summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24761: Permit subtree renames in Samba4.Andrew Bartlett2-0/+302
The module is scary: On a rename, it does a search for all entries under that entry (including itself), and fires off a seperate rename call for each result. This will fail miserably on an LDAP backend, but I'll need to work on using hdb for OpenLDAP, and hope Fedora DS can implement subtree renames at some point. Andrew Bartlett (This used to be commit 13908a8cb4dd810503213203efb8d51f77f1f379)
2007-10-10r24731: Remove unused code - if we hit these error conditions, then we areAndrew Bartlett9-82/+0
dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed)
2007-10-10r24696: Fix bug 4918 reported by Matthias Wallnöfer <mwallnoefer@yahoo.de>Andrew Bartlett1-37/+40
with a patch from Andrew Kroeger <andrew@sprocks.gotdns.com>. The changes to samldb_fill_foreignSecurityPrincipal_object() look much larger then they are: We just skip all the objectSid generation if the SID is supplied. By providing a few more objects, standard dialogs on the clients are better behaved, for these 'well known' users. Andrew Bartlett (This used to be commit 35ee4aee719e69983d650602d1c6422a31600001)
2007-10-10r24690: Further fix to bug 4919: Ensure we don't supply a NULL URL argument toAndrew Bartlett1-0/+5
ldb_connect_backend(). Andrew Bartlett (This used to be commit d0595e7a3d15c40dd49062efa0ddc6864b6b9030)
2007-10-10r24655: Fix bug 4919 reported by Matthias Wallnöfer <mwallnoefer@yahoo.de>:Andrew Bartlett1-3/+2
> When you change to the SAMBA private directory on a shell (default > /usr/local/samba/private) and start there for example ldbedit with the sam.ldb, > the application crashes if you don't put the "./" before the filename. I've adapted Matthias's patch. Andrew Bartlett (This used to be commit ba82197e30da8e626419e877d224431703edc866)
2007-10-10r24479: Typo fix - this makes 'make test' pass against OpenLDAP again.Andrew Bartlett1-1/+1
The objectCategory canonicalise_fn makes everything a DN, which is exactly what we need here. Andrew Bartlett (This used to be commit f5ec369741661fdf7ef5f5183c0e1a996bd46d41)
2007-10-10r24459: Fix up ldap.js and test_ldb.sh to test the domain_scope control, andAndrew Bartlett2-112/+8
to test the behaviour of objectCategory=user searches. It turns out (thanks to a hint on http://blog.joeware.net/2005/12/08/147/) that objectCategory=user maps into objectCategory=CN=Person,... (by the defaultObjectCategory of that objectclass). Simplify the entryUUID module by using the fact that we now set the DN as the canoncical form of objectCategory. Andrew Bartlett (This used to be commit b474be9507df51982a604289215bb1868124fc24)
2007-10-10r24277: Tidyup as requested by metze.Andrew Bartlett1-8/+14
Andrew Bartlett (This used to be commit 43d62181f204fb32e487b7689729c1a91b8d23ad)
2007-10-10r24263: Fix bug 4846 (unable to copy users in MMC Active Directory Users andAndrew Bartlett1-3/+47
Computers). We now generate a security descriptor for each object, when it is created. This seems to keep MMC happy. The next step is to honour it. Andrew Bartlett (This used to be commit 72f4ae82463c5c1f9f6b7f18f125c4c8fb56ae4f)
2007-10-10r24262: Set the objectCategory by default in the objectclass module, rather ↵Andrew Bartlett1-1/+10
than using templates. Modify the samba3sam test to be less fussy, and not use the objectclass module (which requires proper schema stuff now). Andrew Bartlett (This used to be commit 53c248c2645e86fbc8720860aed92a479483b528)
2007-10-10r24260: Ensure we always override any existing values for these generatedAndrew Bartlett1-0/+4
attributes. Anything else leads to madness. Andrew Bartlett (This used to be commit af092a361df6b98e1890cbd3e2d1fed168701364)
2007-10-10r24259: Rework the objectclass module to use the new schema, rather than theAndrew Bartlett2-0/+703
ldb_subclass list. Next step will be to have this module also set the objectCategory and default ntSecurityDescriptor Andrew Bartlett (This used to be commit 0f7135a4685a1117a54c2f019df6c6de22b8dd32)
