sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
63,446 Commits 60 Branches 1,145 Tags 452 MiB
2586cbaadc
Commit Graph

1823 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
2586cbaadc s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the objectclass attributes checking 
Until now we had no real consistent mechanism which allowed us to check if
attributes belong to the specified objectclasses.
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
9e56b54414 s4:objectclass LDB module - instanciate the schema variable centrally on the "ac" context creation 
This unifies the position when the schema is read and prevents multiple
instanciations (eg on a modification operation).
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
da90868907 s4:samldb LDB module - finally we can remove the RDN check 
This is now dynamically always done by the objectclass LDB module
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
ec9b6f3c60 s4:objectclass LDB module - finally implement the correct entry rename protections 
Only the "systemFlags" check is still missing.
 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
0ca17eaa15 s4:objectclass LDB module - cosmetic change 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
c6020ccb87 s4:objectclass LDB module - remove duplicated code 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
95da724325 s4:objectclass LDB module - fix counter variable types 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
0408ec11a9 s4:objectclass LDB module - explain why the search can return with an empty return 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
6afa5a733c s4:objectclass LDB module - this "talloc_steal" is not necessary 
The "parent_dn" was created on the "ac" context which lives anyway longer
than this child request.
 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
2d3760c04c s4:objectclass LDB module - fix error result if an entry doesn't contain a structural objectclass 
We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
2a294d380f s4:objectclass LDB module - use "ldb_oom" for expressing out of memory 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
3c4336bf94 s4:objectclass LDB module - fix header and add my copyright 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
98b98a29f6 s4:password_hash LDB module - adapt the module to the new "ldb_msg_remove_attr" behaviour 2010-06-06 23:13:15 +02:00
Matthias Dieter Wallnöfer
93db960fae s4:samldb LDB module - this codepart isn't needed due to the objectclass LDB module 
When a "computer" entry will be added, also the inherited "user" objectclass is
going to be specified.
 2010-06-06 20:48:58 +02:00
Matthias Dieter Wallnöfer
df63b2ca0e s4:get_last_structural_class - only real structural classes can be candidates for fetching the last one 
Classes with objectCategory = 1 are always structural, these with
objectCategory = 0 also (as we can see in our Windows 2008 R2 schema file where
class "Person" has 0 but is structural).

Abstract classes and auxiliary ones cannot be considered (objectCategory = 2, 3)

http://msdn.microsoft.com/en-us/library/ms677964(VS.85).aspx
 2010-06-06 20:48:42 +02:00
Matthias Dieter Wallnöfer
cadf774f8b s4:dsdb/common/util.c - provide a better implementation of the "samdb_msg_add_(add/del)val" calls 
This supports now also coexisting add and delete message elements with the
same attribute name.
 2010-06-06 20:47:10 +02:00
Matthias Dieter Wallnöfer
45171d6108 s4:ridalloc LDB module - add more "talloc_free"s where useful 
Some were missing on failure return branches.
 2010-06-06 20:44:01 +02:00
Matthias Dieter Wallnöfer
787a42ef99 s4:acl LDB module - fix counter types where appropriate 2010-06-06 20:43:38 +02:00
Matthias Dieter Wallnöfer
fc037e029e s4:descriptor LDB module - cosmetic fixup 2010-06-06 20:43:19 +02:00
Anatoliy Atanasov
3bae05d286 s4: check the sacl and dacl pointers on the old sd 2010-06-01 16:52:46 +03:00
Karolin Seeger
3eab655e54 s4-cracknames: Fix typo in debug message. 
Karolin
 2010-06-01 09:33:53 +02:00
Matthias Dieter Wallnöfer
83788988cb s4:samldb LDB module - start on a sequential trigger implementation 
This is a start to allow the triggers to be called sequentially.
 2010-05-31 22:43:29 +02:00
Matthias Dieter Wallnöfer
0fce829de4 s4:dsdb_load_udv_v1 - "uint32_t" counter type fits better than "unsigned int" 2010-05-31 22:43:28 +02:00
Jelmer Vernooij
82d56b9374 ldb: Fix dependencies when building with system ldb. 2010-05-31 19:22:03 +02:00
Matthias Dieter Wallnöfer
463d5f0afc s4:samldb LDB module - deny delete operations on some important attributes 
Add operations are denied since these are single-valued - only replace is
allowed.

