summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13606: An attempt to fix #3525.Andrew Bartlett1-1/+5
The problem was that the supportedControls were being stolen into the result sent to the client, then talloc_free()ed. This caused them to be invalid on the next rootDSE query. This also tries to avoid attaching the result to the long-term samdb context, and avoids an extra loop in the result processing (pointed out by tridge). Andrew BARtlett (This used to be commit d0b8957f38fda4d84a318d6121ad87ba53a9ddb3)
2007-10-10r13507: the 'data' element of LDAP controls is optional.Stefan Metzmacher1-0/+3
(prepare the next commit) metze (This used to be commit a1bbf7f2982185cb6cd544b65b4709ab33a850c5)
2007-10-10r13353: Fix a crash bug in rootdse when we do not pass in credentialsSimo Sorce2-9/+7
a plain ldbsearch would just crash Fix kludge_acl, not passing on the second stage registration phase to other modules Simo (This used to be commit bec99c5cb65d8c32fd4f636ed2f5383fb1b39830)
2007-10-10r13256: Free temporary memory on error cases, and try to clean up what's leftAndrew Bartlett1-0/+9
earlier. Move gendb_search() to use talloc_vasprintf() and steal only the parts actually being used for the results. Andrew Bartlett (This used to be commit 53efb3e3e980c768e0aee216ccd8dc3e14707246)
2007-10-10r13253: More work to ensure that we don't keep data on long-term contexts.Andrew Bartlett1-0/+5
Andrew Bartlett (This used to be commit 35517573ff807339f96573e58bdec29073be9594)
2007-10-10r13207: Use the new API for using/not using kerbeors in hdb-ldb.cAndrew Bartlett1-1/+5
Update the rootdse module to use the new schema. Andrew Bartlett (This used to be commit b0b150d08ac39ed486071487826da2e306db6a0b)
2007-10-10r13150: Correct comment.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit c34666abc170687daa8dcd085020880b598caaf7)
2007-10-10r12998: A big update to samldb.cAndrew Bartlett1-194/+433
This updates the module to handle both SID allocation and nextRid updating while importing users. (As imported users already have a SID, so don't go via the allocation step). We also ensure that SIDs in the database are unquie at create time. Furthermore, at allocation time, we double-check the SID isn't already in use, and that we don't create a foriegnSecurityPrincipal for a 'local' sid. Also create random samAccountName entries for users without one (we were setting $000000-000000000000). We may want to seperate the uniqueness code from the rest of samldb, and into a module with the objectguid code, which needs similar checks. These checks also need to apply to modification, or those modifications denied outright. Also update part of the testsuite to validate this. Andrew Bartlett (This used to be commit 7a9c8eee4bea88f5f0bb7c62f701476384b7dc84)
2007-10-10r12943: Generate a SID for the domain join account using the modules, ratherAndrew Bartlett1-2/+0
than a hardcoded SID. Fix the samldb module to return the what *was* the nextrid, rather than the new nextrid (that is for next time). Andrew Bartlett (This used to be commit ffe9042e15cebbc7ff1bac90ec39835753d6caa7)
2007-10-10r12895: Error strings save lives.Andrew Bartlett1-10/+16
err, they save time at least. The correct use of an error string in this case quickly pinpoited an overzealous check, and saved me hours of painful debugging. Andrew Bartlett (This used to be commit 26946c90e87a94453a5ad3e9e26ef19b36656237)
2007-10-10r12860: Remove unused function. (we handle this in the password_hash module).Andrew Bartlett1-22/+0
Andrew Bartlett (This used to be commit daa4b76800024c1494eeda675c46af3790fac788)
2007-10-10r12851: Fix some typosJelmer Vernooij2-4/+4
(This used to be commit 61ae77beecd573809d917dd86d1fac6cc40e967d)
2007-10-10r12842: don't include system headers directlyStefan Metzmacher1-1/+1
metze (This used to be commit 976052c6561dee7232c1a10fb977b1c4776825a2)
2007-10-10r12818: When denying an operation, include what we think the username is inAndrew Bartlett1-1/+16
the error message. Andrew Bartlett (This used to be commit 36c1f67f12d5ac83a7a205c0ec152a79c4a8ba4b)
2007-10-10r12773: - remove unused variable, fix the build with some old compilersStefan Metzmacher1-3/+0
metze (This used to be commit 1253784c923b569593b5207c14567c637f3a7ae7)
2007-10-10r12769: Make ldb_next_request() evident, I was much confused on first sightSimo Sorce1-4/+6
Simo. (This used to be commit 2f0c7b896274e5e15e150c70d7ebe70355f6c4c0)
2007-10-10r12763: Oops. If you call ldb_search from within an ldb module's searchAndrew Bartlett1-1/+3
request handler, you really have to watch the recursion issues... Andrew Bartlett (This used to be commit 46628e86a2be6d334b2d0427e7052517c7ab1d4c)
2007-10-10r12762: Simo correctly asked that the policy logic (which attributes containAndrew Bartlett1-26/+62
passwords) be moved into the database, and not be hard-coded in the module source. Andrew Bartlett (This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04)
2007-10-10r12746: An initial version of the kludge_acls module.Andrew Bartlett2-0/+223
This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
2007-10-10r12743: Remove the ugly way we had to make a second stage init and introduceSimo Sorce7-39/+26
a second_stage_init private function for modules that need a second stage init. Simo. (This used to be commit 5e8b365fa2d93801a5de1d9ea76ce9d5546bd248)
2007-10-10r12733: Merge ldap/ldb controls into main treeSimo Sorce8-7/+392
There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2007-10-10r12720: By metze's request, rename the ntPwdHistory attribute toAndrew Bartlett1-32/+32
sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory. The idea here is to avoid having conflicting formats when we get to replication. We know the base data matches, but we may need to use a module to munge formats. Andrew Bartlett (This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570)
