summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij2-104/+104
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-17/+88
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r20034: Start using ldb_search_exp_fmt()Simo Sorce1-14/+8
(This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2007-10-10r19903: This is a cut&paste error for sureSimo Sorce1-1/+0
there is no ongoing transaction in this code (This used to be commit 93b738b1112d9e317cb29b32eee45003de37f693)
2007-10-10r19902: give better errors...Stefan Metzmacher1-3/+32
metze (This used to be commit b4d7d49c276a4ec0bcf7971909e74e10476e9ca3)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce2-19/+19
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce3-22/+23
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19256: add missing infolevel and fields to SetUserInfo callRafal Szczesniak1-23/+31
that's why ntsrv and win2k3 srv could pass the net test and we could not... rafal (This used to be commit 60ade8ddbd01ac45e5fe6380542ba23cd861e133)
2007-10-10r18775: Performing an ldb op of 'do nothing' is pointless, and breaks againstAndrew Bartlett1-1/+1
OpenLDAP. Andrew Bartlett (This used to be commit 9ce88a8917d383104c47f794a8c554c43d13e383)
2007-10-10r18416: We need to look for both builtinDomain and domain, in the OpenDomain ↵Andrew Bartlett1-1/+1
call. Andrew Bartlett (This used to be commit 5525baf5217417308ffcebe2be3b4df445fddf75)
2007-10-10r18409: Make sure to print a DEBUG message if this LDB search fails.Andrew Bartlett1-1/+5
Andrew Bartlett (This used to be commit 6419ef09b18b1105956211ae8774963f9cb30d2e)
2007-10-10r18252: Make sure to NULL terminate these lists of attributes.Andrew Bartlett1-7/+16
Andrew Bartlett (This used to be commit 8cddcdb7c71963ed5fc30080c6bd4c48d114e321)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij2-2/+2
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-3/+9
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell2-10/+10
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-15/+15
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-50/+6
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16794: Make Samba4 pass it's own RPC-SAMR test, at least in part. There areAndrew Bartlett2-150/+704
still a couple of unimplemented functions, but this is far better than not testing this at all. In particular, this exercises the password_hash module. Specific changes: - Add support for SetDomainInfo - Add many more info levels to QueryDomainInfo - Set a domain comment in RPC-SAMR, and verify it is kept - Refactor QueryUserInfo not to always serach for all attributes - Add QueryDiplayInfo3 and QueryDomainInfo2 as aliased calls - Make OemChangePassword2 search under the samdb_base_dn(), so it finds the user when partitions are active. - Skip SetSecurity, DisplayIndex, MemberAttributesOfGroup and 'Multiple' alias operations in RPC-SAMR for Samba4 - Add RPC-SAMR as a 'slow' RPC test (it is quite slow) Andrew Bartlett (This used to be commit 01d25c9d6ca8d036d40040e5ee87a330e5b84d55)
2007-10-10r16773: Fix one more RPC-SAMR test (an alias level), and make it clear thatAndrew Bartlett1-5/+11
the unknown value in the samr_GroupInfo structures are the group attributes. Andrew Bartlett (This used to be commit c50095efabb62fbed2e4df7e883df1054e4d92c9)
2007-10-10r16772: Clarify comment.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit fee07161438e624aa343f31f0c1d5379ead95c06)
2007-10-10r16262: Another basedn fix.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit abf104a0d7c548af0a4744798c53064303a1dc3f)
2007-10-10r16236: Add a proper baseDN to a large number of queries. Searching the NULLAndrew Bartlett1-16/+31
baseDN won't work once the partitions module is loaded. Andrew Bartlett (This used to be commit c4ab9e8a754ca4a23a47f38a2344df305b4a351d)
2007-10-10r16166: Remove hexidecimal constants from the Samba4 provision files.Andrew Bartlett1-52/+41
This change is required for compatibility with the OSX client, in particular, but returning 0x80000002 rather than -2147483646 violates what LDAP clients expect in general. Andrew Bartlett (This used to be commit 81f3cd1c4592d2108d521acd701ed4a70a23c465)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij2-2/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14570: Move some functions also they are also used from kpasswdJelmer Vernooij1-309/+0
