Age | Commit message (Collapse) | Author | Files | Lines |
|
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).
Andrew Bartlett
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
"lDAPDisplayName" generator
Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.
|
|
This missing support found by Microsoft test suite at AD interop event.
Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer
|
|
This is needed for the SAMLDB module enhancement regarding schema objects.
The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
|
|
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
when is really is allowed, treat it as a warning only.
|
|
|
|
The bug here was that by assuming all linked attributes were 'normal
DNs', we would miss the binary portion of DN+Binary.
This patch then has us reparse the string to determine it's GUID, for
the GUID lookup, but maintains the binary porition into the on-disk
format.
Andrew Bartlett
|
|
|
|
|
|
|
|
I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.
Andrew Bartlett
|
|
This is most likely the cause of the DRS replication failures I
observed with my changes.
Andrew Bartlett
|
|
This will allow us in future to do tests on the LDB values we generate
from the DRS replication.
Andrew Bartlett
|
|
It turns out that we always add the class/attribute to the schema.
|
|
These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).
Andrew Bartlett
|
|
(Found in a code review by metze)
Andrew Bartlett
|
|
|
|
This converts the code from using the binary DN code in ldb_dn to
using a special Samba-specfic wrapper around ldb_dn.
We also use the dsdb_dn code for DN+Binary and DN+String comparisons
(changed from treating them as Binary blobs)
Andrew Bartlett
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett
|
|
This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.
|
|
|
|
This deactivates the password complexity check, but not the minimum password
length one, since the length is specified.
This change is needed by my password module work.
|
|
the password data blob
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
TODO: this function may be refactored further.
Actually we don't need to look up for the OID supplied,
but just call sdb_schema_pfm_make_attid() - it will
search for the OID anyway and add it if necessary
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
_dsdb_prefixmap_from_ldb_val()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It is to be used later in several places when we need such conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
"partial drsuapi_prefixMap" is a prefix map without last entry
being special - i.e. map that does not contains schema_info entry.
Test for dsdb_schema_pfm_from_drsuapi_pfm() were also extended to
cover both 'full' and 'partial' map conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
dsdb_schema_pfm_contains_drsuapi_pfm()
dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented
prefixMap interface.
This name was choosen to clearly show, that this a week verification
in case we want to determine if remote schema is changed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
dsdb_get_oid_mappings_drsuapi() just need to call
dsdb_drsuapi_pfm_from_schema_pfm() to get filled-in DRSUAPI
prefixMap.
Perhaps it won't be bad to rename this function to have
more expressive name in the future
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use
dsdb_schema_pfm_from_drsuapi_pfm() function to load
drsuapi_prefixMap into schema->prefixmap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Along with this, dsdb_schema_pfm_contains_drsuapi_pfm()
function is implemented to replace previous implementation
for dsdb_verify_oid_mappings_drsuapi().
Name of the function clearly implies how week this verification is,
as currently it is used to indicate "Schema modified on remote"
condition.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
This function performs basic password checks and will be used by the
"samrValidatePassword" call and the "password_hash" module.
|