summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
AgeCommit message (Collapse)AuthorFilesLines
2009-07-13libds: merge the UF<->ACB flag mapping functions.Günther Deschner3-149/+4
Guenther
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner4-140/+3
Guenther
2009-07-09Add constAndrew Bartlett1-2/+2
2009-06-06Fix some nonempty blank linesVolker Lendecke1-41/+37
2009-05-25fixed interpretation of ACB_PWNOTREQAndrew Tridgell1-1/+6
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-1/+1
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-1/+1
consistency with Samba 3.
2009-01-21Allow overriding the function that ships the request in the Samba 3Jelmer Vernooij1-1/+1
client code.
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-11-10s4-dsdb: add samdb_msg_add_parameters.Günther Deschner1-0/+11
Guenther
2008-11-10s4-dsdb: add samdb_result_parameters.Günther Deschner1-0/+22
Guenther
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-1/+1
make them wrappers around convert_string{,talloc}_convenience().
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij1-0/+2
remove some unused functions.
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-1/+1
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-37/+51
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij2-2/+2
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-17/+12
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-08Add definition for SYSTEM_FLAG_ATTR_IS_RDNAndrew Bartlett1-0/+1
(This used to be commit 36f727c4a73ffc8634692b0c5645343cb414de93)
2008-08-20Add schema search flags from MS-ADTSAndrew Bartlett1-0/+11
(This used to be commit 731d9e569a474da27014737e0805ae712366357d)
2008-07-23libnet_become_dc: send msDS_Behavior_Version == 3 (win2k8) in DsAddEntryMichael Adam1-0/+1
instead of version 2 (win2k3). This makes the NET-API-BECOME-DC test work against windows 2003 and 2008. Michael (This used to be commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-2/+2
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-09dsdb: eliminate disards qualifyer compile warning.Michael Adam1-1/+1
Michael (This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-0/+1
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+3
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij2-9/+10
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-25Remove pointless castAndrew Bartlett1-1/+1
(This used to be commit 9a1466abbd4115f4a57d794006aca29aa0184ced)
2008-03-25Remove useless extra argument to samdb_result_account_expires().Andrew Bartlett1-3/+2
Andrew Bartlett (This used to be commit bc607c334ff86624b891886a6f874da2bcff113e)
2008-03-13Don't search the whole tree for the domains's sidAndrew Bartlett1-4/+18
This change removes a dependency on objectclass=domainDNS, and avoids a subtree search when we really know exactly where this record is. Andrew Bartlett (This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-1/+1
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-03-07Treat maxPwdAge == 0 as passwords never expire.Andrew Kroeger1-1/+1
(This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d)
2008-03-07Add samdb_result_account_expires() function.Andrew Kroeger1-0/+24
Windows uses 2 different values to indicate an account doesn't expire: 0 and 9223372036854775807 (0x7FFFFFFFFFFFFFFFULL). This function looks up the value of the accountExpires attribute and if the value is either value indicating the account doesn't expire, 0x7FFFFFFFFFFFFFFFULL is returned. This simplifies the tests for account expiration. There is no need to check elsewhere in the code for both values, therefore a simple greater-than expression can be used. (This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87)
2008-02-29Fix typo.Jelmer Vernooij1-1/+1
(This used to be commit 2b408e9ed4caf14e1ac047fd76127a5c979e5177)
2008-02-29Simplify the 'password must change' logicAndrew Bartlett1-22/+17
This takes the previous patches further, so we catch all the cases (the KDC looked at the time directly). Andrew Bartlett (This used to be commit cda4642a937d249399e25eaa6e5e20a0d440bcbf)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-4/+30
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-02-05sidmap: Some source code cleanups.Kai Blin1-10/+12
(This used to be commit 16466b543bf8dd35bc79a030696f78598ca82f54)
2008-01-06r26679: It is very bad to free the ldb handle when you didn't create it...Andrew Bartlett1-1/+1
(My bad when copying this code into samdb_is_gc()). Andrew Bartlett (This used to be commit b4a95a89853a0ebd75b39f01bbdbf82e05e97bd7)
2008-01-03r26648: Move detection of global catalog captability to a central function, soAndrew Bartlett1-0/+36
this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett (This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-2/+2
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-1/+4
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26483: Merge ldb module dependency fixes, fix auth python module.Jelmer Vernooij1-0/+1895
(This used to be commit 85eeecf997a071ca7e7ad0247e8d34d49b7ffcbb)
2007-12-21r26324: Fix includes for Jelmer.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8089283784993cfe14c343746be77790c74c2b78)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+2
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-1/+1
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26228: Store loadparm context in auth context, move more loadparm_contexts ↵Jelmer Vernooij1-2/+2
up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-1/+2
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-11/+11
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25531: Merge GTYPE_SECURITY_UNIVERSAL_GROUP from samba3.Günther Deschner1-0/+5
Guenther (This used to be commit 5c9d755f52c8fffe93efd9543a1381a3a06ef8f9)
2007-10-10r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, withAndrew Bartlett1-5/+8
a new torture suite to match. This should fix bug #4954 by Matthias Wallnöfer <mwallnoefer@yahoo.de> Previously we had no knowlege of BUILTIN or well-known names. This code needs expansion to check with winbind for trusted domains. Andrew Bartlett (This used to be commit e6fc0e1f54ad64bdddc88e9ebd0d8d181b6ce26a)