.

Andrew Bartlett
2010-06-29 16:59:31 +10:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Matthias Dieter Wallnöfer
91ce32b4c4 s4:param/secrets.c - add some "char *" casts
Also this quiets some warnings.
2010-04-06 14:54:11 +02:00
Andrew Bartlett
af4a7c0f4b s4:winbind Make the 'no SID found' message even more detailed
Now we give the user a clue as to what may be wrong, and the file path
that we could not find the domain SID in.

Andrew Bartlett
2010-02-19 11:18:27 +11:00
Andrew Bartlett
7202dcdcc0 s4:param Modify secrets_get_domain_sid to give more useful errors
This also moves the calls to secrets_get_domain_sid back into
winbind_task_init(), so that we can terminate with a much more
detailed error message.  (The previous message was simply
NT_STATUS_CANT_ACCESS_DOMAIN_INFO).

Andrew Bartlett
2010-02-18 10:58:24 +11:00
Andrew Tridgell
8ce73c6c50 s4: the secrets.ldb module needs the loadparm opaque setup 2009-09-07 10:33:02 +10:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
2008-12-29 20:46:40 +01:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Jelmer Vernooij
7111645d3c Use single copy of tdb in both samba3 and samba4. 2008-09-16 15:16:31 +02:00
Simo Sorce
929adc9efa Make up the right dependencies now that ldb depends on libevents
(This used to be commit 3b8eec7ca3)
2008-06-14 11:59:19 -04:00
Jelmer Vernooij
39b2fc37f2 Add context pointer to secrets functions.
(This used to be commit 873941d8a8)
2008-04-01 15:26:00 +02:00
Jelmer Vernooij
7d5f0e0893 r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange.
(This used to be commit 2f29f80e07)
2008-01-01 16:12:15 -06:00
Jelmer Vernooij
090d251c19 r26318: Don't rely on SAMDB functions in secrets database.
(This used to be commit 791285f66c)
2007-12-21 05:48:31 +01:00
Jelmer Vernooij
ab69eb8d89 r26250: Avoid global_loadparm in a couple more places.
(This used to be commit 2c6b755309)
2007-12-21 05:47:28 +01:00
Jelmer Vernooij
991ee1aff0 r26205: Pass loadparm_context to secrets_db_connect() rather than using global context.
(This used to be commit 5718b6cfee)
2007-12-21 05:46:51 +01:00
Jelmer Vernooij
cef98aaf27 r26203: Avoid using ldb_wrap for secrets database.
(This used to be commit b45093f01f)
2007-12-21 05:46:49 +01:00
Andrew Bartlett
a17c0a5a1a r26183: The idea of a self-seeding secrets.ldb is nice, but in practice we do
this with the provision, which sets up a very different database.
Removing this ensures we are consistant.

Andrew Bartlett
(This used to be commit 6d4d20ebaf)
2007-12-21 05:46:38 +01:00
Jelmer Vernooij
7f7bc26445 r26128: Some formatting fixes in secrets.c, fix free of filename, update ignores for source/..
(This used to be commit 2d0bd4b367)
2007-12-21 05:46:14 +01:00
Jelmer Vernooij
ed41cdb646 r26123: Use utility function for secrets.tdb path.
(This used to be commit 48b03ceeff)
2007-12-21 05:46:13 +01:00
Jelmer Vernooij
ca0b72a1fd r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.
(This used to be commit 56dfcb4f2f)
2007-12-21 05:45:40 +01:00
Jelmer Vernooij
d5a93dfcb9 r25547: Convert to standard bool type.
(This used to be commit 97a241692c)
2007-10-10 15:07:52 -05:00
Jelmer Vernooij
2f3551ca7c r25446: Merge some changes I made on the way home from SFO:
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e77)
2007-10-10 15:07:34 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Stefan Metzmacher
9f802707d8 r20806: make it possible to configure the secrets.ldb url
via "secrets database = my_secrets.ldb"

metze
(This used to be commit a096a97415)
2007-10-10 14:43:33 -05:00
Simo Sorce
4889eb9f7a r19831: Big ldb_dn optimization and interfaces enhancement patch
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3)
2007-10-10 14:28:22 -05:00
Jelmer Vernooij
5a6e2bc9ae r19573: Move secrets.o into param/ (subsystems haven't been integrated yet).
(This used to be commit 8143de855c)
2007-10-10 14:24:55 -05:00