summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-1/+1
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett3-103/+192
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-14The ldb async merge broke all MMC management utiltiesMatthias Dieter Wallnöfer1-4/+4
Commit 51baa8deec00244cc0a6e3d29c53932427800610 included a copy-and-paste bug which caused all MMC mangement utilities to break. Because of the typo Samba4 would no longer include the magic 'you may write to these attributes/create these classes' attributes, these tools would display all fields greyed out or 'read only', and not allow the creation of child objects. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-13DSDB cosmetic patches: Some enhancementsMatthias Dieter Wallnöfer2-6/+6
Also, use the constants more in the "ldif_handlers" module.
2008-10-13Cosmetic corrections for the DSDB moduleMatthias Dieter Wallnöfer4-13/+13
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij18-18/+18
2008-10-06Implement 'type unknown' names in the CrackNames code.Andrew Bartlett1-10/+48
This guesses the type by running each of the possible options. Andrew Bartlett
2008-10-06Remove compleatly bogus rename test in partitions module.Andrew Bartlett1-17/+0
2008-10-06Remove DESCRIPTION from generated schema lines.Andrew Bartlett1-20/+1
This is not permitted in the AD aggregate schema, and more trouble than it is worth in the OpenLDAP schema due to escaping issues. Andrew Bartlett
2008-10-06Fix Domain Trust creation with Windows 2008 (and many other tools)Andrew Bartlett1-1/+5
A dITConentRules attribute (unlike objectClasses) must not contain a 'SUP'. The ADSI layer in Windows would download the whole schema, and validate it. Thanks to the team at Microsoft for very long debugging session to find this. Andrew Bartlett
2008-10-03Merge commit 'master/master'Andrew Tridgell5-48/+424
2008-10-03fixed the partition module and the GC handlingAndrew Tridgell1-4/+38
- when multiple partitions are searched, consider the search a success if any of the partitions return success - only search the right subset of partitions, looking at the scope and basedn of the search This fixes several errors with GC searches
2008-10-02fixed the sense of ldb base dn comparisons in two places, and use aAndrew Tridgell2-4/+4
direct comparison instead of a sub-tree comparison in another this fixes basedn searches on the global catalog port
2008-10-02Fix crash bugs in error paths: ac is not yet initialized here, and we don'tSimo Sorce1-27/+18
need to call ldb_module_done in the main module functions, we can directly return an error. ldb_module_done() is for callbacks
2008-10-02s4:rootdse: for now don't pass down controls for the rootdse searchStefan Metzmacher1-1/+1
metze
2008-10-02s4:partition: register DOMAIN_SCOPE and SEARCH_OPTIONS controlsStefan Metzmacher1-0/+14
metze
2008-10-02s4:partition: pass down the SEARCH_OPTIONS control as uncriticalStefan Metzmacher1-0/+8
metze
2008-10-02s4:linked_attributes: fix a crash bug when the definition of a target ↵Stefan Metzmacher1-3/+35
attribute is missing Windows 2003 has a broken schema where the definition of msDS-IsDomainFor is missing (which is supposed to be the backlink of the msDS-HasDomainNCs attribute. Our schema is extracted from windows 2003, so we have the problem. As the NET-API-BECOME-DC test triggers this bug, windows 2003 seems to just skip creating a backlink. metze
2008-10-02s4:kludge_acl: just fake support for the SD_FLAGS controlStefan Metzmacher1-0/+20
metze
2008-10-02s4:extended_dn: add support for <GUID=...>, <SID=...> or <WKGUID=...,DC=...> ↵Stefan Metzmacher1-44/+355
as basedn We resolve them into the real basedn before do the real search. metze
2008-09-30Compare sids in samba3sam tests.Jelmer Vernooij1-11/+21
2008-09-29s4:samldb: use the code path with async ldbStefan Metzmacher1-43/+4
This removes the event_context leak that caused NT_STATUS_TOO_MANY_OPENED_FILES in the server, because of all the epool fds metze
