summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-9/+9
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-02Fix more unresolved symbols.Jelmer Vernooij1-7/+7
2009-06-01we don't need the unique checks in the samldb code nowAndrew Tridgell1-162/+2
These attributes now use the unique indexing flag
2009-05-26s4:ldb_modules: Correct typos.Andrew Kroeger2-2/+2
2009-04-22s4:ldb: fix extrasemi compile warningBjörn Jacke1-1/+1
2009-04-22s4:ldb: do talloc_free and return NULL when we have no matches to returnBjörn Jacke1-0/+4
2009-04-09slightly nicer output in our possibleInferiors test codeAndrew Tridgell1-2/+2
2009-04-09hook the new possibleInferiors calculation into the schemaAndrew Tridgell1-14/+77
We now generate possibleInferiors at startup, and return it when requested
2009-03-31use the prepare_commit op in the partition codeAndrew Tridgell1-14/+49
This makes multi-partition ldb's much safer
2009-03-27added a --wspp optionAndrew Tridgell1-4/+7
Adding --wspp to possibleInferiors.py forces it to use the WSPP documented algorithm, which doesn't match windows behaviour
2009-03-26fixed possibleinferiors.py so it matches windows behaviourAndrew Tridgell1-39/+127
This test code builds the possibleInferiors for every class in the schema on a target machine, and compares it to the servers possibleInferiors attribute. The MS-ADTS spec describes how to calculate possibleInferiors for a object, but it seems to have some bugs. The spec says that we need to use AUXCLASSES, and it does not mention the use of the SUBCLASS tree. In trying to match windows behaviour, I found that I needed to ignore the AUXCLASSES and build a SUBCLASSES tree.
2009-03-24the start of a possibleInferiors test suiteAndrew Tridgell1-0/+155
we haven't implemented possibleInferiors yet. This test is meant to help us understand how it works. It tries to construct possibleInferiors via searches on other attributes, and compares it to the servers constructed possibleInferiors attribute for each class in the servers schema. see [MS-ADTS] section 3.1.1.4.5.21
2009-03-17added support for parentGUIDAndrew Tridgell1-5/+84
This is made up of 4 parts: 1) change our schema to include the parentGUID attribute type 2) in the add hook in the objectclass module, get the objectGUID of the parent and add it to the message as parentGUID 3) in the rename hook in the objectclass module, get the objectGUID of the new parent, and insert an async modify request after the renmam is done 4) added a simple test suite
2009-03-16s4:password_hash Only store the LM hash if 'lanman auth = yes'Andrew Bartlett1-1/+2
The clients that do only lanman auth are on their way out, the passwords are case insensitive, it does not support unicode and we should not store such a poor hash of the password if we can avoid it. Andrew Bartlett
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-10/+7
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-3/+3
consistency with Samba 3.
2009-02-23Fix headers, ldb_includes.h is a private header,Simo Sorce6-3/+7
do not reference it from ldb.h
2009-02-10added a workaround to the handling of unicodePwd for Win7-betaAndrew Tridgell1-1/+30
The Win7-beta domain process has changed. It no longer uses SAMR for setting the password, and instead uses a ldap modify on a SASL encrypted ldap connection. We didn't handle that as the unicodePwd attribute has a dual use, holding the nt style MD4 hases for DRS replication, but holding a UTF-16 plaintext password for a LDAP modify. This patch copes with the ldap unicodePwd modify by recognising the format and creating the correct attributes on the fly. Note that this assumes we will never get a unicodePwd attribute set in NT MD4 format with the first 2 and last 2 bytes set to 0x22 0x00. Andrew Bartlett is looking at a more robust solution, possibly using a flag to say that this modify came via ldap, and not internal ldb calls.
