summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2012-04-23Cracknames: use krb wrapper functions so it works with MITSimo Sorce1-25/+29
Also avoid a silly game with directly modifying the principal and then calling krb5_principal_unparse_flags to get out a string. If we already assume it is a 2 components name and know what outcome we are going to get, just go ahead and talloc_asprintf the linearized string.
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce1-1/+1
2012-04-19s4-kcc: avoid a false alarm with rodcMatthieu Patou1-0/+7
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Thu Apr 19 12:32:58 CEST 2012 on sn-devel-104
2012-04-18dsdb: added SHOW_DELETED to samldb_member_check()Andrew Tridgell1-1/+1
when dbcheck is fixing DNs, it will sometimes operated on a deleted DN link Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-04-18s4:dsdb/pydsdb.c - call the "objectClass" normalisation code from PythonMatthias Dieter Wallnöfer1-0/+14
This allows the dbchecker to fix ordering/inconsistency problems with the mentioned attribute. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2012-04-18s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modifyMichael Adam2-0/+35
This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
2012-04-18s4-schema: set subClassOf by default to top if not specifiedMatthieu Patou1-0/+6
Signed-off-by: Michael Adam <obnox@samba.org>
2012-04-18s4-schema: remove unused variableMatthieu Patou1-4/+0
2012-04-18s4-schema: Generate some schema related attribute as MS AD is doing if they ↵Matthieu Patou1-0/+43
are not present in ldb requests
2012-04-18s4-schema: rename dsdb_attribute_from_ldb to dsdb_set_attribute_from_ldb ↵Matthieu Patou3-11/+32
and dsdb_class_from_ldb to dsdb_set_class_from_ldb
2012-04-17s4: use enums instead of strings it's cheaperMatthieu Patou1-14/+40
2012-04-12srv_keytab: Pass krb5_context directly, it's all we use anyways.Simo Sorce1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Remove unneded dependency on kerberos_util.Simo Sorce1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Simplify salt_princ handling.Simo Sorce2-9/+63
This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Move keytab functions in a separate file.Simo Sorce2-1/+2
Confine ldb dependency. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-ldb: use KRB5_KEY macros to access key elements.Günther Deschner1-8/+8
Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-11s4:dsdb/samdb/ldb_modules/schema.c - move "get_last_structural_class()" into ↵Matthias Dieter Wallnöfer6-83/+46
"util.c" And remove this helper module - it does not have much sense keeping it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
2012-04-11s4:dsdb/samdb/ldb_modules/schema.c - inline "get_oc_guid_from_message()" to ↵Matthias Dieter Wallnöfer2-18/+23
its only user Reduce the number of not to be shared functions in "schema.c". Change it to make use of "get_last_structural_class()".
2012-04-11s4:dsdb - introduce a only constant-time "get_last_structural_class()" callMatthias Dieter Wallnöfer3-37/+18
With the redesign of the previous patches this has become possible.
2012-04-11s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to ↵Matthias Dieter Wallnöfer2-46/+47
its only user Reduce the number of not to be shared functions in "schema.c".
2012-04-11s4:dsdb - move "objectclass_sort()" out from the objectclass LDB module into ↵Matthias Dieter Wallnöfer2-217/+200
the schema code This allows it to be useful for the dbchecker utility in respect to object class problems. Fix up the API to only work with standardised LDB "ldb_message_element" structures which do allow much easier interoperations. As a consequence this leads to some changes in the objectclass module as well.
