summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/common/util.c
Commit message (Collapse)AuthorAgeFilesLines
* s4-dsdb: Refactor user objects defaults setter to use attribute/value mapKamen Mazdrashki2015-02-031-28/+49
| | | | | | | Change-Id: Iaa32af4225219a4c5c42c663022e8be429b8a1d2 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: common helper to determine "primaryGroupID" attribute valueKamen Mazdrashki2015-02-031-0/+32
| | | | | | | | | | At the moment current implementation does not check if group RID is existing group RID - this responsibility is left to the caller. Change-Id: I8c58dd23a7185d63fa2117be0617884eb78d13c1 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Common helper for setting "sAMAccountType" on User objectsKamen Mazdrashki2015-02-031-0/+36
| | | | | | | Change-Id: I4480e7d1ed0c754e960028e0be9a90ee56935e94 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Move User object default attribute values in separate helperKamen Mazdrashki2015-02-031-0/+42
| | | | | | | Change-Id: I1e291bcf0a5c9b2fca11323dc7f8be29f5145d42 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb-util: Mark attributes with ADD flag in samdb_find_or_add_attribute()Kamen Mazdrashki2015-02-031-1/+7
| | | | | | | | | | | | At the moment no flags are set and it works fine, since this function is solely used in samldb during ADD requests handling. Pre-setting a flag make it usefull for other modules and request handlers too Change-Id: I7e43dcbe2a8f34e3b0ec16ae2db80ef436df8bfe Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.cAndrew Bartlett2015-01-151-2/+2
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do not attempt to return beyond the end of the password history arrayAndrew Bartlett2014-10-131-2/+2
| | | | | | | | | | | Found by AddressSanitizer Change-Id: I82e35aea60726053c79510ba8ed3eedfaf553eb7 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Oct 13 08:28:15 CEST 2014 on sn-devel-104
* dsdb: Make log message more clearAndrew Bartlett2014-09-011-2/+6
| | | | | | | Change-Id: Ibf3c55748e755d2f6dae57293bfde11cdf7ba3ae Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* dsdb: Always store and return the userParameters as a array of LE 16-bit valuesAndrew Bartlett2014-07-091-14/+45
| | | | | | | | | | | | | | | This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly. Allocating one byte less memory than required causes malloc() heap corruption and then a crash or lockup of the SAMR server. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Allow SAMR server to return the computed, not actual badPwdCountAndrew Bartlett2014-04-021-11/+49
| | | | | | | | | | | | This matters after the lockout observation period has expired. Note: that QueryUserInfo level 3 returns the raw badPwdCount value. Andrew Bartlett Change-Id: I7b304a50984072bc6cb1daf3315b4427443632a9 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: check type with talloc_get_type_abort in samdb_set_passwordAndrew Bartlett2014-04-021-2/+5
| | | | | | Change-Id: Ie5b534c70dd87ecf58d6a830e38750ecf16eb855 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Move dsdb_update_bad_pwd_count to dsdb/common/util.cAndrew Bartlett2014-04-021-0/+113
| | | | | | | | | | This allows the password_hash code to call the same update routine. Andrew Bartlett Change-Id: I3d954469defa3f5d26ffc5ae0583ec7e1957ea11 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add samdb_result_passwords_from_history helper functionAndrew Bartlett2014-04-021-0/+37
| | | | | | Change-Id: I949c6c64551f68c4381b41b30120874ead82949e Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: give a better error message and return code on failed password changeAndrew Bartlett2014-04-021-0/+5
| | | | | | Change-Id: I064a7e192caccbb5acc17ba385f1625425c176d1 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Put password lockout support in samdb_result_passwords()Andrew Bartlett2014-04-021-2/+27
| | | | | | | | | | | | This seems to be the best choke point to check for locked out accounts, as aside from the KDC, all the password authentication and change callers use it. Andrew Bartlett Change-Id: I0f21a79697cb8b08ef639445bd05a896a2c9ee1b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Rework samdb_result_acct_flags to use either userAccountControl or ↵Andrew Bartlett2014-04-021-17/+13
| | | | | | | | | | | | | | | | msDS-User-Account-Control-Computed This allows us to avoid the domain lookup in the constructed attribute when not required. By using msDS-User-Account-Control-Computed the lockout and password expiry checks are now handled in the operational ldb module. Andrew Bartlett Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Refuse to return an all-zero invocationIDAndrew Bartlett2013-09-191-0/+8
| | | | | | | | | This could cause an all-zero GUID to be entered into the replPropertyMetaData, which will then fail to be replicated to other DCs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python/drs: Ensure to pass in the local invocationID during the domain joinAndrew Bartlett2013-09-191-0/+2
| | | | | | | | | | This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Allow dsdb_find_dn_by_guid to show deleted DNsAndrew Bartlett2013-06-121-2/+4