2007-10-10r12719: Rename unicodePwd -> sambaPassword.Andrew Bartlett2-41/+28
Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
2007-10-10r12716: Tridge points out that the request argument to ldb_next_request mustAndrew Bartlett1-25/+49
be a valid talloc() pointer, as other modules may rely on this. Andrew Bartlett (This used to be commit 356c8c56090a7c4254609c0cc138c994b618fa55)
2007-10-10r12687: Push the real list of supported GENSEC mechanisms out onAndrew Bartlett1-0/+21
supportedSASLMechanism in the rootdse. (Second half of a patch commited earlier today). Andrew Bartlett (This used to be commit 4b67b5d688493c385e12734fd2c0c9dbc1b238e4)
2007-10-10r12670: Make a couple of dependencies stricterJelmer Vernooij1-0/+7
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
2007-10-10r12658: Couple of fixes related to shared module builds.Jelmer Vernooij6-24/+0
(This used to be commit c297c93faf3b748de68679f5a4be50845ebe25fe)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij3-4/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett2-0/+723
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
2007-10-10r12598: Make the 'objectClass' part of the templating process actually work.Andrew Bartlett1-17/+26
We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-5/+5
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12427: Move SAMR CreateUser2 to transactions, and re-add support forAndrew Bartlett1-1/+1
different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
2007-10-10r11958: - fixed memory leaks in the ldb_result handling in ldb operationsAndrew Tridgell2-8/+7
- removed an unnecessary level of pointer in ldb_search structure (This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
2007-10-10r11957: fixed up code meant for debuggingAndrew Tridgell1-3/+3
(This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa)
2007-10-10r11952: added a rootdse module. This will replace the existing rootdse code inAndrew Tridgell2-0/+201
the ldap server. The reason for the change is that ldb modules need some way to get at the static info stored in the rootDSE (such as the location of the schema) but they can't do that right now (This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15)
2007-10-10r11592: fixed a crash bug from the ldb_result changes (res was being used ↵Andrew Tridgell1-4/+6
after being freed) (This used to be commit 5c7f3fef3e2324f0d1edda0f0f06f662bbcf7e08)
2007-10-10r11567: Ldb API change patch.Simo Sorce3-101/+114
This patch changes the way lsb_search is called and the meaning of the returned integer. The last argument of ldb_search is changed from struct ldb_message to struct ldb_result which contains a pointer to a struct ldb_message list and a count of the number of messages. The return is not the count of messages anymore but instead it is an ldb error value. I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good amount of places. I also tried to double check all my changes being sure that the calling functions would still behave as before. But this patch is big enough that I fear some bug may have been introduced anyway even if it passes the test suite. So if you are currently working on any file being touched please give it a deep look and blame me for any error. Simo. (This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell3-13/+14
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10897: added in a hackish ldb proxy module that I am using to experiment withAndrew Tridgell1-0/+340
mmc management support (This used to be commit 99a5b088810e8e2f4e28b99a4a0e5e7dc9301594)
2007-10-10r10791: Add copyright, fix comments (this isn't the timestamps module any more)Andrew Bartlett1-3/+2
Andrew Bartlett (This used to be commit efdc6d834aecbf978f538365c72149fa7afe0828)
2007-10-10r10759: make modules easier to write by allowing modules to only implement theAndrew Tridgell2-74/+2
functions they care about, instead of all functions. This also makes it more likely that future changes to ldb will not break existing modules (This used to be commit 45f0c967b58e7c1b2e900a4d74cfde2a2c527dfa)
2007-10-10r10753: don't require every ldb module to implement both a search_bytree() andAndrew Tridgell2-18/+0
a search() function, instead each module now only implements the bytree method, and the expression based search is handled generically by the modules code. This makes for more consistency and less code duplication. fixed the tdb backend to handle BASE searches much more efficiently. They now always only lookup one record, regardless of the search expression (This used to be commit 7e44f9153c5578624e2fca04cdc0a00af0fd9eb4)
2007-10-10r10477: expose transactions outside ldb and change the API once moreSimo Sorce2-6/+20
do not autostart transactions on ldb operations if a transaction is already in place test transactions on winsdb all my tests passes so far tridge please confirm this is ok for you (This used to be commit c2bb2a36bdbe0ec7519697a9a9ba7526a0defac2)
2007-10-10r10411: we don't need the 10 times retry on rid allocation now, asAndrew Tridgell1-10/+2
transactions ensure two account creations can't interfere with each other (This used to be commit 91c27bc97662c8d8b764c76bd2d98a1b04f47337)
2007-10-10r10306: change these modules to use new error APISimo Sorce2-64/+4
(This used to be commit e86c9b4a7f399a3152a2703c76406e9d69ec1225)
2007-10-10r10300: forgot to change the dsdb modules function namesSimo Sorce2-16/+16
(This used to be commit e9018e3d9f69528acc0c440929fdb8d95413fa0d)
2007-10-10r9992: More fixes from the 64-bit warning police.Tim Potter1-2/+2
(This used to be commit cda829f0d9476bd8b057a7019f55fac206205825)
2007-10-10r9915: Some more mappings. Fix weird sAMAccountName values.Jelmer Vernooij1-10/+47
(This used to be commit 8ff1358f401e0086b941f4ff73af5d4c38a1f8bf)
2007-10-10r9908: Generate posixUser and posixGroup as wellJelmer Vernooij1-25/+151
(This used to be commit ebed25b47d3d8bd350b51b462d605d713f17602d)