Age | Commit message (Collapse) | Author | Files | Lines |
|
further up the call stack.
(This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
|
|
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on
all entries as 'replace'.
Andrew Bartlett
(This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
|
|
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
|
|
Andrew Bartlett
(This used to be commit f0a0d73f768434cb474b311d7c366d1f2a06c8f4)
|
|
Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules. This moves them to a seperate templates.ldb.
In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search. This
returns far more useful errors, which we now handle and report better.
The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain. This function also returns better errors.
dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()
Andrew Bartlett
(This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
|
|
lib/messaging/
lib/registry/
lib/ldb-samba/
librpc/rpc/
auth/auth_winbind.c
auth/gensec/
auth/kerberos/
dsdb/repl/
dsdb/samdb/
dsdb/schema/
torture/
cluster/ctdb/
kdc/
ntvfs/ipc/
torture/rap/
ntvfs/
utils/getntacl.c
ntptr/
smb_server/
libcli/wrepl/
wrepl_server/
libcli/cldap/
libcli/dgram/
libcli/ldap/
libcli/raw/
libcli/nbt/
libnet/
winbind/
rpc_server/
metze
(This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
|
|
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
|
|
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
compleatly dead code.
Andrew Bartlett
(This used to be commit 5838aca79b11fd8a94567a04c1c1a99bc4343547)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
|
|
attribute names.
Andrew Bartlett
(This used to be commit 46e387580622bd6d5d621399e08c5d5003c91bbf)
|
|
Andrew Bartlett
(This used to be commit bcd994a139e2e8fb2e97c8b897c987ff234e0b0a)
|
|
and improve error strings returned from samdb.c
Andrew Bartlett
(This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
|
|
allow the objectclass module to reconstruct the objectclass hierarchy,
rather than using templates.
The issue being fixed in particular is that 'top' was not being set on
containers.
This should ensure we do this right for all objects.
Andrew Bartlett
(This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6)
|
|
machine accounts are not subject to password policy in Win2k3 R2 (at
least in terms of password quality).
In testing this, I found that Win2k3 R2 has changed the way the old
ChangePassword RPC call is handled - the 'cross-checks' between new LM
and NT passwords are not required.
Andrew Bartlett
(This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
patch).
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
(This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
|
|
Andrew Bartlett
(This used to be commit 465f1811683d22f4a3e3f5e693b3b29c59053cb4)
|
|
metze
(This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
metze
(This used to be commit 0b98f11d3eeee3eaf862dc06468332a20e22c059)
|
|
metze
(This used to be commit c271ad824f763ba10ee74517062c6283fa20be89)
|
|
metze
(This used to be commit 4012e54ef22fc9a18d4533f6b48530ddc9c67992)
|
|
farm test.
The interaction of the samldb.c module and this function is complex...
Andrew Bartlett
(This used to be commit bf7ab75875f722cc8499d24d455a94dd83b986ad)
|
|
cases.
Adjust our 'look for this value in this attribute, of the result'
function samdb_find_attribute() to use the correct comparison
function, no matter what that may be.
Andrew Bartlett
(This used to be commit 3c5ff4e68748cce0bb93d7d141083922d92c3845)
|
|
We now correctly handle the canonical name as a CrackNames source, for
more than just the DNS domain object.
Andrew Bartlett
(This used to be commit 629c72f0c27333cc9ede158e3525e8b03dd295d3)
|
|
to use the new samdb_config_dn() call.
also add samdb_ wrappers for samdb_schema_dn() and samdb_config_dn()
metze
(This used to be commit 80b8a968243aadeef7512c03278dbb0d4e88a9f2)
|
|
supprisingly complex call...
It turns out that the in/out parameter 'level' is not in/out, but set
seperatly by the server-side code from r->req.req1.level.
This commit also breaks out some common code from samldb into samdb.
Andrew Bartlett
(This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
|
|
way to setup a Samba4 DC is to set 'server role = domain controller'.
We use the fSMORoleOwner attribute in the base DN to determine the PDC.
This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.
Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.
We also now use the ldb database to determine if we should run the
global catalog service.
In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.
Andrew Bartlett
(This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
argument.
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
|
|
Andrew Bartlett
(This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
|
|
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which
is different from SAMR_REJECT_COMPLEXITY.
torture test to follow as well.
Guenther
(This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
contex :-)
once at connection time, after modules have been loaded.
Introduce a function to retrieve the value where needed.
(This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
|
|
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
|
|
needed in searches
(This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
|
|
metze
(This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
|
|
distinguisedName on templated objects.
In looking how to handle distinguishedName correctly on LDAP, I was
very glad to find it supported entryDN, and this adds another mapping.
Andrew Bartlett
(This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b)
|
|
This was another declaration before statement bug, in my just-committed code..
Andrew Bartlett
(This used to be commit 1d1bf6b20512653c1de7920388f16fbef936ed47)
|
|
not used purely as ldb module helper functions. This now passes these
strings back as explicit parameters.
Andrew Bartlett
(This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
|
|
to do
(This used to be commit ad75cf869550af66119d0293503024d41d834e02)
|
|
statements
(This used to be commit c57b6420aa4a220257df714aaccb016acb4bae24)
|
|
- creation of ForeignSecurityPrincipals
- template duplication code
Rework much of the LSA server to pass the RPC-LSA test. Much of the
server code was untested. In implementing the LSA Accounts feature, I
have opted to have it only create entires when privilages are applied,
and not to delete entries, but to delete the privilages.
We skip some parts of the test, but it is much better than not testing
it at all.
Andrew Bartlett
(This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
|
|
Andrew Bartlett
(This used to be commit 87cac3529ca4f114a93adb5b307766e681c49a1d)
|
|
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
|