2007-10-10r24249: Thse generated attributes should not be pushed this far down the stackAndrew Bartlett1-69/+0
in any cse. Andrew Bartlett (This used to be commit 5f08a686a6b002a21803a0dd2f9ee0ae9ef928f5)
2007-10-10r24247: Remove extra newlines from ldb_debug() calls - it already adds one.Andrew Bartlett3-23/+23
Andrew Bartlett (This used to be commit e5fdcda2a1e97c587d48baf3521b18515277f6de)
2007-10-10r24060: Fix bug #4806 by Matthias Wallnöfer <mwallnoefer@yahoo.de>: We need toAndrew Bartlett1-4/+76
include the attribute allowedChildClassesEffective for MMC to allow the creation of containers. This may need further refinement, but it seems to work for now. Andrew Bartlett (This used to be commit d053b8e218767cb12e20a00fb18995e30869db11)
2007-10-10r24010: Fix warning for the function paramter to qsort().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 51862c4c5299da02d3d781b3e9255823bc9b59af)
2007-10-10r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de.Andrew Bartlett1-1/+5
Should fix bug #4804. Andrew Bartlett (This used to be commit 848336dc617b72d189fe82e10c0b08a518d6d073)
2007-10-10r23810: Make things static, and remove unsued code.Andrew Bartlett1-4/+4
This includes some of the original ildap ldap client API. ldb provides a much easier abstraction on this to use, and doesn't use these functions. Andrew Bartlett (This used to be commit dc27a7e41c297472675e8c251bb14327a1af3902)
2007-10-10r23798: updated old Temple Place FSF addresses to new URLAndrew Tridgell5-10/+5
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
2007-10-10r23795: more v2->v3 conversionAndrew Tridgell5-5/+5
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell15-45/+30
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23762: Fix DN renames over LDAP, and instrument the partition module. Add aAndrew Bartlett1-22/+24
test to prove the behaviour of LDAP renames etc. Fix LDB to return correct error code when failing to rename one DN onto another. Andrew Bartlett (This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
2007-10-10r23718: Make Samba4 work against the LDAP backend again.Andrew Bartlett1-2/+8
When we set up the schema, we don't have a partitions container yet. The LDAP error differs from that given by LDB, so I think we still have some conformance work to do. Andrew Bartlett (This used to be commit 5ddbca73d4971a885c105c8d893e53598c5582b4)
2007-10-10r23679: invocationID is a GUID too.Andrew Bartlett1-0/+12
Andrew Bartlett (This used to be commit 645a8862a3d7c493020e432d76ad0e5da5ea77b5)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett2-4/+101
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r23412: We don't need hdb.h here any moreAndrew Bartlett1-1/+0
(This used to be commit 1abda90f15bcfb56ac56b01fd2b7343fade3843c)
2007-10-10r22991: ignore '@foo' attributes in the repl_meta_data moduleStefan Metzmacher1-0/+2
metze (This used to be commit b592ac1c2c91a72a8aae8ed11d74cba3ce0778c5)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-2/+6
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22769: Fix include location.Jelmer Vernooij2-2/+2
(This used to be commit 74d51579aff73913cae31734bddc3b5a48cd32fa)
2007-10-10r22762: Some ldb_map changes:Jelmer Vernooij1-19/+19
* Change license to LGPL, so it can be used by non-Samba users of LDB (cleared with Martin as well). * Include ldb_map in standalone build. * Move ldb_map to its own directory (This used to be commit a90202abca26c0da5425a2f3dd8494077c3290fd)
2007-10-10r22681: Fix standalone ldb build when parent directory name != ldb.Jelmer Vernooij3-3/+3
(This used to be commit 1093875d59f1ea9b8bd82277d4f9d8366e584952)
2007-10-10r22557: Simo has long bugged me that the paths in the sam.ldb partitions wereAndrew Bartlett1-1/+30
not relative to the location of the sam.ldb, but instead lp_private_dir(). This fixes that issue. Andrew Bartlett (This used to be commit c0fd6f63399d55a1938e31ae7b10689cc02ff2fa)
2007-10-10r22531: Fix up OpenLDAP schema map to almost pass 'make test'.Andrew Bartlett1-1/+19
