summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-01-18s4-pyldb Fix tp_basicsize for PyLdbDnAndrew Bartlett1-1/+1
This wasn't actually causing problems before, as the structures were the same size. Andrew Bartlett
2011-01-18s4-pygensec Add bindings for server_start() and update()Andrew Bartlett1-4/+96
2011-01-18s4-pyauth Add bindings for auth_context_create() as AuthContext()Andrew Bartlett2-1/+81
2011-01-18s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2-12/+15
This does a talloc check of the returned pointer before casting it. Andrew Bartlett
2011-01-18s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2-6/+17
We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
2011-01-18s4-ldb_ldif: Take into account LDB_FLG_SHOW_BINARYKamen Mazdrashki1-1/+4
when user requires binary data to be displayed using samba user-friendly ldif handlers Found using following test search: bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \ "(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Jan 18 00:40:01 CET 2011 on sn-devel-104
2011-01-18s4-ldb_ldif: Don't check for LDB_FLG_SHOW_BINARY in ldb_should_b64_encodeKamen Mazdrashki1-4/+0
LDB_FLG_SHOW_BINARY is data representation flag and should not modify behavior of data checking functions. This lead to a bug in lib/ldb/ldb_tdb/ldb_index.c as ltdb_index_key() function relies on ldb_should_b64_encode function to determine how to process index keys. Found using following test search: bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \ "(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
2011-01-17s4-provision: Fixed owner/group for hard-coded Sites descriptor.Nadezhda Ivanova1-3/+1
We must not specify explicitly owner and group. As there is a difference between WIN_2003 and WIN_2008, we should let descriptor module compute the correct default ones. Also removed inherited ACEs, they are ignored during SD creation anyway. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Jan 17 18:23:24 CET 2011 on sn-devel-104
2011-01-17s4-tools: Fixed a bug in ldapcmp - DACL was not retrieved correctly if the ↵Nadezhda Ivanova1-1/+4
object had no SACL. --Pair-Programmed-With: Zahari Zahariev
2011-01-17s4-tools: Added a --sort-aces option to ldapcmpNadezhda Ivanova1-6/+12
This option sorts the ACE lists during SD comparison in collision view to make it easier to determine of a difference is only in ACE order, and if not, where do differences start. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
2011-01-17ldb: new ABI sigs fileAndrew Tridgell1-0/+248
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Jan 17 06:09:23 CET 2011 on sn-devel-104
2011-01-17s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell4-26/+32
dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell25-235/+335
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17ldb: added ldb_req_mark_trusted()Andrew Tridgell3-1/+14
this is used to mark a ldb child request trusted, if the caller has validated all inputs. This will be used when creating new child requests with trusted inputs. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17ldb: inherit parent flags on child requests in modulesMatthias Dieter Wallnöfer1-0/+11
2011-01-17web_server: Display trivial placeholder page if SWAT could not be found.Jelmer Vernooij1-6/+19
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Jan 17 01:27:10 CET 2011 on sn-devel-104
2011-01-17web_server: Fix initialization.Jelmer Vernooij1-3/+6
2011-01-17web_server: Avoid references to swat. Load samba.web_server instead.Jelmer Vernooij2-8/+11
2011-01-17param: Load web service by default.Jelmer Vernooij1-1/+1
2011-01-15s4:dsdb_find_nc_root - fix it up to let the provisioning work correctlyMatthias Dieter Wallnöfer1-2/+2
Use the temporary list unless we have at least the three main "namingContexts" from the rootDSE available (Default, Configuration, Schema - these are mandatory on all AD deployments!). This bug has been discovered by Nadya in relation with her SD work. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
2011-01-15s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer1-7/+7
This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
2011-01-15s4:samr RPC server - always interpret filter integer values as signedMatthias Dieter Wallnöfer1-4/+4
To prevent platform-dependant problems. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
2011-01-14s4:web_server - immeditately assign "wdata" as private data for the stream ↵Matthias Dieter Wallnöfer1-11/+11
socket This fixes bug #7887. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 22:33:13 CET 2011 on sn-devel-104
2011-01-14s4:urgent_replication.py - remove a now superflous RELAX controlMatthias Dieter Wallnöfer1-1/+1
The LSA object creation protection changed to the trusted/untrusted connection model. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
