summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16854: Fix the RPC-SAMR-PASSWORDS test. It failed because we allocated usersAndrew Bartlett1-1/+3
in the Builtin domain a SID from the global domain. Andrew Bartlett (This used to be commit 9d31b9f04721a2cac62f492f8db071aaa0aa966b)
2007-10-10r16831: Use a valid memory context (found by the IBM checker).Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 9fdbedafad69e55ef4ccad51c4f002c49e43f372)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-1/+1
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett2-176/+179
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16784: - make some function in ldb static, they not need to be exported ↵Simo Sorce1-4/+4
anywhere - fix a bad segfault Andrew please make test before committing. Simo. (This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88)
2007-10-10r16771: Add const and some better debug messages.Andrew Bartlett1-7/+13
Andrew Bartlett (This used to be commit 87cac3529ca4f114a93adb5b307766e681c49a1d)
2007-10-10r16769: Working on fixing the RPC-SAMR test against Samba4. This fixesAndrew Bartlett1-66/+106
password changes which only include the LM and NT hash, such as the original ChangePassword. It also fixes setting passwords on the BUILTIN domain. Finally, the msDS-KeyVersionNumber is only incremented if not explicity set by the modify. Andrew Bartlett (This used to be commit e957f6f4c61c121f79ad518822691e4fd4bf4341)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett6-12/+361
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16263: A number of these searches need to be under the partitions DN, and theAndrew Bartlett1-5/+7
other needs the default basedn. Andrew Bartlett (This used to be commit 42c2495683083110ec41aeab5adeee09762db3dd)
2007-10-10r16240: Add better error reporting in the password_hash moduleAndrew Bartlett1-5/+13
Remove duplicate attribute in search request Search for the domain by NDR-encoded SID, not string (consistant with the rest of the C code, and helps partially-constructed LDAP backends). Use the default basedn for the domain search. Andrew Bartlett (This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a)
2007-10-10r16227: Don't segfault if the ldb_search() fails.Andrew Bartlett1-2/+5
Andrew Bartlett (This used to be commit af11f464a717cc7db0393070da780091a6053ee0)
2007-10-10r16159: Even more work on samldb error reporting. Make sure to get theAndrew Bartlett1-34/+31
original error strings back to the callers. Andrew Bartlett (This used to be commit defa63298838fefae7ed003458020045edaef21d)
2007-10-10r16129: Further clean up the samldb module.Andrew Bartlett1-42/+52
This adds more/better setting of the ldb error string, and avoids using gendb_search(), as this doens't return the error code. Andrew Bartlett (This used to be commit 2d2e71a2d5827c9dc8785b87547559071b47ab34)
2007-10-10r16125: Add another helpful utility function: samdb_msg_add_int()Andrew Bartlett1-0/+10
Andrew Bartlett (This used to be commit 2fe9de8105843776b8ef41ef6f9a6cea5cb188ff)
2007-10-10r16109: Make this module simpiler, don't intercept operations we are not goingAndrew Bartlett1-21/+0
to implement. Andrew Bartlett (This used to be commit 3252e425b0e28656ac5fb19fa4edf7322ea72eab)
2007-10-10r16108: Fixes from working with the partition module.Andrew Bartlett1-12/+17
We were not using the correct baseDN for the templates search. Using NULL is no longer valid (like against AD). While chasing that down, return proper error codes, and use the ldb_set_errstr() to get a good error string back up to the UI layer. Andrew Bartlett (This used to be commit b31003403d84def6f11b21df566ff57c01da21b8)
2007-10-10r16083: Make it possible to initialise a backend module, without it setting upAndrew Bartlett1-4/+7
the whole ldb structure. Because the sequence number was a fn pointer on the main ldb context, turn it into a full request (currently sync). Andrew Bartlett (This used to be commit fbe7d0ca9031e292b2d2fae263233c973982980a)
2007-10-10r16070: Fix kludge_aclsSimo Sorce1-1/+1
(This used to be commit 795f8ebe8eecf28f5729754dc248d2a8411effb9)
2007-10-10r16069: Remove unused destructor and an unused variable.Andrew Bartlett1-9/+0
Andrew Bartlett (This used to be commit 25e85975459acc556c0d46f1683dd4bbdd94874b)
2007-10-10r16061: Prove that removing the objectClass list in the samldb module breaks ↵Andrew Bartlett1-3/+0
things. With this fix, we now correctly detect computers again, and get the correct objectCategory, which is important for the OSX AD plugin. Andrew Bartlett (This used to be commit 4e39d7bb245bc337ac496c7e39a510d1c5611c71)
2007-10-10r16042: Fix crashbug caused by incorret error reporting.Simo Sorce1-12/+12
(This used to be commit d346531d0a3e7160ae2a3bdc430521148b485540)
2007-10-10r16036: Add a couple of new functions to corretly deal with timeouts.Simo Sorce6-13/+19
Check timeouts are correctly verified. Some minor fixed and removal of unused code. (This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
2007-10-10r16022: ooops, a bit too aggressive commit :-)Simo Sorce1-1/+1
(This used to be commit 959c8c35ef170e03a5f698d0fa11616583cc6f66)
2007-10-10r16021: While studying how to make samldb really async I found a critical ↵Simo Sorce1-29/+29
