summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19464: Reject passwords that cannot be converted into UCS2.Andrew Bartlett1-1/+7
Andrew Bartlett (This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
2007-10-10r19441: work in progress support for NFS4 ACLs in Samba4 on Linux. Still workAndrew Tridgell1-0/+41
to do, particularly with getting the detailed bit mappings right, and on sid mapping. Does not pass RAW-ACLS yet (This used to be commit b92553481b534d0ef5277dbfe8c0d64a03f819eb)
2007-10-10r19337: never alloc on module unless you mean to attach a context toSimo Sorce1-1/+1
it to keep the data around as long as the module lives (This used to be commit d2073c1f7e1bc674358df5da0dc09e183b4b8712)
2007-10-10r19333: commit module changes I made some time ago before I loose themSimo Sorce3-106/+135
(This used to be commit 524ec78086597e0507cb6ce307155ef1b6a47836)
2007-10-10r19332: ldb_parse_tree leaksSimo Sorce2-3/+3
(This used to be commit 3e0e2787c1da1c3831e21b163e1370001d725a3d)
2007-10-10r19330: Fix memleaksSimo Sorce1-1/+1
(This used to be commit f163f422e3f201d8b0e22538949eccf0f7e62143)
2007-10-10r19329: fixed a leak in the password hash moduleAndrew Tridgell1-1/+1
(This used to be commit 3f48bcb0585684686ba7601eb7614589a1bc2f5d)
2007-10-10r19328: another leak plugged ....Andrew Tridgell1-1/+1
(This used to be commit f57535b9c2214e58c71084fcb9d74848e7d26b89)
2007-10-10r19321: Merge from release branch:Andrew Bartlett1-6/+6
Always set the krb5key from the ntPwdHash, even if we don't have the cleartext password in sambaPassword. This fixes kerberos after a vampire. Andrew Bartlett (This used to be commit 1d4d2271c9b944db3a9a2eba971aec5bcd9cf100)
2007-10-10r19313: Don't mess with hierarchies!!Simo Sorce1-1/+1
There is a reason why we use them :-) (This used to be commit e3b7e91299559ddc7f300be53785d313a4aa90fc)
2007-10-10r19308: Merge samsync fixes from SAMBA_4_0_RELEASEAndrew Bartlett1-1/+15
Andrew Bartlett (This used to be commit 331003239972d80864211377e864f7e469bd3d77)
2007-10-10r19299: Fix possible memleaksSimo Sorce1-1/+3
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
2007-10-10r18945: fix compiler warnings and end-of-non-void function bugsStefan Metzmacher2-11/+17
metze (This used to be commit ed195999c0c7d89cdc61e980576d191fc05d65d7)
2007-10-10r18908: Store the schema structure into an opaque pointer so that it can be ↵Simo Sorce1-6/+14
reused by multiple connections (This used to be commit ca8827d8f9a9f6ec60afed29b0b85f491d725d1c)
2007-10-10r18781: Move the usnCreated and usnChanged handling around again.Andrew Bartlett4-18/+396
This moves these attributes from objectguid into an optional backend (objectguid), used by ltdb. For OpenLDAP, the entryUUID module converts entryCSN into usnChanged. This also changes the sequence number API, and uses 'time based' sequence numbers, when an LDAP or similar backend is detected. To assist this, we also store the last modified time in the TDB, whenever we change a value. Andrew Bartlett (This used to be commit 72858f859483c0c532dddb2c146d6bd7b9be5072)
2007-10-10r18636: Excessive testing with pam_winbind within Samba3 revealed a new samrGünther Deschner1-4/+4
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which is different from SAMR_REJECT_COMPLEXITY. torture test to follow as well. Guenther (This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
2007-10-10r18504: Handle mappings for RENAME and KEEP attributes better. We don't needAndrew Bartlett1-2/+2
to mess with the values in these cases. Where we do convert the values, try and convert substrings. This isn't going to be perfect, but we should try rather than segfault. This also avoids using the wrong arm of the union for the attribute name The change in the entryUUID module is to correct the case of sAMAccountName, due to the case sensitive ldap.js test. Andrew Bartlett (This used to be commit 81d9a692c1e74ec9078bf718003eafdba85b4324)
2007-10-10r18495: More work on the LDAP backend (which now passes a lot of our tests!)Andrew Bartlett3-19/+50
This adds a list of attributes that are in our wildcard seaches, but the remote server requires to be explicitly listed. This also cleans up the handling of wildcards in ldb_map to be more consistant. Also fix the partitions module to rebase the search, if on the GC port, we do a subtree search. (Otherwise backends can rightly complain that the search is not in their scope). Andrew Bartlett (This used to be commit bc58792b7102f086b19353635d5d5ef9d40a0aae)