Andrew Bartlett (This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7)
2007-10-10r22521: Don't fail the module load just because we don't have a schema yet.Andrew Bartlett1-4/+4
This code to be replaced by metze's schema loader soon... Andrew Bartlett (This used to be commit a354ec282232c00d149304d90f9b8ef01c9a2e5f)
2007-10-10r22497: Support renaming objectclasses and attributes for the LDAP backend.Andrew Bartlett1-3/+24
OpenLDAP is fussy about operational attributes in user-supplied schema. Andrew Bartlett (This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a)
2007-10-10r22476: The OID match is used very oddly in AD, as it is often used for fieldsAndrew Bartlett1-0/+4
that contain attribute names and objectClasses. Make it a case insensitive string for now. Andrew Bartlett (This used to be commit 9908a05ef70c748c699b5a18178e7948f7814d7a)
2007-10-10r22406: this dependencies should also be privateStefan Metzmacher1-6/+2
metze (This used to be commit 7f07895cac3e933b39f81bf67812834352184af0)
2007-10-10r21842: fix typo in commentStefan Metzmacher1-12/+12
metze (This used to be commit 8fcd5209ae46823f7d99bddff6e61873e75dd24c)
2007-10-10r21839: add my email addressStefan Metzmacher3-3/+3
metze (This used to be commit e3be33c1d9f9e44ef37e6ef72a23576474f6e725)
2007-10-10r21838: generate no metadata for constructed attributesStefan Metzmacher1-2/+4
metze (This used to be commit 7e0620e524886a66dbdb16f35fee4f51f2867a2a)
2007-10-10r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett1-23/+38
Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
2007-10-10r21773: fix typo orginating -> originatingStefan Metzmacher1-7/+7
and use the struct member names in all cases metze (This used to be commit c543ee57454d006c545e3e9e20c9ac0114081d3d)
2007-10-10r21496: A number of ldb control and LDAP changes, surrounding theAndrew Bartlett4-7/+25
'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
2007-10-10r21470: generate Primary:WDigest blob with precalculated digest-md5 hashes:Stefan Metzmacher1-6/+383
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true for how the hashes are supposed to be (but w2k3 doesn't to some correctly...) this is a verify nice tool to test the hash genaration, but you need to add support for "" realm strings... http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c metze (This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
2007-10-10r21465: the LDAP-UPTODATEVECTOR test shows that the replUpToDateVectorStefan Metzmacher1-37/+11
doesn't contain an entry for the local invocation_id metze (This used to be commit 4bd0ddeb80b0a6695a457434594c0240c8880d9f)
2007-10-10r21441: create a union for the PrimaryKerberosBlob contentStefan Metzmacher1-35/+45
so that ndr_pull will fail if version isn't 3 and we notice if the format changes... metze (This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
2007-10-10r21434: - get rid of "krb5Key"Stefan Metzmacher2-359/+732
- use "sambaPassword" only as virtual attribute for passing the cleartext password (in unix charset) into the ldb layer - store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos blob to match w2k and w2k3 - aes key support is disabled by default, as we don't know exacly how longhorn stores them. use password_hash:create_aes_key=yes to force creation of them. - store the cleartext password in the Primary:CLEARTEXT blob if configured TODO: - find out how longhorn stores aes keys - find out how the Primary:WDigest blob needs to be constructed (not supported by w2k) metze (This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
2007-10-10r21395: fix commentsStefan Metzmacher1-7/+7
metze (This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
2007-10-10r21364: cosmetic change: it's nicer to use the KEYTYPE_ macroStefan Metzmacher1-2/+2
for the keytype field... metze (This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
2007-10-10r21362: rename:Stefan Metzmacher3-33/+33
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)