summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce5-78/+78
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r17103: Big updates to the not-yet-enabled partitions module. It now servicesAndrew Bartlett1-4/+189
the Global Catalog port 'correctly' (in a very simple sense) in that it should be no worse than what we had before. We now combine partitions together to search over the whole tree, when we are marked as 'global catalog'. Andrew Bartlett (This used to be commit 0a354a1ddeccd9a6b1610bc6813a86fcdfc4d310)
2007-10-10r16972: Replace the sequence_number function pointer in ldb with the ldb flags.Andrew Bartlett1-1/+1
The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
2007-10-10r16933: Sort the partitions in order from most, to least specific.Andrew Bartlett1-2/+13
Remember to perform operations on the base database as well. Andrew Bartlett (This used to be commit eae232530c967fe949355cf1914ca0cb8c0ea8c2)
2007-10-10r16914: Add more tests for the partition module.Andrew Bartlett1-25/+137
Andrew Bartlett (This used to be commit 2728b60dfa50ded03e06f0bd53eee55fce5143bd)
2007-10-10r16860: Fix (and reactivate) the RPC-SAMR test. We need to allow these sidsAndrew Bartlett1-5/+3
to be created as foreign, even if they are in a local domain. Also we do need the user to exist for the life of the test, as we add it to a group. Andrew Bartlett (This used to be commit ae470ff7014e52b55d88e9fe12e2322e069daf9d)
2007-10-10r16854: Fix the RPC-SAMR-PASSWORDS test. It failed because we allocated usersAndrew Bartlett1-1/+3
in the Builtin domain a SID from the global domain. Andrew Bartlett (This used to be commit 9d31b9f04721a2cac62f492f8db071aaa0aa966b)
2007-10-10r16831: Use a valid memory context (found by the IBM checker).Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 9fdbedafad69e55ef4ccad51c4f002c49e43f372)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-1/+1
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-149/+24
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16784: - make some function in ldb static, they not need to be exported ↵Simo Sorce1-4/+4
anywhere - fix a bad segfault Andrew please make test before committing. Simo. (This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88)
2007-10-10r16769: Working on fixing the RPC-SAMR test against Samba4. This fixesAndrew Bartlett1-66/+106
password changes which only include the LM and NT hash, such as the original ChangePassword. It also fixes setting passwords on the BUILTIN domain. Finally, the msDS-KeyVersionNumber is only incremented if not explicity set by the modify. Andrew Bartlett (This used to be commit e957f6f4c61c121f79ad518822691e4fd4bf4341)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett5-8/+356
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16240: Add better error reporting in the password_hash moduleAndrew Bartlett1-5/+13
Remove duplicate attribute in search request Search for the domain by NDR-encoded SID, not string (consistant with the rest of the C code, and helps partially-constructed LDAP backends). Use the default basedn for the domain search. Andrew Bartlett (This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a)
2007-10-10r16227: Don't segfault if the ldb_search() fails.Andrew Bartlett1-2/+5
Andrew Bartlett (This used to be commit af11f464a717cc7db0393070da780091a6053ee0)
2007-10-10r16159: Even more work on samldb error reporting. Make sure to get theAndrew Bartlett1-34/+31
original error strings back to the callers. Andrew Bartlett (This used to be commit defa63298838fefae7ed003458020045edaef21d)
2007-10-10r16129: Further clean up the samldb module.Andrew Bartlett1-42/+52
This adds more/better setting of the ldb error string, and avoids using gendb_search(), as this doens't return the error code. Andrew Bartlett (This used to be commit 2d2e71a2d5827c9dc8785b87547559071b47ab34)
2007-10-10r16109: Make this module simpiler, don't intercept operations we are not goingAndrew Bartlett1-21/+0
to implement. Andrew Bartlett (This used to be commit 3252e425b0e28656ac5fb19fa4edf7322ea72eab)
2007-10-10r16108: Fixes from working with the partition module.Andrew Bartlett1-12/+17
We were not using the correct baseDN for the templates search. Using NULL is no longer valid (like against AD). While chasing that down, return proper error codes, and use the ldb_set_errstr() to get a good error string back up to the UI layer. Andrew Bartlett (This used to be commit b31003403d84def6f11b21df566ff57c01da21b8)
2007-10-10r16083: Make it possible to initialise a backend module, without it setting upAndrew Bartlett1-4/+7
the whole ldb structure. Because the sequence number was a fn pointer on the main ldb context, turn it into a full request (currently sync). Andrew Bartlett (This used to be commit fbe7d0ca9031e292b2d2fae263233c973982980a)
2007-10-10r16070: Fix kludge_aclsSimo Sorce1-1/+1
(This used to be commit 795f8ebe8eecf28f5729754dc248d2a8411effb9)
2007-10-10r16069: Remove unused destructor and an unused variable.Andrew Bartlett1-9/+0
Andrew Bartlett (This used to be commit 25e85975459acc556c0d46f1683dd4bbdd94874b)
2007-10-10r16061: Prove that removing the objectClass list in the samldb module breaks ↵Andrew Bartlett1-3/+0
things. With this fix, we now correctly detect computers again, and get the correct objectCategory, which is important for the OSX AD plugin. Andrew Bartlett (This used to be commit 4e39d7bb245bc337ac496c7e39a510d1c5611c71)
2007-10-10r16042: Fix crashbug caused by incorret error reporting.Simo Sorce1-12/+12
