summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-05-24s4:dsdb_enum_group_mem - use "unsigned" countersMatthias Dieter Wallnöfer1-2/+3
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned".
2010-05-24s4:dsdb_lookup_rids - "unsigned" counters fit better than "signed" in this caseMatthias Dieter Wallnöfer1-2/+2
2010-05-24s4:dsdb_add_user - check the "cn"/"account_name" length (should be >= 1)Matthias Dieter Wallnöfer1-7/+12
This needed by the "cn_name_len"-1 accesses. And use a "size_t"-typed variable for storing it (length specificators should always be stored using "size_t" variables).
2010-05-24s4:samr Push most of samr_LookupRids into a helper functionAndrew Bartlett1-0/+66
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Push most of samr_QueryGroupMember into a helper functionAndrew Bartlett1-0/+67
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Move most of samr_CreateDomAlias into a helper functionAndrew Bartlett1-0/+73
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split most of samr_CreateDomainGroup into a helper functionAndrew Bartlett1-0/+79
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split the guts of samr_CreateUser2 into a helper functionAndrew Bartlett2-1/+250
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:dsdb Allow a NULL search expression in dsdb_search()Andrew Bartlett1-2/+5
The NULL search expression expands to (objectClass=*), but %s expands NULL to (NULL) which doesn't parse... Andrew Bartlett
2010-05-21s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett1-1/+0
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
2010-05-20s4:operational LDB module - fix warnings (missing parameters, unused variable)Matthias Dieter Wallnöfer1-3/+5
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett2-25/+56
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-05-20s4:auth Add dependency from the operational module onto authAndrew Bartlett2-2/+5
We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett
2010-05-20s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett3-82/+68
This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
2010-05-20s4:auth Move BUILTIN group addition into session.cAndrew Bartlett1-2/+9
The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett
2010-05-20s4:dsdb disable tokenGroups until end of rewriteAndrew Bartlett1-1/+2
I need to change the functions this calls Andrew Bartlett
2010-05-19s4/metadata: fix whitespacesKamen Mazdrashki1-71/+71
2010-05-18s3: Fix some more iconv convenience usages.Jelmer Vernooij1-1/+1
2010-05-18Remove more usages of iconv_convenience in files which were apparently not ↵Jelmer Vernooij1-3/+1
recompiled by waf.
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij2-4/+1
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij16-91/+47
2010-05-17s4-rodc: Cache am_rodc flagAnatoliy Atanasov2-0/+51
2010-05-14s4:repl_meta_data LDB module - fix counter typesMatthias Dieter Wallnöfer1-1/+1
2010-05-14s4:dsdb_cache LDB module - fix a typoMatthias Dieter Wallnöfer1-1/+1
2010-05-14s4:samldb LDB module - remove unused variablesMatthias Dieter Wallnöfer1-2/+0
2010-05-13s4: Do not display by default the message Failed to send DsReplicaSync is ↵Matthieu Patou1-1/+6
other host is just unreachable Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-13s4:dsdb: fix samdb_result_logon_hours() and don't hardcode units_per_weekStefan Metzmacher1-4/+11
metze
2010-05-11s4:dsdb: cached results of samdb_rodc()Stefan Metzmacher1-1/+29
metze
2010-05-11Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in ↵Anatoliy Atanasov1-23/+0
provision" This reverts commit c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96. The fix is not correct, we should cache a bool to answer amIRODC
2010-05-11Revert "s4:password_hash LDB module - don't break the provision"Stefan Metzmacher1-3/+0
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze
2010-05-11Revert "s4:password hash LDB module - check that password hashes are != NULL ↵Stefan Metzmacher1-10/+6
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze
2010-05-11s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵Stefan Metzmacher1-2/+2
it's given Sorry, I removed this logic while cleaning up indentation levels... metze
2010-05-10s4:password_hash LDB module - we might not have a cleartext password at allMatthias Dieter Wallnöfer1-26/+29
When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
2010-05-10s4:password_hash LDB module - quiet a warningMatthias Dieter Wallnöfer1-1/+1
2010-05-10s4:password hash LDB module - check that password hashes are != NULL before ↵Matthias Dieter Wallnöfer1-6/+10
copying them
2010-05-10s4:password_hash LDB module - don't break the provisionMatthias Dieter Wallnöfer1-0/+3
This is to don't break the provision process at the moment. We need to find a better solution.
2010-05-10s4:samdb_set_password - adapt it for the user password change handlingMatthias Dieter Wallnöfer1-0/+12
Make use of the new "change old password checked" control.
2010-05-10s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer1-256/+134
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
2010-05-10s4:password_hash - Implement password restrictionsStefan Metzmacher1-0/+195
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze
2010-05-10s4:password_hash - Rework to handle password changesMatthias Dieter Wallnöfer1-138/+450
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5)
2010-05-10s4:password_hash - Rework unique value checksMatthias Dieter Wallnöfer1-49/+71
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py".
2010-05-10s4:password_hash - Various (mostly cosmetic) preworkMatthias Dieter Wallnöfer1-176/+240
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values
2010-05-10s4:dsdb: add new controlsMatthias Dieter Wallnöfer1-0/+21
- Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password
2010-05-10s4-rodc: Fix provision warnings by creating ntds objectGUID in provisionAnatoliy Atanasov1-0/+23
2010-05-10s4:acl ldb module - fix typosMatthias Dieter Wallnöfer1-3/+3
2010-05-10s4:dsdb/util.c - Add a new function for retrieving password change attributesMatthias Dieter Wallnöfer1-0/+41
This is needed since we have not only reset operations on password fields (attributes marked with REPLACE flag) but also change operations which can be performed by users itself. They have one attribute with the old value marked with the REMOVE flag and one with the new one marked with the ADD flag. This function helps to retrieve them (argument "new" is used for the new password on both reset and change).
2010-05-09s4:samldb LDB module - make "samldb_member_check" synchronous againMatthias Dieter Wallnöfer1-64/+33
2010-05-09s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous againMatthias Dieter Wallnöfer1-235/+24
2010-05-09s4:samldb LDB module - update the copyright noticeMatthias Dieter Wallnöfer1-1/+1
2010-05-09s4:dsdb Provide an intelegent fallback if not CN=Subnets is foundAndrew Bartlett1-3/+7
We may as well fall back rather than return NULL (which callers don't do useful things with). Andrew Bartlett