1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

866 Commits

Author SHA1 Message Date
Andrew Bartlett
1107021f3a s4:samldb: make use of dom_sid_split_rid()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:26 +11:00
Andrew Bartlett
b65f1a0977 s4:samldb: improve error strings
When things go wrong with LDB, this routine seems to be particularly
sensitive to it.  This extra debugging should help the next poor soul who
breaks LDB.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:25 +11:00
Andrew Bartlett
30ae74d399 s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)

At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:24 +11:00
Andrew Bartlett
8ce5640fbf Add hint to use passwordAttributes in @KLUDGE_ACL in future
This module is not used at the moment, but if we do use it again, we
should try to avoid duplicate lists.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:23 +11:00
Andrew Bartlett
56d39e1711 Make greater use of 'GUID_from_data_blob'
This avoids accidentily running off the end of a string, and uses a
single 'guess which type of GUID I have' algorithm.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:23 +11:00
Andrew Bartlett
d2ec925c63 Fix sequence number generation against OpenLDAP
It seems that in 2deeb99fff adding the
partition control to this request was missed out.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:23 +11:00
Stefan Metzmacher
0f74de3d37 s4:password_hash: really catch the clearTextPasswordAttr case...
This fixes the creation of the user object for incoming trusts
in dcesrv_lsa_CreateTrustedDomain_base().

And now w2k3 trust samba4 just fine:-)

metze
2008-12-05 14:16:47 +01:00
Stefan Metzmacher
677e0fb965 s4:kludge_acl: allow everybody to read the sequence number
metze
2008-12-04 15:45:16 +01:00
Andrew Bartlett
6c298c06f3 Don't treat the DN+binary syntax as a DN.
This should fix the OpenLDAP backend
2008-12-02 14:22:24 +11:00
Stefan Metzmacher
327d2be452 s4:dsdb/samdb: don't allow objects without objectClass
We're using @ROOTDSE instead of CN=ROOTDSE.

metze
2008-11-17 11:37:58 +01:00
Andrew Bartlett
a19df19501 Run the original operation before we update linked attrs
This causes the linked attribute modifies to occour after the original
operation is entered in the transaction (any failure still fails the
lot).  This means (I hope) that we can have another module search the
originating record when the backlink is created, filling in the GUID
and SID for the extended DN.

Andrew Bartlett
2008-11-17 13:59:51 +11:00
Andrew Bartlett
00b6343406 The samba3sam test does not really need the extended_dn module
(This module has been split up into extended_dn_in, extended_dn_out
and extended_dn_store).

Andrew Bartlett
2008-11-17 10:06:37 +11:00
Stefan Metzmacher
1d9c88b388 s4:dsdb/schema_fsmo: provide "extendedAttributeInfo" and "extendedClassInfo"
metze
2008-11-16 16:37:28 +01:00
Stefan Metzmacher
a1f76f7afe s4:dsdb/schema: add a function to generate the "extendedClassInfo" values
metze
2008-11-16 16:37:28 +01:00
Stefan Metzmacher
3c0f03ade2 s4:dsdb/schema: add a function to generate the "extendedAttributeInfo" values
metze
2008-11-16 16:37:27 +01:00
Stefan Metzmacher
203544e690 s4:dsdb/schema: use pointers for rangeLower and rangeUpper.
This makes clear there's an value stored in the schema,
as they can be '0'.

metze
2008-11-16 16:37:27 +01:00
Stefan Metzmacher
6770fd12cc s4:dsdb/schema: we don't need to use find_syntax_map_by_ad_oid() as the syntax is already known
metze
2008-11-16 16:37:27 +01:00
Stefan Metzmacher
1290b1d3d3 s4:librpc/ndr: integrate NDR_MISC into LIBNDR
metze
2008-11-16 16:24:34 +01:00
Günther Deschner
c8a8c2388b s4-dsdb: add samdb_msg_add_parameters.
Guenther
2008-11-10 21:46:25 +01:00
Günther Deschner
e78379be0b s4-dsdb: add samdb_result_parameters.
Guenther
2008-11-10 21:46:25 +01:00
Stefan Metzmacher
f0b3f98b4f s4: dsdb/schema: fix the equality and comment of DN+String syntax
metze
2008-11-08 08:02:28 +01:00
Stefan Metzmacher
9579036dc5 s4: fix samba4.samba3sam.python test
metze
2008-11-08 08:02:25 +01:00
Andrew Bartlett
169f906408 Give a better error when ldb_dn_from_ldb_val fails 2008-11-04 16:06:57 +11:00
Andrew Bartlett
9381a78c39 Use ldb_dn_from_ldb_val to avoid possible over-run of the value.
The ldb_val is length-limited, and while normally NULL terminated,
this avoids the chance that this particular value might not be, as
well as avoiding a cast.

Andrew Bartlett
2008-11-04 16:06:56 +11:00
Andrew Bartlett
adf016e119 Fix use of wrong union arm in linked_attributes module
This bug occours frequenetly in ldb users because the union so happens
to be layed out that this works.  However, it is still incorrect
usage...

