1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00

235 Commits

Author SHA1 Message Date
Günther Deschner
a2a26da899 s4-samr: merge samr_Connect5 from s3 idl. (fixme python)
Guenther
2008-11-10 21:46:28 +01:00
Günther Deschner
8f1559c350 s4-samr: merge samr_GetDomPwInfo from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:28 +01:00
Günther Deschner
f42f1ae5a8 s4-samr: merge samr_GetUserPwInfo from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:27 +01:00
Günther Deschner
94b7db1fb4 s4-samr: merge samr_RidToSid from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:27 +01:00
Günther Deschner
5ce30d0f4d s4-samr: merge samr_QuerySecurity from s3 idl. (fixme: python)
Guenther
2008-11-10 21:46:27 +01:00
Günther Deschner
93c6129c99 s4-samr: merge samr_LookupRids from s3 idl.
Guenther
2008-11-10 21:46:27 +01:00
Günther Deschner
244dee6275 s4-samr: prepare for Query.*Info calls: change macros.
Guenther
2008-11-10 21:46:26 +01:00
Günther Deschner
9888ed1d9b s4-samr: merge samr_UserInfo20 from s3 idl.
This must not be treated as a normal string (strlen truncates it).

Guenther
2008-11-10 21:46:25 +01:00
Andrew Bartlett
31158c0256 Use ldb_dn_from_ldb_val() to create a DN in the SAMR server
The previous code incorrectly cast an ldb_val into a char *.

Andrew Bartlett
2008-11-04 16:06:57 +11:00
Andrew Bartlett
9381a78c39 Use ldb_dn_from_ldb_val to avoid possible over-run of the value.
The ldb_val is length-limited, and while normally NULL terminated,
this avoids the chance that this particular value might not be, as
well as avoiding a cast.

Andrew Bartlett
2008-11-04 16:06:56 +11:00
Günther Deschner
11ecd5acfd s4: merge from s3 samr.idl.
Guenther
2008-10-15 17:42:33 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
2008-09-23 18:17:46 -04:00
Andrew Bartlett
d626a26374 Rename structures to better match the names in the WSPP IDL.
The 'comment' element in a number of domain structures is called
oem_information.  This was picked up actually because with OpenLDAP
doing the schema checking, it noticed that 'comment' was not a valid
attribute.

The rename tries to keep this consistant in both the LDB mappings and
IDL, so we don't make the same mistake in future.

This has no real schema impact, as this value isn't actually used for
anything, as 'comment' was not used in the provision.

Andrew Bartlett
(This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a)
2008-07-21 13:42:07 +10:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly.
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-17 12:23:44 +02:00
Andrew Bartlett
9a6422b695 Rework our SAMR test and SAMR server.
Now that we don't create users/domain groups/aliases in the builtin
domain, we hit some bugs in the server-side implementation of the
enumeration functions.

In essence, it turns out to be: don't treat 0 as a special case.

Also, fix up the PDC name to always be returned.  I'm sure nothing
actually uses it, particularly for BUILTIN...

Andrew Bartlett
(This used to be commit 353bb79f568f20c8469cb9458f7b14c24612ad23)
2008-03-14 12:26:03 +11:00
Andrew Bartlett
80f7e9e081 Rework SAMR functions to avoid gendb_search()
The gendb_*() API does not return error codes, and mixes error returns
with the count of returned entries.

Andrew Bartlett
(This used to be commit facbc8dfa5188fdd610f400b5be6e05bc33b0820)
2008-03-13 17:26:01 +11:00
Andrew Bartlett
0c88240236 Rework to have member server 'domains' be CN=NETBIOSNAME
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.

This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).

Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-03-13 11:36:58 +11:00
Andrew Bartlett
227cecadf9 Check for and reject invalid account flags.
(lest we have an account set with 0 flags)

Andrew Bartlett
(This used to be commit 7a46e72f8dbb191ac8a811eb4cd95210fab7dc7b)
2008-02-28 10:05:32 +11:00
Andrew Bartlett
5043215f21 Generate ACB_PW_EXPIRED correctly
More correctly handle expired passwords, and do not expire machine accounts.

