summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8321: Fix some uninitalized variable warningsVolker Lendecke1-1/+1
(This used to be commit 126cb3db4b0cf9c382ba7496ba08311f3b669f00)
2007-10-10r8224: - add objectGUID ldif_handlerStefan Metzmacher1-17/+25
- fix some compiler warnings metze (This used to be commit e6c39241bf93336d4c94c43f9d8beb69018fb74a)
2007-10-10r7925: small tidyup (please keep lines at a reasonable length)Andrew Tridgell1-1/+2
(This used to be commit 0bfd91c32a62e651e81ce8d3b102158ec9c680fe)
2007-10-10r7864: fixed some const bugsAndrew Tridgell1-1/+1
(This used to be commit 616f54015ff8c7b25fa500cb03d025a9950ed6cf)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell3-43/+118
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7783: the whenChanged attribute is now handled by the timestamps module, andAndrew Tridgell1-3/+0
should not be handled here as well. I had to remove it from here as it was buggy anyway (it wasn't setting the modify flags, this making an invalid ldb_modify() request) (This used to be commit f267e9d5b7b40c9c8bf1aa67a00f42e2d3bb3bc5)
2007-10-10r7615: fix the build and simplify gendb_search_dnSimo Sorce1-2/+2
(This used to be commit b38bb63175ae0bdcf833c017e5fbbfc2c0769506)
2007-10-10r7582: Better way to have a fast path searching for a specific DN.Simo Sorce1-4/+4
Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2007-10-10r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_treeAndrew Tridgell1-9/+18
instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2007-10-10r6470: Remove ldb_search_free() it is not needed anymore.Simo Sorce2-30/+15
Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
2007-10-10r6084: - Introduce the samldb module dependency on samba4Simo Sorce1-205/+170
- This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett2-22/+2
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5588: We currently use a string representing an hex number so conform to that.Simo Sorce1-3/+3
But we should move to a signed integer in future to be AD compatible. (This used to be commit b67512c5139af121b6579a5c6318a489c2132ebb)
2007-10-10r5587: more work around the samldb moduleSimo Sorce1-8/+180
fix the provision.ldif the layout of the @MODULES dn has changed since last commit (This used to be commit acb99e63d40e71fa843c1b7a1719a350a353ed28)
2007-10-10r5585: LDB interfaces change:Simo Sorce1-76/+76
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5584: add new experimental ldb moduleSimo Sorce1-0/+512
(This used to be commit e77a070c841c7a1b73dfcea2d43651618557d0f4)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+2
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-5/+5
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4766: Add another useful helper function: samdb_msg_set_value()Andrew Bartlett1-0/+15
Andrew Bartlett (This used to be commit a43f7392f791081f227a0e05aeed894885f33232)
2007-10-10r4698: - Initial implementation of trusted domains in LSA.Andrew Bartlett1-2/+20
- Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2007-10-10r4679: Remove the void* from samdb. We now use structures without fullAndrew Bartlett1-74/+63
declarations all the time, and the struture the void* is hiding here is even a declared one, so there is no excuse. This also causes the compiler to warn on bugs. Andrew Bartlett (This used to be commit f40e794902020c5fb6839e6493be9a73416716b0)
2007-10-10r4650: - make more use of bitmap and enum'sStefan Metzmacher1-2/+2
- move some structs out of misc.idl metze (This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-4/+3
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell1-1/+1
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4532: - rename bitmap -> bitsStefan Metzmacher1-5/+5
the next commit is support for typedef bitmap {...}; in pidl metze (This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
2007-10-10r4475: fixed smbd to work with the small changes in the ldb API (the most ↵Andrew Tridgell1-14/+0
important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-1/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4414: Various bits&pieces:Volker Lendecke1-0/+43
* Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2007-10-10r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember andVolker Lendecke1-0/+1
samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2007-10-10r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember andVolker Lendecke1-0/+54
samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2007-10-10r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't thereVolker Lendecke1-1/+2
enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2007-10-10r4151: added privilege attribute handling on samdb.Andrew Tridgell1-0/+107
pvfs will now honor some privileges on ACLs, and it will be quite easy to add the checks for more privileges in the necessary places, by making calls to sec_privilege_check(). (This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)
2007-10-10r4096: move the samdb code to source/dsdb/Stefan Metzmacher1-0/+894
the idea is to have a directory service db layer which will be used by the ldap server, samr server, drsuapi server authentification... I plan to make different implementations of this interface possible - current default will be the current samdb code with sam.ldb - a compat implementation for samba3 (if someone wants to write one) - a new dsdb implementation which: - understands naming contexts (directory parrtitions) - do schema and acl checking checking - maintain objectGUID, timestamps and USN number, maybe linked attributes ('member' and 'memberOf' attributes) - store metadata on a attribute=value combination... metze (This used to be commit 893a8b8bca2f020fbbe6f469aaa8dd4478249eb8)