Age | Commit message (Collapse) | Author | Files | Lines |
|
Remember to perform operations on the base database as well.
Andrew Bartlett
(This used to be commit eae232530c967fe949355cf1914ca0cb8c0ea8c2)
|
|
Andrew Bartlett
(This used to be commit 2728b60dfa50ded03e06f0bd53eee55fce5143bd)
|
|
to be created as foreign, even if they are in a local domain.
Also we do need the user to exist for the life of the test, as we add
it to a group.
Andrew Bartlett
(This used to be commit ae470ff7014e52b55d88e9fe12e2322e069daf9d)
|
|
in the Builtin domain a SID from the global domain.
Andrew Bartlett
(This used to be commit 9d31b9f04721a2cac62f492f8db071aaa0aa966b)
|
|
Andrew Bartlett
(This used to be commit 9fdbedafad69e55ef4ccad51c4f002c49e43f372)
|
|
In particular, this removes one use of the LDB_DN_NULL_FAILED macro,
which was being used on more than DNs, had an embedded goto, and
confused the IBM checker.
In the password_hash code, ensure that sambaAttr is not, before
checking the number of values.
In GENSEC, note that this switch value can't occour. This seems to be
the only way to quiet both the IBM checker and gcc, as well as cope
with possibly invalid inputs.
Andrew Bartlet
(This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
|
|
- creation of ForeignSecurityPrincipals
- template duplication code
Rework much of the LSA server to pass the RPC-LSA test. Much of the
server code was untested. In implementing the LSA Accounts feature, I
have opted to have it only create entires when privilages are applied,
and not to delete entries, but to delete the privilages.
We skip some parts of the test, but it is much better than not testing
it at all.
Andrew Bartlett
(This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
|
|
anywhere
- fix a bad segfault
Andrew please make test before committing.
Simo.
(This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88)
|
|
Andrew Bartlett
(This used to be commit 87cac3529ca4f114a93adb5b307766e681c49a1d)
|
|
password changes which only include the LM and NT hash, such as the
original ChangePassword.
It also fixes setting passwords on the BUILTIN domain.
Finally, the msDS-KeyVersionNumber is only incremented if not
explicity set by the modify.
Andrew Bartlett
(This used to be commit e957f6f4c61c121f79ad518822691e4fd4bf4341)
|
|
This required changes to the rootDSE module, to allow registration of
partitions. In doing so I renamed the 'register' operation to
'register_control' and 'register_partition', which changed a few more
modules.
Due to the behaviour of certain LDAP servers, we create the baseDN
entry in two parts: Firstly, we allow the admin to export a simple
LDIF file to add to their server. Then we perform a modify to add the
remaining attributes.
To delete all users in partitions, we must now search and delete all
objects in the partition, rather than a simple search from the root.
Against LDAP, this might not delete all objects, so we allow this to
fail.
In testing, we found that the 'Domain Controllers' container was
misnamed, and should be 'CN=', rather than 'OU='.
To avoid the Templates being found in default searches, they have been
moved to CN=Templates from CN=Templates,${BASEDN}.
Andrew Bartlett
(This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
|
|
other needs the default basedn.
Andrew Bartlett
(This used to be commit 42c2495683083110ec41aeab5adeee09762db3dd)
|
|
Remove duplicate attribute in search request
Search for the domain by NDR-encoded SID, not string (consistant with
the rest of the C code, and helps partially-constructed LDAP
backends).
Use the default basedn for the domain search.
Andrew Bartlett
(This used to be commit 2f104612cd6f170dd28fd4ce09156168d47a681a)
|
|
Andrew Bartlett
(This used to be commit af11f464a717cc7db0393070da780091a6053ee0)
|
|
original error strings back to the callers.
Andrew Bartlett
(This used to be commit defa63298838fefae7ed003458020045edaef21d)
|
|
This adds more/better setting of the ldb error string, and avoids
using gendb_search(), as this doens't return the error code.
Andrew Bartlett
(This used to be commit 2d2e71a2d5827c9dc8785b87547559071b47ab34)
|
|
Andrew Bartlett
(This used to be commit 2fe9de8105843776b8ef41ef6f9a6cea5cb188ff)
|
|
to implement.
Andrew Bartlett
(This used to be commit 3252e425b0e28656ac5fb19fa4edf7322ea72eab)
|
|
We were not using the correct baseDN for the templates search. Using NULL is no longer valid (like against AD).
