summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett3-63/+748
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
2007-10-10r12598: Make the 'objectClass' part of the templating process actually work.Andrew Bartlett1-17/+26
We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f)
2007-10-10r12592: Remove some useless dependenciesJelmer Vernooij1-2/+1
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij4-0/+8
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-5/+5
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12427: Move SAMR CreateUser2 to transactions, and re-add support forAndrew Bartlett1-1/+1
different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
2007-10-10r12382: Ensure to return OK on anonymous mapping.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit d61817ebb754c2a7a6783415fdf5267eaad460e9)
2007-10-10r12381: Try not to segfault on an anonymous LDAP bind, and map to a guest login.Andrew Bartlett1-2/+8
Andrew Bartlett (This used to be commit 5ac4178e36fade330fccb2dbb0607f524fe1f6ae)
2007-10-10r12363: minor fixes for win2000 join/loginAndrew Tridgell1-1/+10
- the objectClass needs to be added to the list of attributes to make the check for objectClass=computer work - the short version of the name needs to be used for the 'cn' in cracknames (This used to be commit 53f0fb77c3c1bd15620f1dbb12e0d8f9fededf4b)
2007-10-10r12361: Add a new function: ldb_binary_encode_string()Andrew Bartlett1-12/+49
This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2007-10-10r12360: Add simple bind support into our LDAP server.Andrew Bartlett1-0/+54
Needs changes to our client code for automated testing. Andrew Bartlett (This used to be commit e751d814149d847ff1699542a4fa81eb8ca129ec)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-3/+5
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r12161: Fix a memleak and do the -O1 janitor :-)Volker Lendecke1-1/+6
(This used to be commit 82d87d62614a33ec9d2ed20e63d80a7af64e8678)
2007-10-10r12156: added samdb_domain_sid(), a routine to get the domain sid by lookingAndrew Tridgell1-0/+66
up the rootDomainNamingContext in the rootdse, then getting the objectsid from the root of the domain (This used to be commit 152590101e64ec260304e4b34cb1e2ef64333a02)
2007-10-10r11967: Fix more 64-bit warnings.Tim Potter1-2/+2
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
2007-10-10r11958: - fixed memory leaks in the ldb_result handling in ldb operationsAndrew Tridgell2-8/+7
- removed an unnecessary level of pointer in ldb_search structure (This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
2007-10-10r11957: fixed up code meant for debuggingAndrew Tridgell1-3/+3
(This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa)
2007-10-10r11952: added a rootdse module. This will replace the existing rootdse code inAndrew Tridgell2-0/+201
the ldap server. The reason for the change is that ldb modules need some way to get at the static info stored in the rootDSE (such as the location of the schema) but they can't do that right now (This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15)
2007-10-10r11592: fixed a crash bug from the ldb_result changes (res was being used ↵Andrew Tridgell1-4/+6
after being freed) (This used to be commit 5c7f3fef3e2324f0d1edda0f0f06f662bbcf7e08)
2007-10-10r11567: Ldb API change patch.Simo Sorce4-111/+125
This patch changes the way lsb_search is called and the meaning of the returned integer. The last argument of ldb_search is changed from struct ldb_message to struct ldb_result which contains a pointer to a struct ldb_message list and a count of the number of messages. The return is not the count of messages anymore but instead it is an ldb error value. I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good amount of places. I also tried to double check all my changes being sure that the calling functions would still behave as before. But this patch is big enough that I fear some bug may have been introduced anyway even if it passes the test suite. So if you are currently working on any file being touched please give it a deep look and blame me for any error. Simo. (This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
2007-10-10r11356: More cracknames work. This copes with a lookup for aAndrew Bartlett1-1/+21
servicePrincipalName with a realm, which always returns 'domain only', with the realm as the domain. Andrew Bartlett (This used to be commit 476cd0c649d69f682dee27c1ae2a73b870b300d0)
2007-10-10r11339: Fix the build by adding the serviceprincial name cracknames helper.Andrew Bartlett1-0/+59
Andrew Bartlett (This used to be commit 0a5bf9348ae179698daa291b94546c893e258097)
2007-10-10r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.Andrew Bartlett1-0/+772
