summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2008-12-17s4:dsdb: remove normalise moduleAndrew Bartlett2-206/+0
The extended_dn_out module provides the functionality now. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and ↵Andrew Bartlett6-672/+1515
extended_dn_store. By splitting the module, the extended_dn_in and extended_dn_store moudles can use extended_dn_out to actually get the extended DN. This avoids code duplication. The extended_dn_out module also contains a client implementation of the OpenLDAP dereference control (draft-masarati-ldap-deref-00). This also introduces a new control 'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module to return whatever the 'storage format' is. This allows us to work with both OpenLDAP (which performs a dereference at run time) and LDB (which stores the GUID and SID on disk). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: Make the linked_attributes module set an extended dnAndrew Bartlett1-192/+325
This means that linked attributes will always have the same case form as the actaul entry, as we search for that entry. We then also use the GUID and SID found on that entry to fill in the extended DN on disk. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:rootdse: fix the logic to indentify a rootdse searchAndrew Bartlett1-2/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:ldb: make it possible to return per entry controlsAndrew Bartlett11-14/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:samldb: make use of dom_sid_split_rid()Andrew Bartlett1-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:samldb: improve error stringsAndrew Bartlett1-6/+8
When things go wrong with LDB, this routine seems to be particularly sensitive to it. This extra debugging should help the next poor soul who breaks LDB. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROLAndrew Bartlett1-0/+22
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00) At this time, the ldb_controls infrustructure does not handle request and reply controls having different formats, so this is purely the client implementation (ie, there is no decode of the client->server packet, and no encode of the server->client packet). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17Add hint to use passwordAttributes in @KLUDGE_ACL in futureAndrew Bartlett1-1/+2
This module is not used at the moment, but if we do use it again, we should try to avoid duplicate lists. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17Make greater use of 'GUID_from_data_blob'Andrew Bartlett1-40/+11
This avoids accidentily running off the end of a string, and uses a single 'guess which type of GUID I have' algorithm. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17Fix sequence number generation against OpenLDAPAndrew Bartlett1-0/+8
It seems that in 2deeb99fff1a90c79ba1927e1a069362e250a63c adding the partition control to this request was missed out. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-05s4:password_hash: really catch the clearTextPasswordAttr case...Stefan Metzmacher1-1/+1
This fixes the creation of the user object for incoming trusts in dcesrv_lsa_CreateTrustedDomain_base(). And now w2k3 trust samba4 just fine:-) metze
2008-12-04s4:kludge_acl: allow everybody to read the sequence numberStefan Metzmacher1-1/+27
metze
2008-12-02Don't treat the DN+binary syntax as a DN.Andrew Bartlett1-2/+2
This should fix the OpenLDAP backend
2008-11-17s4:dsdb/samdb: don't allow objects without objectClassStefan Metzmacher1-2/+2
We're using @ROOTDSE instead of CN=ROOTDSE. metze
2008-11-17Run the original operation before we update linked attrsAndrew Bartlett1-17/+24
This causes the linked attribute modifies to occour after the original operation is entered in the transaction (any failure still fails the lot). This means (I hope) that we can have another module search the originating record when the backlink is created, filling in the GUID and SID for the extended DN. Andrew Bartlett
2008-11-17The samba3sam test does not really need the extended_dn moduleAndrew Bartlett1-1/+1
(This module has been split up into extended_dn_in, extended_dn_out and extended_dn_store). Andrew Bartlett