2009-02-02s4:schema_fsmo: s/class/sclassStefan Metzmacher1-7/+7
metze
2009-02-02s4:update_keytab: s/delete/do_deleteStefan Metzmacher1-7/+7
metze
2009-02-02s4:kludge_acl: s/class/sclassStefan Metzmacher1-5/+5
metze
2009-02-02s4:extended_dn_out: s/private/p s/new/nattrsStefan Metzmacher1-40/+40
metze
2009-01-31s4:repl_meta_data: fix segfault after ldb changesStefan Metzmacher1-1/+1
metze
2009-01-30Fix proxy moduleSimo Sorce1-2/+2
2009-01-30Fix all other modules to use ldb_module.h instead of ldb_private.hSimo Sorce15-555/+800
The only 2 modules escaping the rule so far are rootdse and partitions
2009-01-30Fix misfiled headers.Simo Sorce1-1/+0
Some public functions were mistakenly put into ldb_private.h Revert all modules to only include ldb_module.h
2009-01-30s4:fix the build after 380874ef863866c94c999ef53252b9d30df65e88Stefan Metzmacher1-0/+1
metze
2009-01-30Fix the mess with ldb includes.Simo Sorce9-75/+146
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher5-9/+9
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-23Fix more compiler warnings in various places.Jelmer Vernooij2-8/+8
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij1-9/+2
2008-12-21Fix various Python-related bugs.Jelmer Vernooij1-170/+170
2008-12-18Fix samba3sam test after removal of dom_sid IDL file.Jelmer Vernooij1-2/+2
2008-12-17s4:dsdb: remove normalise moduleAndrew Bartlett2-206/+0
The extended_dn_out module provides the functionality now. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and ↵Andrew Bartlett6-672/+1515
extended_dn_store. By splitting the module, the extended_dn_in and extended_dn_store moudles can use extended_dn_out to actually get the extended DN. This avoids code duplication. The extended_dn_out module also contains a client implementation of the OpenLDAP dereference control (draft-masarati-ldap-deref-00). This also introduces a new control 'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module to return whatever the 'storage format' is. This allows us to work with both OpenLDAP (which performs a dereference at run time) and LDB (which stores the GUID and SID on disk). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: Make the linked_attributes module set an extended dnAndrew Bartlett1-192/+325
This means that linked attributes will always have the same case form as the actaul entry, as we search for that entry. We then also use the GUID and SID found on that entry to fill in the extended DN on disk. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:rootdse: fix the logic to indentify a rootdse searchAndrew Bartlett1-2/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:ldb: make it possible to return per entry controlsAndrew Bartlett11-14/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:samldb: make use of dom_sid_split_rid()Andrew Bartlett1-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:samldb: improve error stringsAndrew Bartlett1-6/+8
When things go wrong with LDB, this routine seems to be particularly sensitive to it. This extra debugging should help the next poor soul who breaks LDB. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROLAndrew Bartlett1-0/+22
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00) At this time, the ldb_controls infrustructure does not handle request and reply controls having different formats, so this is purely the client implementation (ie, there is no decode of the client->server packet, and no encode of the server->client packet). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17Add hint to use passwordAttributes in @KLUDGE_ACL in futureAndrew Bartlett1-1/+2
This module is not used at the moment, but if we do use it again, we should try to avoid duplicate lists. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17Make greater use of 'GUID_from_data_blob'Andrew Bartlett1-40/+11
This avoids accidentily running off the end of a string, and uses a single 'guess which type of GUID I have' algorithm. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17Fix sequence number generation against OpenLDAPAndrew Bartlett1-0/+8
It seems that in 2deeb99fff1a90c79ba1927e1a069362e250a63c adding the partition control to this request was missed out. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-05s4:password_hash: really catch the clearTextPasswordAttr case...Stefan Metzmacher1-1/+1
This fixes the creation of the user object for incoming trusts in dcesrv_lsa_CreateTrustedDomain_base(). And now w2k3 trust samba4 just fine:-) metze
2008-12-04s4:kludge_acl: allow everybody to read the sequence numberStefan Metzmacher1-1/+27
metze
2008-11-17s4:dsdb/samdb: don't allow objects without objectClassStefan Metzmacher1-2/+2
We're using @ROOTDSE instead of CN=ROOTDSE. metze
2008-11-17Run the original operation before we update linked attrsAndrew Bartlett1-17/+24
This causes the linked attribute modifies to occour after the original operation is entered in the transaction (any failure still fails the lot). This means (I hope) that we can have another module search the originating record when the backlink is created, filling in the GUID and SID for the extended DN. Andrew Bartlett
2008-11-17The samba3sam test does not really need the extended_dn moduleAndrew Bartlett1-1/+1
(This module has been split up into extended_dn_in, extended_dn_out and extended_dn_store). Andrew Bartlett
2008-11-16s4:dsdb/schema_fsmo: provide "extendedAttributeInfo" and "extendedClassInfo"Stefan Metzmacher1-0/+56
metze