summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/rootdse.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-29s4-fsmo: make rootDSE modify for FSMO transfer asyncAndrew Tridgell1-12/+50
this gives the ldap client the error code from the transfer Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29s4-dsdb: only allow administrators to trigger FSMO role transfersAndrew Tridgell1-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-18s4-rootdse: improved operations error messagesAndrew Tridgell1-8/+4
this gives better localisation of errors in rootdse. This is to help track down a production error Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Mar 18 05:46:58 CET 2011 on sn-devel-104
2011-03-04s4/ldb - remove now superflous "ldb_dn_validate" checksMatthias Dieter Wallnöfer1-1/+1
If we immediately afterwards perform an LDB base operation then we don't need an explicit "ldb_dn_validate" check anymore (only OOM makes sense). Reviewed by: Tridge
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett1-1/+0
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-2/+2
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-02s4-dsdb Fix generation of rootDSE domainControllerFunctionalityAndrew Bartlett1-1/+3
The issue here is that when the samdb calls were removed, this call relied on going back to the top of the module stack, so as to re-enter the rootDSE search handler. It makes more sense to check the @ROOTDSE record directly, and therefore not to invoke the search() handler during the init. Andrew Bartlett
2011-01-17s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell1-11/+11
dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell1-12/+14
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: removed the last use of samdb_search_*() from the dsdb ldb modulesAndrew Tridgell1-4/+12
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-15s4-dsdb: Fixed incorrect LDAP return code when anonymous login is used.Nadezhda Ivanova1-1/+1
2010-11-27s4:role transfer - use always type "enum drepl_role_master" for role ↵Matthias Dieter Wallnöfer1-1/+1
specifications Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 27 16:03:43 CET 2010 on sn-devel-104
2010-11-26s4:rootdse LDB module - remove unused variableMatthias Dieter Wallnöfer1-1/+0
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 26 13:58:27 CET 2010 on sn-devel-104
2010-11-26s4-dsdb Add 'block anonymous' checks to the rootdse moduleAndrew Bartlett1-0/+100
This ensures that one single point checks for and blocks anonymous read access to the database over LDAP. Andrew Bartlett
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-24s4:dsdb - use the more safe "samdb_msg_add_(u)int*" calls always where possibleMatthias Dieter Wallnöfer1-6/+7
This should prevent all possible integer storage problems in future.
2010-10-19s4-dsdb: filter unregistered controls in the rootdse moduleAndrew Tridgell1-19/+84
if we get an unregistered control in the rootdse module, and the request comes from an untrusted source (eg. ldap://) then we need to: 1) filter the control out if it is marked non-critical 2) give an error if it is marked critical Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-16s4:dsdb - fix unsigned integer save problems using the "%u" specifierMatthias Dieter Wallnöfer1-8/+9
The issue here is that we have not yet first cast to int32_t explicitly, before we cast to an signed int to printf() into the %d or cast to a int64_t before we then cast to a long long to printf into a %lld. There are *no* unsigned integers in Active Directory LDAP, even the RID allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities. (See the schema, and the syntax definitions in schema_syntax.c). The failure has been detected by Matthieu Patou on the buildfarm host "tridge" due to a malformed "groupType" attribute. The solution is to use the "%d" specifier. Either to use it directly - or better (when possible) use the call "samdb_msg_add_uint" (which encapsulates it). This patch changes such problematic situations.
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett1-0/+1
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-09-29s4-rodc: RODC should not accept requests for role transferNadezhda Ivanova1-0/+12
A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
2010-09-29s4-dsdb Fix segfault in error case in rootdse moduleAndrew Bartlett1-1/+4
2010-09-25ldb: mark the location of a lot more ldb requestsAndrew Tridgell1-0/+2
2010-09-24s4:rootdse LDB module - make use of "dsdb_forest_functional_level"Matthias Dieter Wallnöfer1-3/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - introduce dynamic "ldapServiceName"Matthias Dieter Wallnöfer1-0/+25
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - introduce dynamic "dnsHostName" attributeMatthias Dieter Wallnöfer1-0/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - make "serverName" dynamicMatthias Dieter Wallnöfer1-0/+7
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a simple way since it's already needed on LDB initialisation time. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - remove "priv" checks where not neededMatthias Dieter Wallnöfer1-3/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - better that the "edn" control handling is done lastMatthias Dieter Wallnöfer1-20/+20
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - make more use of LDB result constantsMatthias Dieter Wallnöfer1-17/+17
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - fix comment typoMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:rootdse LDB module - fix counter typesMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-19s4-rootdse: mark registered controls as non-criticalAndrew Tridgell1-0/+37
this is needed for clients that may include unnecessary controls in requests and mark them as non-critical
2010-09-15s4-rootdse: setup length after NULL checkAndrew Tridgell1-2/+2
2010-09-10s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOroleAnatoliy Atanasov1-2/+3
This removed an unnecessary conversion of the return type in drepl_take_FSMO_role.
2010-09-10s4-fsmo: update FSMO changes for recent IRPC workAndrew Tridgell1-4/+10
the IRPC API has changed Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-10s4-ldap: Added support for FSMO role transfer via LDAP by modify on rootDSENadezhda Ivanova1-1/+46
GetNCChanges with the corresponding extended operation is initiated and added to the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster, becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in rootDSE.
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-1/+1
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-07-07s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell1-22/+17
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-02s4-dsdb: fixed spelling of supportedSASLMechanismsAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-02s4-source4/dsdb/samdb/ldb_modules/rootdse.c: Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-2/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-19s4:rootdse LDB module - strip trailing whitespacesMatthias Dieter Wallnöfer1-24/+24
2010-06-19s4:rootdse LDB module - protect add and delete operations on the rootdse entryMatthias Dieter Wallnöfer1-4/+34
2010-06-19s4:rootdse LDB module - Return "UNWILLING_TO_PERFORM" when no attribute fits ↵Matthias Dieter Wallnöfer1-1/+2
on a change
2010-06-19s4:rootdse LDB module - refactor error messagesMatthias Dieter Wallnöfer1-24/+29
Fix indentations, use "set_errstring" when no "asprintf" functionality required.
2010-06-11s4:rootdse LDB module - use LDB result constantsMatthias Dieter Wallnöfer1-4/+5
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-1/+1
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-15s4:rootdse: only return "tokenGroups", when the client asked for themStefan Metzmacher1-1/+1
metze
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer1-3/+3
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-10s4:rootdse Implement "tokenGroups" in the rootDSEAndrew Bartlett1-0/+18
This returns the currently connected user's full token. This is very useful for debugging, and should be used in ACL tests. Andrew Bartlett