summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-10-19s4-dsdb: register the DCPROMO_OID control with the rootdseAndrew Tridgell1-0/+7
this is needed to allow it over ldap Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb: filter unregistered controls in the rootdse moduleAndrew Tridgell1-19/+84
if we get an unregistered control in the rootdse module, and the request comes from an untrusted source (eg. ldap://) then we need to: 1) filter the control out if it is marked non-critical 2) give an error if it is marked critical Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-18s4:"util_ldb" - remove some really unused dependanciesMatthias Dieter Wallnöfer2-2/+0
2010-10-18dsdb simple_ldap_map depends on LDBSAMBAAndrew Bartlett1-1/+1
This shows up at build time on MacOS and runtime on Linux when we use the LDAP backend. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Oct 18 00:57:51 UTC 2010 on sn-devel-104
2010-10-18dsdb: Module aliases require to be prefixed with the subsystem name.Jelmer Vernooij1-2/+2
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer7-87/+7
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer7-7/+87
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-16s4:samldb LDB module - use appropriate fixed-length integer types where neededMatthias Dieter Wallnöfer1-4/+5
- The "systemFlags" we interpret always as signed - Use "samdb_msg_add_int" where possible (much saver for integer storing than ldb_msg_add_fmt)
2010-10-16s4:dsdb/samdb/ldb_modules/util.c - remove now unused functions which set ↵Matthias Dieter Wallnöfer1-74/+0
integers Please do always use the functions which specifiy the appropriate integer length to not run into platform-specific issues. Therefore I'm removing these generic calls.
2010-10-16s4:samba3sid LDB module - handle the RID as uint32_tMatthias Dieter Wallnöfer1-13/+15
- This is how we always deal with RIDs - Use an integer-length safe function for the RID update
2010-10-16s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree ↵Matthias Dieter Wallnöfer2-3/+27
delete protection MS-ADTS 3.1.1.5.5.7.2 Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
2010-10-16s4:dsdb - fix unsigned integer save problems using the "%u" specifierMatthias Dieter Wallnöfer5-17/+31
The issue here is that we have not yet first cast to int32_t explicitly, before we cast to an signed int to printf() into the %d or cast to a int64_t before we then cast to a long long to printf into a %lld. There are *no* unsigned integers in Active Directory LDAP, even the RID allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities. (See the schema, and the syntax definitions in schema_syntax.c). The failure has been detected by Matthieu Patou on the buildfarm host "tridge" due to a malformed "groupType" attribute. The solution is to use the "%d" specifier. Either to use it directly - or better (when possible) use the call "samdb_msg_add_uint" (which encapsulates it). This patch changes such problematic situations.
2010-10-16s4:dsdb/common/util.c - describe the behaviour of the functions ↵Matthias Dieter Wallnöfer1-5/+32
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more Unsigned int data in AD is a bit problematic to handle. Problem described by abartlet.
2010-10-15s4:samdb_msg_add_int* - use "ldb_msg_add_string" rather than ↵Matthias Dieter Wallnöfer1-2/+2
"samdb_msg_add_string" "ldb_msg_add_string" is safe here since the integer has already been converted to a string which is "talloc"ed on "mem_ctx". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
2010-10-15s4 dsdb: fix sign problem on PPC and x86Matthieu Patou1-2/+2
In LDAP we used signed intege and groups have the highest bit set (ie. 0x80000002). So it will result with values that are > 2^31 when these value are used on some plateforms (x86 and PPC 64bits in this case) it causes problem with strtol.
2010-10-15s4:samldb LDB module - cosmetic - use "ldb" variable rather than ↵Matthias Dieter Wallnöfer1-1/+1
"ldb_module_get_ctx"
2010-10-15s4:samdb_create_foreign_security_principal - proof error code of ↵Matthias Dieter Wallnöfer1-3/+6
"samdb_msg_add_string"
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditionsMatthias Dieter Wallnöfer1-0/+6
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't ↵Matthias Dieter Wallnöfer1-4/+3
need to be duplicated This is done internally by the LDB library - look at "ldb_msg_add_empty".
