summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-3/+3
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-21s4-dsdb extended_dn_out: Move lazy dereference control creation to lazy-initAndrew Bartlett1-54/+77
We didn't seem to get the control created by the time we do searches here. Andrew Bartlett Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb: force LDB_ERR_NO_SUCH_ATTRIBUTE on missing schemaInfoAndrew Tridgell1-2/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21s4-dsdb: fixed depenencies for -no-undefinedAndrew Tridgell1-4/+4
added some depenencies needed for -Wl,-no-undefined
2010-10-21s4-dsdb: make ldb_password_hash depend on hdb not HEIMDAL_HDB_KEYSAndrew Tridgell1-1/+1
this prevents a duplicate object file
2010-10-21s4-dsdb: moved a bunch of fuctions from schema/schema_info_attr.c to ↵Andrew Tridgell3-10/+350
samdb/ldb_modules/schema_util.c these functions operate on ldb_modules, so they should be in the ldb_modules directory. They also should return ldb errors codes, not WERROR codes, as otherwise the error can be hidden from the ldap caller This re-arrangement fixes a dependency loop in the schema/samdb code. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
2010-10-19s4-dsdb Reset the error string after 'expected' errors.Andrew Bartlett1-0/+1
This helps ensure that we don't get confusing error strings in the logs on other error cases. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backendsAndrew Bartlett3-2/+83
If we send the full extended DN, then we risk standards-complient LDAP servers rejecting it as invalid. Only the DN portion is needed to resolve the record in any case, and any SID or GUID componenets have already been evaluated into the DN. Andrew Bartlett
2010-10-19s4-dsdb: register the DCPROMO_OID control with the rootdseAndrew Tridgell1-0/+7
this is needed to allow it over ldap Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb: filter unregistered controls in the rootdse moduleAndrew Tridgell1-19/+84
if we get an unregistered control in the rootdse module, and the request comes from an untrusted source (eg. ldap://) then we need to: 1) filter the control out if it is marked non-critical 2) give an error if it is marked critical Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-18s4:"util_ldb" - remove some really unused dependanciesMatthias Dieter Wallnöfer2-2/+0
2010-10-18dsdb simple_ldap_map depends on LDBSAMBAAndrew Bartlett1-1/+1
This shows up at build time on MacOS and runtime on Linux when we use the LDAP backend. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Oct 18 00:57:51 UTC 2010 on sn-devel-104
2010-10-18dsdb: Module aliases require to be prefixed with the subsystem name.Jelmer Vernooij1-2/+2
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer5-0/+5
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer5-5/+0
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-16s4:samldb LDB module - use appropriate fixed-length integer types where neededMatthias Dieter Wallnöfer1-4/+5
- The "systemFlags" we interpret always as signed - Use "samdb_msg_add_int" where possible (much saver for integer storing than ldb_msg_add_fmt)
2010-10-16s4:dsdb/samdb/ldb_modules/util.c - remove now unused functions which set ↵Matthias Dieter Wallnöfer1-74/+0
integers Please do always use the functions which specifiy the appropriate integer length to not run into platform-specific issues. Therefore I'm removing these generic calls.
2010-10-16s4:samba3sid LDB module - handle the RID as uint32_tMatthias Dieter Wallnöfer1-13/+15
- This is how we always deal with RIDs - Use an integer-length safe function for the RID update
2010-10-16s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree ↵Matthias Dieter Wallnöfer1-1/+16
delete protection MS-ADTS 3.1.1.5.5.7.2 Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
2010-10-16s4:dsdb - fix unsigned integer save problems using the "%u" specifierMatthias Dieter Wallnöfer5-17/+31
The issue here is that we have not yet first cast to int32_t explicitly, before we cast to an signed int to printf() into the %d or cast to a int64_t before we then cast to a long long to printf into a %lld. There are *no* unsigned integers in Active Directory LDAP, even the RID allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities. (See the schema, and the syntax definitions in schema_syntax.c). The failure has been detected by Matthieu Patou on the buildfarm host "tridge" due to a malformed "groupType" attribute. The solution is to use the "%d" specifier. Either to use it directly - or better (when possible) use the call "samdb_msg_add_uint" (which encapsulates it). This patch changes such problematic situations.
