summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22120: Expand the RPC-CRACKNAMES test, to test more values and expose patterns.Andrew Bartlett1-18/+49
Fix up our server side implementation to pass almost all the tests (a couple are skipped). Don't require the DsGetDomainControllerInfo calls to pass, just get some info from them. Andrew Bartlett (This used to be commit a29eb8f7e541d2021726601faf52355e312c916b)
2007-10-10r22119: Where we get a request to 'crack' a user principal name from aAndrew Bartlett1-22/+52
compleatly unknown domain, return the correct error code. Andrew Bartlett (This used to be commit 7d04a36cdb3628ea9c1260f3318f2b964f10c346)
2007-10-10r21842: fix typo in commentStefan Metzmacher1-12/+12
metze (This used to be commit 8fcd5209ae46823f7d99bddff6e61873e75dd24c)
2007-10-10r21839: add my email addressStefan Metzmacher3-3/+3
metze (This used to be commit e3be33c1d9f9e44ef37e6ef72a23576474f6e725)
2007-10-10r21838: generate no metadata for constructed attributesStefan Metzmacher1-2/+4
metze (This used to be commit 7e0620e524886a66dbdb16f35fee4f51f2867a2a)
2007-10-10r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett1-23/+38
Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
2007-10-10r21773: fix typo orginating -> originatingStefan Metzmacher1-7/+7
and use the struct member names in all cases metze (This used to be commit c543ee57454d006c545e3e9e20c9ac0114081d3d)
2007-10-10r21503: add usefull function to get the site dn for the local serverStefan Metzmacher1-0/+17
metze (This used to be commit 08b8e9acff6779ecc2e568ae0a875013d93838b7)
2007-10-10r21497: Pass more of the RPC-CRACKNAMES test by using the new search_options ↵Andrew Bartlett1-26/+89
control. Andrew Bartlett (This used to be commit 47c8a059c4d90b7befde390d2d050f0d1934ecc1)
2007-10-10r21496: A number of ldb control and LDAP changes, surrounding theAndrew Bartlett4-7/+25
'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
2007-10-10r21470: generate Primary:WDigest blob with precalculated digest-md5 hashes:Stefan Metzmacher1-6/+383
see http://technet2.microsoft.com/WindowsServer/en/library/717b450c-f4a0-4cc9-86f4-cc0633aae5f91033.mspx?mfr=true for how the hashes are supposed to be (but w2k3 doesn't to some correctly...) this is a verify nice tool to test the hash genaration, but you need to add support for "" realm strings... http://fresh.t-systems-sfr.com/unix/src/www/httpauth-0.6.tar.gz:a/httpauth-0.6/tools/mkha1.c metze (This used to be commit 26d51741b6aa54c47ee039ac14390f1f0ee51e30)
2007-10-10r21465: the LDAP-UPTODATEVECTOR test shows that the replUpToDateVectorStefan Metzmacher1-37/+11
doesn't contain an entry for the local invocation_id metze (This used to be commit 4bd0ddeb80b0a6695a457434594c0240c8880d9f)
2007-10-10r21441: create a union for the PrimaryKerberosBlob contentStefan Metzmacher1-35/+45
so that ndr_pull will fail if version isn't 3 and we notice if the format changes... metze (This used to be commit 91f7a094cfd04405c224b9579146d814cba507b3)
2007-10-10r21434: - get rid of "krb5Key"Stefan Metzmacher2-359/+732
- use "sambaPassword" only as virtual attribute for passing the cleartext password (in unix charset) into the ldb layer - store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos blob to match w2k and w2k3 - aes key support is disabled by default, as we don't know exacly how longhorn stores them. use password_hash:create_aes_key=yes to force creation of them. - store the cleartext password in the Primary:CLEARTEXT blob if configured TODO: - find out how longhorn stores aes keys - find out how the Primary:WDigest blob needs to be constructed (not supported by w2k) metze (This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)
2007-10-10r21395: fix commentsStefan Metzmacher1-7/+7
metze (This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