2010-10-15s4:dsdb - remove "samdb_msg_add_value"Matthias Dieter Wallnöfer1-10/+2
This can be substituted by "ldb_msg_add_value". Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer8-86/+59
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-14s4:samldb LDB module - attempt to fix integer handling on big-endian platformsMatthias Dieter Wallnöfer1-7/+9
And beside this it's also nicer to use standard LDB functions for type conversions. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Oct 14 08:26:53 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - cosmetic fixupsMatthias Dieter Wallnöfer1-9/+9
- Update the module description - Fix indentation Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
2010-10-13samdb: Set soname.Jelmer Vernooij1-1/+2
2010-10-13s4:sam.py - tests for "userAccountControl" attributeMatthias Dieter Wallnöfer1-3/+448
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 17:31:29 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - deny creation of temporary duplicate accountsMatthias Dieter Wallnöfer1-0/+12
2010-10-13s4:samldb LDB module - proof the account type also on LDB modify operationsMatthias Dieter Wallnöfer1-0/+8
2010-10-13s4:sam.py - add a test for the group type changing behaviourMatthias Dieter Wallnöfer1-0/+595
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 14:17:31 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - support the group type changing properlyMatthias Dieter Wallnöfer1-1/+53
This is exactly that what Windows allows. It was proven by a blackbox test. And we also need to deny add operations of builtin groups.
2010-10-13s4:ldap.py - test the "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer1-0/+39
2010-10-13s4:samldb LDB module - deny also the direct modification of ↵Matthias Dieter Wallnöfer1-3/+14
"isCriticalSystemObject" on modify operations
2010-10-13s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" ↵Matthias Dieter Wallnöfer1-0/+9
entries They're only allowed to be created with the RELAX control specified.
2010-10-13s4:samldb LDB module - first implementation of the samldb primary group triggerMatthias Dieter Wallnöfer1-48/+61
This was done according to MS-SAMR 3.1.1.8.2 But do use it only for add operations at the moment.
2010-10-13s4:samldb LDB module - use the new "objectclass_trigger" for add operationsMatthias Dieter Wallnöfer1-142/+33
Additionally clean up "samldb_fill_object" which is now much easier to comprehend.
2010-10-13s4:samldb LDB module - first implementation of the samldb objectclass triggerMatthias Dieter Wallnöfer1-0/+176
This was done according to MS-SAMR 3.1.1.8.1 I need to perform some RELAX checks since otherwise the provision wouldn't work anymore.
2010-10-13dsdb/schema_data: Build as shared object.Jelmer Vernooij1-1/+1
2010-10-13dsdb/schema_load: Build as shared object.Jelmer Vernooij1-1/+1
2010-10-13samdb: Build as library.Jelmer Vernooij1-1/+1
2010-10-13s4-schema: don't name variables after standard libc functionsAndrew Tridgell1-3/+3
2010-10-12torture/becomedc: Add test for global schema, use samdb_connect().Jelmer Vernooij1-1/+6
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Oct 12 18:35:33 UTC 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+0
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12libcli/security Use common security.hAndrew Bartlett6-7/+6
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett4-3/+6
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-1/+1
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-12dsdb: Build more modules as shared objects.Jelmer Vernooij1-14/+14
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Oct 12 02:12:29 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as shared objects.Jelmer Vernooij1-7/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 23:22:33 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as shared object files.Jelmer Vernooij1-10/+10
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 21:13:25 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as .so files.Jelmer Vernooij1-9/+9
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 19:14:58 UTC 2010 on sn-devel-104
2010-10-11samdb_common, ntlm: Add missing dependency on libsamba-hostconfig.Jelmer Vernooij1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett1-4/+3
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-11-06 06:04:47 +0000