sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
1d3ae2d92f
samba-mirror/source4
History
Gary Lockyer 1d3ae2d92f dsdb encrypted secrets module 
Encrypt the samba secret attributes on disk.  This is intended to
mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate
memory read attacks.

Currently the key file is stored in the same directory as sam.ldb but
this could be changed at a later date to use an HSM or similar mechanism
to protect the key.

Data is encrypted with AES 128 GCM. The encryption uses gnutls where
available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
used.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-18 00:10:16 +01:00
..
auth s4:auth_winbind: remove unused 'winbind_wbclient' backend 2017-12-13 20:34:24 +01:00
build/pasn1
cldap_server source4/smbd: refactor the process model for prefork 2017-10-19 05:33:09 +02:00
client s4: cifsdd: Allocate the event context off NULL, not talloc_autofree_context(). 2017-05-13 16:50:13 +02:00
cluster Remove callers of lp_use_ntdb 2015-03-17 11:30:51 +01:00
dns_server dns server: fix warning about enum mismatch 2017-11-22 10:20:20 +01:00
dsdb dsdb encrypted secrets module 2017-12-18 00:10:16 +01:00
echo_server source4/smbd: Do not overstamp the process model with "single" 2017-10-19 05:33:10 +02:00
heimdal HEIMDAL:kdc: fix dh->q allocation check in get_dh_param() 2017-12-06 19:06:21 +01:00
heimdal_build s4:heimdal_build: there's no need to define HAVE_KRB5_ADDRESSES twice 2017-10-11 12:33:42 +02:00
include lib: Remove global xfile.h includes 2016-11-20 06:23:19 +01:00
kdc s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE 2017-12-06 23:16:54 +01:00
ldap_server source4/smbd: Do not overstamp the process model with "single" 2017-10-19 05:33:10 +02:00
lib s4: remove ipv6:enabled parameteric option 2017-12-13 20:34:23 +01:00
libcli Make sure smbtorture tests can run if someone has set their min protocol above NT1. 2017-09-20 22:48:15 +02:00
libnet schema: Make writing indices flag an enum for a new state 2017-11-24 01:13:14 +01:00
librpc librpc-build: ignore unused functions in generated code 2017-11-22 10:20:20 +01:00
nbt_server source4/smbd: refactor the process model for prefork 2017-10-19 05:33:09 +02:00
ntp_signd source4/smbd: Do not overstamp the process model with "single" 2017-10-19 05:33:10 +02:00
ntvfs python: Port ntvfs posix bindings to Python 3 compatible form 2017-11-08 17:57:21 +01:00
param s4:pyparam: Fix resource leaks on error 2017-10-27 20:33:25 +02:00
rpc_server s2-rpc-server: fix enum type in assignment 2017-11-22 10:20:21 +01:00
script find_unused_macros: Remove obsolete script that finds unused macros. 2014-08-31 21:21:13 +02:00
scripting gpo: Test that unapply works 2017-12-15 21:43:19 +01:00
selftest dsdb encrypted secrets module 2017-12-18 00:10:16 +01:00
setup schema: 2008R2 AD schema attributes and classes 2017-12-14 08:20:17 +01:00
smb_server source4/smbd: refactor the process model for prefork 2017-10-19 05:33:09 +02:00
smbd s4:samba: Allow samba daemon to run in foreground 2017-11-28 11:37:06 +01:00
torture gpo: Test that unapply works 2017-12-15 21:43:19 +01:00
utils man pages: change http://samba.org to https://www.samba.org 2016-12-09 13:10:26 +01:00
web_server source4/smbd: Do not overstamp the process model with "single" 2017-10-19 05:33:10 +02:00
winbind source4/smbd: refactor the process model for prefork 2017-10-19 05:33:09 +02:00
wrepl_server source4/smbd: Do not overstamp the process model with "single" 2017-10-19 05:33:10 +02:00
.clang_complete
.valgrind_suppressions
wscript_build Do not install smbclient4 and nmblookup4 2014-04-15 03:25:13 +02:00