summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/samdb.c
AgeCommit message (Collapse)AuthorFilesLines
2011-06-06s4-param Remove 'sam database' parameterAndrew Bartlett1-1/+1
This now just relies on the private dir parameter, which remains. Andrew Bartlett
2011-05-21s4:ldb-samba/ldb_wrap.*-dsdb/samdb/samdb.c - handle LDB connection flags as ↵Matthias Dieter Wallnöfer1-1/+1
unsigned The LDB API ("ldb_connect") prescribes that they should be "unsigned". Signed-off-by: Metze
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-2/+2
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett1-32/+21
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-14s4-samdb: give a more useful debug when we can't open the privileges dbAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett1-5/+22
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4-auth Remove event context from privilage database handlingAndrew Bartlett1-2/+1
These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
2010-11-27s4:param/secrets.h - fix "enum netr_SchannelType" include correctlyMatthias Dieter Wallnöfer1-1/+0
2010-10-30s4-ldbwrap: split ldb-wrap out from the LDBSAMBA subsystemAndrew Tridgell1-0/+1
ldb-wrap and the ldif-handlers are not really related, and this allows us to remove another dependency loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer1-0/+1
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer1-1/+0
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-1/+1
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett1-4/+3
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-10ldb-samba: Rename samdb_relative_path to ldb_relative_path, as it's not ↵Jelmer Vernooij1-27/+0
samdb-specific.
2010-10-10ldb-samba: Add ldb_wrap_add, remove last schema reference from ldb_wrap.Jelmer Vernooij1-5/+25
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-2/+3
2010-10-10samdb: Handle schema setup in samdb, not in more generic ldbsamba.Jelmer Vernooij1-0/+9
2010-09-26s4-auth: fixed the SID list for DCs in the PACAndrew Tridgell1-10/+0
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
2010-09-11libcli/security Use talloc_zero when making a struct security_tokenAndrew Bartlett1-2/+0
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-25/+22
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:auth Change {anonymous,system}_session to use common session_info generationAndrew Bartlett1-2/+4
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-4/+2
This makes the structure more like Samba3's NT_USER_TOKEN
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-4/+4
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett1-15/+46
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-05-20s4:auth Move BUILTIN group addition into session.cAndrew Bartlett1-2/+9
The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett
2010-03-03s4:samdb.c - Make it signed-safeMatthias Dieter Wallnöfer1-2/+2
Use an unsigned argument for the numbers of groups and the counter "i" since the function is called only by "auth_generate_session_info" with an unsigned number of groups argument.
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett1-1/+3
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2009-11-02Remove special case logic in 'samdb_relative_path'.Andrew Bartlett1-3/+0
While this logic (avoiding to prefix a non-filename with a path) is important in the code this was copied from (private_dir()), none of the callers of this function need it. Andrew Bartlett
2009-10-27s4-dsdb: call dsdb_make_schema_global() from ldb_wrapAndrew Tridgell1-1/+0
Calling it from samdb_connect() can cause a stale schema to be put into the global schema. Thanks to Andrew Bartlett for spotting this.
2009-10-23s4-samdb: make sure the static credentials are never freedAndrew Tridgell1-0/+9
2009-10-23s4-dsdb: add a static samdb_credentialsAndrew Tridgell1-5/+17
Similarly to system_session(), this creates a static samdb_credentials()
2009-10-21s4:dsdb Make the 'relative path' code in partitions handle tdb://Andrew Bartlett1-0/+3
The previous code would fail if the caller used tdb:// in the URL for the top-level database. Andrew Bartlett
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-104/+0
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-06-29SAMDB: Don't check for "sAMAccountName" twiceMatthias Dieter Wallnöfer1-1/+0
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-4/+4
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-1/+1
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-07-15Use secrets.ldb to store credentials to contact LDAP backend.Andrew Bartlett1-1/+26
This makes Samba4 behave much like Samba3 did, and use a single set of administrative credentials for it's connection to LDAP. Andrew Bartlett (This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
2008-06-14Use a custom init function for samba4 that sets a samba4Simo Sorce1-1/+1
specific debug function. By default do not debug, this is the most appropriate action for a library as we cannot assume what stderr is use for in the main app. The main app is responsible to set ev_debug_stderr if they so desire. (This used to be commit e566a2f308ac6fb4b526a744f7059b565670aea5)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-1/+2
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-04-21Make sure we have an event context availableSimo Sorce1-0/+7
(This used to be commit b7c96e0cc270bd3b1c9bd117a22df3f657b6acd5)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-3/+10
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-02-09Give a more useful error when the templates.ldb can't be found.Andrew Bartlett1-2/+4
Andrew Bartlett (This used to be commit 26108eb66b4b5d4b339dfc845e8a018190068e81)
2008-01-11Remove 'dn' from mapping, it isn't a valid attribute in AD, and causesAndrew Bartlett1-1/+1
problems with ldap.js test with OpenLDAP as the backend. Likewise, remove it from the template lookup (for consistancy). TODO: see if it can be removed from ldb Andrew Bartlett (This used to be commit 47a1b76f7fff30229d3f23c6723f047923faf196)
2007-12-21r26483: Merge ldb module dependency fixes, fix auth python module.Jelmer Vernooij1-1859/+0
(This used to be commit 85eeecf997a071ca7e7ad0247e8d34d49b7ffcbb)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+1
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-0/+37
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
2007-12-21r26235: Avoid global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit e9039782204389cc827e76da319d5ccf6d33be46)
2007-12-21r26229: Set loadparm context as opaque pointer in ldb, remove more uses of ↵Jelmer Vernooij1-1/+2
global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)