| | | | | | | | | This helps us in the KCC as we need to return the deleted DN for the GUID in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb/util: rework samdb_check_password() to support utf8Stefan Metzmacher2013-02-041-5/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/common: use 01.01.1970 as last_sync_success for our entry in the ↵Stefan Metzmacher2013-01-011-3/+4
| | | | | | | | | uptodatevector This matches a Windows 2008R2 and 2012 server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/common: use LDB_SEQ_HIGHEST_SEQ for our entry in the uptodatevectorStefan Metzmacher2013-01-011-2/+2
| | | | | | | | | We should use the global highestCommittedUSN, not the per partition value. This matches a Windows 2008R2 and 2012 server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if requiredStefan Metzmacher2012-12-111-7/+11
| | | | | | | | This should give the password_hash module a chance to detect if the called was the cleartext password or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dsdb: Rename _res argument to _result.Jelmer Vernooij2012-11-061-6/+6
| | | | | | | | Newer versions of heimdal include a macro that is unfortunately named '_res'. This change prevents the clash. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: Remove unused variablesAndrew Bartlett2012-09-011-3/+0
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
* s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_contextAndrew Bartlett2012-09-011-2/+0
| | | | | | | This was found based on a log provided by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky! Andrew Bartlett
* s4-dsdb: Use samdb_dn_is_our_ntdsa()Andrew Bartlett2012-08-141-14/+3
| | | | | | | This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett
* s4-dsdb: Add samdb_dn_is_our_ntdsa()Andrew Bartlett2012-08-141-0/+25
| | | | | | This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference. Andrew Bartlett
* s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett2012-08-141-35/+4
|
* s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()Andrew Bartlett2012-08-141-1/+39
| | | | | | | | We often want to know if we own an FSMO role (for example). This tries to be more efficient by comparing the GUID, rather than the string DN, as this does not need to be re-fetched each time. Andrew Bartlett
* s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()Andrew Bartlett2012-08-141-1/+1
| | | | | | | | | As the normal case (outside provision) uses a copy, this avoids a case where a caller might modify a global variable accidentily. As suggested by metze. Andrew Bartlett
* s4-libnet: Improve debugging of libnet_BecomeDC LDAP errorsAndrew Bartlett2012-08-141-0/+2
|
* s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett2012-08-141-10/+18
| | | | | | | | | | | | | | As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
* s4-dsdb: Add constAndrew Bartlett2012-08-141-4/+4
|
* s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it ↵Andrew Bartlett2012-06-271-1/+7
| | | | non-critical
* s4:dsdb/common/util.c - samdb_is_pdc() - fail if the "fSMORoleOwner" ↵Matthias Dieter Wallnöfer2012-04-291-1/+5
| | | | attribute has not been set
* Move NS_GUID_string and NS_GUID_from_string to dsdb-common.Jelmer Vernooij2012-03-201-0/+52
|
* s4-lib: Remove unused samdb_msg_set_value()Ricky Nance2012-02-251-15/+0
| | | | | | Found by callcatcher. Ricky Nance
* s4-lib: Remove unused samdb_msg_set_string()Ricky Nance2012-02-251-15/+0
| | | | | | Found by callcatcher. Ricky Nance
* s4-lib: Remove unused samdb_msg_set_int()Ricky Nance2012-02-251-15/+0
| | | | | | Found by callcatcher Ricky Nance
* dsdb: Allow DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID to be specified as a flagAndrew Bartlett2012-01-241-0/+7
|
* s4:dsdb/common/util.c - test LDB result against LDB_SUCCESS as we are always ↵Matthias Dieter Wallnöfer2011-12-091-1/+1
| | | | | | | doing Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
* dsdb: Fix the password expiry calculationAmitay Isaacs2011-11-181-1/+1
| | | | | | | | As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
* s4-dsdb: fixed re-join of subdomainAndrew Tridgell2011-10-041-3/+4
| | | | | | if we repeat the join of a subdomain then we try to re-create the NC for the subdomain during a DsAddEntry(). This allows that re-creation to succeed if the NC already exists
* s4-dsdb: simplify samdb_is_gc()Andrew Tridgell2011-10-041-28/+2
| | | | we already have a function for returning the NTDS options
* s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICAAndrew Tridgell2011-10-041-0/+66
| | | | | | | | this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: added NO_GLOBAL_CATALOG controlAndrew Tridgell2011-09-221-1/+10
| | | | | | | this control is used to ask samdb to not return searches with a basedn in partial repica partitions, which is needed to support the difference between a search on the 3268 GC ldap port and the non-GC 389 port
* s4-dsdb: failing to find the object is not an error in dsdb_loadreps()Andrew Tridgell2011-09-221-3/+8
| | | | | we may not have replicated the partition yet, so this should be considered the same as having no repsFrom/repsTo
* s4-dsdb: fixed compiler warningAndrew Tridgell2011-09-081-1/+1
| | | | | | sid can be const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: added samdb_ntds_msdcs_dns_name()Andrew Tridgell2011-08-251-2/+37
| | | | | | this gets the DNS name for a NTDS GUID, based on the forest DNS name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
generated by cgit (git 2.34.1) at 2025-06-15 00:48:53 +0000