Andrew Bartlett
2008-11-04 16:06:56 +11:00
Andrew Tridgell
e311becaad use the new CH_UTF16_MUNGED charset for utf16 password buffers
now to work out how to test this ...
2008-10-31 15:48:47 +11:00
Jelmer Vernooij
23302413b3 Remove unused include param/param.h. 2008-10-24 16:37:56 +02:00
Jelmer Vernooij
37d885c51a Remove iconv_convenience argument from convert_string{,talloc}() but
make them wrappers around convert_string{,talloc}_convenience().
2008-10-24 14:26:46 +02:00
Jelmer Vernooij
09a63accb8 Move charset library to top level. 2008-10-24 00:06:35 +02:00
Andrew Bartlett
e79835b096 Clarify the linked attribute module behaviour with comments 2008-10-23 12:50:22 +11:00
Jelmer Vernooij
87ec1d2532 Make sure prototypes are always included, make some functions static and
remove some unused functions.
2008-10-20 18:59:51 +02:00
Günther Deschner
dd49f7483b s4-drsuapi: merge drsuapi_DsGetNCChanges from s3 drsuapi idl.
Guenther
2008-10-18 23:06:39 +02:00
Jelmer Vernooij
6a89b59ca6 Add TALLOC_CTX pointer to strhex_to_data_blob for consistency with Samba
3.
2008-10-18 18:09:04 +02:00
Andrew Bartlett
c35b0d9ab5 Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel 2008-10-17 15:57:07 +11:00
Andrew Bartlett
99315a19be Fix errrors in new password handling code found by RPC-SAMR.
I'm very glad we have such a comprehensive testsuite for the SAMR
password change process, as it makes this a much easier task to get
right.

Andrew Bartlett
2008-10-17 12:41:02 +11:00
Simo Sorce
2deeb99fff Transform the sequence_number operation into a normal extended operation as it should always have been. Make it also async so that it is not a special case. 2008-10-16 12:55:30 -04:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords.
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
2008-10-16 12:48:16 +11:00
Matthias Dieter Wallnöfer
9dcbddd5c6 The ldb async merge broke all MMC management utilties
Commit 51baa8deec included a
copy-and-paste bug which caused all MMC mangement utilities to break.

Because of the typo Samba4 would no longer include the magic 'you may
write to these attributes/create these classes' attributes, these
tools would display all fields greyed out or 'read only', and not
allow the creation of child objects.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-14 11:16:23 +11:00
Matthias Dieter Wallnöfer
88f1d885ea DSDB cosmetic patches: Some enhancements
Also, use the constants more in the "ldif_handlers" module.
2008-10-13 10:47:06 -04:00
Matthias Dieter Wallnöfer
345e731fc1 Cosmetic corrections for the DSDB module
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
2008-10-13 10:11:30 -04:00
Jelmer Vernooij
218f482fbf Use common strlist implementation in Samba 3 and Samba 4. 2008-10-12 00:56:56 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Andrew Bartlett
8256717c76 Implement 'type unknown' names in the CrackNames code.
This guesses the type by running each of the possible options.

Andrew Bartlett
2008-10-06 14:28:24 -07:00
Andrew Bartlett
c0240d7835 Remove compleatly bogus rename test in partitions module. 2008-10-06 14:16:30 -07:00
Andrew Bartlett
7d9f18609b Remove DESCRIPTION from generated schema lines.
This is not permitted in the AD aggregate schema, and more trouble
than it is worth in the OpenLDAP schema due to escaping issues.

Andrew Bartlett
2008-10-06 14:16:30 -07:00
Andrew Bartlett
c412a930ad Fix Domain Trust creation with Windows 2008 (and many other tools)
A dITConentRules attribute (unlike objectClasses) must not contain a
'SUP'.

The ADSI layer in Windows would download the whole schema, and
validate it.  Thanks to the team at Microsoft for very long debugging
session to find this.

Andrew Bartlett
2008-10-06 14:16:29 -07:00
Andrew Tridgell
23ec448f83 Merge commit 'master/master' 2008-10-03 12:23:00 -07:00
Andrew Tridgell
163fa1d25a fixed the partition module and the GC handling
- when multiple partitions are searched, consider the search a
   success if any of the partitions return success
 
 - only search the right subset of partitions, looking at the scope
   and basedn of the search

This fixes several errors with GC searches
2008-10-03 12:21:53 -07:00
Andrew Tridgell
c5fdb82d32 fixed the sense of ldb base dn comparisons in two places, and use a
direct comparison instead of a sub-tree comparison in another

this fixes basedn searches on the global catalog port
2008-10-02 21:58:46 -07:00
Simo Sorce
b174765d54 Fix crash bugs in error paths: ac is not yet initialized here, and we don't
need to call ldb_module_done in the main module functions, we can directly
return an error. ldb_module_done() is for callbacks
2008-10-02 17:15:00 -04:00