samba.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	s4:lib/tevent: add lib/events/ compat and let things compile	Stefan Metzmacher	2008-12-17	8	-3/+18
\| \| \| \|	metze
*	s4:lib/events: move to toplevel directory as lib/tevent/	Stefan Metzmacher	2008-12-17	30	-7911/+0
\| \| \| \| \| \|	This commit will not compile on its own. metze
*	s4: fix LIBEVENTS dependencies and use more forward declarations	Stefan Metzmacher	2008-12-17	22	-16/+23
\| \| \| \| \| \| \|	We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
*	s4:ldb: add some python tests for extended dns	Andrew Bartlett	2008-12-17	1	-27/+60
\| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:dsdb: remove normalise module	Andrew Bartlett	2008-12-17	2	-206/+0
\| \| \| \| \| \|	The extended_dn_out module provides the functionality now. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference ↵	Andrew Bartlett	2008-12-17	2	-4/+7
\| \| \| \| \| \| \| \| \| \| \| \|	depending on the backend This just changes the existing stratagy of loading different modules for the OpenLDAP backend to also include extended_dn_out_* When we provision the OpenLDAP backend, we make sure to include the 'deref' overlay (which must be made available by the OpenLDAP build) Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and ↵	Andrew Bartlett	2008-12-17	7	-673/+1517
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	extended_dn_store. By splitting the module, the extended_dn_in and extended_dn_store moudles can use extended_dn_out to actually get the extended DN. This avoids code duplication. The extended_dn_out module also contains a client implementation of the OpenLDAP dereference control (draft-masarati-ldap-deref-00). This also introduces a new control 'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module to return whatever the 'storage format' is. This allows us to work with both OpenLDAP (which performs a dereference at run time) and LDB (which stores the GUID and SID on disk). Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:dsdb: Make the linked_attributes module set an extended dn	Andrew Bartlett	2008-12-17	1	-192/+325
\| \| \| \| \| \| \| \| \| \|	This means that linked attributes will always have the same case form as the actaul entry, as we search for that entry. We then also use the GUID and SID found on that entry to fill in the extended DN on disk. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:rootdse: fix the logic to indentify a rootdse search	Andrew Bartlett	2008-12-17	1	-2/+1
\| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldb: make it possible to return per entry controls	Andrew Bartlett	2008-12-17	25	-27/+62
\| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-Domain	Andrew Bartlett	2008-12-17	1	-1/+1
\| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}	Andrew Bartlett	2008-12-17	1	-3/+0
\| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:torture: add ldb tests	Andrew Bartlett	2008-12-17	3	-1/+751
\| \| \| \| \| \| \| \|	These tests are for both the new extended DN functionality (and were vital in finding bugs during implementation) and for the normal DN parsing and comparison routines. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldap_server: return the extended dn to the LDAP client if available	Andrew Bartlett	2008-12-17	1	-1/+16
\| \| \| \| \| \| \|	This uses an early peek at the extended_dn_control (in the request) to see what output format to use. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldb-samba: register samba specific extended dn handlers	Andrew Bartlett	2008-12-17	1	-51/+138
\| \| \| \| \| \| \| \| \|	This provides the two extended DN handlers for the GUID and SID types, and makes the parsing more strict (where possible, it uses ndr_pull_struct_blob_all(), to cause an error if trailing data is found). Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:samldb: make use of dom_sid_split_rid()	Andrew Bartlett	2008-12-17	1	-4/+3
\| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:samldb: improve error strings	Andrew Bartlett	2008-12-17	1	-6/+8
\| \| \| \| \| \| \| \|	When things go wrong with LDB, this routine seems to be particularly sensitive to it. This extra debugging should help the next poor soul who breaks LDB. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldb.i: hang the dn on the NULL context as the python destructor will free it	Andrew Bartlett	2008-12-17	1	-0/+2
