Age | Commit message (Collapse) | Author | Files | Lines |
|
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
|
|
(This used to be commit 82d87d62614a33ec9d2ed20e63d80a7af64e8678)
|
|
up the rootDomainNamingContext in the rootdse, then getting the
objectsid from the root of the domain
(This used to be commit 152590101e64ec260304e4b34cb1e2ef64333a02)
|
|
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
|
|
the time attribute handling functions
(This used to be commit 93c296d52718e77f8b702e1721b548eaadc56c76)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
searches all over the place.
This can be extended to cover an NT4 (no ADS) mode in future as well.
Andrew Bartlett
(This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
|
|
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|
|
(This used to be commit fac8ff623778250acd830f358fcd34b85f7983b6)
|
|
metze
(This used to be commit f8a25ac2397d50359f4903618832da7886d91d6f)
|
|
there.
rafal
(This used to be commit bc638cc3d66525cf91ef76eb0c486542fff2b929)
|
|
in configure, and replace snprintf if the system doesn't support
it. Our replacement code does not handle the "%PRIi64" stuff, so
using it would break us on lots of platforms
- fixed constant array initialisers to work on HPUX.
(This used to be commit c6bae3e87e2dcb3a89bbb32da131627c60871e3d)
|
|
(This used to be commit 1d2b708da657a3f3c81bb60600f66bc359c2eab7)
|
|
32-bit ones. Yes, this weird looking macros are part of C99.
(This used to be commit 7b316f119b8486b75ebe63b185c50fab82313e58)
|
|
ldb, as it can't build without the NDR and GUID code.
Also make it properly use the NDR encoding for the GUID (I forgot last
time, and used a string), as well as set the dependencies on the
module correctly.
Andrew Bartlett
(This used to be commit 8054abc76e5e3588cebc7fc01062a1223b7f140b)
|
|
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
|
|
- fix some compiler warnings
metze
(This used to be commit e6c39241bf93336d4c94c43f9d8beb69018fb74a)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
should not be handled here as well. I had to remove it from here as it
was buggy anyway (it wasn't setting the modify flags, this making an
invalid ldb_modify() request)
(This used to be commit f267e9d5b7b40c9c8bf1aa67a00f42e2d3bb3bc5)
|
|
(This used to be commit b38bb63175ae0bdcf833c017e5fbbfc2c0769506)
|
|
Old way was ugly and had a bug, you couldn't add an attribute named
dn or distinguishedName and search for it, tdb would change that search in a dn search.
This makes it also possible to search by dn against an ldap server as the old method was
not supported by ldap syntaxes.
sss
(This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
|
|
Just use talloc_free() to release the memory after an ldb_search().
(This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
|
|
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
|
|
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
thanks to our move to talloc in ldb code, we do not need to expose it anymore
- removal of ldb_close() function form the code
thanks to our move to talloc in ldb code, we do not need it anymore
use talloc_free() to close and free an ldb database
- some minor updates to ldb modules code to cope with the change and fix some
bugs I found out during the process
(This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
|
|
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
Andrew Bartlett
(This used to be commit a43f7392f791081f227a0e05aeed894885f33232)
|
|
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
|
|
declarations all the time, and the struture the void* is hiding here
is even a declared one, so there is no excuse. This also causes the
compiler to warn on bugs.
Andrew Bartlett
(This used to be commit f40e794902020c5fb6839e6493be9a73416716b0)
|
|
- move some structs out of misc.idl
metze
(This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
the next commit is support for typedef bitmap {...}; in pidl
metze
(This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
|
|
important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)
(This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
|
|
* Implement samr_search_domain, filter out all elements with no "objectSid"
attribute and all objects outside a specified domain sid.
* Minor cleanups in dcerpc_samr.c due to that.
* Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe
one step further.
* Same for samr_info_DomInfo1.
Volker
(This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
|
|
samr_GetMembersInAlias.
Volker
(This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
|
|
samr_QueryGroupMember.
Volker
(This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
|
|
enough stuff to do in 3_0??? ;-)
Volker
(This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
|
|
the idea is to have a directory service db layer
which will be used by the ldap server, samr server, drsuapi server
authentification...
I plan to make different implementations of this interface possible
- current default will be the current samdb code with sam.ldb
- a compat implementation for samba3 (if someone wants to write one)
- a new dsdb implementation which:
- understands naming contexts (directory parrtitions)
- do schema and acl checking checking
- maintain objectGUID, timestamps and USN number,
maybe linked attributes ('member' and 'memberOf' attributes)
- store metadata on a attribute=value combination...
metze
(This used to be commit 893a8b8bca2f020fbbe6f469aaa8dd4478249eb8)
|