Age | Commit message (Collapse) | Author | Files | Lines |
|
allow escaped separation chars as part of the attr value
of an RDN
(This used to be commit 7ba341d6c3745cd99c4c79933f9bd54f41e12a9c)
|
|
This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:
- SYSTEM and Administrators can read all.
- Users and anonymous cannot read passwords, can read everything else
- list of 'password' attributes is hard-coded
Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)
Andrew Bartlett
(This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
|
|
command line to ldbsearch. Very rough work, no checks are
done on the input yet (will segfault if you make it wrong).
Controls are passed via the --controls switch an are comma
separated (no escaping yet).
General syntax is <ctrl_name>:<criticality>
<ctrl_name> is a string
<criticality> is 1 or 0
Current semi-parsed controls are:
server_sort
syntax: server_sort:1:0:attributename
1st parm: criticality
2nd parm: reversed
3rd parm: attribute name to be used for sorting
todo: still missing suport for multiple sorting
attributes and ordering rule
no check on result code
paged_results
syntax: paged_results:1:100
1st parm: criticality
2nd parm: number of results to be returned
todo: ldbsearch will return only the first batch
(missing code to cycle over conditionally)
no check on result code
extended_dn
syntax: extended_dn:1:0
1st parm: criticality
2nd parm: type, see MS docs on meaning
Simo.
(This used to be commit 4c685ac0d1638a1d5392dfe733baf0db77e84858)
|
|
a second_stage_init private function for modules that need a second stage init.
Simo.
(This used to be commit 5e8b365fa2d93801a5de1d9ea76ce9d5546bd248)
|
|
(This used to be commit df1ccca3499015d68a6f9f86286d9f66b6c0476c)
|
|
There's still lot of work to do but the patch is stable
enough to be pushed into the main samba4 tree.
Simo.
(This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
|
|
Also fix up all the current issues with the skel module.
Andrew Bartlett
(This used to be commit d0a0a8de3fa73d8f06a801203e00b90ed8359b98)
|
|
be a valid talloc() pointer, as other modules may rely on this.
Andrew Bartlett
(This used to be commit 356c8c56090a7c4254609c0cc138c994b618fa55)
|
|
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
|
|
(This used to be commit c297c93faf3b748de68679f5a4be50845ebe25fe)
|
|
thanks Brad
(This used to be commit 2f213b9580cb9e84f1c44393cac521e5c1af817b)
|
|
Andrew Bartlett
(This used to be commit 44b107d3150135ee4381c1ba4eac23bfd9cb16b9)
|
|
subsystems.
This allows Samba libraries to be used by other projects (and parts of
Samba to be built as shared libraries).
(This used to be commit 44f0aba715bfedc7e1ee3d07e9a101a91dbd84b3)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit 874f16e055ec30bf2ee52a33464b4810a8f8cd89)
|
|
(This used to be commit 6198006ee466c6398f6a3da352d236034693ffb7)
|
|
Should we somehow link these, or just use the version in ldb?
Andrew Bartlett
(This used to be commit e98d14668e3fdee01b103adb5aec733790eee96d)
|
|
module is perhaps not the most efficient, but I think it is
reasonable.
This should restore operation of MMC against Samba4 (broken by the
templating fixes).
Andrew Bartlett
(This used to be commit 41948c4bdbfca1160a01a92994324f9e22422afe)
|
|
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
|
|
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
|
|
have to think about exactly what the right context to hang it of is.
Andrew Bartlett
(This used to be commit b1c8adcfe16c72252b0312e65676edcdbe472f09)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
Andrew Bartlett
(This used to be commit 31f65e510cdd46b1962cf06b3d51f152b1cecf37)
|
|
Andrew Bartlett
(This used to be commit 2f54d7f774434f2a8b89ae01e993c4a1d16ce861)
|
|
(This used to be commit c92ace494f92084ddf178626cdf392d151043bc7)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
(This used to be commit 7ca00cd918760dccc51e56234126ead8535a22ef)
|
|
don't store it on disk, as this would cause confusing results
metze
(This used to be commit c3d3309ba1567a4363c7c0235842833b5e2b6771)
|
|
This is for use on user-supplied arguments to printf style format
strings which will become ldb filters. I have used it on LSA, SAMR
and the auth/ code so far.
Also add comments to cracknames code.
Andrew Bartlett
(This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
|
|
command line processing system.
This is a little ugly at the moment, but works. What I cannot manage
to get to work is the extraction and propogation of command line
credentials into the js interface to ldb.
Andrew Bartlett
(This used to be commit f34ede763e7f80507d06224d114cf6b5ac7c8f7d)
|
|
installed.
Install pkg-config files.
(This used to be commit a86abe84e2cae7c6188c094a92c6b62aace02fdf)
|
|
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
|
|
(This used to be commit 754e51b19d2d1fd6be8e01d62b6ec892688f934c)
|
|
displaying security descriptors in ldbsearch or ldbedit you can see
the SDDL version.
This also allows us to specify security descriptors in our
setup/*.ldif files in SDDL format, which is much more convenient than
the NDR binary format!
(This used to be commit 8185731c1846412c1b3366824cdb3d05b2d50b73)
|
|
set of results
(This used to be commit 2be62eb2dde9250f8bfe3a3272851e152a1d6b68)
|
|
(This used to be commit 020de11a61a1aa2c77c0a308186c85960c10fe32)
|
|
when we havn't finished popt.
Andrew Bartlett
(This used to be commit e5c5eb97a0ab841442b2c3fb5ea67f0d21b42932)
|
|
request strucutre. It will take a while for this to happen everywhere.
(This used to be commit b1d38153b8c1d2d5be2d41005eadb0e0aa46bd72)
|
|
- removed an unnecessary level of pointer in ldb_search structure
(This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
|
|
(This used to be commit 7d8b11174c97a3797673254c351c94436aa716b7)
|
|
ldb_result code coud rely on that)
(This used to be commit cd567bcb24125827c746c1c0902631b0e7c2cea5)
|
|
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.
I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.
Simo.
(This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
|
|
to ldb, based on the sessionInfo we now pass around.
Andrew Bartlett
(This used to be commit 84e16e4ea7240409f15efd9f64344f9e0cec8111)
|
|
(This used to be commit 4143c22e3077bd5aecb3427ff0a8857dab799400)
|
|
with schemas in ldbedit
(This used to be commit ddbca6e83254275568bff4c2f88cdbc4bfa666a6)
|
|
through all ldap errors except on search. Search errors are only
available via ldb_errstring() until we decide how to fix ldb_search().
(This used to be commit c192bcb79dda44b5b7a3bc257ba92addf769c8d9)
|
|
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM
Add some more PUBLIC_HEADERS
(This used to be commit 875eb8f4cc658e6aebab070029fd499a726ad520)
|
|
was a
simple cut&paste error, but you might recheck this.
Volker
(This used to be commit 55b5b100e9ef7e04832d5ba4c10c45916be3513e)
|
|
"dn" or "distinguishedName". This makes us a bit more consistent
(This used to be commit b41b374b55f9a056c47ffa2ff88aa5272dbc42fc)
|
|
(This used to be commit 896704f5c139c8bce30dfc898bb3a12be10035ed)
|