(This used to be commit d346531d0a3e7160ae2a3bdc430521148b485540)
2007-10-10r16036: Add a couple of new functions to corretly deal with timeouts.Simo Sorce6-13/+19
Check timeouts are correctly verified. Some minor fixed and removal of unused code. (This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
2007-10-10r16022: ooops, a bit too aggressive commit :-)Simo Sorce1-1/+1
(This used to be commit 959c8c35ef170e03a5f698d0fa11616583cc6f66)
2007-10-10r16021: While studying how to make samldb really async I found a critical ↵Simo Sorce1-29/+29
situation handled in the incorrect way. A while(1) loop may end up looping forever consuming all valid RIDs because of a secondary bug. And anyway nextRid is supposed to always give back a new unique RID, if someone messed up the database let him fix the problem first, trying to be smart here would probably end up in worst results. Simo. (This used to be commit 6b214f232eefc4ffbc98dfb68c99d1f0c97ae6db)
2007-10-10r15999: password_hash module changes:Andrew Bartlett1-8/+16
- Quiet some IBM Checker warnings (enum mismatch) - Only search for the attributes we need - fix comments - fix copyrights Andrew Bartlett (This used to be commit ee6fe3a80fd5038c2b141bf8a85139f99ac96e4d)
2007-10-10r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...Simo Sorce1-2/+2
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
2007-10-10r15942: Remove the sync internal ldb calls altogether.Simo Sorce7-1067/+53
This means that some modules have been disabled as well as they have not been ported to the async interface One of them is the ugly objectclass module. I hope that the change in samldb module will make the MMC happy without the need of this crappy module, we need proper handling in a decent schema module. proxy and ldb_map have also been disabled ldb_sqlite3 need to be ported as well (currenlty just broken). (This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
2007-10-10r15932: Remove per request credsSimo Sorce4-6/+0
They have never benn used and make little sense too imo (This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9)
2007-10-10r15927: Optimize ldb module traverse while keeping the API intact.Simo Sorce6-26/+20
I was sick of jumping inot each module for each request, even the ones not handle by that module. (This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7)
2007-10-10r15913: Error passing in the async code is not in agood shapeSimo Sorce1-37/+73
Start enhancing it and fix some problems with incorrect evalutaion of the codes Implement rdn rename (async only) (This used to be commit 6af1d738b9668d4f0eb6194ac0f84af9e73f8c2e)
2007-10-10r15859: fixed a crash bug in the ldb password_hash module. This one is quiteAndrew Tridgell1-1/+4
sublte - please have a look at the change if you are not certain you know the semantics of constant arrays declared on the stack (they must be static if you return them from the function) (This used to be commit 1848078fee2041195e3d65fcc090d7b6330b8ea0)
2007-10-10r15804: Fix SAMLOGON testSimo Sorce1-6/+5
(This used to be commit 2e9a840bb975f3269de4ca299a3d6e5b19f3cad1)
2007-10-10r15795: Try to use the async code by defaultSimo Sorce2-14/+43
It passess all my tests, but I still need to work on a lot of stuff. Shouldn't impact anybody else work, so I want to commit now and see what happens Will work to remove the old code from modules and backends soon, and make some more restyling in ldb internals. So, if there is something you don't like in this desgin please speak now. Simo. (This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce)
2007-10-10r15789: hmm, damn, testing uncovcer all your bugs :-)Simo Sorce1-16/+2
(This used to be commit 977982c884da15d1e9f5fe19d24cd4169ecbb0c5)
2007-10-10r15783: Fix previous commit, was the wrong way to deal with the problemSimo Sorce1-26/+24
(This used to be commit 36537100db491012d8124f7aca266a8290f2eee6)
2007-10-10r15782: More fixes for async casesSimo Sorce3-26/+42
(This used to be commit 3c9434e264710a1fa29adedbe571d5324ecae906)
2007-10-10r15761: Fix-as-you-go ...Simo Sorce1-21/+24
Testing various async paths and uncovering bugs (This used to be commit 099d873ea596ece18efe63b06bc64e7f97a96f82)
2007-10-10r15725: First shot at making password_hash asyncSimo Sorce1-11/+1076
The async path is not yet enabled by default so it should make no harm (This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89)
2007-10-10r15639: fix warningsStefan Metzmacher2-2/+2
metze (This used to be commit 73ca71b42b20c9cc0acba8caecc24b07624c4abc)
2007-10-10r15582: Commit some forgotten stuff that have been setting on my private ↵Simo Sorce2-12/+73
tree fro long (This used to be commit 7c050b541e98cd442a0c9ed0ddadb3e573cd1304)
2007-10-10r15511: Using this name causes less warnings on the IBM checker, due to usingAndrew Bartlett1-4/+4
the original, rather than equivilant, enum type. Andrew Bartlett (This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij2-2/+3
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-6/+4
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-4/+4
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher2-2/+2
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14840: - rename some functionsStefan Metzmacher1-6/+9
- stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2007-10-10r14662: To allow the RPC-SAMR test to pass, we need to look for both domainsAndrew Bartlett1-1/+1
and the builtinDomain objectClasses, when trying to find domain policies. Andrew Bartlett (This used to be commit 9fc1196f0ca0235aa764d4ae770e3c31978396fa)