Age | Commit message (Collapse) | Author | Files | Lines |
|
This updates the module to handle both SID allocation and nextRid
updating while importing users. (As imported users already have a
SID, so don't go via the allocation step). We also ensure that SIDs
in the database are unquie at create time.
Furthermore, at allocation time, we double-check the SID isn't already
in use, and that we don't create a foriegnSecurityPrincipal for a
'local' sid.
Also create random samAccountName entries for users without one (we
were setting $000000-000000000000).
We may want to seperate the uniqueness code from the rest of samldb,
and into a module with the objectguid code, which needs similar
checks. These checks also need to apply to modification, or those
modifications denied outright.
Also update part of the testsuite to validate this.
Andrew Bartlett
(This used to be commit 7a9c8eee4bea88f5f0bb7c62f701476384b7dc84)
|
|
than a hardcoded SID.
Fix the samldb module to return the what *was* the nextrid, rather
than the new nextrid (that is for next time).
Andrew Bartlett
(This used to be commit ffe9042e15cebbc7ff1bac90ec39835753d6caa7)
|
|
err, they save time at least. The correct use of an error string in
this case quickly pinpoited an overzealous check, and saved me hours
of painful debugging.
Andrew Bartlett
(This used to be commit 26946c90e87a94453a5ad3e9e26ef19b36656237)
|
|
Andrew Bartlett
(This used to be commit daa4b76800024c1494eeda675c46af3790fac788)
|
|
(This used to be commit 61ae77beecd573809d917dd86d1fac6cc40e967d)
|
|
metze
(This used to be commit 976052c6561dee7232c1a10fb977b1c4776825a2)
|
|
the error message.
Andrew Bartlett
(This used to be commit 36c1f67f12d5ac83a7a205c0ec152a79c4a8ba4b)
|
|
metze
(This used to be commit 1253784c923b569593b5207c14567c637f3a7ae7)
|
|
Simo.
(This used to be commit 2f0c7b896274e5e15e150c70d7ebe70355f6c4c0)
|
|
request handler, you really have to watch the recursion issues...
Andrew Bartlett
(This used to be commit 46628e86a2be6d334b2d0427e7052517c7ab1d4c)
|
|
passwords) be moved into the database, and not be hard-coded in the
module source.
Andrew Bartlett
(This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04)
|
|
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:
- SYSTEM and Administrators can read all.
- Users and anonymous cannot read passwords, can read everything else
- list of 'password' attributes is hard-coded
Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)
Andrew Bartlett
(This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
|
|
a second_stage_init private function for modules that need a second stage init.
Simo.
(This used to be commit 5e8b365fa2d93801a5de1d9ea76ce9d5546bd248)
|
|
There's still lot of work to do but the patch is stable
enough to be pushed into the main samba4 tree.
Simo.
(This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
|
|
sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory.
The idea here is to avoid having conflicting formats when we get to
replication. We know the base data matches, but we may need to use a
module to munge formats.
Andrew Bartlett
(This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570)
|
|
Because we don't know the syntax of unicodePwd, we want to avoid using
that attribute name. It may cause problems later when we get
replication form windows.
I'm doing this before the tech preview, so we don't get too many
supprises as folks upgrade databases into later versions.
Andrew Bartlett
(This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
|
|
be a valid talloc() pointer, as other modules may rely on this.
Andrew Bartlett
(This used to be commit 356c8c56090a7c4254609c0cc138c994b618fa55)
|
|
supportedSASLMechanism in the rootdse. (Second half of a patch
commited earlier today).
Andrew Bartlett
(This used to be commit 4b67b5d688493c385e12734fd2c0c9dbc1b238e4)
|
|
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
|
|
(This used to be commit c297c93faf3b748de68679f5a4be50845ebe25fe)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
|
|
We need to add to the multivalued objectClass, not ignore it because
the user has already specified a value.
Also rename the template again.
This was caught by more stringent tests in the unicodePwd module, but
breaks MMC. A later commit will sort the objectClass.
Andrew Bartlett
(This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
different computer account types. (Earlier code changes removed the
BDC case).
We don't use the TemplateDomainController, so just have a
TemplateServer in provision_templates.ldif
Andrew Bartlett
(This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
|
|
- removed an unnecessary level of pointer in ldb_search structure
(This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
|
|
(This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa)
|
|
the ldap server. The reason for the change is that ldb modules need
some way to get at the static info stored in the rootDSE (such as the
location of the schema) but they can't do that right now
(This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15)
|
|
after being freed)
(This used to be commit 5c7f3fef3e2324f0d1edda0f0f06f662bbcf7e08)
|
|
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.
I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.
Simo.
(This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
mmc management support
(This used to be commit 99a5b088810e8e2f4e28b99a4a0e5e7dc9301594)
|
|
Andrew Bartlett
(This used to be commit efdc6d834aecbf978f538365c72149fa7afe0828)
|
|
functions they care about, instead of all functions. This also makes
it more likely that future changes to ldb will not break existing
modules
(This used to be commit 45f0c967b58e7c1b2e900a4d74cfde2a2c527dfa)
|
|
a search() function, instead each module now only implements the
bytree method, and the expression based search is handled generically
by the modules code. This makes for more consistency and less code
duplication.
fixed the tdb backend to handle BASE searches much more
efficiently. They now always only lookup one record, regardless of the
search expression
(This used to be commit 7e44f9153c5578624e2fca04cdc0a00af0fd9eb4)
|
|
do not autostart transactions on ldb operations if a transaction is already in place
test transactions on winsdb
all my tests passes so far
tridge please confirm this is ok for you
(This used to be commit c2bb2a36bdbe0ec7519697a9a9ba7526a0defac2)
|
|
transactions ensure two account creations can't interfere with each
other
(This used to be commit 91c27bc97662c8d8b764c76bd2d98a1b04f47337)
|
|
(This used to be commit e86c9b4a7f399a3152a2703c76406e9d69ec1225)
|
|
(This used to be commit e9018e3d9f69528acc0c440929fdb8d95413fa0d)
|
|
(This used to be commit cda829f0d9476bd8b057a7019f55fac206205825)
|
|
(This used to be commit 8ff1358f401e0086b941f4ff73af5d4c38a1f8bf)
|
|
(This used to be commit ebed25b47d3d8bd350b51b462d605d713f17602d)
|
|
(This used to be commit 76e943d4416e38ce4cce27d5403bc3e133d0025b)
|
|
(This used to be commit 579d11147849932ec76a175f815de890a8ea20ad)
|
|
(This used to be commit 5cbe1e6b70b03be441a36b36fb969339df0dfd45)
|
|
(This used to be commit b7992de4b7d42a55e00509c887a269a07c19627d)
|
|
(This used to be commit 2283a336e0e31e6857621d9806bba54c400bd986)
|
|
(This used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18)
|
|
Move samba3sam to dsdb/
(This used to be commit eb9d615bcd49328131613f64745760a90553b7f2)
|