2007-10-10r18441: Allow searching for the high bit in these bitfields, when the clientAndrew Bartlett1-1/+38
asks for them as large integers, rather than a negative integer. Due to an OpenLDAP bug, this only works reliably against OpenLDAP CVS as of today. (but mostly works in older versions, depending on a thread-specific value fo errno in the server). Andrew Bartlett (This used to be commit 3b5354aededc619ac6656611eacd43888e74260a)
2007-10-10r18368: Don't list GENSEC mechs that only have client implementations in ourAndrew Bartlett1-1/+1
supportedSASLMechanism list. Andrew Bartlett (This used to be commit 3e69637b5f79e4132026ebaf9d57cf67ef3826c1)
2007-10-10r18367: When converting to entryUUID, ensure we don't double-convert aAndrew Bartlett1-13/+16
string-format GUID. Andrew Bartlett (This used to be commit 11cc6408c93f46f4d9ae7ae0ee18dac836fe270d)
2007-10-10r18301: I discovered how to load the warnings from a build farm build intoAndrew Tridgell2-11/+2
emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
2007-10-10r18240: Make it clearer when we store the plaintext password.Andrew Bartlett2-5/+21
Store the plaintext password in userPassword in the LDAP backend so that the OpenLDAP server can use DIGEST-MD5. Andrew Bartlett (This used to be commit 1b02c604b2c55e1c9e15ac1f266e7df74d619dbd)
2007-10-10r18031: Merge my replace fixes:Jelmer Vernooij1-1/+11
* libreplace can now build stand-alone * add stub testsuite for libreplace * make talloc/tdb/ldb use libreplace (This used to be commit fe7ca4b1454e01a33ed0d53791ebffdd349298b4)
2007-10-10r17998: start working on syntaxesSimo Sorce4-29/+441
(This used to be commit b49b8f5cb5ffa29a3b63f70a1f437c9720d2228c)
2007-10-10r17967: Somewhere along the line we lost unixName here, and so lost theAndrew Bartlett1-1/+1
ability for 'administrator' to log in as unix user 'root'. Andrew Bartlett (This used to be commit 221efba5289b8bbb54b770c556f19bfbdc9ee216)
2007-10-10r17955: Don't search for the dnsDomain attribute, it is invented (not in theAndrew Bartlett1-7/+23
AD schema). Andrew Bartlett (This used to be commit fac27e4dddc98288dc765e135db6b168fbec760c)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij6-5/+102
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17898: handle objectcategory and isdefunct for classesSimo Sorce1-17/+60
(This used to be commit 7664b52b89bfac6f2db52fae2daa65c856acd1ac)
2007-10-10r17894: better name for the internal syntax typeSimo Sorce1-3/+3
(This used to be commit 4241a1bb832461ca44ce0f20cb770ea2b6f2d7e3)
2007-10-10r17870: This module (for the moment) handles the modifyTimestamp generation. ↵Andrew Bartlett1-0/+1
For that, it needs to hook into the modify operation. Andrew Bartlett (This used to be commit d22117a53bafa4bb72c854353620099b5a6f81d8)
2007-10-10r17860: Let's commit the work down up to now on the new schema module.Simo Sorce2-0/+1320
At the moment it is able to validate an object has no conflicting objectlasses that it meets the criteria to be inserted as child of the parent and also sorts and create the objectclass hierarchy so that the objectclass .c module can be obsoleted. Not activated by default as we have to completely rework the current provisioning method. (In my tests I could not activate it before all other ldif except for the one that create users were loaded, make test seem to be happy anyway if it is activated after provisioning). Next steps will be attribute and attribute syntax checking on add operation. And then the modify operation will follow. Simo. (This used to be commit 0c444ba1adfb9ce5cfa736bf0620aa3bec66050d)
2007-10-10r17830: Set the default_basedn (hey, it comes from the "default" naming ↵Simo Sorce2-2/+2
contex :-) once at connection time, after modules have been loaded. Introduce a function to retrieve the value where needed. (This used to be commit 0caf6a44e03393c645030a9288e7dfd31e97c98b)
2007-10-10r17825: I broken cracknames in my last patch - fix it upAndrew Tridgell1-1/+1
(This used to be commit 4ec4f91a437bdfab7b8e0fd1e43c0b8b1927e461)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell3-33/+12