2012-04-11s4:acl LDB module - remove set but unused variablesMatthias Dieter Wallnöfer1-5/+0
2012-04-11s4:objectclass LDB module - remove unneeded build dependenciesMatthias Dieter Wallnöfer1-1/+1
2012-04-11s4:schema/schema_query.c - fix a commentMatthias Dieter Wallnöfer1-1/+1
2012-04-11s4:schema/schema_init.c - better use "ldb_attr_cmp" instead of "strcasecmp"Matthias Dieter Wallnöfer1-1/+1
LDB convention
2012-04-11s4:dsdb/pydsdb.c - fix indentationMatthias Dieter Wallnöfer1-1/+1
2012-03-26s4-dsdb: use constant-time search for descriptor -> get_last_structural_class()Andrew Bartlett2-2/+4
The objectClass list is sorted at this point, as we are called below the objectclass module here, or are working from a search result. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 05:38:13 CEST 2012 on sn-devel-104
2012-03-26s4:ldap.py - re-introduce the ↵Matthias Dieter Wallnöfer1-11/+4
"(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test This syntax is not supported by Windows AD and should also be denied by s4/LDB. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 02:30:53 CEST 2012 on sn-devel-104
2012-03-26LDB/s4 - do not use the "(dn=...)" syntax on filters anymoreMatthias Dieter Wallnöfer1-5/+5
Make it AD-compatible using "(distinguishedName=...)". Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:ldap.py - test the already mentioned structural object class sorting ↵Matthias Dieter Wallnöfer1-0/+15
behaviour Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:dsdb - enhance "get_last_structural_class()" for optimisationsMatthias Dieter Wallnöfer3-10/+29
If the objectclass entry has been sorted before we are able to determine the (last) structural or 88 object class in constant time. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:objectclass LDB module - fix up the sorting in respect to structural or ↵Matthias Dieter Wallnöfer1-4/+18
88 objectclasses Please have a look at MS-ADTS 3.1.1.1.4. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:objectclass LDB module - clean up "objectclass_sort()"Matthias Dieter Wallnöfer1-24/+13
Make it easier to comprehend Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-20Move NS_GUID_string and NS_GUID_from_string to dsdb-common.Jelmer Vernooij4-1/+64
2012-03-14s4-dsdb: Fix the case for attribute name msDS-hasMasterNCsAmitay Isaacs2-3/+3
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Mar 14 11:59:02 CET 2012 on sn-devel-104
2012-03-10tdb_wrap: Move to specific directory.Jelmer Vernooij1-1/+1
It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
2012-03-02SEGV in acl_validate_spn_value: dnsHostName NULLArvid Requate1-1/+1
This patch addresses a segfault in acl_validate_spn_value which occurs when the "dnsHostName" attribute is missing. This seems to be the case in domains migrated with samba3upgrade. Looks similar to MS KB 817543. Signed-off-by: Nadezhda Ivanova <nivanova@drizzit.(none)> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Mar 2 21:26:40 CET 2012 on sn-devel-104
2012-02-25s4-lib: Remove unused samdb_msg_set_value()Ricky Nance1-15/+0
Found by callcatcher. Ricky Nance
2012-02-25s4-lib: Remove unused samdb_msg_set_string()Ricky Nance1-15/+0
Found by callcatcher. Ricky Nance
2012-02-25s4-lib: Remove unused samdb_msg_set_int()Ricky Nance1-15/+0
Found by callcatcher Ricky Nance
2012-02-20s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett3-3/+6
Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
2012-02-13s4-dsdb: Check if metadata.tdb exists, before trying to open itAmitay Isaacs1-0/+6
This fixes the error output from tdb2 when metadata module tries to create metadata.tdb first time. This error is reported since metadata module tries to check if tdb exists by trying to open tdb file. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon Feb 13 03:02:09 CET 2012 on sn-devel-104
2012-02-01Revert "s4-drs: do not try to contact for replication servers that are not ↵Andrew Tridgell1-38/+4
anymore in reps*" This reverts commit 5bfd6251eb22ff701184a95649822a73cf4d157b. This change has been causing regular segfaults in the build farm since it was applied. I also think it may be unnecessary as dreplsrv_refresh_partitions() should already be achieving the same thing (removing stale replication targets). I think the segfaults were caused by freeing an in-flight DSA, but I have been unable to reproduce it outside of the build farm Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Feb 1 07:49:42 CET 2012 on sn-devel-104
2012-01-30samdb: use compat wrappers for tdb_fetch().Rusty Russell1-6/+6
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now. Similarly, tdb_errorstr() -> tdb_errorstr_compat(). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-24dsdb: Allow DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID to be specified as a flagAndrew Bartlett2-0/+8
2012-01-24python: Change except: statement to except Exception:Amitay Isaacs1-1/+1
This way we only catch true exceptions and keyboard interrupts are not caught here. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
2012-01-16s4:dsdb/password_hash: require a "Primary:Kerberos" blob in ↵Stefan Metzmacher1-0/+16
supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
2012-01-14Intersite KCC flags for pythonDave Craft1-0/+5
Add NTDSSITELINK options to dsdb class for use in python samba_kcc Signed-off-by: Andrew Tridgell <tridge@samba.org>
2012-01-05s4:repl_meta_data LDB module - set "isRecycled" time correctlyMatthias Dieter Wallnöfer1-9/+8
"unix_to_nt_time()" which is based on "time_t" behaves differently for literals > 32 bit on 32 and 64 bit platforms. Reviewed-by: ekacnet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
2011-12-23s4-kcc: Remove also deleted objects that are not in the Deleted Object containerMatthieu Patou2-2/+38
For the configuration container we do a full scan at every run of the kcc-delete service. For the base DN we introduce a new parameter that avoid the full scan to kick just when samba starts. Signed-off-by: Stefan Metzmacher <metze@samba.org>