summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/samdb/ldb_modules/operational.c
Commit message (Collapse)AuthorAgeFilesLines
* dsdb-operational: Implement msDS-UserPasswordExpiryTimeComputedAndrew Bartlett2014-04-021-1/+47
| | | | | | | | | | | | This assists in testing this aspect of msDS-User-Account-Control-Computed, and is exposed in AD for clients to query. Andrew Bartlett Change-Id: I10fd214b0585a16f8addb00c252f656419a03f4a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-operational: Implement msDS-User-Account-Control-ComputedAndrew Bartlett2014-04-021-1/+165
| | | | | | | | | | | This is needed to get consistent account lockout support across the whole server. Andrew Bartlett Change-Id: I2fa1e707d33f5567b6cb4e2b27e340fa9f40cee9 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dsdb-operational: Use a list for the extra attributes that may be requiredAndrew Bartlett2014-04-021-28/+52
| | | | | | Change-Id: Ifa2e006c9401e92e71d6588d6ea879c6f437cdd5 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/ldb_modules: avoid declaration after code warningsStefan Metzmacher2014-04-021-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* operational: remove double loopsMatthieu Patou2013-05-201-31/+47
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-operational: rework the loop for attribute removalMatthieu Patou2013-02-081-41/+92
| | | | | | | | Instead of doing ldb_in_list size(operational_remove) * (attrs_user + attr_searched) * number of entries times to get the list of attributes to remove we construct this list before the search and then use it for every entries. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not setMatthieu Patou2013-01-171-1/+1
| | | | | | | | | | Most of the time this flag is not set and so we can avoid the strcasecmp in ldb_attr_cmp() Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 17 17:10:32 CET 2013 on sn-devel-104
* s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attributeStefan Metzmacher2012-12-101-2/+12
| | | | | | | | | | | If the sd_flags control is specified, we should return nTSecurityDescriptor only if the client asked for all attributes. If there's a list of only explicit attribute names, we should ignore the sd_flags control. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4-dsdb: Give a much better error message when parentGUID generation failsAndrew Bartlett2012-07-061-3/+3
|
* s4-dsdb: operational handle modifyTimeStamp on the CN=aggregate DNMatthieu Patou2012-06-221-1/+37
| | | | | | | | | | | | | | | modifyTimeStamp is a generated attribute, for most object it's generated directly from the whenChanged attribute. But for the CN=aggregate object in the schema we have to handle it in a different way, that's because for this object whenChanged!=modifyTimeStamp (as checked against Windows 2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the most recently modified and loaded schema object (that is to the one with the highest USN before the schema was reload due to timeout or by the reloadSchemaNow command). Some third party are using this information to know if they have to update their schema cache and also to check that schema updates have been correctly reloaded by the DC, a good example of this behavior is exchange 2010.
* s3:utils change data_blob_dup_talloc() to take a DATA_BLOB by valueGregor Beck2011-10-121-1/+1
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* s4-dsdb: prevent crash on bad DN in construct_parent_guid()Andrew Tridgell2011-09-081-0/+3
| | | | this was found by a flakey test in autobuild
* s4:operational LDB module - fix attribute names to be right up/down-casedMatthias Dieter Wallnöfer2011-03-041-7/+7
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Mar 4 23:56:07 CET 2011 on sn-devel-104
* s4:operational LDB module - fix display of some constructed attributesMatthias Dieter Wallnöfer2011-03-041-2/+2
| | | | | | | "structuralObjectClass", "createTimestamp" and "modifyTimestamp" weren't displayed anymore. Reviewed by: Tridge
* s4:operational LDB module - add "groupToken" as unsigned int (uint32_t)Matthias Dieter Wallnöfer2011-03-041-1/+1
| | | | Reviewed by: Tridge
* s4:operational LDB module - readd "structuralObjectClass" -> "objectClass" ↵Matthias Dieter Wallnöfer2011-03-041-1/+1
| | | | | | | | | mapping This has been removed accidentally by commit a093e10896a4768dba0cd793a04b7d5d1366fee2. Reviewed by: Tridge
* s4-dsdb: operational module does not need auth any moreAndrew Tridgell2011-02-181-2/+0
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldb_modules/operational: Make use of dsdb_module_reference_dn() functionKamen Mazdrashki2011-02-151-17/+4
| | | | | | | it does exactly what we need here Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Feb 15 16:55:32 CET 2011 on sn-devel-104
* s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett2011-01-201-2/+2
| | | | | | | | | | | | This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
* s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell2011-01-171-20/+30
| | | | | | | this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed filtering of tokengroupsAndrew Tridgell2011-01-141-5/+3
