summaryrefslogtreecommitdiff
path: root/source4/libnet/libnet_samsync_ldb.c
AgeCommit message (Collapse)AuthorFilesLines
2008-07-15Use secrets.ldb to store credentials to contact LDAP backend.Andrew Bartlett1-6/+4
This makes Samba4 behave much like Samba3 did, and use a single set of administrative credentials for it's connection to LDAP. Andrew Bartlett (This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-1/+1
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-0/+2
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-1/+2
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26328: remove more uses of global_loadparm.Jelmer Vernooij1-3/+3
(This used to be commit 40ae12c08647c47a9c504d39ee6f61c32b4e5748)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+1
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-8/+8
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+2
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-4/+4
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-6/+6
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij1-2/+6
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-1/+1
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25048: From the archives (patch found in one of my old working trees):Andrew Bartlett1-5/+12
Try two different DNs, when performing a samsync from an AD server. Andrew Bartlett (This used to be commit 8204e261b5c554866a8433362477b532d1123e5d)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-1/+2
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r21362: rename:Stefan Metzmacher1-4/+4
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r21300: let the caller decide if it wants rid decrypted hashes or notStefan Metzmacher1-0/+1
metze (This used to be commit 8711d01ffd080c43512b88b995daf2d6b7c06ba1)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-19/+19
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-12/+15
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-1/+1
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r19308: Merge samsync fixes from SAMBA_4_0_RELEASEAndrew Bartlett1-7/+12
Andrew Bartlett (This used to be commit 331003239972d80864211377e864f7e469bd3d77)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r14983: fix an uninitialised varAndrew Tridgell1-1/+1
(This used to be commit 58ac1e4eb1a62029173118a7638dcbe7c0de1306)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12928: This patch improves the interaction between the vampire and provsion ↵Andrew Bartlett1-1/+2
code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2007-10-10r12926: Syncronsise GUIDs on users and domains from the server. These alsoAndrew Bartlett1-56/+78
appear in DNS, so need to match. Andrew Bartlett (This used to be commit d092b0493d7c61112ef132c8fb259c15f189c5f6)
2007-10-10r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect toAndrew Bartlett1-46/+118
the remote sever, and to query it for domain information. Provide and use this information in the SamSync/Vampire callbacks, to allow a parallel connection to LDAP, if we are talking to AD. This allows us to get at some important attributes not exposed in the old protocol. With this, we are able to do a all-GUI vampire of a AD domain from SWAT, including getting all the SIDs, servicePrincipalNames and the like correct. Andrew Bartlett (This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
2007-10-10r12894: Add more detail to error messages.Andrew Bartlett1-4/+12
Andrew Bartlett (This used to be commit 31fd39f356c9bc40827b22c0cdb622044d896a85)
2007-10-10r12893: Filling in *error_string is critical for SWAT, as the errors otherwiseAndrew Bartlett1-182/+215
do not propogate back to the user, they just end up in the logfile. Andrew Bartlett (This used to be commit 7c9f8e524bf7f030c56ed42ee7e3a25563a34db4)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-35/+10
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12719: Rename unicodePwd -> sambaPassword.Andrew Bartlett1-1/+1
Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-4/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+3
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12538: Clarify why we are doing the delete here.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 6d8405038f0033439e1e24eb43c2b7990e01b70c)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-5/+2
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-3/+1
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-5/+3
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9643: fixed samsync code for the new dn explode semanticsAndrew Tridgell1-17/+15
(This used to be commit 96298af202f994c3d5d0c7f5dacd1197a740f766)
2007-10-10r9392: Fix ldb_dn_compose to make build farm happySimo Sorce1-15/+6
Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-42/+76
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r8981: Add comments, fix typos (in attribute names) and check for errors inAndrew Bartlett1-4/+4
SamSync and 'net join'. Andrew Bartlett (This used to be commit 257240b0e29da14f7a2e660182b367304a5fa530)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-11/+130
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8775: More SamSync work. This is really just mechanical...Andrew Bartlett1-5/+264
I need to take a grip over the ForiegnSecurityPrincipals, as the SamSync currently fails on adding some aliases and privilages because it can't find their entry. Andrew Bartlett (This used to be commit 533e44535392fdb292cfff3cdcda9c38ec329d01)
2007-10-10r8771: Extend the SamSync code out to groups and aliases, as well as deleting.Andrew Bartlett1-1/+303
Andrew Bartlett (This used to be commit bf594c1022f5ed59c06cb423411f94483b168cbb)
2007-10-10r8752: With all the infrustructure done, details like a SamSync migrationAndrew Bartlett1-0/+414
into LDB are actually quite easy. This brings us the users, and sets basic domain information. You are expected to have provisioned with the settings for the target domain, and have joined the domain as a BDC. Then simply 'net samsync'. Now we just need to flesh out the delta types. Andrew Bartlett (This used to be commit 1e0f7792bb29b17c23197a5e42ee8cabb0cf17d0)