Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
|
|
implementation.
Andrew Bartlett
(This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
|
|
(This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
schannel connections.
Test for Win2k3 SP1 behaviour in RPC-SCHANNEL.
Andrew Bartlett
(This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
|
|
Andrew Bartlett
(This used to be commit ddc3a1c79e80e12296c398c42110fc378fb80e00)
|
|
searches all over the place.
This can be extended to cover an NT4 (no ADS) mode in future as well.
Andrew Bartlett
(This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
|
|
Guenther
(This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
|
|
Add ldb_dn_string_compose so that you can build a dn starting from a
struct ldb_dn base and a set of parameters to be composed in a format
string with the same syntax of printf
(This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|
|
cross-reference instead.
Andrew Bartlett
(This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
|
|
netbios domain name of the host, as well as the sid from the cache we
fetched earlier.
Andrew Bartlett
(This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
|
|
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
|
|
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
|
|
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.
The main fixes are:
- assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats
- use of NULL format statements to perform dn searches.
- assumption that sizeof() returns an int
(This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
|
|
metze
(This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
Old way was ugly and had a bug, you couldn't add an attribute named
dn or distinguishedName and search for it, tdb would change that search in a dn search.
This makes it also possible to search by dn against an ldap server as the old method was
not supported by ldap syntaxes.
sss
(This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
|
|
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
|
|
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
thanks to our move to talloc in ldb code, we do not need to expose it anymore
- removal of ldb_close() function form the code
thanks to our move to talloc in ldb code, we do not need it anymore
use talloc_free() to close and free an ldb database
- some minor updates to ldb modules code to cope with the change and fix some
bugs I found out during the process
(This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
|
|
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
files don't need to match the type names in the generated headers
- with this type mapping we no longer need definitions for the
deprecated "int32", "uint8" etc form of types. We can now force
everyone to use the standard types int32_t, uint8_t etc.
- fixed all the code that used the deprecated types
- converted the IDL types "int64" and "uint64" to "dlong" and
"udlong". These are the 4 byte aligned 64 bit integers that
Microsoft internally define as two 32 bit integers in a
structure. After discussions with Ronnie Sahlberg we decided that
calling these "int64" was confusing, as it implied a true 8 byte
aligned type
- fixed all the cases where we incorrectly used things like
"NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
those. The fact that it is hyper-aligned on the wire is not relevant
to the API, and should remain just a IDL property
(This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
|
|
(more info levels to come)
Andrew Bartlett
(This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
|
|
Add my copyright to the SAMR server.
Andrew Bartlett
(This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
|
|
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
|
|
Add lsa_Delete() support for secrets.
Andrew Bartlett
(This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
|
|
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-)
Andrew Bartlett
(This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
|
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
one pipe
this stage does the following:
- simplifies the dcerpc_handle handling, and all the callers of it
- split out the context_id depenent state into a linked list of established contexts
- fixed some talloc handling in several rpc servers that i noticed while doing the above
(This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
|
|
doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
(This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
|
|
privileges, as
volker discovered
(This used to be commit 09edc31f3b92105dab585614553ba5e94ccdf588)
|
|
(This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
|
|
for adding LookupSids3 (needed for ACL editing from w2k3)
(This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
|
|
Volker
(This used to be commit 97247c902962b7c0ac69691ae8d7300321de41d5)
|
|
we don't need to do db lookups as we already known who the user is
metze
(This used to be commit cef0d1eb29c6c5d41591a5c0beaed1dc26961211)
|
|
- give lsa_lookup_sid() a chance with foreign SIDS
returning NT_STATUS_NO_MEMORY makes no sense here
as the ldb_msg_find_string() doesn't allocate the string
metze
(This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
|
|
(This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
|
|
lsa_RemovePrivilegesFromAccount()
these are the last of the server side privileges functions. We should
now have a complete privileges implementation.
(This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
|
|
(This used to be commit a80c82d2635fce42482982d904f265199a000e10)
|
|
- expanded the lsa test suite to better test lsa_EnumAccounts()
(This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
|
|
(This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
|
|
(This used to be commit 31ab04f790ff4349dbc8a24c07fa35e10b831baf)
|
|
easily adding/removing privileges from users
(This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)
|
|
with lsa_AddAccountRights)
(This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
|
|
(This used to be commit ba87142586672a1082200048e7d1ae865d266d6c)
|