| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
Michael
(This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
|
|
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
|
|
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
|
|
further up the call stack.
(This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
|
|
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on
all entries as 'replace'.
Andrew Bartlett
(This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
|
|
Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules. This moves them to a seperate templates.ldb.
In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search. This
returns far more useful errors, which we now handle and report better.
The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain. This function also returns better errors.
dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()
Andrew Bartlett
(This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
|
|
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
|
|
some issues in the NBT server (this was a false positive, but easily
worked around) and DRSUAPI server.
We should take care not to use the ldb_context as a talloc pool, and
to always ensure that any results from ldb_search() are moved off that
pool with talloc_steal or talloc_free().
To work around the issue in provision, for which I can find no fault
(other than a lot of work being done in provision), I've moved the
detector trigger to 400 additional blocks.
This fixes Bug #4810 by <mwallnoefer@yahoo.de>
Andrew Bartlett
(This used to be commit 42bcf856203ae3cf43130519904828a143ac8d18)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
Guenther
(This used to be commit cf953d04813d193da5e9714ceebb7826dc7e4d0b)
|
|
LDB_ERR_NO_SUCH_OBJECT. Handle this (found against LDAP, ldb_tdb is
being updated).
Andrew Bartlett
(This used to be commit 93e2ff2e85c57a192aadac96ce09a678d464e8ad)
|
|
- fill in our on bind_info struct correctly
- remember the local and remote DsBindInfo28 struct
- remember the remote bind_buid
w2k3 now tries replicate using DsGetNCChanges() from us,
after the NET-API-BECOME-DC test created the domain controller
and replicated all data.
(But we still give a DCERPC fault in DsGetNCChanges()...)
metze
(This used to be commit 33550c063d4e206fce63fdd99dc93a56995db580)
|
|
also it's not always under the domain dn
metze
(This used to be commit b8c940f1e2bbd65ed5d2f4279434dd526456ad8b)
|
|
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
|
|
for NT4 DC's in mixed mode domains.
This call is triggered by tranferring the PDC FSMO Role to another DC
the real meta data is encoded in the user buffer which is just a DATA_BLOB in idl
metze
(This used to be commit d883815c8d64429e4dac26a93a15e67d31dc263e)
|
|
Andrew Bartlett
(This used to be commit 21b38ae1e4c48dab4b89f234f4dc26a3aed401c3)
|
|
usual things are more complex than they appear.
Also remove the incorrect server-side implementation, which blindly
assumed some sense of consistancy across the API switch levels.
Andrew Bartlett
(This used to be commit 79941adbff843f5027dacd31b972deca4a1557ec)
|
|
supprisingly complex call...
It turns out that the in/out parameter 'level' is not in/out, but set
seperatly by the server-side code from r->req.req1.level.
This commit also breaks out some common code from samldb into samdb.
Andrew Bartlett
(This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
|
|
a DC
metze
(This used to be commit df133cd22a350d422c49844e50a67f4cc1fb61e4)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
DsWriteAccountSpn().
It passes the client toture test.
Andrew Bartlett
(This used to be commit a1e80eeb9561a856ac5aa1f5a991dcd648b152ff)
|
|
This intersting call is apparently used to construct the user token,
collect memberships from other DSAs and to retrieve (nested) memberships
of a given group.
Torture test to follow (once I cleaned it up).
Guenther
(This used to be commit ca5e133e8c6fca188fcaa834cdcd4cb2cd801d79)
|
|
metze
(This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
I'm sure this will not be the final resting place, but it will do for
now.
Use the cracknames code in auth/ for creating a server_info given a
principal name only (should avoid assumtions about spliting a
user@realm principal).
Andrew Bartlett
(This used to be commit c9d5d8e45dd7b7c99b6cf35b087bc18012f31222)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
the other
ideas I have had.
When I get a full list of things I want to do to a krb5_context I'll
either add gsskrb5_ wrappers, or a way of speicfying the krb5 context
per gssapi context.
(I want to ensure that the only krb5_context variables created while
executing Samba4 are via our wrapper).
Andrew Bartlett
(This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)
|
|
(the torture test currently only tests if the idl is correct)
- add start for idl for DsGetNCChanges()
(if someone didn't noticed the current ethereal trunk code can
successful decrypt DCERPC and LDAP gsskrb5 encrypted blobs,
when you provide a keytab and have compiled against heimdal :-)
- add a view bitmaps and enum's for better debugging
metze
(This used to be commit cf7c1352ab2857b80256e02f70ab3fbd5177d596)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
one pipe
this stage does the following:
- simplifies the dcerpc_handle handling, and all the callers of it
- split out the context_id depenent state into a linked list of established contexts
- fixed some talloc handling in several rpc servers that i noticed while doing the above
(This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
|
|
here's the idl to parse it, because we don't want the
callers to manually de/encode this
metze
(This used to be commit 983f74c3651759991378b0d7b13b0952d77b3544)
|
|
(NOTE: that the drsuapi_DsReplicaObjMetaData2 struct is not corrently parsed yet
and there're some unknown fields left in someother infotypes)
metze
(This used to be commit 4fd57d5e7cff085a8c003ea82f282e26dc1346d9)
|
|
- add idl for drsuapi_DsReplicaSync() not yet complete
- just return WERR_OK for the drsuapi_DsReplicaSync() server function
metze
(This used to be commit e896925ac0b58bd48b5b9cc2d675682409d09ae1)
|
|
to make DsWriteAccountSpn() work
- add idl and torture test for DsWriteAccountSpn()
metze
(This used to be commit 625826ad9050c68407ae5e8abfee13699986303c)
|
|
- formating changes
metze
(This used to be commit 7bb3e3751b1193cd16e6ff8aa468b36c823c1cd5)
|
|
metze
(This used to be commit a2776eca83117131f8316ca222a2f385ffa5d7d5)
|
|
(This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
|
|
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
|
|
metze
(This used to be commit 757f67c08b0b1309d8a0b900539111c7bc430b0e)
|
|
metze
(This used to be commit 98ca7640c59aa8694abde03f5661b8908cf088bb)
|
|
metze
(This used to be commit 1bb71e7a8699bfd32d171a48c4c3b5f35faf3e51)
|
|
- do more crackname tests in the torture test
- move server code for cracknames to a different file
metze
(This used to be commit 18050ea6037b3c0c7cfe975eb9c872368b9e3328)
|
