summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/samdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-27/+155
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16771: Add const and some better debug messages.Andrew Bartlett1-7/+13
Andrew Bartlett (This used to be commit 87cac3529ca4f114a93adb5b307766e681c49a1d)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-4/+5
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16125: Add another helpful utility function: samdb_msg_add_int()Andrew Bartlett1-0/+10
Andrew Bartlett (This used to be commit 2fe9de8105843776b8ef41ef6f9a6cea5cb188ff)
2007-10-10r15725: First shot at making password_hash asyncSimo Sorce1-1/+1
The async path is not yet enabled by default so it should make no harm (This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-0/+76
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14570: Move some functions also they are also used from kpasswdJelmer Vernooij1-0/+317
(This used to be commit 89dfb74894c809d69eab05bdb6d5fe4012153808)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13910: Fix the 'your password has expired' on every login. We now considerAndrew Bartlett1-3/+8
if the 'password does not expire' flag has been set, filling in the PAC and netlogon reply correctly if so. Andrew Bartlett (This used to be commit c530ab5dc6865c422382bc0afa7a86f7ec1acdf2)
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett1-63/+25
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-3/+5
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r12161: Fix a memleak and do the -O1 janitor :-)Volker Lendecke1-1/+6
(This used to be commit 82d87d62614a33ec9d2ed20e63d80a7af64e8678)
2007-10-10r12156: added samdb_domain_sid(), a routine to get the domain sid by lookingAndrew Tridgell1-0/+66
up the rootDomainNamingContext in the rootdse, then getting the objectsid from the root of the domain (This used to be commit 152590101e64ec260304e4b34cb1e2ef64333a02)
2007-10-10r11967: Fix more 64-bit warnings.Tim Potter1-2/+2
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
2007-10-10r10914: moved the ldap time string functions into ldb so they can be used byAndrew Tridgell1-13/+0
the time attribute handling functions (This used to be commit 93c296d52718e77f8b702e1721b548eaadc56c76)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell1-10/+10
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-4/+2
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-2/+7
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r9930: Use a single samdb_base_dn() function rather than lots of sillyAndrew Bartlett1-0/+34
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-0/+22
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-13/+21
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r9385: Remove unused functionsSimo Sorce1-97/+0
(This used to be commit fac8ff623778250acd830f358fcd34b85f7983b6)
2007-10-10r9208: fix a crash bugStefan Metzmacher1-2/+3
metze (This used to be commit f8a25ac2397d50359f4903618832da7886d91d6f)
2007-10-10r8810: Fix missing headers. Still doesn't fix the build but getting closer ↵Rafal Szczesniak1-0/+1
there. rafal (This used to be commit bc638cc3d66525cf91ef76eb0c486542fff2b929)
2007-10-10r8715: - revert the %PRIi64 stuff. Tim, we explicitly check for %llu supportAndrew Tridgell1-7/+17
in configure, and replace snprintf if the system doesn't support it. Our replacement code does not handle the "%PRIi64" stuff, so using it would break us on lots of platforms - fixed constant array initialisers to work on HPUX. (This used to be commit c6bae3e87e2dcb3a89bbb32da131627c60871e3d)
2007-10-10r8714: Oops - get it right this time!Tim Potter1-2/+2
(This used to be commit 1d2b708da657a3f3c81bb60600f66bc359c2eab7)
2007-10-10r8713: Experiment to try and fix warnings on 64-bit machines without breakingTim Potter1-2/+2
32-bit ones. Yes, this weird looking macros are part of C99. (This used to be commit 7b316f119b8486b75ebe63b185c50fab82313e58)
2007-10-10r8669: The objectguid module belongs in Samba's ldb module collection, not inAndrew Bartlett1-14/+0
ldb, as it can't build without the NDR and GUID code. Also make it properly use the NDR encoding for the GUID (I forgot last time, and used a string), as well as set the dependencies on the module correctly. Andrew Bartlett (This used to be commit 8054abc76e5e3588cebc7fc01062a1223b7f140b)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-3/+4
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8224: - add objectGUID ldif_handlerStefan Metzmacher1-17/+25
- fix some compiler warnings metze (This used to be commit e6c39241bf93336d4c94c43f9d8beb69018fb74a)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell1-19/+80
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7783: the whenChanged attribute is now handled by the timestamps module, andAndrew Tridgell1-3/+0
should not be handled here as well. I had to remove it from here as it was buggy anyway (it wasn't setting the modify flags, this making an invalid ldb_modify() request) (This used to be commit f267e9d5b7b40c9c8bf1aa67a00f42e2d3bb3bc5)
2007-10-10r7615: fix the build and simplify gendb_search_dnSimo Sorce1-2/+2
(This used to be commit b38bb63175ae0bdcf833c017e5fbbfc2c0769506)
2007-10-10r7582: Better way to have a fast path searching for a specific DN.Simo Sorce1-4/+4
Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2007-10-10r6470: Remove ldb_search_free() it is not needed anymore.Simo Sorce1-12/+3
Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-21/+1
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5585: LDB interfaces change:Simo Sorce1-76/+76
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+2
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-5/+5
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4766: Add another useful helper function: samdb_msg_set_value()Andrew Bartlett1-0/+15
Andrew Bartlett (This used to be commit a43f7392f791081f227a0e05aeed894885f33232)
2007-10-10r4698: - Initial implementation of trusted domains in LSA.Andrew Bartlett1-2/+20
- Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2007-10-10r4679: Remove the void* from samdb. We now use structures without fullAndrew Bartlett1-74/+63
declarations all the time, and the struture the void* is hiding here is even a declared one, so there is no excuse. This also causes the compiler to warn on bugs. Andrew Bartlett (This used to be commit f40e794902020c5fb6839e6493be9a73416716b0)
2007-10-10r4650: - make more use of bitmap and enum'sStefan Metzmacher1-2/+2
- move some structs out of misc.idl metze (This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-4/+3
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4532: - rename bitmap -> bitsStefan Metzmacher1-5/+5
the next commit is support for typedef bitmap {...}; in pidl metze (This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)