summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-04-14Move DRSUAPI per-attribute decryption into a common fileAndrew Bartlett2-159/+4
This file (contining metze's decryption routines) is now also be used by Samba3's DRSUAPI implementation Andrew Bartlett
2009-04-09make the memory usage of possibleInferiors much more efficientAndrew Tridgell1-20/+31
2009-04-09fixed the possibleInferiors calculation so it now passes the testAndrew Tridgell2-27/+28
We are probably still using more memory here than we need to. That needs to be looked at.
2009-04-09slightly nicer output in our possibleInferiors test codeAndrew Tridgell1-2/+2
2009-04-09hook the new possibleInferiors calculation into the schemaAndrew Tridgell1-14/+77
We now generate possibleInferiors at startup, and return it when requested
2009-04-08Make the schema_inferiors generation code to compileAndrew Bartlett4-70/+101
Sadly it still segfaults at this stage Andrew Bartlett
2009-04-07first cut at a C version of the possible inferiors codeAndrew Tridgell1-0/+172
2009-04-03s4:schema Don't free mem_ctx before it is initilisedAndrew Bartlett1-1/+0
2009-04-02major upgrade to the ldb attribute handlingAndrew Tridgell5-115/+325
This is all working towards supporting the full WSPP schema without a major performance penalty. We now use binary searches when looking up classes and attributes. We also avoid the loop loading the attributes into ldb, by adding a hook to override the ldb attribute search function in a module. The attributes can thus be loaded once, and then saved as part of the global schema. Also added support for a few more key attribute syntaxes, as needed for the full schema.
2009-03-31possibleInferiors is a generated attribute - we can't pull it over DRSAndrew Tridgell1-2/+0
or from ldb
2009-03-31Merge branch 'master' into wspp-schemaAndrew Tridgell1-14/+49
2009-03-31use the prepare_commit op in the partition codeAndrew Tridgell1-14/+49
This makes multi-partition ldb's much safer
2009-03-31Merge branch 'master' into wspp-schemaAndrew Tridgell1-0/+246
2009-03-27added a --wspp optionAndrew Tridgell1-4/+7
Adding --wspp to possibleInferiors.py forces it to use the WSPP documented algorithm, which doesn't match windows behaviour
2009-03-26fixed possibleinferiors.py so it matches windows behaviourAndrew Tridgell1-39/+127
This test code builds the possibleInferiors for every class in the schema on a target machine, and compares it to the servers possibleInferiors attribute. The MS-ADTS spec describes how to calculate possibleInferiors for a object, but it seems to have some bugs. The spec says that we need to use AUXCLASSES, and it does not mention the use of the SUBCLASS tree. In trying to match windows behaviour, I found that I needed to ignore the AUXCLASSES and build a SUBCLASSES tree.
2009-03-24the start of a possibleInferiors test suiteAndrew Tridgell1-0/+155
we haven't implemented possibleInferiors yet. This test is meant to help us understand how it works. It tries to construct possibleInferiors via searches on other attributes, and compares it to the servers constructed possibleInferiors attribute for each class in the servers schema. see [MS-ADTS] section 3.1.1.4.5.21
2009-03-20Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schemaAndrew Bartlett2-6/+86
2009-03-17added support for parentGUIDAndrew Tridgell1-5/+84
This is made up of 4 parts: 1) change our schema to include the parentGUID attribute type 2) in the add hook in the objectclass module, get the objectGUID of the parent and add it to the message as parentGUID 3) in the rename hook in the objectclass module, get the objectGUID of the new parent, and insert an async modify request after the renmam is done 4) added a simple test suite
2009-03-16s4:password_hash Only store the LM hash if 'lanman auth = yes'Andrew Bartlett1-1/+2
The clients that do only lanman auth are on their way out, the passwords are case insensitive, it does not support unicode and we should not store such a poor hash of the password if we can avoid it. Andrew Bartlett
2009-03-11s4:schema Don't rely on objectCategory 'magic' when loading the schemaAndrew Bartlett1-2/+2
The short-to-long name canonicalisation rules use the schema, so clearly they won't work when loading it. Andrew Bartlett
2009-03-06Load the schema with a more efficient single searchAndrew Bartlett1-93/+15
This search uses the index, and is not recursive, so should avoid the major performance problem with the current sorted schema load. The ad2oLschema code (recently moved to provision-backend) no longer needs the schema to be sorted. Andrew Bartlett
2009-03-06Sort output of schema for OpenLDAP during conversionAndrew Bartlett1-98/+132
This avoids the need to assume that the schema is sorted on load, which happens more often and is a major performace issue in the Samba4's use of ldb. Andrew Bartlett
2009-03-05Remove ad2oLschema, insted call it directly from provision-backendAndrew Bartlett3-2/+319
This removes a level of indirection via external binaries in the provision-backend code, and also makes better use of our internal code for loading schema from an LDIF file. Remaining to do: Sort the output again, as the load from LDIF is unsorted (also needed because the normal LDB load from sorted input is too slow anyway, and is only needed here). Andrew Bartlett
2009-03-04Pull in all the schema information during DRS schema fetchAndrew Bartlett1-9/+38
This includes things such as allowed attributes, which were not populated into the schema structure before. Andrew Bartlett
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij4-30/+20
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij4-9/+9
consistency with Samba 3.
