summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/samdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25268: Thanks to Andrew Kroeger for pointing out on IRC that this isAndrew Bartlett1-4/+0
compleatly dead code. Andrew Bartlett (This used to be commit 5838aca79b11fd8a94567a04c1c1a99bc4343547)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-6/+7
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r24986: LDB has a function for comparing things that must meet the rules ofAndrew Bartlett1-1/+1
attribute names. Andrew Bartlett (This used to be commit 46e387580622bd6d5d621399e08c5d5003c91bbf)
2007-10-10r24941: Simplify samdb_result_nttime(), and remove nttime_from_string()Andrew Bartlett1-3/+1
Andrew Bartlett (This used to be commit bcd994a139e2e8fb2e97c8b897c987ff234e0b0a)
2007-10-10r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit)Andrew Bartlett1-2/+4
and improve error strings returned from samdb.c Andrew Bartlett (This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
2007-10-10r24914: In response to bug #4892 by Matthias Wallnöfer <mwallnoefer@yahoo.de>,Andrew Bartlett1-34/+21
allow the objectclass module to reconstruct the objectclass hierarchy, rather than using templates. The issue being fixed in particular is that 'top' was not being set on containers. This should ensure we do this right for all objects. Andrew Bartlett (This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6)
2007-10-10r24611: Following up on the re-opening of bug 4817 is it pretty clear thatAndrew Bartlett1-5/+11
machine accounts are not subject to password policy in Win2k3 R2 (at least in terms of password quality). In testing this, I found that Win2k3 R2 has changed the way the old ChangePassword RPC call is handled - the 'cross-checks' between new LM and NT passwords are not required. Andrew Bartlett (This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-0/+1
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r22522: Print why we can't find these entries.Andrew Bartlett1-1/+7
Andrew Bartlett (This used to be commit 465f1811683d22f4a3e3f5e693b3b29c59053cb4)
2007-10-10r21503: add usefull function to get the site dn for the local serverStefan Metzmacher1-0/+17
metze (This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
2007-10-10r21362: rename:Stefan Metzmacher1-13/+13
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r20779: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 0b98f11d3eeee3eaf862dc06468332a20e22c059)
2007-10-10r20704: add functions to get and set the ntds objectGUID and invocationIdStefan Metzmacher1-0/+186
metze (This used to be commit c271ad824f763ba10ee74517062c6283fa20be89)
2007-10-10r20703: fix minor memory leakStefan Metzmacher1-0/+1
metze (This used to be commit 4012e54ef22fc9a18d4533f6b48530ddc9c67992)
2007-10-10r20398: Revert this patch, which caused failures in the samba3sam.js build ↵Andrew Bartlett1-12/+6
farm test. The interaction of the samldb.c module and this function is complex... Andrew Bartlett (This used to be commit bf7ab75875f722cc8499d24d455a94dd83b986ad)
2007-10-10r20377: Rework the CrackNames implementation to handle some of the BUILTIN sidAndrew Bartlett1-1/+12
cases. Adjust our 'look for this value in this attribute, of the result' function samdb_find_attribute() to use the correct comparison function, no matter what that may be. Andrew Bartlett (This used to be commit 3c5ff4e68748cce0bb93d7d141083922d92c3845)
2007-10-10r20375: Work to improve our CrackNames implementation.Andrew Bartlett1-4/+57
We now correctly handle the canonical name as a CrackNames source, for more than just the DNS domain object. Andrew Bartlett (This used to be commit 629c72f0c27333cc9ede158e3525e8b03dd295d3)
2007-10-10r20321: fix the samdb_partitions_dn() and samdb_sites_dn() calls,Stefan Metzmacher1-4/+18
to use the new samdb_config_dn() call. also add samdb_ wrappers for samdb_schema_dn() and samdb_config_dn() metze (This used to be commit 80b8a968243aadeef7512c03278dbb0d4e88a9f2)
2007-10-10r20315: Implement the server side of DsGetDomainControllerInfo. This is aAndrew Bartlett1-9/+80
supprisingly complex call... It turns out that the in/out parameter 'level' is not in/out, but set seperatly by the server-side code from r->req.req1.level. This commit also breaks out some common code from samldb into samdb. Andrew Bartlett (This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-24/+133
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-5/+5
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-28/+38
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-2/+1
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-7/+7
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r19464: Reject passwords that cannot be converted into UCS2.Andrew Bartlett1-1/+7
Andrew Bartlett (This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
2007-10-10r18636: Excessive testing with pam_winbind within Samba3 revealed a new samrGünther Deschner1-4/+4
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which is different from SAMR_REJECT_COMPLEXITY. torture test to follow as well. Guenther (This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17830: Set the default_basedn (hey, it comes from the "default" naming ↵Simo Sorce1-1/+1
contex :-) once at connection time, after modules have been loaded. Introduce a function to retrieve the value where needed. (This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-30/+9
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-4/+4
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17639: Martin Kuhl noticed that we loaded an incorrect value forAndrew Bartlett1-0/+2
distinguisedName on templated objects. In looking how to handle distinguishedName correctly on LDAP, I was very glad to find it supported entryDN, and this adds another mapping. Andrew Bartlett (This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b)
2007-10-10r17530: Watching the build farm mails carefully pays off...Andrew Bartlett1-3/+2
This was another declaration before statement bug, in my just-committed code.. Andrew Bartlett (This used to be commit 1d1bf6b20512653c1de7920388f16fbef936ed47)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett1-5/+9
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-7/+7
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17513: ldb_set_errstring is an ldb private string, samdb uses DEBUG() ↵Simo Sorce1-4/+3
statements (This used to be commit c57b6420aa4a220257df714aaccb016acb4bae24)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-27/+155
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16771: Add const and some better debug messages.Andrew Bartlett1-7/+13
Andrew Bartlett (This used to be commit 87cac3529ca4f114a93adb5b307766e681c49a1d)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-4/+5
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16125: Add another helpful utility function: samdb_msg_add_int()Andrew Bartlett1-0/+10
Andrew Bartlett (This used to be commit 2fe9de8105843776b8ef41ef6f9a6cea5cb188ff)
2007-10-10r15725: First shot at making password_hash asyncSimo Sorce1-1/+1
The async path is not yet enabled by default so it should make no harm (This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-0/+76
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14570: Move some functions also they are also used from kpasswdJelmer Vernooij1-0/+317
(This used to be commit 89dfb74894c809d69eab05bdb6d5fe4012153808)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13910: Fix the 'your password has expired' on every login. We now considerAndrew Bartlett1-3/+8
if the 'password does not expire' flag has been set, filling in the PAC and netlogon reply correctly if so. Andrew Bartlett (This used to be commit c530ab5dc6865c422382bc0afa7a86f7ec1acdf2)
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett1-63/+25
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)