This is only provisorily at the moment - we need to implement the triggers
specified in MS-ADTS.
 2010-05-30 23:13:09 +02:00
Matthias Dieter Wallnöfer
08653ac9c2 s4:samldb LDB module - rework the group change code to be again synchronous 2010-05-30 23:13:08 +02:00
Matthias Dieter Wallnöfer
c2a3792e72 s4:dsdb/samdb/ldb_modules/util.c - make sure to always free temporary data 2010-05-30 20:52:11 +02:00
Matthias Dieter Wallnöfer
b7270fbc99 s4:dsdb_module_search_dn - add code to handle NULL format string 2010-05-30 20:52:10 +02:00
Matthias Dieter Wallnöfer
f927881028 s4:dsdb/common/util.c - fix a counter variable 2010-05-30 20:52:10 +02:00
Matthias Dieter Wallnöfer
189950ce06 s4:dsdb_enum_group_mem - use "unsigned" counters 
"size_t" counters aren't really needed here (we don't check data lengths).
And we save the result in a certain "num_sids" variable which is of type
"unsigned".
 2010-05-24 22:01:36 +02:00
Matthias Dieter Wallnöfer
4d76c0aa80 s4:dsdb_lookup_rids - "unsigned" counters fit better than "signed" in this case 2010-05-24 22:01:20 +02:00
Matthias Dieter Wallnöfer
9696bba1d7 s4:dsdb_add_user - check the "cn"/"account_name" length (should be >= 1) 
This needed by the "cn_name_len"-1 accesses.

And use a "size_t"-typed variable for storing it (length specificators should
always be stored using "size_t" variables).
 2010-05-24 21:55:11 +02:00
Andrew Bartlett
f6aa090202 s4:samr Push most of samr_LookupRids into a helper function 
This is a rewrite of the lookup_rids code, using a query based on the
extended DN for a clearer interface.

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett
 2010-05-24 23:08:56 +10:00
Andrew Bartlett
c6ffd884d9 s4:samr Push most of samr_QueryGroupMember into a helper function 
This is a rewrite of the group membership lookup code, using the
stored extended DNs to avoid doing the lookup into each member to find
the SID

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett
 2010-05-24 23:08:49 +10:00
Andrew Bartlett
20d2847492 s4:samr Move most of samr_CreateDomAlias into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
fc04e565b0 s4:samr Split most of samr_CreateDomainGroup into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
43c931b2d4 s4:samr Split the guts of samr_CreateUser2 into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
e0d141bd46 s4:dsdb Allow a NULL search expression in dsdb_search() 
The NULL search expression expands to (objectClass=*), but %s expands
NULL to (NULL) which doesn't parse...

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
c8a23147fe s4:libcli/ldap Rename ldap.h to libcli_ldap.h 
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h

Andrew Bartlett
 2010-05-21 17:39:15 +10:00
Matthias Dieter Wallnöfer
4b56aa2771 s4:operational LDB module - fix warnings (missing parameters, unused variable) 2010-05-20 10:23:45 +02:00
Andrew Bartlett
9c6b637ce8 s4:auth Change auth_generate_session_info to take flags 
This allows us to control what groups should be added in what use
cases, and in particular to more carefully control the introduction of
the 'authenticated' group.

In particular, in the 'service_named_pipe' protocol, we do not have
control over the addition of the authenticated users group, so we key
of 'is this user the anonymous SID'.

This also takes more care to allocate the right length ptoken->sids

Andrew Bartlett
 2010-05-20 17:39:10 +10:00
Andrew Bartlett
feb9ffdac8 s4:auth Add dependency from the operational module onto auth 
We had to split up the auth module into a module loaded by main deamon
and a subsystem we manually init in the operational module.

Andrew Bartlett
 2010-05-20 17:39:10 +10:00
Andrew Bartlett
72ccbcacdd s4:auth Allow the operational module to get a user's tokenGroups from auth 
This creates a new interface to the auth subsystem, to allow an
auth_context to be created from the ldb, and then tokenGroups to be
calculated in the same way that the auth subsystem would.

Andrew Bartlett
 2010-05-20 17:39:10 +10:00
Andrew Bartlett
5f9024c8a4 s4:auth Move BUILTIN group addition into session.c 
The group list in the PAC does not include 'enterprise DCs' and
BUILTIN groups, so we should generate it on each server, not in the
list we pass around in the PAC or SamLogon reply.

Andrew Bartlett
 2010-05-20 17:39:09 +10:00
Andrew Bartlett
564b4c7443 s4:dsdb disable tokenGroups until end of rewrite 
I need to change the functions this calls

Andrew Bartlett
 2010-05-20 17:39:09 +10:00
Kamen Mazdrashki
799eb535a9 s4/metadata: fix whitespaces 2010-05-19 02:49:05 +03:00
Jelmer Vernooij
c0fb7b8180 s3: Fix some more iconv convenience usages. 2010-05-18 11:45:31 +02:00
Jelmer Vernooij
390ada6ec7 Remove more usages of iconv_convenience in files which were apparently not recompiled by waf. 2010-05-18 11:45:31 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00