Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
|
|
Add ldb_dn_string_compose so that you can build a dn starting from a
struct ldb_dn base and a set of parameters to be composed in a format
string with the same syntax of printf
(This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|
|
cross-reference instead.
Andrew Bartlett
(This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
|
|
netbios domain name of the host, as well as the sid from the cache we
fetched earlier.
Andrew Bartlett
(This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
|
|
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
|
|
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
|
|
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
|
|
metze
(This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
Old way was ugly and had a bug, you couldn't add an attribute named
dn or distinguishedName and search for it, tdb would change that search in a dn search.
This makes it also possible to search by dn against an ldap server as the old method was
not supported by ldap syntaxes.
sss
(This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
|
|
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
|
|
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
thanks to our move to talloc in ldb code, we do not need to expose it anymore
- removal of ldb_close() function form the code
thanks to our move to talloc in ldb code, we do not need it anymore
use talloc_free() to close and free an ldb database
- some minor updates to ldb modules code to cope with the change and fix some
bugs I found out during the process
(This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
|
|
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
files don't need to match the type names in the generated headers
- with this type mapping we no longer need definitions for the
deprecated "int32", "uint8" etc form of types. We can now force
everyone to use the standard types int32_t, uint8_t etc.
- fixed all the code that used the deprecated types
- converted the IDL types "int64" and "uint64" to "dlong" and
"udlong". These are the 4 byte aligned 64 bit integers that
Microsoft internally define as two 32 bit integers in a
structure. After discussions with Ronnie Sahlberg we decided that
calling these "int64" was confusing, as it implied a true 8 byte
aligned type
- fixed all the cases where we incorrectly used things like
"NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
those. The fact that it is hyper-aligned on the wire is not relevant
to the API, and should remain just a IDL property
(This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
|
|
(more info levels to come)
Andrew Bartlett
(This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
|
|
Add my copyright to the SAMR server.
Andrew Bartlett
(This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
|
|
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
|
|
Add lsa_Delete() support for secrets.
Andrew Bartlett
(This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
|
|
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-)
Andrew Bartlett
(This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
|
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
one pipe
this stage does the following:
- simplifies the dcerpc_handle handling, and all the callers of it
- split out the context_id depenent state into a linked list of established contexts
- fixed some talloc handling in several rpc servers that i noticed while doing the above
(This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
|
|
doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
(This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
|
|
privileges, as
volker discovered
(This used to be commit 09edc31f3b92105dab585614553ba5e94ccdf588)
|
|
(This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
|
|
for adding LookupSids3 (needed for ACL editing from w2k3)
(This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
|
|
Volker
(This used to be commit 97247c902962b7c0ac69691ae8d7300321de41d5)
|
|
we don't need to do db lookups as we already known who the user is
metze
(This used to be commit cef0d1eb29c6c5d41591a5c0beaed1dc26961211)
|
|
- give lsa_lookup_sid() a chance with foreign SIDS
returning NT_STATUS_NO_MEMORY makes no sense here
as the ldb_msg_find_string() doesn't allocate the string
metze
(This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
|
|
(This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
|
|
lsa_RemovePrivilegesFromAccount()
these are the last of the server side privileges functions. We should
now have a complete privileges implementation.
(This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
|
|
(This used to be commit a80c82d2635fce42482982d904f265199a000e10)
|
|
- expanded the lsa test suite to better test lsa_EnumAccounts()
(This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
|
|
(This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
|
|
(This used to be commit 31ab04f790ff4349dbc8a24c07fa35e10b831baf)
|
|
easily adding/removing privileges from users
(This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)
|
|
with lsa_AddAccountRights)
(This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
|
|
(This used to be commit ba87142586672a1082200048e7d1ae865d266d6c)
|
|
- added english descriptions of privileges. We should add other
languages in the future.
(This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
|
|
(This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
|
|
(This used to be commit 710732033261f6355893b94b43e6c532baa105e0)
|
|
(This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
|
|
the "privilege" command in smbclient now works against Samba4
(This used to be commit 8a3f2650500e11d1d38d76421f8373e5088d2dc5)
|
|
(This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
|
|
- fixed the sid_index field in lsa LookupSids and LookupNames
(This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
|
|
id->sid mapping
(This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
|
|
(This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
|
|
return code to include our own domain.
editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes
(This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
|
|
seem to be 'shortcut' RPCs, that just avoid an open/query pair).
Rename a few others to give us a slightly sensible pattern.
Andrew Bartlett
(This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
|