summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-11-16s4:dsdb LDB attribute lists must always be a static const char **.Andrew Bartlett1-1/+1
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack). Andrew Bartlett
2009-11-16s4:provision - Removed dependency on full Samba 3 schema from FDSEndi S. Dewata1-41/+0
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova2-105/+258
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-15s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-1/+4
"lDAPDisplayName" generator Also here we've to be sure to generate the attribute correctly if it doesn't exist yet.
2009-11-15s4:SAMLDB module - Add support for required and generated schema attributesAndrew Bartlett1-7/+285
This missing support found by Microsoft test suite at AD interop event. Patch by Andrew Bartlett Enhancements by Matthias Dieter Wallnöfer
2009-11-15s4:samdb util - add a call for generating a correct "lDAPDisplayName"Matthias Dieter Wallnöfer1-0/+28
This is needed for the SAMLDB module enhancement regarding schema objects. The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
2009-11-14s4-drs: DsExecuteKCC() implementationErick Nascimento2-1/+21
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc(). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-13s4-ldb: changed the DN checks for \n to warningsAndrew Tridgell1-3/+6
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know when is really is allowed, treat it as a warning only.
2009-11-12s4:dsdb Make callbacks in extended_dn_out clearer to followAndrew Bartlett1-1/+6
2009-11-12s4:repl_meta_data Parse linked attributes with schema syntaxesAndrew Bartlett1-39/+44
The bug here was that by assuming all linked attributes were 'normal DNs', we would miss the binary portion of DN+Binary. This patch then has us reparse the string to determine it's GUID, for the GUID lookup, but maintains the binary porition into the on-disk format. Andrew Bartlett
2009-11-12s4:dsdb/schema Add more unit tests for DN+Binary syntaxesAndrew Bartlett1-4/+9
2009-11-12s4:dsdb Improve debug message in extended_dn_outAndrew Bartlett1-1/+3
2009-11-12s4:dsdb/schema Allow a schema set when bound against a remote LDAP serverAndrew Bartlett1-3/+3
2009-11-12s4:dsdb Add expected value tests for most DRS syntax conversionsAndrew Bartlett2-6/+155
I've left out those for which I could not find an expected value in my default Windows 2003 server's database, and the values that rely on the current prefix map at the time. Andrew Bartlett
2009-11-12s4:Fix regression in dsdb_dn code - all parses of the DN would be rejectedAndrew Bartlett1-2/+6
This is most likely the cause of the DRS replication failures I observed with my changes. Andrew Bartlett
2009-11-12s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS importAndrew Bartlett2-44/+49
This will allow us in future to do tests on the LDB values we generate from the DRS replication. Andrew Bartlett
2009-11-12s4:dsdb/schema Simplify schema loading from ldb messagesAndrew Bartlett2-98/+81
It turns out that we always add the class/attribute to the schema.
2009-11-12s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changesAndrew Bartlett3-30/+38
These changes include reworking the code to call ldb_module_get_ctx() less often (avoid the function calls, particularly during the step into a complex function). Andrew Bartlett
2009-11-12s4:dsdb Ensure we allow 'odd' lengths for DN+StringAndrew Bartlett1-5/+5
(Found in a code review by metze) Andrew Bartlett
2009-11-12s4:dsdb Add extensive tests for the behaviour of dsdb_dnAndrew Bartlett1-0/+357
2009-11-12s4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schemaAndrew Bartlett3-64/+87
This converts the code from using the binary DN code in ldb_dn to using a special Samba-specfic wrapper around ldb_dn. We also use the dsdb_dn code for DN+Binary and DN+String comparisons (changed from treating them as Binary blobs) Andrew Bartlett
2009-11-12s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+StringAndrew Bartlett4-1/+343
This aims to replace (and is based on) the code in ldb_dn.c. It is however much stricter in the DNs it will accept. Andrew Bartlett
2009-11-12lib/util Split data_blob_hex_string() into upper and lowerAndrew Bartlett1-5/+5
Rather than have a repeat of the bugs we found at the plugfest where hexidecimal strings must be in upper or lower case in particular places, ensure that each caller chooses which case they want. This reverts most of the callers back to upper case, as things were before tridge's patch. The critical call in the extended DN code is of course handled in lower case. Andrew Bartlett
2009-11-09s4-samdb: remove the rDN size constraint of 64Andrew Tridgell1-3/+10
This size constraint is not correct in it's current form, as windows does send us rDN values for CN with lengths longer than 64. Once we know how this constraint really works we can add it back in.
