| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit c297c93faf3b748de68679f5a4be50845ebe25fe)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
|
|
We need to add to the multivalued objectClass, not ignore it because
the user has already specified a value.
Also rename the template again.
This was caught by more stringent tests in the unicodePwd module, but
breaks MMC. A later commit will sort the objectClass.
Andrew Bartlett
(This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
different computer account types. (Earlier code changes removed the
BDC case).
We don't use the TemplateDomainController, so just have a
TemplateServer in provision_templates.ldif
Andrew Bartlett
(This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
|
|
- removed an unnecessary level of pointer in ldb_search structure
(This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
|
|
(This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa)
|
|
the ldap server. The reason for the change is that ldb modules need
some way to get at the static info stored in the rootDSE (such as the
location of the schema) but they can't do that right now
(This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15)
|
|
after being freed)
(This used to be commit 5c7f3fef3e2324f0d1edda0f0f06f662bbcf7e08)
|
|
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.
I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.
Simo.
(This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
mmc management support
(This used to be commit 99a5b088810e8e2f4e28b99a4a0e5e7dc9301594)
|
|
Andrew Bartlett
(This used to be commit efdc6d834aecbf978f538365c72149fa7afe0828)
|
|
functions they care about, instead of all functions. This also makes
it more likely that future changes to ldb will not break existing
modules
(This used to be commit 45f0c967b58e7c1b2e900a4d74cfde2a2c527dfa)
|
|
a search() function, instead each module now only implements the
bytree method, and the expression based search is handled generically
by the modules code. This makes for more consistency and less code
duplication.
fixed the tdb backend to handle BASE searches much more
efficiently. They now always only lookup one record, regardless of the
search expression
(This used to be commit 7e44f9153c5578624e2fca04cdc0a00af0fd9eb4)
|
|
do not autostart transactions on ldb operations if a transaction is already in place
test transactions on winsdb
all my tests passes so far
tridge please confirm this is ok for you
(This used to be commit c2bb2a36bdbe0ec7519697a9a9ba7526a0defac2)
|
|
transactions ensure two account creations can't interfere with each
other
(This used to be commit 91c27bc97662c8d8b764c76bd2d98a1b04f47337)
|
|
(This used to be commit e86c9b4a7f399a3152a2703c76406e9d69ec1225)
|
|
(This used to be commit e9018e3d9f69528acc0c440929fdb8d95413fa0d)
|
|
(This used to be commit cda829f0d9476bd8b057a7019f55fac206205825)
|
|
(This used to be commit 8ff1358f401e0086b941f4ff73af5d4c38a1f8bf)
|
|
(This used to be commit ebed25b47d3d8bd350b51b462d605d713f17602d)
|
|
(This used to be commit 76e943d4416e38ce4cce27d5403bc3e133d0025b)
|
|
(This used to be commit 579d11147849932ec76a175f815de890a8ea20ad)
|
|
(This used to be commit 5cbe1e6b70b03be441a36b36fb969339df0dfd45)
|
|
(This used to be commit b7992de4b7d42a55e00509c887a269a07c19627d)
|
|
(This used to be commit 2283a336e0e31e6857621d9806bba54c400bd986)
|
|
(This used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18)
|
|
Move samba3sam to dsdb/
(This used to be commit eb9d615bcd49328131613f64745760a90553b7f2)
|
|
(This used to be commit 8bded3fc926b8eb6285e06fd4b4706b779edb386)
|
|
(This used to be commit 0602e8b3e7b5921fa99bfe788fe290f03b3dc7ac)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
Add templating support for foreignSecurityPrincipal to the samdb
module.
Andrew Bartltt
(This used to be commit 5f51d806d718bfa6931d102ff4e866c688a6ecd9)
|
|
dn: cn=foo,ou=bar
objectClass: person
implies
dn: cn=foo,ou=bar
objectClass: person
cn: foo
(as well as a pile more default attributes)
We also correct the case in the attirbute to match that in the DN
(win2k3 behaviour) and I have a testsuite (in ejs) to prove it.
This module also found a bug in our provision.ldif, so and reduces
code complexity in the samdb module.
Andrew Bartlett
(This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3)
|
|
module any more.
Andrew Bartlett
(This used to be commit da48e77e7ca21bc99f2829a22ea3dc96ba413191)
|
|
ldb, as it can't build without the NDR and GUID code.
Also make it properly use the NDR encoding for the GUID (I forgot last
time, and used a string), as well as set the dependencies on the
module correctly.
Andrew Bartlett
(This used to be commit 8054abc76e5e3588cebc7fc01062a1223b7f140b)
|
|
BOOL to int function return.
Andrew Bartlett
(This used to be commit e03e00fe606db443783f1dea03411025c01c7de5)
|
|
I replaced these function calls, and they went from BOOL to int return
values, so naturally failed.
Andrew Bartlett
(This used to be commit 1982fdb6f3355494ecaae93280eea4e69c78430f)
|
|
a DN parsing system. Leverage that in the dsdb module.
Andrew Bartlett
(This used to be commit 2408f322765fc1b1769d5c8ea69eae4d968cd195)
|
|
This ensures the templating code is used, and also makes it clearer
what I need to duplicate in the vampire area.
Also fix a silly bug in the template application code (the samdb
module) that caused templates to be compleatly unused (my fault, from
my commit last night).
Andrew Bartlett
(This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
|
|
boilerplate attributes in every entry in provision.ldif.
The next step will be to use templates.
Andrew Bartlett
(This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2)
|
|
existing db
doesn't print lots of fatal errors
(This used to be commit d8d47bb18fbb467e253e99c4281578d6e4762de3)
|
|
(This used to be commit 126cb3db4b0cf9c382ba7496ba08311f3b669f00)
|
|
(This used to be commit 0bfd91c32a62e651e81ce8d3b102158ec9c680fe)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
instead of a search expression. This allows our ldap server to pass
its ASN.1 parsed search expressions straight to ldb, instead of going
via strings.
- updated all the ldb modules code to handle the new interface
- got rid of the separate ldb_parse.h now that the ldb_parse
structures are exposed externally
- moved to C99 structure initialisation in ldb
- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
|
|
Just use talloc_free() to release the memory after an ldb_search().
(This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
|