2011-01-14s4:samldb LDB module - fix "userAccountControl" handlingMatthias Dieter Wallnöfer2-15/+39
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags are set on LDAP add operations. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
2011-01-14ldb:ldb_dn.c - fix counter type in "ldb_dn_minimise"Matthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
2011-01-14waf: use PYTHONARCHDIR for installing python shared libsAndrew Tridgell5-1/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 08:19:40 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: only enforce the extended dn rules over ldapAndrew Tridgell1-2/+21
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: removed the last use of samdb_search_*() from the dsdb ldb modulesAndrew Tridgell1-4/+12
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: removed some more samdb_search_*() calls from samldb.cAndrew Tridgell1-26/+69
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: replaced another use of samdb_search in a ldb moduleAndrew Tridgell1-4/+10
we should be using the dsdb_module_search*() calls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: fixed primaryGroupID to use dsdb_module_search_dn()Andrew Tridgell1-6/+14
this avoids using a multi-part extended DN in a search that hits the check in extended_dn_in Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: fixed filtering of tokengroupsAndrew Tridgell1-5/+3
builtin groups are shown in user tokenGroups searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: new ABI file for 0.9.23Andrew Tridgell1-0/+247
2011-01-14s4-kdc: don't ask for an extended DN for krbtgt_dnAndrew Tridgell1-1/+1
otherwise msg->dn would be non-minimal and would fail in searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-test: added a tokengroups testAndrew Tridgell2-0/+101
this tests that the remote tokenGroups match the internally calculated ones Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-samdb: give a more useful debug when we can't open the privileges dbAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-auth: fixed status return Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-samba-tool: fixed the gpo command to use the right DN for access checksAndrew Tridgell1-5/+14
2011-01-14s4-dsdb: minimise the DN in group expansionAndrew Tridgell1-0/+5
this DN we have came from an extended DN search, which means it may have multiple extended components. We need to minimise the DN before AD will accept it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: added ldb_dn_minimise()Andrew Tridgell2-0/+64
this removes any extraneous components from a DN. For an extended DN, this means removing the string DN and all but the first extended component. This is needed as AD returns "invalid syntax" if you don't use a minimal DN as the base DN for a search. A non-minimal DN also doesn't ever match in a search expression. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dns: renamed DNS_TYPE_ZERO to DNS_TYPE_TOMBSTONEAndrew Tridgell1-5/+5
we now know that these are tombstone records, with a timestamp Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: validate number of extended componentsAndrew Tridgell1-2/+10
this checks that the number of extended components in a DN is valid, to match MS AD behaviour. We need to do this to ensure that our tools don't try to do operations that will be invalid when used against MS servers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: added ldb_dn_get_extended_comp_num()Andrew Tridgell3-1/+10
this returns the number of extended components. We need this to validate a DN in the extended_dn_in module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-samba_tool Added ACL checking to python GPO management toolAndrew Bartlett1-8/+26
2011-01-14pyldb Simplify python wrappers for struct ldb_val (LdbValue)Andrew Bartlett1-17/+4
Andrew Bartlett
2011-01-14s4-auth Add get and set methods for auth_session_info python wrapperAndrew Bartlett2-7/+73
This allows the session key, security_token and credentials to be manipulated from python. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-01-14s4-auth Add function to obtain any user's session_info from a given LDBAndrew Bartlett6-81/+209
This will be a building block for a tokenGroups test, which can compare against a remote server (in particular the rootDSE) against what we would calculate the tokenGroups to be. (this meant moving some parts out of the auth_sam code into the containing library) Andrew Bartlett
2011-01-14s4-auth use new dsdb_expand_nested_groups()Andrew Bartlett2-152/+11
This isn't quite as good as using tokenGroups, but that is only available for BASE searches, and this isn't how the all the callers work at the moment. Andrew Bartlett
2011-01-14s4-dsdb Implement tokenGroups expansion directly in ldb operational moduleAndrew Bartlett3-30/+269
This removes a silly cross-dependency between the ldb moudle stack and auth/ Andrew Bartlett