1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

343 Commits

Author SHA1 Message Date
Andrew Bartlett
536d585c4c Don't search the whole tree for the domains's sid
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.

Andrew Bartlett
(This used to be commit 52947fc0c0)
2008-03-13 14:11:06 +11:00
Andrew Bartlett
0c88240236 Rework to have member server 'domains' be CN=NETBIOSNAME
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.

This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).

Andrew Bartlett
(This used to be commit bda6a38b05)
2008-03-13 11:36:58 +11:00
Andrew Kroeger
a689d65e4f Treat maxPwdAge == 0 as passwords never expire.
(This used to be commit d28f2cb678)
2008-03-07 05:59:56 -06:00
Andrew Kroeger
01b3d89aec Add samdb_result_account_expires() function.
Windows uses 2 different values to indicate an account doesn't expire: 0 and
9223372036854775807 (0x7FFFFFFFFFFFFFFFULL).

This function looks up the value of the accountExpires attribute and if the
value is either value indicating the account doesn't expire,
0x7FFFFFFFFFFFFFFFULL is returned.

This simplifies the tests for account expiration.  There is no need to check
elsewhere in the code for both values, therefore a simple greater-than
expression can be used.
(This used to be commit 7ce5575a3a)
2008-03-07 05:59:55 -06:00
Jelmer Vernooij
734fea474c Fix typo.
(This used to be commit 2b408e9ed4)
2008-02-29 01:03:31 +01:00
Andrew Bartlett
3abf47fe87 Simplify the 'password must change' logic
This takes the previous patches further, so we catch all the cases
(the KDC looked at the time directly).

Andrew Bartlett
(This used to be commit cda4642a93)
2008-02-29 08:47:42 +11:00
Andrew Bartlett
5043215f21 Generate ACB_PW_EXPIRED correctly
More correctly handle expired passwords, and do not expire machine accounts.

Test that the behaviour is consistant with windows, using the RPC-SAMR test.

Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.

Andrew Bartlett
(This used to be commit acda1f69bc)
2008-02-28 08:50:00 +11:00
Kai Blin
c9ea65e4ce sidmap: Some source code cleanups.
(This used to be commit 16466b543b)
2008-02-05 11:42:39 +01:00
Andrew Bartlett
56cf85f73f r26679: It is very bad to free the ldb handle when you didn't create it...
(My bad when copying this code into samdb_is_gc()).

Andrew Bartlett
(This used to be commit b4a95a8985)
2008-01-06 18:51:02 -06:00
Andrew Bartlett
636c9a7c71 r26648: Move detection of global catalog captability to a central function, so
this can be shared with the CLDAP server (for the netlogon reply).

Andrew Bartlett
(This used to be commit 592c10ae11)
2008-01-03 12:33:35 -06:00
Jelmer Vernooij
7d5f0e0893 r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange.
(This used to be commit 2f29f80e07)
2008-01-01 16:12:15 -06:00
Jelmer Vernooij
86dc05e99f r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob().
(This used to be commit 61ad78ac98)
2008-01-01 16:12:11 -06:00
Jelmer Vernooij
71e2cafe96 r26483: Merge ldb module dependency fixes, fix auth python module.
(This used to be commit 85eeecf997)
2007-12-21 05:50:41 +01:00
Andrew Bartlett
04304808ca r26324: Fix includes for Jelmer.
Andrew Bartlett
(This used to be commit 8089283784)
2007-12-21 05:48:35 +01:00
Jelmer Vernooij
41db2ab12c r26319: Split encoding functions out of libcli_ldap.
(This used to be commit 95a6ef7fc8)
2007-12-21 05:48:33 +01:00
Jelmer Vernooij
43696d2752 r26252: Specify loadparm_context explicitly when creating sessions.
(This used to be commit 7280c1e941)
2007-12-21 05:47:29 +01:00
Jelmer Vernooij
51db4c3f3d r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack.
(This used to be commit ba75f1613a)
2007-12-21 05:47:05 +01:00
Jelmer Vernooij
f4a1083cf9 r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack.
(This used to be commit 0721a07aad)
2007-12-21 05:47:04 +01:00
Jelmer Vernooij
ca0b72a1fd r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.
(This used to be commit 56dfcb4f2f)
2007-12-21 05:45:40 +01:00
Jelmer Vernooij
05e7c48146 r25553: Convert to standard bool type.
(This used to be commit b7371f1a19)
2007-10-10 15:07:54 -05:00
Günther Deschner
f5c546145e r25531: Merge GTYPE_SECURITY_UNIVERSAL_GROUP from samba3.
Guenther
(This used to be commit 5c9d755f52)
2007-10-10 15:07:48 -05:00
Andrew Bartlett
08c97435d3 r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, with
a new torture suite to match.

This should fix bug #4954 by Matthias Wallnöfer <mwallnoefer@yahoo.de>

Previously we had no knowlege of BUILTIN or well-known names.

This code needs expansion to check with winbind for trusted domains.