2010-10-15s4 dsdb: fix sign problem on PPC and x86Matthieu Patou1-2/+2
In LDAP we used signed intege and groups have the highest bit set (ie. 0x80000002). So it will result with values that are > 2^31 when these value are used on some plateforms (x86 and PPC 64bits in this case) it causes problem with strtol.
2010-10-15s4:samldb LDB module - cosmetic - use "ldb" variable rather than ↵Matthias Dieter Wallnöfer1-1/+1
"ldb_module_get_ctx"
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer3-18/+26
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-14s4:samldb LDB module - attempt to fix integer handling on big-endian platformsMatthias Dieter Wallnöfer1-7/+9
And beside this it's also nicer to use standard LDB functions for type conversions. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Oct 14 08:26:53 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - cosmetic fixupsMatthias Dieter Wallnöfer1-9/+9
- Update the module description - Fix indentation Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - deny creation of temporary duplicate accountsMatthias Dieter Wallnöfer1-0/+12
2010-10-13s4:samldb LDB module - proof the account type also on LDB modify operationsMatthias Dieter Wallnöfer1-0/+8
2010-10-13s4:samldb LDB module - support the group type changing properlyMatthias Dieter Wallnöfer1-1/+53
This is exactly that what Windows allows. It was proven by a blackbox test. And we also need to deny add operations of builtin groups.
2010-10-13s4:samldb LDB module - deny also the direct modification of ↵Matthias Dieter Wallnöfer1-3/+14
"isCriticalSystemObject" on modify operations
2010-10-13s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" ↵Matthias Dieter Wallnöfer1-0/+9
entries They're only allowed to be created with the RELAX control specified.
2010-10-13s4:samldb LDB module - first implementation of the samldb primary group triggerMatthias Dieter Wallnöfer1-48/+61
This was done according to MS-SAMR 3.1.1.8.2 But do use it only for add operations at the moment.
2010-10-13s4:samldb LDB module - use the new "objectclass_trigger" for add operationsMatthias Dieter Wallnöfer1-142/+33
Additionally clean up "samldb_fill_object" which is now much easier to comprehend.
2010-10-13s4:samldb LDB module - first implementation of the samldb objectclass triggerMatthias Dieter Wallnöfer1-0/+176
This was done according to MS-SAMR 3.1.1.8.1 I need to perform some RELAX checks since otherwise the provision wouldn't work anymore.
2010-10-13dsdb/schema_data: Build as shared object.Jelmer Vernooij1-1/+1
2010-10-13dsdb/schema_load: Build as shared object.Jelmer Vernooij1-1/+1
2010-10-13s4-schema: don't name variables after standard libc functionsAndrew Tridgell1-3/+3
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+0
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12libcli/security Use common security.hAndrew Bartlett3-4/+3
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett4-3/+6
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-1/+1
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-12dsdb: Build more modules as shared objects.Jelmer Vernooij1-14/+14
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Oct 12 02:12:29 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as shared objects.Jelmer Vernooij1-7/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 23:22:33 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as shared object files.Jelmer Vernooij1-10/+10
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 21:13:25 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as .so files.Jelmer Vernooij1-9/+9
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 19:14:58 UTC 2010 on sn-devel-104
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett1-4/+3
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij1-1/+1
2010-10-10dsdb/modules: Split up helpers a bit to prevent recursive dependencies.Jelmer Vernooij7-93/+134
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
2010-10-11dsdb modules: Split ridalloc out of common helpers, because of dependency loops.Jelmer Vernooij3-5/+12
2010-10-10ldb-samba: Rename samdb_relative_path to ldb_relative_path, as it's not ↵Jelmer Vernooij2-28/+2
samdb-specific.
2010-10-10dsdb: Move attr_in_list to SAMDB_COMMON to avoid circular dependency between ↵Jelmer Vernooij1-12/+0
SAMDB_COMMON and DSDB_MODULE_HELPERS.