Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This converts the code from using the binary DN code in ldb_dn to
using a special Samba-specfic wrapper around ldb_dn.
We also use the dsdb_dn code for DN+Binary and DN+String comparisons
(changed from treating them as Binary blobs)
Andrew Bartlett
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett
|
|
This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.
|
|
|
|
This deactivates the password complexity check, but not the minimum password
length one, since the length is specified.
This change is needed by my password module work.
|
|
the password data blob
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
TODO: this function may be refactored further.
Actually we don't need to look up for the OID supplied,
but just call sdb_schema_pfm_make_attid() - it will
search for the OID anyway and add it if necessary
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
_dsdb_prefixmap_from_ldb_val()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It is to be used later in several places when we need such conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
"partial drsuapi_prefixMap" is a prefix map without last entry
being special - i.e. map that does not contains schema_info entry.
Test for dsdb_schema_pfm_from_drsuapi_pfm() were also extended to
cover both 'full' and 'partial' map conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
dsdb_schema_pfm_contains_drsuapi_pfm()
dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented
prefixMap interface.
This name was choosen to clearly show, that this a week verification
in case we want to determine if remote schema is changed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
dsdb_get_oid_mappings_drsuapi() just need to call
dsdb_drsuapi_pfm_from_schema_pfm() to get filled-in DRSUAPI
prefixMap.
Perhaps it won't be bad to rename this function to have
more expressive name in the future
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use
dsdb_schema_pfm_from_drsuapi_pfm() function to load
drsuapi_prefixMap into schema->prefixmap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Along with this, dsdb_schema_pfm_contains_drsuapi_pfm()
function is implemented to replace previous implementation
for dsdb_verify_oid_mappings_drsuapi().
Name of the function clearly implies how week this verification is,
as currently it is used to indicate "Schema modified on remote"
condition.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
This function performs basic password checks and will be used by the
"samrValidatePassword" call and the "password_hash" module.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
While this logic (avoiding to prefix a non-filename with a path) is
important in the code this was copied from (private_dir()), none of
the callers of this function need it.
Andrew Bartlett
|
|
This allows us to change the escaping function without breaking
existing installs. The new escaping function (used for new databases)
is RFC1738 URI encoding, except for the trivial cases without special
characters.
The new databases are also placed in a subdirectory, sam.ldb.d per an
earlier suggestion by metze.
Andrew Bartlett
|
|
Calling it from samdb_connect() can cause a stale schema to be put
into the global schema.
Thanks to Andrew Bartlett for spotting this.
|
|
If we get an error ending a transaction on one partition we need to
continue on the other partitions.
|
|
This means we need to create a fake 'module' which only has a 'next'
pointer, so that we can now ldb_next_request() (which incorporates
tracing). The remainaing stub of partition_request() is retained so
that we can indicate which partition an operation is destined for.
Similar tracing is added to the transaction handlers.
Andrew Bartlett
|
|
The schema update now request is now handled above the partitions
module.
Andrew Bartlett
|
|
|
|
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
|
|
|
|
metze
|