summaryrefslogtreecommitdiff
path: root/source4/dsdb/common/util.c
AgeCommit message (Collapse)AuthorFilesLines
2009-09-28s4-dsdb: ask for an extended DN in dsdb_find_dn_by_guid()Andrew Tridgell1-0/+5
2009-09-28s4-dsdb: make dsdb_search_dn_with_deleted public for repl_meta_data moduleAndrew Tridgell1-5/+5
2009-09-24s4-drs: add SHOW_DELETED control on dsdb utility callsAndrew Tridgell1-2/+60
The dsdb_find_dn_by_guid() and dsdb_find_sid_by_dn() are using by the DRS server call getncchanges on objects that may be deleted.
2009-09-23s4-dsdb: added dsdb_find_sid_by_dn()Andrew Tridgell1-0/+30
2009-09-21s4-dsdb: fixed a printf format warningAndrew Tridgell1-1/+1
2009-09-20s4:dsdb/common/util - Check for the right forest/domain function levelMatthias Dieter Wallnöfer1-0/+57
This adds a function which performs the check for the supported forest and domain function levels. On an unsuccessful result a textual error message can be created (parameter "errmsg" != NULL) which gives hints for the user to help him fixing the issue.
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov1-0/+6
2009-09-16s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't existAndrew Tridgell1-0/+8
When a partition is first created it still needs a uSNHighest value
2009-09-13s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usnAndrew Tridgell1-0/+146
These are used to load/save the per-partition uSN values managed by the repl_meta_data module
2009-09-12s4-kcc: we should only add to the repsFrom if it doesn't already existAndrew Tridgell1-0/+111
If we already have a repsFrom for a particular DC and naming context then we should not overwrite it, as it contains info on what replication we've already done
2009-09-06s4:dsdb/common/util.c - Copy parameters to prevent segfaultsMatthias Dieter Wallnöfer1-3/+8
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs!
2009-09-06s4:dsdb/common/util - Indentation fixesMatthias Dieter Wallnöfer1-4/+5
2009-09-04s4: fixed a missing NULL termination in a attribute list passed to ldb_searchAndrew Tridgell1-1/+1
2009-09-03added dsdb_find_guid_by_dn()Andrew Tridgell1-1/+21
This will be used by the linked_attribute module
2009-09-03added dsdb_find_dn_by_guid()Andrew Tridgell1-0/+78
This came from the linked_attributes module, but now the repl_meta_data module needs the same functionality, so move it to a common routine.
2009-08-14s4: Remove obsolete "samdb_password_quality_ok" function (it's just a ↵Matthias Dieter Wallnöfer1-10/+1
one-line wrapper)
2009-08-03Return infinite time for last last logoff when last logoff = 0Matthieu Patou1-0/+16
2009-07-13libds: merge the UF<->ACB flag mapping functions.Günther Deschner1-2/+2
Guenther
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-07-09Add constAndrew Bartlett1-2/+2
2009-06-06Fix some nonempty blank linesVolker Lendecke1-41/+37
2009-05-25fixed interpretation of ACB_PWNOTREQAndrew Tridgell1-1/+6
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-1/+1
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-1/+1
consistency with Samba 3.
2009-01-21Allow overriding the function that ships the request in the Samba 3Jelmer Vernooij1-1/+1
client code.
2008-11-10s4-dsdb: add samdb_msg_add_parameters.Günther Deschner1-0/+11
Guenther
2008-11-10s4-dsdb: add samdb_result_parameters.Günther Deschner1-0/+22
Guenther
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-1/+1
make them wrappers around convert_string{,talloc}_convenience().
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-1/+1
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-37/+51
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-17/+12
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-2/+2
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-09dsdb: eliminate disards qualifyer compile warning.Michael Adam1-1/+1
Michael (This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-0/+1
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-2/+3
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-25Remove pointless castAndrew Bartlett1-1/+1
(This used to be commit 9a1466abbd4115f4a57d794006aca29aa0184ced)
2008-03-25Remove useless extra argument to samdb_result_account_expires().Andrew Bartlett1-3/+2
Andrew Bartlett (This used to be commit bc607c334ff86624b891886a6f874da2bcff113e)
2008-03-13Don't search the whole tree for the domains's sidAndrew Bartlett1-4/+18
This change removes a dependency on objectclass=domainDNS, and avoids a subtree search when we really know exactly where this record is. Andrew Bartlett (This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-1/+1
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-03-07Treat maxPwdAge == 0 as passwords never expire.Andrew Kroeger1-1/+1
(This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d)
2008-03-07Add samdb_result_account_expires() function.Andrew Kroeger1-0/+24
Windows uses 2 different values to indicate an account doesn't expire: 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL). This function looks up the value of the accountExpires attribute and if the value is either value indicating the account doesn't expire, 0x7FFFFFFFFFFFFFFFULL is returned. This simplifies the tests for account expiration. There is no need to check elsewhere in the code for both values, therefore a simple greater-than expression can be used. (This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87)
2008-02-29Fix typo.Jelmer Vernooij1-1/+1
(This used to be commit 2b408e9ed4caf14e1ac047fd76127a5c979e5177)
2008-02-29Simplify the 'password must change' logicAndrew Bartlett1-22/+17
This takes the previous patches further, so we catch all the cases (the KDC looked at the time directly). Andrew Bartlett (This used to be commit cda4642a937d249399e25eaa6e5e20a0d440bcbf)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-4/+30
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-01-06r26679: It is very bad to free the ldb handle when you didn't create it...Andrew Bartlett1-1/+1
(My bad when copying this code into samdb_is_gc()). Andrew Bartlett (This used to be commit b4a95a89853a0ebd75b39f01bbdbf82e05e97bd7)
2008-01-03r26648: Move detection of global catalog captability to a central function, soAndrew Bartlett1-0/+36
this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett (This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-2/+2
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-1/+4
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)