| | | | | | builtin groups are shown in user tokenGroups searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb Implement tokenGroups expansion directly in ldb operational moduleAndrew Bartlett2011-01-141-29/+101
| | | | | | This removes a silly cross-dependency between the ldb moudle stack and auth/ Andrew Bartlett
* s4-auth rework session_info handling not to require an auth contextAndrew Bartlett2010-12-211-1/+1
| | | | | | | This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
* s4-dsdb: give full error message for operational failuresAndrew Tridgell2010-11-291-2/+2
|
* s4/operational: Fix swapped parameters for ldb_msg_copy_attrAnatoliy Atanasov2010-11-181-2/+2
| | | | | Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 18 17:02:07 UTC 2010 on sn-devel-104
* s4:dsdb/operational.c: use DSDB_SECRET_ATTRIBUTES_EX()Stefan Metzmacher2010-11-091-5/+2
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 9 22:43:44 UTC 2010 on sn-devel-104
* s4:operational LDB module - "canonicalName" doesn't make use of the ↵Matthias Dieter Wallnöfer2010-11-061-2/+2
| | | | | | "distinguishedName" attribute It uses the DN from the returned message
* s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell2010-11-011-0/+1
|
* s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell2010-11-011-1/+6
|
* idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID valuesKamen Mazdrashki2010-10-311-1/+1
| | | | | Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes.
* ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer2010-10-231-3/+3
| | | | | | LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
* s4:dsdb - fix unsigned integer save problems using the "%u" specifierMatthias Dieter Wallnöfer2010-10-161-1/+9
| | | | | | | | | | | | | | | | | | The issue here is that we have not yet first cast to int32_t explicitly, before we cast to an signed int to printf() into the %d or cast to a int64_t before we then cast to a long long to printf into a %lld. There are *no* unsigned integers in Active Directory LDAP, even the RID allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities. (See the schema, and the syntax definitions in schema_syntax.c). The failure has been detected by Matthieu Patou on the buildfarm host "tridge" due to a malformed "groupType" attribute. The solution is to use the "%d" specifier. Either to use it directly - or better (when possible) use the call "samdb_msg_add_uint" (which encapsulates it). This patch changes such problematic situations.
* libcli/security Use common security.hAndrew Bartlett2010-10-121-1/+1
| | | | | | | | | | This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
* s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer2010-10-031-2/+2
| | | | | | | | | | | We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* ldb: mark the location of a lot more ldb requestsAndrew Tridgell2010-09-251-0/+1
|
* s4-ldap: Fixed a problem with NC's having a parentGUID attributeNadezhda Ivanova2010-09-211-13/+27
| | | | | NC's other than default NC had a parentGUID, due to an incorrect check of whether the object has a parent. Fixed by checking object's instanceType instead.
* s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2010-08-231-1/+1
| | | | | | | | | struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
* s4-source4/dsdb/samdb/ldb_modules/operational.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki2010-07-081-3/+7
|
* s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell2010-07-071-20/+16
| | | | | | | this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
* s4:operational LDB module - fix a misleading commentMatthias Dieter Wallnöfer2010-06-231-1/+2
|
* s4: Using control bypassoperational allow the logic of this module to be ↵Matthieu Patou2010-06-201-10/+39
| | | | | | bypassed for some given attributes Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
* dsdb: Make module ops struct for each module public.Jelmer Vernooij2010-06-191-1/+1
|
* dsdb: Fix includes when building against system ldb.Jelmer Vernooij2010-06-151-2/+2
|
* s4:operational LDB module - fix warnings (missing parameters, unused variable)Matthias Dieter Wallnöfer2010-05-201-3/+5
|
* s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett2010-05-201-10/+10
| | | | | | | | | | | | | | This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
* s4:auth Add dependency from the operational module onto authAndrew Bartlett2010-05-201-1/+4
| | | | | | | We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett
* s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett2010-05-201-80/+66
| | | | | | | | This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
* s4:dsdb disable tokenGroups until end of rewriteAndrew Bartlett2010-05-201-1/+2
| | | | | | I need to change the functions this calls Andrew Bartlett
* Remove more usages of iconv_convenience in files which were apparently not ↵Jelmer Vernooij2010-05-181-3/+1
| | | | recompiled by waf.
* s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumberAndrew Bartlett2010-05-091-10/+76
| | | | | | | | | | | | | This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-07-04 17:04:02 +0000