2009-11-07s4:dsdb/common/util - samdb_result_hashes - use "unsigned int" for countersMatthias Dieter Wallnöfer1-2/+1
2009-11-06s4:samdb_check_password - allow the password string to be NULLMatthias Dieter Wallnöfer1-0/+1
This deactivates the password complexity check, but not the minimum password length one, since the length is specified. This change is needed by my password module work.
2009-11-06s4:samdb_validate_password - Adapt the function to use the UNIX charset for ↵Matthias Dieter Wallnöfer1-20/+7
the password data blob
2009-11-06s4/drs: Refactor to be more SAMBA.Coding style compliantKamen Mazdrashki2-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Remove unused structures and functionsKamen Mazdrashki2-93/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: remove unused num_prefixes and prefixes from dsdb_schemaKamen Mazdrashki3-6/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_create_prefix_mapping() refactoredKamen Mazdrashki1-11/+9
TODO: this function may be refactored further. Actually we don't need to look up for the OID supplied, but just call sdb_schema_pfm_make_attid() - it will search for the OID anyway and add it if necessary Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: prefixMap lookup by full_OID implementationKamen Mazdrashki1-0/+25
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_write_prefixes_from_schema_to_ldb() refactoredKamen Mazdrashki1-39/+35
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_read_prefixes_from_ldb() refactoredKamen Mazdrashki1-54/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: refactor dsdb_load_oid_mappings_ldb() to use ↵Kamen Mazdrashki1-33/+29
_dsdb_prefixmap_from_ldb_val() Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Load prefixMap from ldb_val moved in separate functionKamen Mazdrashki1-0/+35
It is to be used later in several places when we need such conversion. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_schema_pfm_from_drsuapi_pfm() to accept partial drsuapi_prefixMapKamen Mazdrashki2-22/+46
"partial drsuapi_prefixMap" is a prefix map without last entry being special - i.e. map that does not contains schema_info entry. Test for dsdb_schema_pfm_from_drsuapi_pfm() were also extended to cover both 'full' and 'partial' map conversion. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_map_int2oid() replaced by dsdb_schema_pfm_oid_from_attid()Kamen Mazdrashki2-30/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_map_oid2int() replaced by dsdb_schema_pfm_make_attid()Kamen Mazdrashki3-19/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_verify_oid_mappings_drsuapi() replaced by ↵Kamen Mazdrashki2-72/+1
dsdb_schema_pfm_contains_drsuapi_pfm() dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented prefixMap interface. This name was choosen to clearly show, that this a week verification in case we want to determine if remote schema is changed. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_get_oid_mappings_drsuapi() to use new prefixMap interfaceKamen Mazdrashki1-34/+3
dsdb_get_oid_mappings_drsuapi() just need to call dsdb_drsuapi_pfm_from_schema_pfm() to get filled-in DRSUAPI prefixMap. Perhaps it won't be bad to rename this function to have more expressive name in the future Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_load_oid_mappings_drsuapi() -> dsdb_load_prefixmap_from_drsuapi()Kamen Mazdrashki1-52/+13
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use dsdb_schema_pfm_from_drsuapi_pfm() function to load drsuapi_prefixMap into schema->prefixmap Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_schema uses dsdb_schema_prefixmap definitionKamen Mazdrashki1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Move schema_prefixMap allocation in separate functionKamen Mazdrashki1-15/+29
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: schema_prefixMap to/from drsuapi_prefixMap conversion implementationKamen Mazdrashki1-1/+228
Along with this, dsdb_schema_pfm_contains_drsuapi_pfm() function is implemented to replace previous implementation for dsdb_verify_oid_mappings_drsuapi(). Name of the function clearly implies how week this verification is, as currently it is used to indicate "Schema modified on remote" condition. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Implement binary-oid-lookup into prefixMapKamen Mazdrashki1-25/+37
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Move making of partial-binary-oid to a separate functionKamen Mazdrashki1-20/+45
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Fix memory leek in prefixMapKamen Mazdrashki1-1/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-05Version 1.0 of the directory service acls module.Nadezhda Ivanova3-965/+358
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing.
2009-11-05s4:dsdb/common/util - Add a new utility function "samdb_check_password"Matthias Dieter Wallnöfer1-9/+45
This function performs basic password checks and will be used by the "samrValidatePassword" call and the "password_hash" module.