2009-02-23Fix headers, ldb_includes.h is a private header,Simo Sorce7-3/+8
do not reference it from ldb.h
2009-02-10added a workaround to the handling of unicodePwd for Win7-betaAndrew Tridgell1-1/+30
The Win7-beta domain process has changed. It no longer uses SAMR for setting the password, and instead uses a ldap modify on a SASL encrypted ldap connection. We didn't handle that as the unicodePwd attribute has a dual use, holding the nt style MD4 hases for DRS replication, but holding a UTF-16 plaintext password for a LDAP modify. This patch copes with the ldap unicodePwd modify by recognising the format and creating the correct attributes on the fly. Note that this assumes we will never get a unicodePwd attribute set in NT MD4 format with the first 2 and last 2 bytes set to 0x22 0x00. Andrew Bartlett is looking at a more robust solution, possibly using a flag to say that this modify came via ldap, and not internal ldb calls.
2009-02-02s4:schema_fsmo: s/class/sclassStefan Metzmacher1-7/+7
metze
2009-02-02s4:update_keytab: s/delete/do_deleteStefan Metzmacher1-7/+7
metze
2009-02-02s4:service_task: s/private/private_dataStefan Metzmacher1-1/+1
metze
2009-02-02s4:kludge_acl: s/class/sclassStefan Metzmacher1-5/+5
metze
2009-02-02s4:dsdb/schema: s/class/sclassStefan Metzmacher2-31/+32
metze
2009-02-02s4:extended_dn_out: s/private/p s/new/nattrsStefan Metzmacher1-40/+40
metze
2009-01-31s4:repl_meta_data: fix segfault after ldb changesStefan Metzmacher1-1/+1
metze
2009-01-30Fix proxy moduleSimo Sorce1-2/+2
2009-01-30Fix all other modules to use ldb_module.h instead of ldb_private.hSimo Sorce16-558/+801
The only 2 modules escaping the rule so far are rootdse and partitions
2009-01-30Fix misfiled headers.Simo Sorce1-1/+0
Some public functions were mistakenly put into ldb_private.h Revert all modules to only include ldb_module.h
2009-01-30s4:fix the build after 380874ef863866c94c999ef53252b9d30df65e88Stefan Metzmacher1-0/+1
metze
2009-01-30Fix the mess with ldb includes.Simo Sorce10-76/+147
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-21Allow overriding the function that ships the request in the Samba 3Jelmer Vernooij1-1/+1
client code.
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher8-13/+13
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-23Fix more compiler warnings in various places.Jelmer Vernooij4-33/+33
2008-12-22Fix missing symbols issues when building with shared libraries.Jelmer Vernooij1-1/+1
2008-12-21Fix more tests, improve repr() functions for various Python types.Jelmer Vernooij1-9/+2
2008-12-21Fix various Python-related bugs.Jelmer Vernooij1-170/+170
2008-12-20Treat DN+STring as a binary string for nowAndrew Bartlett1-4/+4
This matches the way we work with DN+Binary. We need this for the OpenLDAP backend. Andrew Bartlett
2008-12-20Now store the GUID and SID from a DN over DRSUAPI into ldb.Andrew Bartlett4-43/+162
Until the extended DN work was compleated, there was no way to store the additional metadata. Andrew Bartlett
2008-12-18Fix samba3sam test after removal of dom_sid IDL file.Jelmer Vernooij1-2/+2
2008-12-17s4:dsdb: remove normalise moduleAndrew Bartlett2-206/+0
The extended_dn_out module provides the functionality now. Signed-off-by: Stefan Metzmacher <metze@samba.org>