summaryrefslogtreecommitdiffstats
path: root/source4/dsdb
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-2/+2
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-dsdb: Fix a use after free segfault.Andreas Schneider2013-11-121-3/+4
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Nov 12 19:22:28 CET 2013 on sn-devel-104
* s4:dsdb: Move cldap netlogon functions into samdb/ldb_modulesBenjamin Franzke2013-11-114-2/+464
| | | | | | | | As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2013-11-112-11/+74
| | | | | | | | | | | | | | | | | | | | | | This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamicBenjamin Franzke2013-11-111-20/+19
| | | | | | | | This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* samdb: Fix CID 241968 Uninitialized pointer readVolker Lendecke2013-11-111-1/+1
| | | | | | | Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* dsdb: Fix Coverity ID 1034907 Dereference before null checkVolker Lendecke2013-11-111-1/+1
| | | | | | | "module" has already been dereferenced by ldb_module_get_private(module) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an ↵Nadezhda Ivanova2013-11-032-5/+15
| | | | | | | | | | | | originating add operation As described in MS-ATDS 3.1.1.5.2.8. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
* s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2013-10-252-1/+31
| | | | | | | | | | Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova2013-10-143-3/+40
| | | | | | | | | | | | According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
* dsdb: Provide a clearer error when we fail to store the sequence number in ↵Andrew Bartlett2013-10-101-6/+19
| | | | | | | metadata.tdb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb/tests/ldap: fix test_distinguished_name against w2k8r2Stefan Metzmacher2013-10-101-2/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'Stefan Metzmacher2013-10-101-1/+1
| | | | | | | | | | | The attribute on the RootDSE object is called 'dnsHostName' instead of 'dNSHostName' (which is used in the schema and on all other directory objects). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2Stefan Metzmacher2013-10-101-4/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLsAndrew Bartlett2013-09-261-1/+1
| | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Note that this doesn't fix the userParameters problem completely, but it doesn't truncate the userParameters value anymore. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Sep 26 22:05:12 CEST 2013 on sn-devel-104
* pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.Andrew Bartlett2013-09-241-0/+5
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* pydsdb: Give KeyError when we fail a schema lookup in pythonAndrew Bartlett2013-09-241-8/+8
| | | | | | | | | This allows sensible exception handling. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* Fix DN RDN case in partition namesHoward Chu2013-09-243-31/+35
| | | | | | | | | | | Move fix_dn from extended_dn_out.c to util.c Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 24 07:43:39 CEST 2013 on sn-devel-104
* Fix entryCSN formatHoward Chu2013-09-231-1/+7
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Drop paged-search from OpenLDAP stackHoward Chu2013-09-231-1/+1
| | | | | | | | Unnecessary, waste of time Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Add LDB_MAP_RENDROP optionHoward Chu2013-09-231-1/+1
| | | | | | | | | | Like LDB_MAP_RENAME, but drop the attribute if it occurs in an Add request. Used for distinguishedName attribute, is read-only and generated but for some bizarre reason AD allows it in an Add request. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Return a couple more attrs by defaultHoward Chu2013-09-231-0/+2
| | | | | | | | Seems to want name and distinguishedName to always be returned. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaDataAndrew Bartlett2013-09-221-0/+9
| | | | | | | | | | This matches Windows 2008R2. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookupsAndrew Bartlett2013-09-221-28/+28
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in deleteAndrew Bartlett2013-09-191-5/+10
| | | | | | | | | | This code no longer needs to handle not renaming Deleted Objects during a re-delete, because it is no longer called in that case. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replicationAndrew Bartlett2013-09-191-3/+5
| | | | | | | | | | | We need to ensure we do not re-delete the Deleted Objects DN during replication. It itself not entirely a deleted object, but has isDeleted set. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Refuse to return an all-zero invocationIDAndrew Bartlett2013-09-191-0/+8
| | | | | | | | | This could cause an all-zero GUID to be entered into the replPropertyMetaData, which will then fail to be replicated to other DCs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-repl_meta_data: Check for a NULL invocationID and do not proceedAndrew Bartlett2013-09-191-0/+4
| | | | | | | | | This can happen if we do not find the invocationID, with later patches. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python/drs: Ensure to pass in the local invocationID during the domain joinAndrew Bartlett2013-09-192-0/+7
| | | | | | | | | | This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Use SASL/EXTERNAL over ldapi://Howard Chu2013-09-181-50/+78
| | | | | | | | | The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Add an OpenLDAP-specific extended_dn_in moduleHoward Chu2013-09-182-5/+37
| | | | | | | | Don't "fix" plain DNs before sending them to OpenLDAP Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett2013-09-171-0/+1
| | | | | | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
* dsdb: Use dsdb_next_callback() rather than a no-op per-module callbackAndrew Bartlett2013-09-161-38/+16
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()Andrew Bartlett2013-09-161-0/+13
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: When using an LDAP backend, force use of the password from secrets.ldbAndrew Bartlett2013-09-111-0/+99
| | | | | | | | | | | | | | | | | This makes testing from the command line much easier, as ldbsearch -H sam.ldb will now just work as well as it did with a tdb-based provision. This code was removed from it's previous location outside the ldb module stack in aabda85a2fc9f6763abd56d61ff819012f2225ad. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
* samdb: Fix CID 1034910 Dereference before null checkVolker Lendecke2013-08-191-3/+3
| | | | | | | | | strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for NULL before that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samdb: Fix CID 1034910 Dereference before null checkVolker Lendecke2013-08-191-3/+3
| | | | | | | | | strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for NULL before that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samdb: Fix CID 1034910 Dereference before null checkVolker Lendecke2013-08-191-3/+3
| | | | | | | | | strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for NULL before that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* drs-cracksname: fix problems that prevented to pass our torture testsMatthieu Patou2013-08-061-6/+21
| | | | | | | Some of the problems where also reported by Microsoft testing tools Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
* drs-crackname: Fix error code so that we have the same as windowsMatthieu Patou2013-08-061-0/+1
| | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
* drs-cracknames: When cracking NT4 names we should just look at netbios for ↵Matthieu Patou2013-08-061-2/+1
| | | | | | | | | | the match Looking at dnsRoot will yield a result for domain.tld\username when it shouldn't work. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
* drs-crackname: Fix cracknames for the format UNKNOWN when the data is ↵Matthieu Patou2013-08-061-1/+4
| | | | | | | | | | | | actually a GUID The cannonical crackname expect a "/" or it returns DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not an error to not have a "/" in the name to crack it's just a sign the name is not a cannonical one. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
* dsdb: Include MS-ADTS doc references on deleted object contstraintsAndrew Bartlett2013-07-301-0/+16
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Improve DRS deleted link source/target handing in repl_meta_dataAndrew Bartlett2013-07-301-8/+97
| | | | | | | | | | | | | | We now correctly ignore the link updates if the source or target is deleted locally. This fixes the long-standing failure in the vampire_dc dbcheck test. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Ensure we always force deleted objects back under the deleted objects DNAndrew Bartlett2013-07-301-26/+65
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2025-08-30 16:16:14 +0000