2008-09-29LDB ASYNC: misc changesSimo Sorce1-3/+2
2008-09-29LDB ASYNC: samba4 modulesSimo Sorce22-4333/+4946
2008-09-29s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updatesStefan Metzmacher3-3/+37
We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
2008-09-25Revert LDB return code patches from Matthias.Jelmer Vernooij4-16/+16
2008-09-24Cosmetic corrections for the DSDB moduleMatthias Dieter Wallnöfer4-16/+16
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
2008-09-24Use loadparm since it's required by some modules.Jelmer Vernooij1-6/+6
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij2-2/+2
2008-09-24Rename smbd -> samba.Jelmer Vernooij1-1/+1
This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091. Conflicts: source4/smbd/server.c
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce13-80/+63
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-21Revert "Rename smbd -> samba."Jelmer Vernooij1-1/+1
This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
2008-09-21Rename smbd -> samba.Jelmer Vernooij1-1/+1
2008-09-21Fix last samba3sam.py test.Jelmer Vernooij1-24/+28
2008-09-21Fix DNs - only one more samba3sam test failing now.Jelmer Vernooij1-80/+72
2008-09-20More code simplifications.Jelmer Vernooij1-24/+25
2008-09-19Fix formatting.Jelmer Vernooij1-35/+63
2008-09-19Simplify code, remove print statements.Jelmer Vernooij1-29/+42
2008-09-19Fix objectclass tests.Jelmer Vernooij1-4/+3
2008-09-18Improve formatting.Jelmer Vernooij1-66/+54
2008-09-18Fix tests, be less verbose.Jelmer Vernooij1-35/+35
2008-09-18Fix some tests.Jelmer Vernooij1-4/+16
2008-09-12Remove ancient remains of first experimentations aboutSimo Sorce4-1781/+0
supporting a schema (This used to be commit 53b57300c799a079b4d64815243fe6120e0a9fa2)
2008-09-12Fix failure to load the schema on read-only DB.Andrew Bartlett1-23/+13
This also tries to simplify the logic in the schema -> @ATTRIBUTES and @INDEXES code. Andrew Bartlett (This used to be commit a383b8bf88a5681f9c9c6839ba645c872a735051)
2008-09-11Remove the complexity of transactions from the attributes-setting code.Andrew Bartlett1-16/+1
I think it is just too complex and error prone to init and cancel transactions during the module init code. Instead, this isn't prone to races as it will always achieve a steady state (eventually), and most cases will never do the write. Andrew Bartlett (This used to be commit d60977cc7f89f89f34187f310c91d1ab7db6ccf2)
2008-09-11Make cn=aggregate output less pretty, by more like Win2008.Andrew Bartlett1-2/+2
I'm not sure if this fixes bug #5713, as this is not consistantly reproducably on my equipment. Andrew Bartlett (This used to be commit 02d6645efc84179efd652dd29ab32f62ae310147)
2008-09-09Fix reversed test trying to fix bug #5713Andrew Bartlett1-1/+1
(It instead ensured that only 'top' had a SUP keyword) This clearly shows that 937b466266256d26d02cf8d48e72a26272fe8627 was not a full or correct fix, but despite this I can no longer reproduce the issue. Further investigation is required. Andrew Bartlett (This used to be commit 95a9e9b6b84866cd300b1d19915627c6718b4dde)
2008-09-09Fix bug #5713 by correcting the generated schema.Andrew Bartlett1-1/+1
This bug is entitled 'Schema patch breaks interoperability with Microsoft MMC consoles.', and it does so very spectacularly. The issue is that we would include an entry: objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT.. The MMC Active Directory Users and Computers snap in presumably objected to the 'loop' this would present. The fixed entry is: objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT Thanks to Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> for his persistance in getting me to look at this. Andrew Bartlett (This used to be commit 937b466266256d26d02cf8d48e72a26272fe8627)
2008-09-08Add definition for SYSTEM_FLAG_ATTR_IS_RDNAndrew Bartlett1-0/+1
(This used to be commit 36f727c4a73ffc8634692b0c5645343cb414de93)