I'm sure this will not be the final resting place, but it will do for now. Use the cracknames code in auth/ for creating a server_info given a principal name only (should avoid assumtions about spliting a user@realm principal). Andrew Bartlett (This used to be commit c9d5d8e45dd7b7c99b6cf35b087bc18012f31222)
2007-10-10r10914: moved the ldap time string functions into ldb so they can be used byAndrew Tridgell1-13/+0
the time attribute handling functions (This used to be commit 93c296d52718e77f8b702e1721b548eaadc56c76)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell4-23/+24
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10897: added in a hackish ldb proxy module that I am using to experiment withAndrew Tridgell1-0/+340
mmc management support (This used to be commit 99a5b088810e8e2f4e28b99a4a0e5e7dc9301594)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-4/+2
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett2-4/+21
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10791: Add copyright, fix comments (this isn't the timestamps module any more)Andrew Bartlett1-3/+2
Andrew Bartlett (This used to be commit efdc6d834aecbf978f538365c72149fa7afe0828)
2007-10-10r10759: make modules easier to write by allowing modules to only implement theAndrew Tridgell2-74/+2
functions they care about, instead of all functions. This also makes it more likely that future changes to ldb will not break existing modules (This used to be commit 45f0c967b58e7c1b2e900a4d74cfde2a2c527dfa)
2007-10-10r10753: don't require every ldb module to implement both a search_bytree() andAndrew Tridgell2-18/+0
a search() function, instead each module now only implements the bytree method, and the expression based search is handled generically by the modules code. This makes for more consistency and less code duplication. fixed the tdb backend to handle BASE searches much more efficiently. They now always only lookup one record, regardless of the search expression (This used to be commit 7e44f9153c5578624e2fca04cdc0a00af0fd9eb4)
2007-10-10r10477: expose transactions outside ldb and change the API once moreSimo Sorce2-6/+20
do not autostart transactions on ldb operations if a transaction is already in place test transactions on winsdb all my tests passes so far tridge please confirm this is ok for you (This used to be commit c2bb2a36bdbe0ec7519697a9a9ba7526a0defac2)
2007-10-10r10411: we don't need the 10 times retry on rid allocation now, asAndrew Tridgell1-10/+2
transactions ensure two account creations can't interfere with each other (This used to be commit 91c27bc97662c8d8b764c76bd2d98a1b04f47337)
2007-10-10r10306: change these modules to use new error APISimo Sorce2-64/+4
(This used to be commit e86c9b4a7f399a3152a2703c76406e9d69ec1225)
2007-10-10r10300: forgot to change the dsdb modules function namesSimo Sorce2-16/+16
(This used to be commit e9018e3d9f69528acc0c440929fdb8d95413fa0d)
2007-10-10r9992: More fixes from the 64-bit warning police.Tim Potter1-2/+2
(This used to be commit cda829f0d9476bd8b057a7019f55fac206205825)
2007-10-10r9930: Use a single samdb_base_dn() function rather than lots of sillyAndrew Bartlett1-0/+34
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2007-10-10r9915: Some more mappings. Fix weird sAMAccountName values.Jelmer Vernooij1-10/+47
(This used to be commit 8ff1358f401e0086b941f4ff73af5d4c38a1f8bf)
2007-10-10r9908: Generate posixUser and posixGroup as wellJelmer Vernooij1-25/+151
(This used to be commit ebed25b47d3d8bd350b51b462d605d713f17602d)
2007-10-10r9899: Be more conservative about what is sent to the remote server in ldb_map.Jelmer Vernooij1-15/+29
(This used to be commit 76e943d4416e38ce4cce27d5403bc3e133d0025b)
2007-10-10r9883: More nested initialiser fixes.Tim Potter1-21/+79
(This used to be commit 579d11147849932ec76a175f815de890a8ea20ad)
2007-10-10r9849: Extend testsuite a bit more.Jelmer Vernooij1-2/+50
(This used to be commit 5cbe1e6b70b03be441a36b36fb969339df0dfd45)
2007-10-10r9842: More error checks in the ldb_map modules, extend testsuiteJelmer Vernooij1-1/+1
(This used to be commit b7992de4b7d42a55e00509c887a269a07c19627d)
2007-10-10r9835: Make ldb_map compile in the stand-alone LDB buildJelmer Vernooij1-4/+4
(This used to be commit 2283a336e0e31e6857621d9806bba54c400bd986)
2007-10-10r9793: Be more verbose, check for errors in upgrade script.Jelmer Vernooij2-22/+11
(This used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18)
2007-10-10r9786: Move ldb_map into ldb/modules/Jelmer Vernooij1-0/+631
Move samba3sam to dsdb/ (This used to be commit eb9d615bcd49328131613f64745760a90553b7f2)
2007-10-10r9768: Arrrgh.. Right this time.Jelmer Vernooij1-1/+1
(This used to be commit 8bded3fc926b8eb6285e06fd4b4706b779edb386)
2007-10-10r9767: Fix typoJelmer Vernooij1-1/+1
(This used to be commit 0602e8b3e7b5921fa99bfe788fe290f03b3dc7ac)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-0/+22
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce3-61/+59
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)