\| \| \| \| \| \|	This fixes a bug in the ldb.i python wrapper, that showed up under valgrind. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldb: use try to print the extended dn in the ldif output	Andrew Bartlett	2008-12-17	1	-2/+4
\| \| \| \| \| \| \| \|	This allows searches with the extended DN control to still print the extended DN in ldif output (it would otherwise be parsed and hidden in the structure). Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL	Andrew Bartlett	2008-12-17	2	-0/+137
\| \| \| \| \| \| \| \| \| \| \|	Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00) At this time, the ldb_controls infrustructure does not handle request and reply controls having different formats, so this is purely the client implementation (ie, there is no decode of the client->server packet, and no encode of the server->client packet). Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:libcli/ldap: split out a ldap_decode_attribs_bare() function	Andrew Bartlett	2008-12-17	1	-8/+18
\| \| \| \| \| \| \| \| \| \| \|	The OpenLDAP dereference control (draft-masarati-ldap-deref-00) uses an attribute list, as found in the search reply, but without one enclosing ASN1_SEQUENCE(0) This allows the dereference control parsing code to use this as a helper function. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldb_ildap: try to pass extended DNs to the server	Andrew Bartlett	2008-12-17	1	-5/+5
\| \| \| \| \| \| \| \| \| \| \| \|	Whenever we pass a DN to the LDAP server, we now use ldb_dn_get_extended_linearized(). This allows us to send the extended DN if set, and therefore allows searches of the form '<GUID=aaa45ea0-94cd-45e9-8753-abe455d9a8f1>'. We actually use the '0' format (GUID=aaa45ea094cd45e98753abe455d9a8f1) because it is more widely supported (by Win2k in particular). Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	s4:ldb: add infrastructure for extended dn handlers	Andrew Bartlett	2008-12-17	4	-60/+524
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This introduces a new set of pluggable syntax, for use on the extended DN, and uses them when parsing the DN. If the DN appears to be in the extended form, we no longer return the full DN 'as is', but only return the normal part from ldb_dn_get_linearized(). When validating/parsing the DN we validate not only the format of the DN, but also the contents of the GUID or SID (to ensure they are plausable). We also have functions to set and get the extended components on the DN. For now, extended_dn_get_linearized() returns a newly constructed and allocated string each time. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	Add hint to use passwordAttributes in @KLUDGE_ACL in future	Andrew Bartlett	2008-12-17	1	-1/+2
\| \| \| \| \| \| \|	This module is not used at the moment, but if we do use it again, we should try to avoid duplicate lists. Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	Make greater use of 'GUID_from_data_blob'	Andrew Bartlett	2008-12-17	1	-40/+11
\| \| \| \| \| \| \| \| \|	This avoids accidentily running off the end of a string, and uses a single 'guess which type of GUID I have' algorithm. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	Fix sequence number generation against OpenLDAP	Andrew Bartlett	2008-12-17	1	-0/+8
\| \| \| \| \| \| \| \| \|	It seems that in 2deeb99fff1a90c79ba1927e1a069362e250a63c adding the partition control to this request was missed out. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
*	Fix header installation after move of gen_ndr headers.	Jelmer Vernooij	2008-12-16	2	-29/+29
\|
*	Merge branch 'master' of ssh://git.samba.org/data/git/samba	Andrew Tridgell	2008-12-17	43	-5211/+242
\|\
\| *	Remove use of C++ keywords.	Jelmer Vernooij	2008-12-16	2	-6/+6
\| \|
\| *	Share object files for gen_ndr.	Jelmer Vernooij	2008-12-16	4	-141/+131
\| \|
\| *	Simplify idl-deps.pl script a bit.	Jelmer Vernooij	2008-12-16	1	-15/+21
\| \|
\| *	Add new script for building IDL files in librpc/idl, generating both	Jelmer Vernooij	2008-12-16	1	-1/+1
\| \| \| \| \| \| \| \|	Samba 3 and Samba 4 output.
\| *	s4/provision: Upper case default realm, use only first part of realm as ↵	Jelmer Vernooij	2008-12-16	1	-2/+2
\| \| \| \| \| \| \| \|	default domain name.