2007-10-10r21364: cosmetic change: it's nicer to use the KEYTYPE_ macroStefan Metzmacher1-2/+2
for the keytype field... metze (This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
2007-10-10r21362: rename:Stefan Metzmacher4-46/+46
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r21355: work in child domains, CN=Configuration isn't always under the domain dnStefan Metzmacher1-2/+2
metze (This used to be commit cdfd4ee8e5202a3df1da2d82b592d8814a3209ba)
2007-10-10r21315: ldb now supports filters like ↵Stefan Metzmacher1-4/+30
(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again we can use such a filter:-) we should only update the keytab for records matching this filter, that means we need to do a search before calling cli_credentials_set_secrets() metze (This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
2007-10-10r21306: fix the RPC-LSA tests the admin couldn't no longer get the ↵Stefan Metzmacher1-0/+1
'currentValue' attribute... this needs more works, but make it work again for now metze (This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d)
2007-10-10r21179: Anything more complex than this causes the keytab never to be updated...Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit c3977b4bae1e1b5e4ff4a64c7146534536685e91)
2007-10-10r21135: Instead of having hooks to update keytabs as an explicit thing, updateAndrew Bartlett2-2/+203
them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-10-10r20975: - implement handling of meta data an on originating addStefan Metzmacher1-37/+240
there're a few things TODO, but it's a good start we need to research if an originating change causes the replUpToDateVector attribute to change...(I assume it, but needs testing) metze (This used to be commit fde0aabd9ae79fcefbcba34e6f9143f93ffcf96c)
2007-10-10r20971: we don't need this check twice:-)Stefan Metzmacher1-7/+0
metze (This used to be commit b7d48274a7341c5e4a3f103387f87fcc94853271)
2007-10-10r20968: - add functions to sort the meta data and attribute arraysStefan Metzmacher1-25/+90
- we should use them before we store records to disk metze (This used to be commit a5200ef0cae5e8b0cedf196c9d76afc46e08c316)
2007-10-10r20957: a value of FF0000000000000000000000000000000000000000 isn't stored ↵Stefan Metzmacher1-4/+8
as schemaInfo so we need to use it as value if nothing is stored metze (This used to be commit cd326134079375fc83640444d6323a5cbe7c02ee)
2007-10-10r20923: only allow extended operations for SYSTEM or administrators for nowStefan Metzmacher1-0/+1
metze (This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc)
2007-10-10r20921: - only give password attributes to the SYSTEM accountStefan Metzmacher1-2/+0
- but SYSTEM and administrators can change them metze (This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494)
2007-10-10r20909: add a module that implements the LDAP_CONTROL_SHOW_DELETED_OID controlStefan Metzmacher2-0/+227
it hides objects with isDeleted=TRUE by default, and let them through if the control is present metze (This used to be commit 7108d62cb0360e734045eb39c03508d8528dc9cc)
2007-10-10r20906: allow LDAP simple binds using the following syntaxes in the DN field:Stefan Metzmacher1-7/+34
CN=Administrator,CN=Users,DC=w2k3,DC=vmnet1,DC=vm,DC=base Administrator@W2K3 W2K3\Administrator w2k3.vmnet1.vm.base/Users/Administrator w2k3 also allows this (and maybe more...?) metze (This used to be commit 40c27ef88df9021e9ef2a6c43aabab709ac9662f)
2007-10-10r20902: don't crash if the object isn't there yetStefan Metzmacher1-0/+4
metze (This used to be commit 4588e2522b11f707e608488c782f6988fd97628a)
2007-10-10r20871: implement the validFSMOs constructed attribute on the rootdseStefan Metzmacher5-21/+82
for the schema, domain naming and pdc fsmo roles infrastructure and rid manager will be added later, when we have module for them metze (This used to be commit 308f9cf822a3a34dae28a5fa5aa850e2adbeb472)