Test that the behaviour is consistant with windows, using the RPC-SAMR test.

Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.

Andrew Bartlett
(This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-02-28 08:50:00 +11:00
Andrew Bartlett
5df2ac18e7 Print out the reason we can't delete the user in SAMR.
We need to be far more granular bout this - in particular, we need a
decide LDAP -> NTSTATUS conversion.

Andrew Bartlett
(This used to be commit 30fc3752c7573fcf8b1a41f7b3bc8dad860077f8)
2008-01-16 15:48:28 +11:00
Jelmer Vernooij
0500b87092 r26540: Revert my previous commit after concerns raised by Andrew.
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21 05:52:06 +01:00
Jelmer Vernooij
3e75f222bc r26539: Remove unnecessary statics.
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21 05:52:05 +01:00
Jelmer Vernooij
6c77f353d3 r26328: remove more uses of global_loadparm.
(This used to be commit 40ae12c08647c47a9c504d39ee6f61c32b4e5748)
2007-12-21 05:48:41 +01:00
Jelmer Vernooij
41db2ab12c r26319: Split encoding functions out of libcli_ldap.
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21 05:48:33 +01:00
Jelmer Vernooij
2f5ca872a8 r26313: Fix more uses of static loadparm.
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21 05:48:25 +01:00
Jelmer Vernooij
57f20ccd24 r26296: Store loadparm context in DCE/RPC server context.
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21 05:48:13 +01:00
Jelmer Vernooij
f4a1083cf9 r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack.
(This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21 05:47:04 +01:00
Andrew Bartlett
25143a2648 r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were just
wrappers to ldb_add() etc.  samdb_replace() remains, as it sets flags on
all entries as 'replace'.

Andrew Bartlett
(This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21 05:46:17 +01:00
Jelmer Vernooij
ca0b72a1fd r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-12-21 05:45:40 +01:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10 15:07:25 -05:00
Andrew Bartlett
6a30131b8b r25052: This missing 'break' caused problems on 32 bit platforms only, due to
alignment of the union.

Sorry for the time it took to test and fix this.

Andrew Bartlett
(This used to be commit 5b893fc6f59aa9324360ca1af4b504a2c140e806)
2007-10-10 15:05:51 -05:00
Jelmer Vernooij
ffeee68e4b r25026: Move param/param.h out of includes.h
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10 15:05:38 -05:00
Andrew Bartlett
7c81e6d21c r24973: Try to make it really clear we are dealing with 64 bit numbers here.
Andrew Bartlett
(This used to be commit 9aae9b1d243c23b96c0d8d28603b7e0ba25ac1c9)
2007-10-10 15:03:43 -05:00
Andrew Bartlett
466bd44a46 r24942: Patch from Matthias Wallnöfer <mwallnoefer@yahoo.de> and a testsuite
to prove it is correct.

This should fix bug #4824: User Manager for Domains - Account Expires.

Thanks!

Andrew Bartlett
(This used to be commit e5f0744d627ccfcc2e301fc38d139742f0ea5934)
2007-10-10 15:03:41 -05:00
Andrew Bartlett
bd705012b8 r24082: Following the removal of a fanstsy condition from the SAMR testsuite,
allow the server side to enumerate all domain controllers and domain
members...

Andrew Bartlett
(This used to be commit d42150ff0a05e891d36d1d3f1ec93952e6d4affd)
2007-10-10 15:01:24 -05:00
Andrew Bartlett
008b840760 r24080: Set the primary group (matching windows) when creating new users in
SAMR.  This can't be done in the ldb templates code, as it doesn't
happen over direct LDAP.

As noted in bug #4829.

