Age | Commit message (Collapse) | Author | Files | Lines |
|
The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it.
So we can allow it to be send over LDAP.
We'll accept this control over the privileged ldapi socket only.
metze
|
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
This must be available to the OpenLDAP backend, to set the GUID values
in some situations. We need a proper ACL mechanism to control the use
or abuse of this control.
This reverts commit 10adee89367cee9add993869280542418fb3d370.
|
|
This makes our LDAP much more secure and less error-prone.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
|
|
- add missing private controls and comments
- use control defines rather than hardcoded values -> easier to comprehend
- reorder controls
|
|
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
many controls are simple present/not-present flags, and don't need
their own parsers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
|
|
control
|
|
|
|
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
|
LDB_CONTROL_AS_SYSTEM_OID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This patch, inspired by a patche by Endi S. Dewata
<edewata@redhat.com>, allows this control to be passed to the LDAP
backend.
Andrew Bartlett
|
|
|
|
LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064
LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065
metze
|
|
|
|
As they can we static there, we pass the specific handlers as parameter
where we need to support controls.
metze
|
|
defined in C.
metze
|
|
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)
At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
remove some unused functions.
|
|
|
|
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
|
|
MMC uses.
It appears that the control value is optional, implying type 0 responses.
Failing to parse this was causing LDAP disconnects with 'unavailable
critical extension'.
Andrew Bartlett
(This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
payload to the control, we still need to inialise *value, as otherwise
we read uninitialised data later.
Andrew Bartlett
(This used to be commit f6566480b7f1b4036b38284aa539f3a69f5c4573)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
|
|
should allow us to fix some long standing memory leaks.
(This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
|
|
Samba4. This only broke on global catalog queries, which turned out to
be due to changes in the partitions module that metze needed for his
DRSUAPI work.
I've reworked partitions.c to always include the 'problematic' control,
and therefore demonstrated that this is the issue. This ensures
consistency, and should help with finding issues like this in future.
As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to
be linearised, I've added logic to allow it to be skipped when creating
network packets.
I've likewise make our LDAP server skip unknown controls, when marked
'not critical' on it's input, rather than just dropping the entire
request. I need some help to generate a correct error packet when it is
marked critical.
Further work could perhaps be to have the ldap_encode routine return a
textual description of what failed to encode, as that would have saved
me a lot of time...
Andrew Bartlett
(This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
|
|
metze
(This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
|
|
metze
(This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
|
|
metze
(This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
|
|
with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)
metze
(This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
|
|
metze
(This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
|
|
Split of system/locale.h header from system/iconv.h
Previously, iconv wasn't being used on these systems
(This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
|
|
(This used to be commit 0d99397007960e555f562f1498a202407e235f36)
|
|
(This used to be commit 12ba42de5886f9f4f9b1698476557e0c217d06f3)
|
|
(This used to be commit 7d0eb678bf3649fb4e09da039dd1b716ea3df2cc)
|
|
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.
Modules will need to be transformed along the way.
Simo
(This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
|
|
make it possible to code the difference between a zero length and a NULL DATA_BLOB...
metze
(This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
|
|
initialize
them for the internal use...
found by 'make valgrindtest'
metze
(This used to be commit 1db9501c5261a974c6da1938537c7991ff6cfefd)
|
|
(This used to be commit 0e2cca9153619d646b90f32620905ab66b017c6a)
|
|
seem still buggy, can't make w2k3 to like it yet
(This used to be commit e1318383e91f6f6db39e3e3c9946fbb089753947)
|
|
Fix asq module, add a second_stage_init to register with rootdse
Fix asq control ldap parsing routines (this was nasty to find out)
(This used to be commit 933a80397d137f7d5b79c82a068d62bb6928ef47)
|