(This used to be commit 89dfb74894c809d69eab05bdb6d5fe4012153808)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij2-0/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14438: fix warningsStefan Metzmacher1-2/+2
metze (This used to be commit 83d2978da1fbf756a665afc2e8120436dc45ec56)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-1/+1
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij2-0/+4
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13910: Fix the 'your password has expired' on every login. We now considerAndrew Bartlett1-1/+1
if the 'password does not expire' flag has been set, filling in the PAC and netlogon reply correctly if so. Andrew Bartlett (This used to be commit c530ab5dc6865c422382bc0afa7a86f7ec1acdf2)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij2-0/+2
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r12720: By metze's request, rename the ntPwdHistory attribute toAndrew Bartlett1-14/+14
sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory. The idea here is to avoid having conflicting formats when we get to replication. We know the base data matches, but we may need to use a module to munge formats. Andrew Bartlett (This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570)
2007-10-10r12719: Rename unicodePwd -> sambaPassword.Andrew Bartlett1-2/+2
Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
2007-10-10r12684: A better error code for SAMR transaction failures.Andrew Bartlett1-12/+15
Andrew Bartlett (This used to be commit 9c127f35ceae5106ee21c930c3570c0b87341cf6)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-2/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett2-110/+45
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij2-0/+5
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12507: This file has had my grubby paws all over it ;-)Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 865a2552e66221182ffe5d36473828645ac1f59d)
2007-10-10r12506: Fix up issues shown up by the expanded RPC-SAMR testsuite, and add ldbAndrew Bartlett2-43/+140
transactions to the SAMR password change code. Andrew Bartlett (This used to be commit dc091c6c06b5e5488bcc475e88a9f18ead545c85)
2007-10-10r12504: Fix one more transaction cancel bail-out path, and correct comments.Andrew Bartlett1-2/+8
Andrew Bartlett (This used to be commit 07b885d0c7b56f40f89955f6c49af49ac9085d74)
2007-10-10r12503: This function was just too simple to leave unimplemented.Andrew Bartlett1-2/+15
Andrew Bartlett (This used to be commit 2eebd7b3cf385b8d0680f877655136d721157c83)
2007-10-10r12432: Re-indent and consistantly cancel the transaction.Andrew Bartlett1-1/+8
Andrew Bartlett (This used to be commit 2c8b988eb869d06328ebae586caeb565d7f6f054)
2007-10-10r12427: Move SAMR CreateUser2 to transactions, and re-add support forAndrew Bartlett1-4/+75
different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
2007-10-10r12361: Add a new function: ldb_binary_encode_string()Andrew Bartlett1-5/+7
This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2007-10-10r11438: Move enum samr_RejectReason into misc.idl so I can use it in a globalAndrew Bartlett1-1/+1
prototype. Andrew Bartlett (This used to be commit a3abffc75805c8e333f387a96a1dbc352669d359)
2007-10-10r11221: I don't quite know how I tested this before, but clearly I didn't.Andrew Bartlett1-3/+4
The samdb_set_password_sid helper function now works. Andrew Bartlett (This used to be commit 629595f27c3f721c4b317df871814ac5ba06be9c)
2007-10-10r11195: Add a new helper function (needed by my kpasswdd work, but hooked inAndrew Bartlett1-74/+112
for netlogon as well) to change/set a user's password, given only their SID. This avoids the callers doing the lookups, and also performs the actual 'set', as these callers do not wish any further buisness with the entry. Andrew Bartlett (This used to be commit 060a2a7bcca6b58d50bc4e0930c13616742a55d3)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-20/+16
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett2-14/+20
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)