summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/samdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-2/+3
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-26/+2
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+2
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-12-21r25949: Make error messages clearer and more correct.Andrew Bartlett1-4/+5
Andrew Bartlett (This used to be commit f0a0d73f768434cb474b311d7c366d1f2a06c8f4)
2007-12-21r25940: Rework the samldb and templates handling.Andrew Bartlett1-10/+77
Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-12/+13
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-11/+11
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij1-1/+2
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-1/+1
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25268: Thanks to Andrew Kroeger for pointing out on IRC that this isAndrew Bartlett1-4/+0
compleatly dead code. Andrew Bartlett (This used to be commit 5838aca79b11fd8a94567a04c1c1a99bc4343547)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-6/+7
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r24986: LDB has a function for comparing things that must meet the rules ofAndrew Bartlett1-1/+1
attribute names. Andrew Bartlett (This used to be commit 46e387580622bd6d5d621399e08c5d5003c91bbf)
2007-10-10r24941: Simplify samdb_result_nttime(), and remove nttime_from_string()Andrew Bartlett1-3/+1
Andrew Bartlett (This used to be commit bcd994a139e2e8fb2e97c8b897c987ff234e0b0a)
2007-10-10r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit)Andrew Bartlett1-2/+4
and improve error strings returned from samdb.c Andrew Bartlett (This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
2007-10-10r24914: In response to bug #4892 by Matthias Wallnöfer <mwallnoefer@yahoo.de>,Andrew Bartlett1-34/+21
allow the objectclass module to reconstruct the objectclass hierarchy, rather than using templates. The issue being fixed in particular is that 'top' was not being set on containers. This should ensure we do this right for all objects. Andrew Bartlett (This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6)
2007-10-10r24611: Following up on the re-opening of bug 4817 is it pretty clear thatAndrew Bartlett1-5/+11
machine accounts are not subject to password policy in Win2k3 R2 (at least in terms of password quality). In testing this, I found that Win2k3 R2 has changed the way the old ChangePassword RPC call is handled - the 'cross-checks' between new LM and NT passwords are not required. Andrew Bartlett (This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-0/+1
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r22522: Print why we can't find these entries.Andrew Bartlett1-1/+7
Andrew Bartlett (This used to be commit 465f1811683d22f4a3e3f5e693b3b29c59053cb4)
2007-10-10r21503: add usefull function to get the site dn for the local serverStefan Metzmacher1-0/+17
metze (This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
2007-10-10r21362: rename:Stefan Metzmacher1-13/+13
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r20779: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 0b98f11d3eeee3eaf862dc06468332a20e22c059)
2007-10-10r20704: add functions to get and set the ntds objectGUID and invocationIdStefan Metzmacher1-0/+186
metze (This used to be commit c271ad824f763ba10ee74517062c6283fa20be89)
2007-10-10r20703: fix minor memory leakStefan Metzmacher1-0/+1
metze (This used to be commit 4012e54ef22fc9a18d4533f6b48530ddc9c67992)
2007-10-10r20398: Revert this patch, which caused failures in the samba3sam.js build ↵Andrew Bartlett1-12/+6
farm test. The interaction of the samldb.c module and this function is complex... Andrew Bartlett (This used to be commit bf7ab75875f722cc8499d24d455a94dd83b986ad)
2007-10-10r20377: Rework the CrackNames implementation to handle some of the BUILTIN sidAndrew Bartlett1-1/+12
cases. Adjust our 'look for this value in this attribute, of the result' function samdb_find_attribute() to use the correct comparison function, no matter what that may be. Andrew Bartlett (This used to be commit 3c5ff4e68748cce0bb93d7d141083922d92c3845)
2007-10-10r20375: Work to improve our CrackNames implementation.Andrew Bartlett1-4/+57
We now correctly handle the canonical name as a CrackNames source, for more than just the DNS domain object. Andrew Bartlett (This used to be commit 629c72f0c27333cc9ede158e3525e8b03dd295d3)
2007-10-10r20321: fix the samdb_partitions_dn() and samdb_sites_dn() calls,Stefan Metzmacher1-4/+18
to use the new samdb_config_dn() call. also add samdb_ wrappers for samdb_schema_dn() and samdb_config_dn() metze (This used to be commit 80b8a968243aadeef7512c03278dbb0d4e88a9f2)
2007-10-10r20315: Implement the server side of DsGetDomainControllerInfo. This is aAndrew Bartlett1-9/+80
supprisingly complex call... It turns out that the in/out parameter 'level' is not in/out, but set seperatly by the server-side code from r->req.req1.level. This commit also breaks out some common code from samldb into samdb. Andrew Bartlett (This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-24/+133
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-5/+5
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-28/+38
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-2/+1
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-7/+7
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r19464: Reject passwords that cannot be converted into UCS2.Andrew Bartlett1-1/+7
Andrew Bartlett (This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
2007-10-10r18636: Excessive testing with pam_winbind within Samba3 revealed a new samrGünther Deschner1-4/+4
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which is different from SAMR_REJECT_COMPLEXITY. torture test to follow as well. Guenther (This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17830: Set the default_basedn (hey, it comes from the "default" naming ↵Simo Sorce1-1/+1
contex :-) once at connection time, after modules have been loaded. Introduce a function to retrieve the value where needed. (This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-30/+9
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-4/+4
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17639: Martin Kuhl noticed that we loaded an incorrect value forAndrew Bartlett1-0/+2
distinguisedName on templated objects. In looking how to handle distinguishedName correctly on LDAP, I was very glad to find it supported entryDN, and this adds another mapping. Andrew Bartlett (This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b)
2007-10-10r17530: Watching the build farm mails carefully pays off...Andrew Bartlett1-3/+2
This was another declaration before statement bug, in my just-committed code.. Andrew Bartlett (This used to be commit 1d1bf6b20512653c1de7920388f16fbef936ed47)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett1-5/+9
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-7/+7
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17513: ldb_set_errstring is an ldb private string, samdb uses DEBUG() ↵Simo Sorce1-4/+3
statements (This used to be commit c57b6420aa4a220257df714aaccb016acb4bae24)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-27/+155
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16771: Add const and some better debug messages.Andrew Bartlett1-7/+13
Andrew Bartlett (This used to be commit 87cac3529ca4f114a93adb5b307766e681c49a1d)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett1-4/+5
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)