situation handled in the incorrect way. A while(1) loop may end up looping forever consuming all valid RIDs because of a secondary bug. And anyway nextRid is supposed to always give back a new unique RID, if someone messed up the database let him fix the problem first, trying to be smart here would probably end up in worst results. Simo. (This used to be commit 6b214f232eefc4ffbc98dfb68c99d1f0c97ae6db)
2007-10-10r15999: password_hash module changes:Andrew Bartlett1-8/+16
- Quiet some IBM Checker warnings (enum mismatch) - Only search for the attributes we need - fix comments - fix copyrights Andrew Bartlett (This used to be commit ee6fe3a80fd5038c2b141bf8a85139f99ac96e4d)
2007-10-10r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...Simo Sorce1-2/+2
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
2007-10-10r15942: Remove the sync internal ldb calls altogether.Simo Sorce7-1067/+53
This means that some modules have been disabled as well as they have not been ported to the async interface One of them is the ugly objectclass module. I hope that the change in samldb module will make the MMC happy without the need of this crappy module, we need proper handling in a decent schema module. proxy and ldb_map have also been disabled ldb_sqlite3 need to be ported as well (currenlty just broken). (This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
2007-10-10r15932: Remove per request credsSimo Sorce4-6/+0
They have never benn used and make little sense too imo (This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9)
2007-10-10r15927: Optimize ldb module traverse while keeping the API intact.Simo Sorce6-26/+20
I was sick of jumping inot each module for each request, even the ones not handle by that module. (This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7)
2007-10-10r15913: Error passing in the async code is not in agood shapeSimo Sorce1-37/+73
Start enhancing it and fix some problems with incorrect evalutaion of the codes Implement rdn rename (async only) (This used to be commit 6af1d738b9668d4f0eb6194ac0f84af9e73f8c2e)
2007-10-10r15859: fixed a crash bug in the ldb password_hash module. This one is quiteAndrew Tridgell1-1/+4
sublte - please have a look at the change if you are not certain you know the semantics of constant arrays declared on the stack (they must be static if you return them from the function) (This used to be commit 1848078fee2041195e3d65fcc090d7b6330b8ea0)
2007-10-10r15804: Fix SAMLOGON testSimo Sorce1-6/+5
(This used to be commit 2e9a840bb975f3269de4ca299a3d6e5b19f3cad1)
2007-10-10r15795: Try to use the async code by defaultSimo Sorce2-14/+43
It passess all my tests, but I still need to work on a lot of stuff. Shouldn't impact anybody else work, so I want to commit now and see what happens Will work to remove the old code from modules and backends soon, and make some more restyling in ldb internals. So, if there is something you don't like in this desgin please speak now. Simo. (This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce)
2007-10-10r15789: hmm, damn, testing uncovcer all your bugs :-)Simo Sorce1-16/+2
(This used to be commit 977982c884da15d1e9f5fe19d24cd4169ecbb0c5)
2007-10-10r15783: Fix previous commit, was the wrong way to deal with the problemSimo Sorce1-26/+24
(This used to be commit 36537100db491012d8124f7aca266a8290f2eee6)
2007-10-10r15782: More fixes for async casesSimo Sorce3-26/+42
(This used to be commit 3c9434e264710a1fa29adedbe571d5324ecae906)
2007-10-10r15761: Fix-as-you-go ...Simo Sorce1-21/+24
Testing various async paths and uncovering bugs (This used to be commit 099d873ea596ece18efe63b06bc64e7f97a96f82)
2007-10-10r15725: First shot at making password_hash asyncSimo Sorce2-12/+1077
The async path is not yet enabled by default so it should make no harm (This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89)
2007-10-10r15639: fix warningsStefan Metzmacher2-2/+2
metze (This used to be commit 73ca71b42b20c9cc0acba8caecc24b07624c4abc)
2007-10-10r15582: Commit some forgotten stuff that have been setting on my private ↵Simo Sorce2-12/+73
tree fro long (This used to be commit 7c050b541e98cd442a0c9ed0ddadb3e573cd1304)
2007-10-10r15511: Using this name causes less warnings on the IBM checker, due to usingAndrew Bartlett1-4/+4
the original, rather than equivilant, enum type. Andrew Bartlett (This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij3-3/+4
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15319: remove unneeded macrosStefan Metzmacher1-18/+18
metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij2-6/+80
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-4/+4
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14894: - add some 'const'Stefan Metzmacher1-1/+1
- remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2007-10-10r14891: fix a bug found by the ibm checkerStefan Metzmacher1-10/+6
the problem was that we shift with <<= (privilege-1) and we called the function with privilege=0 add some checks to catch invalid privilege values and hide the mask representation in privilege.c metze (This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher5-5/+5
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14840: - rename some functionsStefan Metzmacher2-8/+11
- stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2007-10-10r14662: To allow the RPC-SAMR test to pass, we need to look for both domainsAndrew Bartlett1-1/+1
and the builtinDomain objectClasses, when trying to find domain policies. Andrew Bartlett (This used to be commit 9fc1196f0ca0235aa764d4ae770e3c31978396fa)