Andrew Bartlett
(This used to be commit 3bfa6dbf7ded06df78310f7bd39d8a8d4edbb4ef)
2007-10-10 15:01:23 -05:00
Andrew Bartlett
fe60cd993d r24059: Fix bug 4822 reported by Matthias Wallnöfer <mwallnoefer@yahoo.de>.
Any SAMR client (usrmgr.exe in this case) that attempted to set a
property to a zero length string found instead the the old value was
kept.

In fixing this, rework the macros to be cleaner (add the
always-present .string) to every macro, and remove the use of the
samdb_modify() and samdb_replace() wrappers where possible.

Andrew Bartlett
(This used to be commit b05fe693047c09b85c7fc0e1ea8d931c99910375)
2007-10-10 15:01:20 -05:00
Andrew Bartlett
41ab04e37c r24053: Ensure we filter EnumDomainUsers with the supplied mask.
Should fix another part (list of domains in usrmgr incorrectly
including accounts) of bug #4815 by mwallnoefer@yahoo.de.

Andrew Bartlett
(This used to be commit 7f7e4fe2989ef4cb7ec0f855b25e558f3bbd18c5)
2007-10-10 15:01:19 -05:00
Andrew Bartlett
32d55960b5 r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.
- The icons in usermgr were incorrect, because the acct_flags were
   not filled in (due to missing attribute in ldb query)

 - The Full name was missing, and the description used as the full
   name (due to missing attributes in ldb query and incorrect IDL)

To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.

This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...

Getting this right is important, because Samba3's RPC winbind methods
uses these queries.

Andrew Bartlett
(This used to be commit 9475d94a61e36b3507e5fd2e6bb6f0667db4a607)
2007-10-10 15:01:19 -05:00
Andrew Bartlett
1cc770fc58 r23815: Thanks to Matthias Wallnoefer <mwallnoefer@yahoo.de> for pointing out
that we had the wrong objectClass for OU=Domain
Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN})

This fixes both the SAMR server and the LDIF templates.

Andrew Bartlett
(This used to be commit 625a9e6c041bedc93925bdebb3a60af1dbdde317)
2007-10-10 14:59:22 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10 14:59:12 -05:00
Andrew Bartlett
c74ad3546c r23365: Try to make Windows Vista join again. On my new test environment, it
wants to check for an existing domain join account, and fails.  This
test shows that we need to return NT_STATUS_NONE_MAPPED when nothing
matches.  (not yet tested if this helps vista).

Andrew Bartlett
(This used to be commit 7f3671bf11cab36a5c795d7db86f85081b73bc71)
2007-10-10 14:53:12 -05:00
Jelmer Vernooij
64e88a8ccf r20850: Prefix all server calls with dcesrv_
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10 14:43:39 -05:00
Andrew Bartlett
d471e52d23 r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct
way to setup a Samba4 DC is to set 'server role = domain controller'.

We use the fSMORoleOwner attribute in the base DN to determine the PDC.

This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.

Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.

We also now use the ldb database to determine if we should run the
global catalog service.

In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.

Andrew Bartlett
(This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10 14:29:15 -05:00
Simo Sorce
ea212eb00f r20034: Start using ldb_search_exp_fmt()
(This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2007-10-10 14:28:51 -05:00
Simo Sorce
9ae017588c r19903: This is a cut&paste error for sure
there is no ongoing transaction in this code
(This used to be commit 93b738b1112d9e317cb29b32eee45003de37f693)
2007-10-10 14:28:34 -05:00
Stefan Metzmacher
304653e052 r19902: give better errors...
metze
(This used to be commit b4d7d49c276a4ec0bcf7971909e74e10476e9ca3)
2007-10-10 14:28:33 -05:00
Simo Sorce
a9e31b33b5 r19832: better prototypes for the linearization functions:
- ldb_dn_get_linearized
  returns a const string

- ldb_dn_alloc_linearized
  allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10 14:28:22 -05:00
Simo Sorce
4889eb9f7a r19831: Big ldb_dn optimization and interfaces enhancement patch
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10 14:28:22 -05:00