summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
AgeCommit message (Collapse)AuthorFilesLines
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett1-7/+6
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-15s4:dsdb_find_nc_root - fix it up to let the provisioning work correctlyMatthias Dieter Wallnöfer1-2/+2
Use the temporary list unless we have at least the three main "namingContexts" from the rootDSE available (Default, Configuration, Schema - these are mandatory on all AD deployments!). This bug has been discovered by Nadya in relation with her SD work. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: minimise the DN in group expansionAndrew Tridgell1-0/+5
this DN we have came from an extended DN search, which means it may have multiple extended components. We need to minimise the DN before AD will accept it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb Implement tokenGroups expansion directly in ldb operational moduleAndrew Bartlett1-0/+167
This removes a silly cross-dependency between the ldb moudle stack and auth/ Andrew Bartlett
2010-12-22s4-dsdb: Added a helper function to get the default dns domain as string.Nadezhda Ivanova1-0/+19
2010-12-21s4:dsdb/common/util.c - remove unused variable "ndr_err"Matthias Dieter Wallnöfer1-1/+0
2010-12-16s4-dsdb Use sid_blob_parse()Andrew Bartlett1-3/+3
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-4/+4
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-5/+6
2010-12-04s4:dsdb/common/util_samr.c and auth/sam.c - fix error messageMatthias Dieter Wallnöfer1-2/+2
2010-12-04s4:dsdb/common/util_samr.c - "dsdb_enum_group_mem" - fix it up regarding non ↵Matthias Dieter Wallnöfer1-7/+16
SAM members For example contacts.
2010-12-01s4:dsdb/common/util.c - "samdb_msg_add_add/delval" - introduce also here the ↵Matthias Dieter Wallnöfer1-2/+2
better memory context "msg->elements" fits better than "msg".
2010-11-16s4:"dsdb_find_nc_root" - let it work also when the "namingContexts" ↵Matthias Dieter Wallnöfer1-8/+34
attribute isn't available yet This is needed on provisioning when the modules aren't set up yet.
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer1-0/+5
This should prevent crashes as pointed out on the mailing list.
2010-11-11s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵Matthias Dieter Wallnöfer1-62/+0
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't).
2010-11-09s4:dsdb/common: add DSDB_SECRET_ATTRIBUTES_EX()Stefan Metzmacher1-11/+14
metze
2010-11-09s4:dsdb/common: create a DSDB_SECRET_ATTRIBUTES define with all secret ↵Stefan Metzmacher2-12/+15
attributes We should have them just in one place, so that we don't forget some of them. metze
2010-11-08s4:samdb_msg_find_old_and_new_ldb_val - reworkMatthias Dieter Wallnöfer1-6/+27
- don't crash when no values where specified - return ERR_CONSTRAINT_VIOLATION on malformed messages - only check for flags when we are involved in a LDB modify operation
2010-11-04s4:dsdb/common: fix memory leak in samdb_ntds_settings_dn()Stefan Metzmacher1-1/+1
fetch and set should use the same name! metze
2010-10-29s4:samr RPC server - remove wrong implementation of ReplicaSourceNodeNameMatthias Dieter Wallnöfer1-22/+0
This should represent a replication partner - never the DC iself
2010-10-25s4:"samdb_search_count" - introduce a "mem_ctx" parameterMatthias Dieter Wallnöfer1-5/+4
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't? Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
2010-10-25ldb:gendb_* calls: support a "NULL" resultset parameterMatthias Dieter Wallnöfer1-2/+1
This is useful for "samdb_search_count" where only the amount of entries matters.
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer2-0/+8
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-19s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usnAndrew Bartlett1-1/+1
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP. We don't have these sequence numbers in this case. Andrew Bartlett
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer1-86/+1
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer1-1/+86
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-16s4:dsdb/common/util.c - describe the behaviour of the functions ↵Matthias Dieter Wallnöfer1-5/+32
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more Unsigned int data in AD is a bit problematic to handle. Problem described by abartlet.
2010-10-15s4:samdb_msg_add_int* - use "ldb_msg_add_string" rather than ↵Matthias Dieter Wallnöfer1-2/+2
"samdb_msg_add_string" "ldb_msg_add_string" is safe here since the integer has already been converted to a string which is "talloc"ed on "mem_ctx". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
2010-10-15s4:samdb_create_foreign_security_principal - proof error code of ↵Matthias Dieter Wallnöfer1-3/+6
"samdb_msg_add_string"
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditionsMatthias Dieter Wallnöfer1-0/+6
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't ↵Matthias Dieter Wallnöfer1-4/+3
need to be duplicated This is done internally by the LDB library - look at "ldb_msg_add_empty".
2010-10-15s4:dsdb - remove "samdb_msg_add_value"Matthias Dieter Wallnöfer1-10/+2
This can be substituted by "ldb_msg_add_value". Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer2-45/+10
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12libcli/security Use common security.hAndrew Bartlett1-1/+1
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-11dsdb/schema: Move some dsdb_dn functions that are schema-specific.Jelmer Vernooij1-78/+0
2010-10-10dsdb: Move attr_in_list to SAMDB_COMMON to avoid circular dependency between ↵Jelmer Vernooij2-1/+14
SAMDB_COMMON and DSDB_MODULE_HELPERS.
2010-10-07s4:dsdb/common/util_samr.c - use an LDB constant for result checkingMatthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Oct 7 07:40:31 UTC 2010 on sn-devel-104
2010-10-07s4:dsdb/common/util.c - provide message set functions for integer typesMatthias Dieter Wallnöfer1-0/+31
They will be used by the samldb LDB module
2010-10-04s4:dsdb/common/util.c - change the usage of the RECYCLED controlMatthias Dieter Wallnöfer1-1/+4
Use it only in conjunction with the DELETE one to allow the functions to work also against Windows < 2008R2. This is really important for the vampire operation. Also mark the RECYCLED control as non-critical (so that it's simply ignored by older Windows'es). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 4 16:10:11 UTC 2010 on sn-devel-104
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-3/+6
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flagMatthias Dieter Wallnöfer2-0/+8
This is needed since starting with 2008_R2 function level we get another type of hidden objects which aren't seen by the "show_deleted" control: recycled objects. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:dsdb_dn_val_rmd_flags - memmem - scan the whole string for occourencesMatthias Dieter Wallnöfer1-1/+1
Do this as in "dsdb_dn_is_upgraded_link_val". There is really no reason to truncate before search. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 3 10:45:39 UTC 2010 on sn-devel-104
2010-10-01s4-dsdb: added dsdb_search_by_dn_guid()Andrew Tridgell1-0/+26
this is more efficient than first searching for the DN, then doing a search. We should look at using this in lots of existing code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-dsdb: silence the domainFunctionality not setup warningAndrew Tridgell1-1/+2
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-0/+42
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-dsdb: adapted check_access_on_dn for use in drs.Nadezhda Ivanova1-9/+10
2010-09-29s4-dsdb Add ldb_reset_err_string() when we set error codes.Andrew Bartlett1-0/+3
If we don't we could show an old, incrorrect error
2010-09-29s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLYAndrew Bartlett1-7/+8
This simplifies the function. While doing so, also change the error string setting to set a really clear error string for the failure to find and failure to parse cases. Andrew Bartlett
2010-09-27s4-dsdb: added samdb_find_site_for_computer() and ↵Andrew Tridgell1-0/+57
samdb_find_ntdsguid_for_computer() these will be used by the new RODC dns update code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4-dsdb: A helper to determine if an attribute is part of the search filterNadezhda Ivanova1-0/+46