2007-10-10r20870: implement the constructed attributes dsSchemaAttrCount,Stefan Metzmacher1-0/+44
dsSchemaClassCount and dsSchemaPrefixCount on the rootdse having a loaded dsdb_schema make things so easy...:-) metze (This used to be commit 7862fcdbb5ce43e702512c1acdbb5843ef551293)
2007-10-10r20867: add modules to handle the domain naming and the pdc FSMO RolesStefan Metzmacher3-0/+263
metze (This used to be commit 341fae8e8465e67023ab0e82110835669a593577)
2007-10-10r20866: - fix debug messages missing new linesStefan Metzmacher1-14/+18
- use LDB_DEBUG_WARNING in some places - debug if we're the schema master metze (This used to be commit 63f46344437002202990bd34fb200d847fcfcf40)
2007-10-10r20864: move common stuff into an extra functionStefan Metzmacher1-85/+62
metze (This used to be commit 3f441741a6ff00ba88d3134c97e597285afbfed7)
2007-10-10r20863: check that there's a current partition control attached to the requestStefan Metzmacher1-6/+65
metze (This used to be commit b1377a2e240dbe36277816452d33d6abaa486b9e)
2007-10-10r20855: pass the DSDB_CONTROL_CURRENT_PARTITION_OID control also for theStefan Metzmacher1-10/+27
send_all case metze (This used to be commit b3fce383d3824ee418cbb7343f5d06720f5d31df)
2007-10-10r20853: attach the DSDB_CONTROL_CURRENT_PARTITION_OID control when requestsStefan Metzmacher1-2/+7
are passed to a specific partition metze (This used to be commit 06a46b1db46251989676fb04548f038930c83eb5)
2007-10-10r20849: first step to move away from using find_backend() and use ↵Stefan Metzmacher1-5/+20
find_partition() instead metze (This used to be commit 0d75cca6f37975a3855973468dc55520cb3b3fb7)
2007-10-10r20847: - split some code out into a new function find_partition()Stefan Metzmacher1-8/+27
- make all functions static metze (This used to be commit 3d313f08c7d6b201011f3b4744c8e54b1d0640c7)
2007-10-10r20826: make the dsdb_control_current_partition struct public and allocate ↵Stefan Metzmacher2-5/+18
an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
2007-10-10r20809: rename struct partition into struct dsdb_control_current_partitionStefan Metzmacher1-9/+11
we'll soon pass this down as DSDB_CONTROL_CURRENT_PARTITION_OID control so that the repl_meta_data module knows where to update the replUpToDateVector attribute metze (This used to be commit e5de40f8c2377d6dce54109a8d8bf9c6b681b813)
2007-10-10r20780: keep a dsdb_schema_fsmo struct as private dataStefan Metzmacher1-0/+21
and remember if we're the schema master metze (This used to be commit c42dab21fb275ca36a517f97922af21447671785)
2007-10-10r20779: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 0b98f11d3eeee3eaf862dc06468332a20e22c059)
2007-10-10r20778: we don't need a talloc_steal hereStefan Metzmacher1-1/+1
metze (This used to be commit 0ef90769b49b93cb57e9a1ba2aea280ec70ae151)
2007-10-10r20776: require a loaded dsdb_schema for originating add and modify operationsStefan Metzmacher1-6/+26
(later we'll require it for all originating changes...) metze (This used to be commit fc1a836eccc0913fdab644341fa3e37a2f086de8)
2007-10-10r20771: add an ldb module which will force the Schema FSMO Role OwnerStefan Metzmacher2-0/+236
constraints and it also loads the dsdb_schema at startup. currently it only loads the dsdb_schema metze (This used to be commit d78de0fb68f8b4ef4c5372f3c3ed171e44cf2037)
2007-10-10r20762: load the default dn's after the rootdse module is initialized,Stefan Metzmacher1-0/+2
so that following module can access the default dn's. metze (This used to be commit a934da4dcfeae49fcfc901a071da2d41507da69b)
2007-10-10r20760: also handle the case where no private data is attached to the moduleStefan Metzmacher1-1/+1
metze (This used to be commit c8f5aad40af0741984ded2047931a77161f69ece)