summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2008-03-14Rework our SAMR test and SAMR server.Andrew Bartlett2-25/+49
Now that we don't create users/domain groups/aliases in the builtin domain, we hit some bugs in the server-side implementation of the enumeration functions. In essence, it turns out to be: don't treat 0 as a special case. Also, fix up the PDC name to always be returned. I'm sure nothing actually uses it, particularly for BUILTIN... Andrew Bartlett (This used to be commit 353bb79f568f20c8469cb9458f7b14c24612ad23)
2008-03-13Rework SAMR functions to avoid gendb_search()Andrew Bartlett1-26/+38
The gendb_*() API does not return error codes, and mixes error returns with the count of returned entries. Andrew Bartlett (This used to be commit facbc8dfa5188fdd610f400b5be6e05bc33b0820)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-1/+1
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-02-28Check for and reject invalid account flags.Andrew Bartlett1-0/+14
(lest we have an account set with 0 flags) Andrew Bartlett (This used to be commit 7a46e72f8dbb191ac8a811eb4cd95210fab7dc7b)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-14/+14
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-01-16Print out the reason we can't delete the user in SAMR.Andrew Bartlett1-0/+3
We need to be far more granular bout this - in particular, we need a decide LDAP -> NTSTATUS conversion. Andrew Bartlett (This used to be commit 30fc3752c7573fcf8b1a41f7b3bc8dad860077f8)
2007-12-21r26540: Revert my previous commit after concerns raised by Andrew.Jelmer Vernooij1-27/+27
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21r26539: Remove unnecessary statics.Jelmer Vernooij1-27/+27
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21r26328: remove more uses of global_loadparm.Jelmer Vernooij2-6/+6
(This used to be commit 40ae12c08647c47a9c504d39ee6f61c32b4e5748)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+1
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-3/+4
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26296: Store loadparm context in DCE/RPC server context.Jelmer Vernooij2-5/+5
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21r26272: Remove global_loadparm in some more places.Jelmer Vernooij1-2/+3
(This used to be commit 1ab76ecc5311fa863e5d04899b6f110899818f55)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-3/+3
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij2-5/+6
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-6/+6
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij2-2/+2
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-5/+5
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-2/+2
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25052: This missing 'break' caused problems on 32 bit platforms only, due toAndrew Bartlett1-0/+1
alignment of the union. Sorry for the time it took to test and fix this. Andrew Bartlett (This used to be commit 5b893fc6f59aa9324360ca1af4b504a2c140e806)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24973: Try to make it really clear we are dealing with 64 bit numbers here.Andrew Bartlett1-14/+14
Andrew Bartlett (This used to be commit 9aae9b1d243c23b96c0d8d28603b7e0ba25ac1c9)
2007-10-10r24942: Patch from Matthias Wallnöfer <mwallnoefer@yahoo.de> and a testsuiteAndrew Bartlett1-5/+8
to prove it is correct. This should fix bug #4824: User Manager for Domains - Account Expires. Thanks! Andrew Bartlett (This used to be commit e5f0744d627ccfcc2e301fc38d139742f0ea5934)
2007-10-10r24611: Following up on the re-opening of bug 4817 is it pretty clear thatAndrew Bartlett1-23/+22
machine accounts are not subject to password policy in Win2k3 R2 (at least in terms of password quality). In testing this, I found that Win2k3 R2 has changed the way the old ChangePassword RPC call is handled - the 'cross-checks' between new LM and NT passwords are not required. Andrew Bartlett (This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
2007-10-10r24082: Following the removal of a fanstsy condition from the SAMR testsuite,Andrew Bartlett1-7/+0
allow the server side to enumerate all domain controllers and domain members... Andrew Bartlett (This used to be commit d42150ff0a05e891d36d1d3f1ec93952e6d4affd)
2007-10-10r24080: Set the primary group (matching windows) when creating new users inAndrew Bartlett1-0/+2
SAMR. This can't be done in the ldb templates code, as it doesn't happen over direct LDAP. As noted in bug #4829. Andrew Bartlett (This used to be commit 3bfa6dbf7ded06df78310f7bd39d8a8d4edbb4ef)