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell4-16/+14
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher2-4/+4
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17703: Fixes to enable the entryUUID module to work for it's objectClass ->Andrew Bartlett2-6/+7
OID mappings. The key point is to 'enable' the partitions in the partitions module before the init is complete. That way, the modules can perform searches that use partitions. Andrew Bartlett (This used to be commit 420d1920a6824a6c0cb70b4ba832ddb90b0e95ff)
2007-10-10r17699: Remove more printf calls.Andrew Bartlett1-11/+9
Try to cope with partital initialisation. Andrew Bartlett (This used to be commit 3c497405fea2f3e48a0d1bb2818b6a1ff345d368)
2007-10-10r17694: Don't use printf() in a module...Andrew Bartlett1-6/+5
(This used to be commit 9f810ddd1436672e16a6b80500bb14aa21e097de)
2007-10-10r17690: Demonstrate how we can read the schema to find out details needed forAndrew Bartlett1-3/+182
translation. I hope to have this reading a schema structure in the future. Andrew Bartlett (This used to be commit fb085a651ff60ab9b5d120a1ea228ff3edf0c224)
2007-10-10r17639: Martin Kuhl noticed that we loaded an incorrect value forAndrew Bartlett2-0/+11
distinguisedName on templated objects. In looking how to handle distinguishedName correctly on LDAP, I was very glad to find it supported entryDN, and this adds another mapping. Andrew Bartlett (This used to be commit 3b5c973988648a2b2a5e1885ee894607e4d9679b)
2007-10-10r17553: Actually enable the samba3sam module. Should help 'make test'.Andrew Bartlett1-1/+0
Andrew Bartlett (This used to be commit 0e19d159697e99f6c45879cf42c39c9b2b134ffa)
2007-10-10r17530: Watching the build farm mails carefully pays off...Andrew Bartlett1-3/+2
This was another declaration before statement bug, in my just-committed code.. Andrew Bartlett (This used to be commit 1d1bf6b20512653c1de7920388f16fbef936ed47)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett2-13/+37
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17526: Move timestamp generation into the objectGUID module. It probablyAndrew Bartlett1-1/+88
needs to be renamed (operation_add?). This allows me to match the behaviour and substitute with the entryUUID module for remote LDAP connections. Andrew Bartlett (This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60)
2007-10-10r17525: This is a merge from the Google Summer of Code 2006 project by ↵Andrew Bartlett3-2/+227
Martin Kühl <mkhl@samba.org>. Martin took over the work done last year by Jelmer, in last year's SoC. This was a substanital task, as the the ldb modules API changed significantly during the past year, with the addition of async calls. This changeset reimplements and enables the ldb_map ldb module and adapts the example module and test case, both named samba3sam, to the implementation. The ldb_map module supports splitting an ldb database into two parts (called the "local" and "remote" part) and storing the data in one of them (the remote database) in a different format while the other acts as a fallback. This allows ldb to e.g. store to and load data from a remote LDAP server and present it according to the Samba4 schema while still allowing the LDAP to present and modify its data separately. A complex example of this is the samba3sam module (by Jelmer Vernooij), which maps data between the samba3 and samba4 schemas. A simpler example is given by the entryUUID module (by Andrew Bartlett), which handles some of the differences between AD and OpenLDAP in operational attributes. It principally maps objectGUID, to and from entryUUID elements. This is also an example of a module that doesn't use the local backend as fallback storage. This merge also splits the ldb_map.c file into smaller, more manageable parts. (This used to be commit af2bece4d343a9f787b2e3628848b266cec2b9f0)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce5-28/+28
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17514: Simplify the way to set ldb errors and add anotherSimo Sorce8-130/+125
helper function to set them. (This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
2007-10-10r17513: ldb_set_errstring is an ldb private string, samdb uses DEBUG() ↵Simo Sorce1-4/+3
statements (This used to be commit c57b6420aa4a220257df714aaccb016acb4bae24)