Andrew Bartlett
(This used to be commit e6fc0e1f54)
2007-10-10 15:06:51 -05:00
Andrew Bartlett
b7a1bb0174 r24648: Found out the meaning of a few more flags.
(This used to be commit 6bdebc3cfd)
2007-10-10 15:02:31 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Stefan Metzmacher
743fbb9261 r22196: give better error codes to make RPC-UNIXINFO pass
metze
(This used to be commit 0096e068d0)
2007-10-10 14:50:03 -05:00
Stefan Metzmacher
4e7520f643 r21772: add DS_BEHAVIOR_WIN2003_INTERIM constant
metze
(This used to be commit 59fffa7ba1)
2007-10-10 14:49:24 -05:00
Stefan Metzmacher
9079448fce r20028: fix typos
metze
(This used to be commit 72f5e0f7ee)
2007-10-10 14:28:49 -05:00
Stefan Metzmacher
524dca68cf r20027: restore instanceType and systemFlags values, which got lost in
http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/dsdb/common/flags.h?p1=branches%2FSAMBA_4_0%2Fsource%2Finclude%2Fads.h&rev=17930&r1=15511&r2=17930

metze
(This used to be commit 5da9dedece)
2007-10-10 14:28:49 -05:00
Andrew Tridgell
515c92a759 r19441: work in progress support for NFS4 ACLs in Samba4 on Linux. Still work
to do, particularly with getting the detailed bit mappings right, and
on sid mapping. Does not pass RAW-ACLS yet
(This used to be commit b92553481b)
2007-10-10 14:21:32 -05:00
Andrew Bartlett
fc7f8236bd r17967: Somewhere along the line we lost unixName here, and so lost the
ability for 'administrator' to log in as unix user 'root'.

Andrew Bartlett
(This used to be commit 221efba528)
2007-10-10 14:16:59 -05:00
Jelmer Vernooij
0329d755a7 r17930: Merge noinclude branch:
* Move dlinklist.h, smb.h to subsystem-specific directories
 * Clean up ads.h and move what is left of it to dsdb/
   (only place where it's used)
(This used to be commit f7afa1cb77)
2007-10-10 14:16:54 -05:00
Andrew Tridgell
0fd9807942 r17823: get rid of most of the samdb_base_dn() calls, as they are no longer
needed in searches
(This used to be commit a5ea749f0a)
2007-10-10 14:16:45 -05:00
Simo Sorce
71041a5007 r17504: Do not use the invented unixID but use the rfc2307 uidNumber and gidNumber attributes instead
Do not change unixName right now, we don't have an attribute to use in the posixGroup class,
and I think we should remove its usage altogether and look up users and groups by their uid/gid only.

Simo.
(This used to be commit d57b521aad)
2007-10-10 14:15:30 -05:00
Andrew Bartlett
51e0ae33ac r16833: Add a base DN to more search calls, we need to look for an ID over the
whole tree here.

Andrew Bartlett
(This used to be commit 7674306e67)
2007-10-10 14:09:49 -05:00
Jelmer Vernooij
e002300f23 r15328: Move some functions around, remove dependencies.
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
2007-10-10 14:05:17 -05:00
Stefan Metzmacher
0bfa0d115c r15076: give the correct return code
metze
(This used to be commit 92a0663812)
2007-10-10 14:04:06 -05:00
Stefan Metzmacher
2e894625e7 r14964: - move sidmap code from ntvfs_common to SAMDB
- make ntvfs_common a library
- create sys_notify library

metze
(This used to be commit a3e1d56cf7)
2007-10-10 14:00:47 -05:00
Andrew Bartlett
0aeb2a50b1 r14637: Extend the ACB -> userParameters flag mapping based on the ovbious connections.
Andrew Bartlett
(This used to be commit 3e9e505e9e)
2007-10-10 13:59:03 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Stefan Metzmacher
475bbbfa84 r14442: the ACB_ flags are 32 bit...
metze
(This used to be commit a653ebd15d)
2007-10-10 13:57:25 -05:00
Andrew Tridgell
a0e6f6c05b r5309: removed ads.h from includes.h
(This used to be commit 196c45b834)
2007-10-10 13:09:40 -05:00
Stefan Metzmacher
1ec6416a35 r4568: make use of SidType and move it to lsa.idl
metze
(This used to be commit c2523adc0a)
2007-10-10 13:08:28 -05:00
Stefan Metzmacher
8d0c3eefbc r4096: move the samdb code to source/dsdb/
the idea is to have a directory service db layer
which will be used by the ldap server, samr server, drsuapi server
authentification...

I plan to make different implementations of this interface possible
- current default will be the current samdb code with sam.ldb
- a compat implementation for samba3 (if someone wants to write one)
- a new dsdb implementation which:
  - understands naming contexts (directory parrtitions)
  - do schema and acl checking checking
  - maintain objectGUID, timestamps and USN number,
    maybe linked attributes ('member' and 'memberOf' attributes)
  - store metadata on a attribute=value combination...

metze
(This used to be commit 893a8b8bca)
2007-10-10 13:06:26 -05:00