2008-11-16s4:dsdb/schema_fsmo: provide "extendedAttributeInfo" and "extendedClassInfo"Stefan Metzmacher1-0/+56
metze
2008-11-16s4:dsdb/schema: add a function to generate the "extendedClassInfo" valuesStefan Metzmacher1-4/+44
metze
2008-11-16s4:dsdb/schema: add a function to generate the "extendedAttributeInfo" valuesStefan Metzmacher1-7/+83
metze
2008-11-16s4:dsdb/schema: use pointers for rangeLower and rangeUpper.Stefan Metzmacher2-6/+41
This makes clear there's an value stored in the schema, as they can be '0'. metze
2008-11-16s4:dsdb/schema: we don't need to use find_syntax_map_by_ad_oid() as the ↵Stefan Metzmacher1-3/+1
syntax is already known metze
2008-11-16s4:librpc/ndr: integrate NDR_MISC into LIBNDRStefan Metzmacher2-5/+5
metze
2008-11-10s4-dsdb: add samdb_msg_add_parameters.Günther Deschner1-0/+11
Guenther
2008-11-10s4-dsdb: add samdb_result_parameters.Günther Deschner1-0/+22
Guenther
2008-11-08s4: dsdb/schema: fix the equality and comment of DN+String syntaxStefan Metzmacher1-3/+2
metze
2008-11-08s4: fix samba4.samba3sam.python testStefan Metzmacher1-2/+2
metze
2008-11-04Give a better error when ldb_dn_from_ldb_val failsAndrew Bartlett1-1/+3
2008-11-04Use ldb_dn_from_ldb_val to avoid possible over-run of the value.Andrew Bartlett2-9/+9
The ldb_val is length-limited, and while normally NULL terminated, this avoids the chance that this particular value might not be, as well as avoiding a cast. Andrew Bartlett
2008-11-04Fix use of wrong union arm in linked_attributes moduleAndrew Bartlett1-1/+1
This bug occours frequenetly in ldb users because the union so happens to be layed out that this works. However, it is still incorrect usage... Andrew Bartlett
2008-10-31use the new CH_UTF16_MUNGED charset for utf16 password buffersAndrew Tridgell1-1/+1
now to work out how to test this ...
2008-10-24Remove unused include param/param.h.Jelmer Vernooij3-3/+0
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij4-9/+10
make them wrappers around convert_string{,talloc}_convenience().
2008-10-24Move charset library to top level.Jelmer Vernooij1-1/+1
2008-10-23Clarify the linked attribute module behaviour with commentsAndrew Bartlett1-1/+9
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij5-7/+9
remove some unused functions.
2008-10-18s4-drsuapi: merge drsuapi_DsGetNCChanges from s3 drsuapi idl.Günther Deschner1-47/+49
Guenther
2008-10-18Add TALLOC_CTX pointer to strhex_to_data_blob for consistency with SambaJelmer Vernooij4-12/+7
3.
2008-10-17Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-develAndrew Bartlett3-76/+240
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-1/+1
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Transform the sequence_number operation into a normal extended operation as ↵Simo Sorce3-76/+240
it should always have been. Make it also async so that it is not a special case.
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett3-103/+192
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-14The ldb async merge broke all MMC management utiltiesMatthias Dieter Wallnöfer1-4/+4
Commit 51baa8deec00244cc0a6e3d29c53932427800610 included a copy-and-paste bug which caused all MMC mangement utilities to break. Because of the typo Samba4 would no longer include the magic 'you may write to these attributes/create these classes' attributes, these tools would display all fields greyed out or 'read only', and not allow the creation of child objects. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-13DSDB cosmetic patches: Some enhancementsMatthias Dieter Wallnöfer2-6/+6
Also, use the constants more in the "ldif_handlers" module.
2008-10-13Cosmetic corrections for the DSDB moduleMatthias Dieter Wallnöfer4-13/+13
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij18-18/+18
2008-10-06Implement 'type unknown' names in the CrackNames code.Andrew Bartlett1-10/+48
This guesses the type by running each of the possible options. Andrew Bartlett
2008-10-06Remove compleatly bogus rename test in partitions module.Andrew Bartlett1-17/+0
2008-10-06Remove DESCRIPTION from generated schema lines.Andrew Bartlett1-20/+1
This is not permitted in the AD aggregate schema, and more trouble than it is worth in the OpenLDAP schema due to escaping issues. Andrew Bartlett