summaryrefslogtreecommitdiff
path: root/source4/dsdb/common/util.c
AgeCommit message (Collapse)AuthorFilesLines
2008-11-10s4-dsdb: add samdb_msg_add_parameters.Günther Deschner1-0/+11
Guenther
2008-11-10s4-dsdb: add samdb_result_parameters.Günther Deschner1-0/+22
Guenther
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-1/+1
make them wrappers around convert_string{,talloc}_convenience().
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-1/+1
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-37/+51
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-17/+12
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-2/+2
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-09dsdb: eliminate disards qualifyer compile warning.Michael Adam1-1/+1
Michael (This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-0/+1
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-2/+3
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-25Remove pointless castAndrew Bartlett1-1/+1
(This used to be commit 9a1466abbd4115f4a57d794006aca29aa0184ced)
2008-03-25Remove useless extra argument to samdb_result_account_expires().Andrew Bartlett1-3/+2
Andrew Bartlett (This used to be commit bc607c334ff86624b891886a6f874da2bcff113e)
2008-03-13Don't search the whole tree for the domains's sidAndrew Bartlett1-4/+18
This change removes a dependency on objectclass=domainDNS, and avoids a subtree search when we really know exactly where this record is. Andrew Bartlett (This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-1/+1
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-03-07Treat maxPwdAge == 0 as passwords never expire.Andrew Kroeger1-1/+1
(This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d)
2008-03-07Add samdb_result_account_expires() function.Andrew Kroeger1-0/+24
Windows uses 2 different values to indicate an account doesn't expire: 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL). This function looks up the value of the accountExpires attribute and if the value is either value indicating the account doesn't expire, 0x7FFFFFFFFFFFFFFFULL is returned. This simplifies the tests for account expiration. There is no need to check elsewhere in the code for both values, therefore a simple greater-than expression can be used. (This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87)
2008-02-29Fix typo.Jelmer Vernooij1-1/+1
(This used to be commit 2b408e9ed4caf14e1ac047fd76127a5c979e5177)
2008-02-29Simplify the 'password must change' logicAndrew Bartlett1-22/+17
This takes the previous patches further, so we catch all the cases (the KDC looked at the time directly). Andrew Bartlett (This used to be commit cda4642a937d249399e25eaa6e5e20a0d440bcbf)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-4/+30
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-01-06r26679: It is very bad to free the ldb handle when you didn't create it...Andrew Bartlett1-1/+1
(My bad when copying this code into samdb_is_gc()). Andrew Bartlett (This used to be commit b4a95a89853a0ebd75b39f01bbdbf82e05e97bd7)
2008-01-03r26648: Move detection of global catalog captability to a central function, soAndrew Bartlett1-0/+36
this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett (This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-2/+2
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-1/+4
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26483: Merge ldb module dependency fixes, fix auth python module.Jelmer Vernooij1-0/+1895
(This used to be commit 85eeecf997a071ca7e7ad0247e8d34d49b7ffcbb)