summaryrefslogtreecommitdiff
path: root/source4/libnet/libnet_samsync_ldb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12928: This patch improves the interaction between the vampire and provsion ↵Andrew Bartlett1-1/+2
code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2007-10-10r12926: Syncronsise GUIDs on users and domains from the server. These alsoAndrew Bartlett1-56/+78
appear in DNS, so need to match. Andrew Bartlett (This used to be commit d092b0493d7c61112ef132c8fb259c15f189c5f6)
2007-10-10r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect toAndrew Bartlett1-46/+118
the remote sever, and to query it for domain information. Provide and use this information in the SamSync/Vampire callbacks, to allow a parallel connection to LDAP, if we are talking to AD. This allows us to get at some important attributes not exposed in the old protocol. With this, we are able to do a all-GUI vampire of a AD domain from SWAT, including getting all the SIDs, servicePrincipalNames and the like correct. Andrew Bartlett (This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
2007-10-10r12894: Add more detail to error messages.Andrew Bartlett1-4/+12
Andrew Bartlett (This used to be commit 31fd39f356c9bc40827b22c0cdb622044d896a85)
2007-10-10r12893: Filling in *error_string is critical for SWAT, as the errors otherwiseAndrew Bartlett1-182/+215
do not propogate back to the user, they just end up in the logfile. Andrew Bartlett (This used to be commit 7c9f8e524bf7f030c56ed42ee7e3a25563a34db4)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-35/+10
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12719: Rename unicodePwd -> sambaPassword.Andrew Bartlett1-1/+1
Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-4/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+3
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12538: Clarify why we are doing the delete here.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 6d8405038f0033439e1e24eb43c2b7990e01b70c)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-5/+2
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-3/+1
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-5/+3
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9643: fixed samsync code for the new dn explode semanticsAndrew Tridgell1-17/+15
(This used to be commit 96298af202f994c3d5d0c7f5dacd1197a740f766)
2007-10-10r9392: Fix ldb_dn_compose to make build farm happySimo Sorce1-15/+6
Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-42/+76
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r8981: Add comments, fix typos (in attribute names) and check for errors inAndrew Bartlett1-4/+4
SamSync and 'net join'. Andrew Bartlett (This used to be commit 257240b0e29da14f7a2e660182b367304a5fa530)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-11/+130
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8775: More SamSync work. This is really just mechanical...Andrew Bartlett1-5/+264
I need to take a grip over the ForiegnSecurityPrincipals, as the SamSync currently fails on adding some aliases and privilages because it can't find their entry. Andrew Bartlett (This used to be commit 533e44535392fdb292cfff3cdcda9c38ec329d01)
2007-10-10r8771: Extend the SamSync code out to groups and aliases, as well as deleting.Andrew Bartlett1-1/+303
Andrew Bartlett (This used to be commit bf594c1022f5ed59c06cb423411f94483b168cbb)
2007-10-10r8752: With all the infrustructure done, details like a SamSync migrationAndrew Bartlett1-0/+414
into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)