summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12720: By metze's request, rename the ntPwdHistory attribute toAndrew Bartlett1-14/+14
sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory. The idea here is to avoid having conflicting formats when we get to replication. We know the base data matches, but we may need to use a module to munge formats. Andrew Bartlett (This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570)
2007-10-10r12719: Rename unicodePwd -> sambaPassword.Andrew Bartlett1-2/+2
Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
2007-10-10r12684: A better error code for SAMR transaction failures.Andrew Bartlett1-12/+15
Andrew Bartlett (This used to be commit 9c127f35ceae5106ee21c930c3570c0b87341cf6)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-2/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett2-110/+45
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij2-0/+5
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12507: This file has had my grubby paws all over it ;-)Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 865a2552e66221182ffe5d36473828645ac1f59d)
2007-10-10r12506: Fix up issues shown up by the expanded RPC-SAMR testsuite, and add ldbAndrew Bartlett2-43/+140
transactions to the SAMR password change code. Andrew Bartlett (This used to be commit dc091c6c06b5e5488bcc475e88a9f18ead545c85)
2007-10-10r12504: Fix one more transaction cancel bail-out path, and correct comments.Andrew Bartlett1-2/+8
Andrew Bartlett (This used to be commit 07b885d0c7b56f40f89955f6c49af49ac9085d74)
2007-10-10r12503: This function was just too simple to leave unimplemented.Andrew Bartlett1-2/+15
Andrew Bartlett (This used to be commit 2eebd7b3cf385b8d0680f877655136d721157c83)
2007-10-10r12432: Re-indent and consistantly cancel the transaction.Andrew Bartlett1-1/+8
Andrew Bartlett (This used to be commit 2c8b988eb869d06328ebae586caeb565d7f6f054)
2007-10-10r12427: Move SAMR CreateUser2 to transactions, and re-add support forAndrew Bartlett1-4/+75
different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9)
2007-10-10r12361: Add a new function: ldb_binary_encode_string()Andrew Bartlett1-5/+7
This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2007-10-10r11438: Move enum samr_RejectReason into misc.idl so I can use it in a globalAndrew Bartlett1-1/+1
prototype. Andrew Bartlett (This used to be commit a3abffc75805c8e333f387a96a1dbc352669d359)
2007-10-10r11221: I don't quite know how I tested this before, but clearly I didn't.Andrew Bartlett1-3/+4
The samdb_set_password_sid helper function now works. Andrew Bartlett (This used to be commit 629595f27c3f721c4b317df871814ac5ba06be9c)
2007-10-10r11195: Add a new helper function (needed by my kpasswdd work, but hooked inAndrew Bartlett1-74/+112
for netlogon as well) to change/set a user's password, given only their SID. This avoids the callers doing the lookups, and also performs the actual 'set', as these callers do not wish any further buisness with the entry. Andrew Bartlett (This used to be commit 060a2a7bcca6b58d50bc4e0930c13616742a55d3)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-20/+16
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett2-14/+20
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r9930: Use a single samdb_base_dn() function rather than lots of sillyAndrew Bartlett1-25/+18
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce2-13/+8
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9392: Fix ldb_dn_compose to make build farm happySimo Sorce1-10/+4
Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce3-52/+67
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r9015: Fix access to BUILTIN again.Andrew Bartlett1-31/+34
Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2007-10-10r9011: Remove more references to "name" as a netbios name, using theAndrew Bartlett1-20/+81
cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2007-10-10r8983: The KVNO (Kerberos key version number) should be incremented withAndrew Bartlett1-0/+4
every password set. Andrew Bartlett (This used to be commit 71958cb19f8a2289e97f29018bb252a7d4540258)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-21/+5
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8670: Remove GUID code from SAMR, it is handled lower down now. I noticeAndrew Bartlett1-11/+1
this code also does string SIDs, but I'm not quite sure where that fits in. Andrew Bartlett (This used to be commit 968bcc4fe8142319ca0a2ac9e3a895b5436b4552)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-5/+9
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8370: remove the '$' from in the cn: attribute for computer and dc accountsStefan Metzmacher1-7/+21
metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2007-10-10r8232: remove samr_String and netr_String as they are the same as lsa_StringStefan Metzmacher1-2/+2
metze (This used to be commit e601042c07d7b6eed0dc34e5b136d9266b8a0f81)
2007-10-10r7993: Further work on the Krb5 PAC.Andrew Bartlett1-4/+4
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell3-167/+110
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7756: Don't segfault by trying to search for the NULL DN, if the wrongAndrew Bartlett1-5/+7
password was entered. We would not use the results of the search in any case. Andrew Bartlett (This used to be commit edeb908acaaaaab13bef4d2e3fae18d87c07af81)
2007-10-10r7582: Better way to have a fast path searching for a specific DN.Simo Sorce2-43/+36
Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2007-10-10r7507: fixed the problem with users being shown too many times in aclAndrew Tridgell1-3/+3
editors, and added a test for it. (This used to be commit 9e428881f6fc0a422ac9011d847e8f692284397a)
2007-10-10r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.Andrew Bartlett1-13/+13
Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2007-10-10r6470: Remove ldb_search_free() it is not needed anymore.Simo Sorce1-2/+2
Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
2007-10-10r6325: Rename aliasname -> alias_name in CreateDomAlias function.Tim Potter1-11/+11
(This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2007-10-10r6084: - Introduce the samldb module dependency on samba4Simo Sorce1-122/+82
- This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett2-26/+26
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)
2007-10-10r5783: Test renaming of accounts in the RPC-SAMR test, and add support intoAndrew Bartlett1-3/+13
the SAMR server. Andrew Bartlett (This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)
2007-10-10r5437: Allow Samba4 to be compiled by tcc (www.tinycc.org). It still crashes ↵Jelmer Vernooij1-4/+4
when linking though. (This used to be commit 2e1e8db6dc877eb32b51cfc3d9c8f463d14530ec)
2007-10-10r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'.Tim Potter1-4/+4
(This used to be commit 6749b9404d4e9876ecd964e038c608f05d2c0b69)
2007-10-10r5309: removed ads.h from includes.hAndrew Tridgell2-0/+2
(This used to be commit 196c45b834c39f293b9533cec5cfe5a77382d4e2)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-3/+3
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5080: patch from ronnie to make our samr IDL a little more consistentAndrew Tridgell1-12/+12
(This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell2-39/+39
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4745: remove the distinguishedName attribute adds from samr. See theAndrew Tridgell1-5/+0
discussion on samba-technical about this. (This used to be commit e9dff03f79db00636e2b6d93a22e40a3cefed876)
2007-10-10r4715: alwys add the distinguishedName attributeStefan Metzmacher1-0/+5
the w2k3 dc join needs that metze (This used to be commit 29bc75ba28f8c73fe22878948ed43c41faee474c)