\| *	nsswitch: Fix paths for Samba4 blackbox wbinfo test	Kai Blin	2008-12-16	1	-2/+2
\| \|
\| *	Merge branch 'master' of ssh://git.samba.org/data/git/samba	Jelmer Vernooij	2008-12-16	31	-5061/+82
\| \|\
\| \| *	nsswitch: Move nsswitch files from source4 to top level nsswitch dir	Kai Blin	2008-12-16	22	-5039/+7
\| \| \|
\| \| *	nsswitch: Move source3 files to top level dir.	Kai Blin	2008-12-16	1	-6/+0
\| \| \| \| \| \| \| \| \| \| \| \|	Don't move source4 files yet to not confuse git's rename tracking too much.
\| \| *	Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel	Andrew Bartlett	2008-12-16	8	-15/+61
\| \| \|\
\| \| * \|	A more-commented version of rpc_server crash fix, matching closer the	Andrew Bartlett	2008-12-16	1	-1/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	previous behaviour for the 'bad bind' case. (It is only close, not matching - Windows 2008 sends a different, non-zero, assoc_group_id each time) Andrew Bartlett
\| * \| \|	Rename dom_sid.idl -> server_id.idl (since it no longer actually contains ↵	Jelmer Vernooij	2008-12-16	12	-9/+69
\| \|/ / \| \| \| \| \| \| \| \| \|	the dom_sid). No longer include it from security.idl.
* \| /	an experimental patch for fixing ldb bloat	Andrew Tridgell	2008-12-17	3	-9/+352
\| \|/ \|/\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	ldb indexing can cause huge files, and huge memory usage. This experiment allows us to keep indexes in memory during a transaction, then to write the indexes to disk when the transaction completes. The result is that the db is much smaller (we have seen improvements of about 100x in file size) and memory usage during large transactions is also greatly reduced Note that this patch uses the unusual strategy of putting pointers into a ldb (and thus into a tdb). This works because the pointers are only there during a transaction, so the pointers are not exposed to any other users of the database. The pointers allow us to avoid some really bad allocation problems with tdb record allocation during the re-indexing.
* \|	repack the ldb after re-indexing	Andrew Tridgell	2008-12-16	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	re-indexing in ldb is triggered on any modification to the @ATTRIBUTES or @INDEXLIST records. This happens to produce a worst-case fragmentation of the database, as all @INDEX records are deleted then re-created. By repacking after re-indexing we ensure that the database ends up without extreme fragmentation.
* \|	use transactions in ldbadd, ldbmodify and ldbedit	Andrew Tridgell	2008-12-16	3	-0/+30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The command line tools ldbadd, ldbmodify and ldbedit should operate within a transaction to make them more efficient. The ldbadd tool in particular is much faster when adding a large number of records if all the adds happen within a transaction. Previously there was a transaction per record.
* \|	Merge branch 'master' of ssh://git.samba.org/data/git/samba	Andrew Tridgell	2008-12-16	57	-681/+21156
\|\\|
\| *	Add python extensions for dom_sid.	Jelmer Vernooij	2008-12-16	1	-0/+58
\| \|
\| *	Rename ldap.h to ldap-util.h to avoid clashing with the system ldap.h	Jelmer Vernooij	2008-12-14	1	-1/+1
\| \|
\| *	Merge branch 'master' of ssh://git.samba.org/data/git/samba	Jelmer Vernooij	2008-12-14	1	-0/+47
\| \|\
\| \| *	Added torture test for doing an openX over a directory	Jeremy Allison	2008-12-13	1	-0/+47
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	to ensure we get the correct error message. Jeremy.
\| * \|	Move dom_sid to the Samba 3 IDL file, remove the old definition.	Jelmer Vernooij	2008-12-12	3	-284/+3
\| \| \|
\| * \|	Manually marshall dom_sid, so we can use a fixed size array for	Jelmer Vernooij	2008-12-12	6	-50/+36
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	dom_sid.sub_auths rather than a dynamically allocated one. This makes it possible to use the same DCE/RPC object code for Samba 3 and Samba 4's DCE/RPC parsers and allows copying sids more easily (since they no longer contain any pointers). The cost of having additional manual marshalling code is limited (~35 additional lines of C code).