While chasing that down, return proper error codes, and use the
ldb_set_errstr() to get a good error string back up to the UI layer.
Andrew Bartlett
(This used to be commit b31003403d84def6f11b21df566ff57c01da21b8)
|
|
the whole ldb structure.
Because the sequence number was a fn pointer on the main ldb context,
turn it into a full request (currently sync).
Andrew Bartlett
(This used to be commit fbe7d0ca9031e292b2d2fae263233c973982980a)
|
|
(This used to be commit 795f8ebe8eecf28f5729754dc248d2a8411effb9)
|
|
Andrew Bartlett
(This used to be commit 25e85975459acc556c0d46f1683dd4bbdd94874b)
|
|
things.
With this fix, we now correctly detect computers again, and get the
correct objectCategory, which is important for the OSX AD plugin.
Andrew Bartlett
(This used to be commit 4e39d7bb245bc337ac496c7e39a510d1c5611c71)
|
|
(This used to be commit d346531d0a3e7160ae2a3bdc430521148b485540)
|
|
Check timeouts are correctly verified.
Some minor fixed and removal of unused code.
(This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
|
|
(This used to be commit 959c8c35ef170e03a5f698d0fa11616583cc6f66)
|
|
situation handled in the incorrect way.
A while(1) loop may end up looping forever consuming all valid RIDs because of a secondary bug.
And anyway nextRid is supposed to always give back a new unique RID, if someone messed up the database let him
fix the problem first, trying to be smart here would probably end up in worst results.
Simo.
(This used to be commit 6b214f232eefc4ffbc98dfb68c99d1f0c97ae6db)
|
|
- Quiet some IBM Checker warnings (enum mismatch)
- Only search for the attributes we need
- fix comments
- fix copyrights
Andrew Bartlett
(This used to be commit ee6fe3a80fd5038c2b141bf8a85139f99ac96e4d)
|
|
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
|
|
This means that some modules have been disabled as well as they
have not been ported to the async interface
One of them is the ugly objectclass module.
I hope that the change in samldb module will make the MMC happy
without the need of this crappy module, we need proper handling
in a decent schema module.
proxy and ldb_map have also been disabled
ldb_sqlite3 need to be ported as well (currenlty just broken).
(This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
|
|
They have never benn used and make little sense too imo
(This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9)
|
|
I was sick of jumping inot each module for each request,
even the ones not handle by that module.
(This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7)
|
|
Start enhancing it and fix some problems with incorrect evalutaion of the codes
Implement rdn rename (async only)
(This used to be commit 6af1d738b9668d4f0eb6194ac0f84af9e73f8c2e)
|
|
sublte - please have a look at the change if you are not certain you
know the semantics of constant arrays declared on the stack (they must
be static if you return them from the function)
(This used to be commit 1848078fee2041195e3d65fcc090d7b6330b8ea0)
|
|
(This used to be commit 2e9a840bb975f3269de4ca299a3d6e5b19f3cad1)
|
|
It passess all my tests, but I still need to work on a lot of stuff.
Shouldn't impact anybody else work, so I want to commit now and see what happens
Will work to remove the old code from modules and backends soon, and make some
more restyling in ldb internals.
So, if there is something you don't like in this desgin please speak now.
Simo.
(This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce)
|
|
(This used to be commit 977982c884da15d1e9f5fe19d24cd4169ecbb0c5)
|
|
(This used to be commit 36537100db491012d8124f7aca266a8290f2eee6)
|
|
(This used to be commit 3c9434e264710a1fa29adedbe571d5324ecae906)
|
|
Testing various async paths and uncovering bugs
(This used to be commit 099d873ea596ece18efe63b06bc64e7f97a96f82)
|
|
The async path is not yet enabled by default so it should make no harm
(This used to be commit b7d5f2325726757a4fcd0b5ac03de1b867085a89)
|
|
metze
(This used to be commit 73ca71b42b20c9cc0acba8caecc24b07624c4abc)
|
|
tree fro long
(This used to be commit 7c050b541e98cd442a0c9ed0ddadb3e573cd1304)
|
|
the original, rather than equivilant, enum type.
Andrew Bartlett
(This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
metze
(This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
- remove sid_active_in_token() was the same as security_token_has_sid()
- rename some functions
metze
(This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
|
|
the problem was that we shift with <<= (privilege-1)
and we called the function with privilege=0
add some checks to catch invalid privilege values
and hide the mask representation in privilege.c
metze
(This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
|