summaryrefslogtreecommitdiff
path: root/source3/include/secrets.h
AgeCommit message (Collapse)AuthorFilesLines
2025-09-05s3:net: Pass down the server from cmdline to sync_pw2keytabs()Andreas Schneider1-10/+15
This makes sure that during 'net ads join' the keytab create code - sync_pw2keytabs() talks to the same DC at what the machine account was created. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905 Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Pair-Programmed-With: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org> Autobuild-Date(master): Fri Sep 5 13:38:33 UTC 2025 on atb-devel-224
2024-07-26s3: Sync machine account password in secrets_{prepare,finish}_password_changePavel Filipenský1-2/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-08-08s3:passdb: Remove unused function secrets_fetch_trust_account_password()Pavel Filipenský1-3/+0
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 8 19:03:08 UTC 2022 on sn-devel-184
2022-08-08s3:include: Fix trailing whitespaces in secrets.hPavel Filipenský1-5/+5
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-11-17lib: Add required includes to source3/include/secrets.hVolker Lendecke1-0/+3
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2021-03-30s3:passdb: Add secrets_store_creds()Andreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2017-06-27s3:secrets: remove unused secrets_store_[prev_]machine_password()Stefan Metzmacher1-1/+0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27s3:secrets: add infrastructure to use secrets_domain_infoB to store credentialsStefan Metzmacher1-0/+28
We now store various hashed keys at change time and maintain a lot of details that will help debugging failed password changes. We keep storing the legacy values: SECRETS/SID/ SECRETS/DOMGUID/ SECRETS/MACHINE_LAST_CHANGE_TIME/ SECRETS/MACHINE_PASSWORD/ SECRETS/MACHINE_PASSWORD.PREV/ SECRETS/SALTING_PRINCIPAL/DES/ This allows downgrades to older Samba versions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27s3:secrets: let secrets_delete_machine_password_ex() also remove the ↵Stefan Metzmacher1-1/+1
des_salt key BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27s3:secrets: re-add secrets_delete() helper to simplify deleting optional keysStefan Metzmacher1-0/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27s3:secrets: rename secrets_delete() to secrets_delete_entry()Stefan Metzmacher1-1/+1
secrets_delete_entry() fails if the key doesn't exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27s3:secrets: add some const to secrets_store_domain_guid()Stefan Metzmacher1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27s3:secrets: move kerberos_secrets_*salt related functions to ↵Stefan Metzmacher1-0/+4
machine_account_secrets.c These don't use any krb5_context related functions and they just work on secrets.tdb, so they really belong to machine_account_secrets.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2015-08-01secrets: Add function to fetch only password change timestampChristof Schmitt1-0/+1
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-17lib: Remove "use_ntdb" param from secrets_init_pathVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2015-02-13Remove an unused function call.Richard Sharpe1-1/+0
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Feb 13 23:29:54 CET 2015 on sn-devel-104
2014-07-04secrets: Ensure we store the secureChannelType when written to secrets.ldbAndrew Bartlett1-0/+1
This will allow winbindd to know when we are an RODC without needing to dig into sam.ldb. Change-Id: Ibdfa37fe6269305ccc5db42479f4a8db5eea53f3 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2013-02-20ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'Rusty Russell1-1/+1
Since we open with dbwrap, it auto-converts old tdbs (which it will rename to secrets.tdb.bak once it's done). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
2012-08-28s3-secrets: Add helper function to set machine account password from ↵Andrew Bartlett1-0/+6
secrets_tdb_sync secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-07-15s3-secrets: Use C99 typesAndrew Bartlett1-5/+5
2012-02-18s3-secrets: Remove unused secrets_delete_generic()Andrew Bartlett1-1/+0
Found by callcatcher. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 09:01:15 CET 2012 on sn-devel-104
2012-02-18s3-secrets: Remove unused secrets_delete_machine_password()Andrew Bartlett1-1/+0
Found by callcatcher. Andrew Bartlett
2012-01-27s3-pdb: Break SECRETS3 dependency on PDB.Simo Sorce1-0/+5
This is causing circular depdnendcies that bring libpdb in all code and this is BAD. This change 'protects' the sid and guid of the domain by adding a special key that makes them effectively read only. Limit this temporarily to the samba 4 build, once it gets some good testing the samba4 ifdefs can be dropped. fix pdb dependencies Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-18s3-passdb: trying to decouple passdb and secrets a little.Günther Deschner1-3/+0
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
2011-08-13passdb: Add a function to read secrets db from a specified pathAmitay Isaacs1-0/+1
This allows to load secrets db from a different location. The original secrets_init() now calls secrets_init_path() with lp_private_dir().
2011-07-31s3-secrets: add lsa_secret passdb api.Günther Deschner1-0/+14
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-02-06s3: Fix auth_netlogond to cope with netlogon_creds_CredentialStateVolker Lendecke1-2/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 6 17:30:48 CET 2011 on sn-devel-104
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-9/+47
Guenther
2010-06-02s3: Allow previous password to be stored and use it to check ticketsMatthieu Patou1-0/+1
This patch is to fix bug 7099. It stores the current password in the previous password key when the password is changed. It also check the user ticket against previous password. Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-1/+1
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-23s3:schannel streamline interfaceSimo Sorce1-2/+0
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2009-10-29s3-secrets: use autogenerated code for TRUSTED_DOM_PASS struct parsing from ↵Günther Deschner1-12/+0
a tdb. Guenther
2008-10-06Store a local schannel key in secrets.tdbVolker Lendecke1-0/+2
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-1/+0
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-0/+1
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-3/+3
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r10792: Fix the "schannel not stored across client disconnects" problem.Jeremy Allison1-0/+2
Based on the Samba4 solution - stores data in $samba/private/schannel_store.tdb. This tdb is not left open but open and closed on demand. Jeremy. (This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
2007-10-10r3377: Merge in first part of modified patch from Nalin Dahyabhai ↵Jeremy Allison1-0/+3
<nalin@redhat.com> for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. (This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+17
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
2003-04-22Start merging mimir's trusted domain code from HEAD to 3.0. (for HEAD trustingAndrew Bartlett1-2/+2
NT). (This used to be commit 76cd4a8901a8ac1c3691bc89e496bbb493e5c234)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-1/+3
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-0/+4
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-4/+20
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-10Moved definition of winbind username/password secrets into secrets.hTim Potter1-2/+8
(This used to be commit b618b5943d53f33e6f03d8d47cf87efc5e1ad3e5)
2002-03-02Missing include file update for the secrets.c trustdom changesAndrew Bartlett1-1/+1
(This used to be commit e3585e3c2ce2a09453fa1b59a947eccd67dfb88a)
2002-03-01The beginning of trusted and trusting domain support fromAndrew Bartlett1-1/+15
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 22:53:26 +0000