summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
AgeCommit message (Collapse)AuthorFilesLines
2010-06-28Implementation of self membership validated right.Nadezhda Ivanova1-0/+31
When this right is granted, the user can add or remove themselves from a group even if they dont have write property right.
2010-06-21s4:dsdb_load_partition_usn - free the right memory context (tmp_ctx)Matthias Dieter Wallnöfer1-2/+1
2010-06-20s4:dsdb - add a new dsdb delete function which understands the tree delete ↵Matthias Dieter Wallnöfer2-2/+9
control
2010-06-16s4:dsdb Add control for signaling between repl_meta_data and linked_attributesAndrew Bartlett1-0/+1
This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett
2010-06-15s4:dsdb Add const to dsdb_dn functions that operate on an ldb_val.Andrew Bartlett1-2/+2
Andrew Bartlett
2010-06-06s4:dsdb/common/util.c - provide a better implementation of the ↵Matthias Dieter Wallnöfer1-28/+90
"samdb_msg_add_(add/del)val" calls This supports now also coexisting add and delete message elements with the same attribute name.
2010-05-31s4:dsdb_load_udv_v1 - "uint32_t" counter type fits better than "unsigned int"Matthias Dieter Wallnöfer1-1/+1
2010-05-30s4:dsdb/common/util.c - fix a counter variableMatthias Dieter Wallnöfer1-1/+1
2010-05-24s4:dsdb_enum_group_mem - use "unsigned" countersMatthias Dieter Wallnöfer1-2/+3
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned".
2010-05-24s4:dsdb_lookup_rids - "unsigned" counters fit better than "signed" in this caseMatthias Dieter Wallnöfer1-2/+2
2010-05-24s4:dsdb_add_user - check the "cn"/"account_name" length (should be >= 1)Matthias Dieter Wallnöfer1-7/+12
This needed by the "cn_name_len"-1 accesses. And use a "size_t"-typed variable for storing it (length specificators should always be stored using "size_t" variables).
2010-05-24s4:samr Push most of samr_LookupRids into a helper functionAndrew Bartlett1-0/+66
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Push most of samr_QueryGroupMember into a helper functionAndrew Bartlett1-0/+67
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Move most of samr_CreateDomAlias into a helper functionAndrew Bartlett1-0/+73
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split most of samr_CreateDomainGroup into a helper functionAndrew Bartlett1-0/+79
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split the guts of samr_CreateUser2 into a helper functionAndrew Bartlett1-0/+249
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:dsdb Allow a NULL search expression in dsdb_search()Andrew Bartlett1-2/+5
The NULL search expression expands to (objectClass=*), but %s expands NULL to (NULL) which doesn't parse... Andrew Bartlett
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij2-8/+6
2010-05-17s4-rodc: Cache am_rodc flagAnatoliy Atanasov1-0/+29
2010-05-13s4:dsdb: fix samdb_result_logon_hours() and don't hardcode units_per_weekStefan Metzmacher1-4/+11
metze
2010-05-11s4:dsdb: cached results of samdb_rodc()Stefan Metzmacher1-1/+29
metze
2010-05-10s4:samdb_set_password - adapt it for the user password change handlingMatthias Dieter Wallnöfer1-0/+12
Make use of the new "change old password checked" control.
2010-05-10s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer1-256/+134
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
2010-05-10s4:dsdb/util.c - Add a new function for retrieving password change attributesMatthias Dieter Wallnöfer1-0/+41
This is needed since we have not only reset operations on password fields (attributes marked with REPLACE flag) but also change operations which can be performed by users itself. They have one attribute with the old value marked with the REMOVE flag and one with the new one marked with the ADD flag. This function helps to retrieve them (argument "new" is used for the new password on both reset and change).
2010-05-09s4:dsdb Provide an intelegent fallback if not CN=Subnets is foundAndrew Bartlett1-3/+7
We may as well fall back rather than return NULL (which callers don't do useful things with). Andrew Bartlett
2010-05-04s4/rodc: Support read-only databaseAnatoliy Atanasov1-0/+1
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
2010-05-03s4/rodc: Implement msDS-isRODC constructed attrAnatoliy Atanasov1-6/+15
2010-04-29s4/rodc: RODC FAS initial implementationAnatoliy Atanasov1-0/+28
2010-04-28s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUIDKamen Mazdrashki1-18/+18
This function is used in DRSUpdateRefs() implementation where we get DSA's objectGUID rather than invocationId
2010-04-27s4:dsdb/common: if we don't have the ip of the client return the server site ↵Stefan Metzmacher1-0/+8
as client site metze
2010-04-27s4:util - add a function which finds the matching client site using the ↵Matthias Dieter Wallnöfer1-0/+90
client address The lookup of the client site is done using the subnets in the configuration partition. If no one matches we use the Windows Server fallback mechansim. This means: if only one site is available just use it. If they're more set the output variable to "". Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: removed dsdb_validate_client_flags()Andrew Tridgell1-30/+0
This test is in the wrong place. We end up validating our own flags. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: added dsdb_validate_invocation_id()Andrew Tridgell1-0/+87
this validates that a invocationID matches an account sid This will be used to ensure that we don't allow DRS replication from someone a non-DC or administrator Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: added dsdb_get_extended_dn_sid()Andrew Tridgell1-0/+29
This will be used by the RODC code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+1
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: dsdb_validate_client_flags() functionFernando J V da Silva1-0/+28
This function is intended to check if some client is not lying about his flags. At this moment, it only checks for RODC flags. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva1-32/+41
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-20s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()Andrew Bartlett1-1/+38
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett
2010-04-16s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid()Nadezhda Ivanova1-31/+2
2010-04-13s4:samdb_server_site_name - fix indentationMatthias Dieter Wallnöfer1-4/+6
2010-04-13s4:dsdb/common/util.c - add a call which determines centrally the forest DNS ↵Matthias Dieter Wallnöfer1-0/+19
domainname
2010-04-13s4:remove "samdb_root_dn", "samdb_base_dn", "samdb_config_dn" and ↵Matthias Dieter Wallnöfer1-20/+0
"samdb_schema_dn" They aren't needed anymore.
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer1-6/+8
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-11s4:samdb_server_site_dn - free unused DNs in the right wayMatthias Dieter Wallnöfer1-2/+2
2010-03-22s4:dsdb Move dsdb_save_partition_usn() to be a module helper functionAndrew Bartlett1-88/+0
This function should not traverse the module stack again, but instead run from this point. Also add a matching dsdb_module_load_partition_usn() and change repl_meta_data to match. Andrew Bartlett
2010-03-12Split the dsdb_access_check_on_dn.Nadezhda Ivanova1-36/+49
Split the dsdb_access_check_on_dn so it can be reused for checks from both within the module stack and outside it.
2010-03-12Moved access_check_on_dn from acl module as an utility.Nadezhda Ivanova1-0/+181
Made this an utility function so it can be used for access checking outside of the acl ldb module, such as checking validated writes and control access rights in other protocols (e. g drs)
2010-03-09A helper function to get the Infrastructure DN.Nadezhda Ivanova1-0/+12
2010-03-05s4:dsdb/util - Change also here counters to "unsigned"Matthias Dieter Wallnöfer1-13/+16
No need to have "signed" counters at those places.
2010-03-01s4/rodc: Implement samdb_rodc with ldb contextAnatoliy Atanasov1-7/+61