2007-10-10r24059: Fix bug 4822 reported by Matthias Wallnöfer <mwallnoefer@yahoo.de>.Andrew Bartlett1-155/+178
Any SAMR client (usrmgr.exe in this case) that attempted to set a property to a zero length string found instead the the old value was kept. In fixing this, rework the macros to be cleaner (add the always-present .string) to every macro, and remove the use of the samdb_modify() and samdb_replace() wrappers where possible. Andrew Bartlett (This used to be commit b05fe693047c09b85c7fc0e1ea8d931c99910375)
2007-10-10r24053: Ensure we filter EnumDomainUsers with the supplied mask.Andrew Bartlett1-12/+20
Should fix another part (list of domains in usrmgr incorrectly including accounts) of bug #4815 by mwallnoefer@yahoo.de. Andrew Bartlett (This used to be commit 7f7e4fe2989ef4cb7ec0f855b25e558f3bbd18c5)
2007-10-10r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.Andrew Bartlett1-4/+13
- The icons in usermgr were incorrect, because the acct_flags were not filled in (due to missing attribute in ldb query) - The Full name was missing, and the description used as the full name (due to missing attributes in ldb query and incorrect IDL) To prove the correctness of these fixes, I added a substantial new test to RPC-SAMR-USERS, to ensure cross-consistancy between QueryDisplayInfo and QueryUserInfo on each user. This showed that for some reason, we must add ACB_NORMAL to the acct_flags on level 2 queries (for machine trust accounts)... Getting this right is important, because Samba3's RPC winbind methods uses these queries. Andrew Bartlett (This used to be commit 9475d94a61e36b3507e5fd2e6bb6f0667db4a607)
2007-10-10r23815: Thanks to Matthias Wallnoefer <mwallnoefer@yahoo.de> for pointing outAndrew Bartlett1-5/+5
that we had the wrong objectClass for OU=Domain Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN}) This fixes both the SAMR server and the LDIF templates. Andrew Bartlett (This used to be commit 625a9e6c041bedc93925bdebb3a60af1dbdde317)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell3-9/+6
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23365: Try to make Windows Vista join again. On my new test environment, itAndrew Bartlett1-2/+7
wants to check for an existing domain join account, and fails. This test shows that we need to return NT_STATUS_NONE_MAPPED when nothing matches. (not yet tested if this helps vista). Andrew Bartlett (This used to be commit 7f3671bf11cab36a5c795d7db86f85081b73bc71)
2007-10-10r21362: rename:Stefan Metzmacher1-3/+3
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij2-104/+104
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-17/+88
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r20034: Start using ldb_search_exp_fmt()Simo Sorce1-14/+8
(This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2007-10-10r19903: This is a cut&paste error for sureSimo Sorce1-1/+0
there is no ongoing transaction in this code (This used to be commit 93b738b1112d9e317cb29b32eee45003de37f693)
2007-10-10r19902: give better errors...Stefan Metzmacher1-3/+32
metze (This used to be commit b4d7d49c276a4ec0bcf7971909e74e10476e9ca3)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce2-19/+19
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce3-22/+23
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19256: add missing infolevel and fields to SetUserInfo callRafal Szczesniak1-23/+31
that's why ntsrv and win2k3 srv could pass the net test and we could not... rafal (This used to be commit 60ade8ddbd01ac45e5fe6380542ba23cd861e133)
2007-10-10r18775: Performing an ldb op of 'do nothing' is pointless, and breaks againstAndrew Bartlett1-1/+1
OpenLDAP. Andrew Bartlett (This used to be commit 9ce88a8917d383104c47f794a8c554c43d13e383)
2007-10-10r18416: We need to look for both builtinDomain and domain, in the OpenDomain ↵Andrew Bartlett1-1/+1
call. Andrew Bartlett (This used to be commit 5525baf5217417308ffcebe2be3b4df445fddf75)
2007-10-10r18409: Make sure to print a DEBUG message if this LDB search fails.Andrew Bartlett1-1/+5
Andrew Bartlett (This used to be commit 6419ef09b18b1105956211ae8774963f9cb30d2e)
2007-10-10r18252: Make sure to NULL terminate these lists of attributes.Andrew Bartlett1-7/+16
Andrew Bartlett (This used to be commit 8cddcdb7c71963ed5fc30080c6bd4c48d114e321)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij2-2/+2
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-3/+9
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell2-10/+10
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-15/+15
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-50/+6
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)