summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
AgeCommit message (Collapse)AuthorFilesLines
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer2-0/+8
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-19s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usnAndrew Bartlett1-1/+1
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP. We don't have these sequence numbers in this case. Andrew Bartlett
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer1-86/+1
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer1-1/+86
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-16s4:dsdb/common/util.c - describe the behaviour of the functions ↵Matthias Dieter Wallnöfer1-5/+32
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more Unsigned int data in AD is a bit problematic to handle. Problem described by abartlet.
2010-10-15s4:samdb_msg_add_int* - use "ldb_msg_add_string" rather than ↵Matthias Dieter Wallnöfer1-2/+2
"samdb_msg_add_string" "ldb_msg_add_string" is safe here since the integer has already been converted to a string which is "talloc"ed on "mem_ctx". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
2010-10-15s4:samdb_create_foreign_security_principal - proof error code of ↵Matthias Dieter Wallnöfer1-3/+6
"samdb_msg_add_string"
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditionsMatthias Dieter Wallnöfer1-0/+6
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't ↵Matthias Dieter Wallnöfer1-4/+3
need to be duplicated This is done internally by the LDB library - look at "ldb_msg_add_empty".
2010-10-15s4:dsdb - remove "samdb_msg_add_value"Matthias Dieter Wallnöfer1-10/+2
This can be substituted by "ldb_msg_add_value". Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer2-45/+10
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12libcli/security Use common security.hAndrew Bartlett1-1/+1
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-11dsdb/schema: Move some dsdb_dn functions that are schema-specific.Jelmer Vernooij1-78/+0
2010-10-10dsdb: Move attr_in_list to SAMDB_COMMON to avoid circular dependency between ↵Jelmer Vernooij2-1/+14
SAMDB_COMMON and DSDB_MODULE_HELPERS.
2010-10-07s4:dsdb/common/util_samr.c - use an LDB constant for result checkingMatthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Oct 7 07:40:31 UTC 2010 on sn-devel-104
2010-10-07s4:dsdb/common/util.c - provide message set functions for integer typesMatthias Dieter Wallnöfer1-0/+31
They will be used by the samldb LDB module
2010-10-04s4:dsdb/common/util.c - change the usage of the RECYCLED controlMatthias Dieter Wallnöfer1-1/+4
Use it only in conjunction with the DELETE one to allow the functions to work also against Windows < 2008R2. This is really important for the vampire operation. Also mark the RECYCLED control as non-critical (so that it's simply ignored by older Windows'es). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 4 16:10:11 UTC 2010 on sn-devel-104
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-3/+6
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flagMatthias Dieter Wallnöfer2-0/+8
This is needed since starting with 2008_R2 function level we get another type of hidden objects which aren't seen by the "show_deleted" control: recycled objects. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:dsdb_dn_val_rmd_flags - memmem - scan the whole string for occourencesMatthias Dieter Wallnöfer1-1/+1
Do this as in "dsdb_dn_is_upgraded_link_val". There is really no reason to truncate before search. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 3 10:45:39 UTC 2010 on sn-devel-104
2010-10-01s4-dsdb: added dsdb_search_by_dn_guid()Andrew Tridgell1-0/+26
this is more efficient than first searching for the DN, then doing a search. We should look at using this in lots of existing code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-dsdb: silence the domainFunctionality not setup warningAndrew Tridgell1-1/+2
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-0/+42
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-dsdb: adapted check_access_on_dn for use in drs.Nadezhda Ivanova1-9/+10
2010-09-29s4-dsdb Add ldb_reset_err_string() when we set error codes.Andrew Bartlett1-0/+3
If we don't we could show an old, incrorrect error
2010-09-29s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLYAndrew Bartlett1-7/+8
This simplifies the function. While doing so, also change the error string setting to set a really clear error string for the failure to find and failure to parse cases. Andrew Bartlett
2010-09-27s4-dsdb: added samdb_find_site_for_computer() and ↵Andrew Tridgell1-0/+57
samdb_find_ntdsguid_for_computer() these will be used by the new RODC dns update code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4-dsdb: A helper to determine if an attribute is part of the search filterNadezhda Ivanova1-0/+46
2010-09-24s4:dsdb/common/util_samr.c - remove the primary group specificationsMatthias Dieter Wallnöfer1-4/+0
Now also the primary group detection/change on modify operations does work Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov1-0/+21
2010-09-20s4/fsmo: Create separate function for retrieving fsmo role dn and owner dn.Anatoliy Atanasov1-0/+72
This functionality is needed for DsCrackNames ListRoles command also.
2010-09-13s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵Matthias Dieter Wallnöfer1-1/+1
LDAP filters This makes also lookups through special backends as "samba3sam" work.
2010-09-13s4:cosmetic - the SID attribute is called objectSid - not objectSIDMatthias Dieter Wallnöfer1-4/+4
2010-09-12Revert "s4:util_samr.c - also here we've now the default primaryGroupID ↵Matthias Dieter Wallnöfer1-1/+4
detection working" This reverts commit 7e9e35db4126f953e8a2579d992c63b274011119. Sorry, the logic is working differently here. We do still need this.
2010-09-12s4:util_samr.c - also here we've now the default primaryGroupID detection ↵Matthias Dieter Wallnöfer1-4/+1
working
2010-09-11s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP ↵Matthias Dieter Wallnöfer1-3/+3
results
2010-09-05dsdb: make the ATTRIBUTE NOT FOUND more clearMatthieu Patou1-0/+2
2010-08-20s4-dsdb: fixed dsdb_get_extended_dn_sid()Andrew Tridgell1-1/+1
it should honor the component_name Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: implement RODC attribute filtering overrideAndrew Tridgell1-15/+29
When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-19s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functionsKamen Mazdrashki1-1/+5
2010-08-19s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functionsKamen Mazdrashki1-1/+5
2010-08-17s4:samdb_set_password/samdb_set_password_sid - make more arguments "const"Matthias Dieter Wallnöfer1-5/+5
2010-08-17s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support ↵Matthias Dieter Wallnöfer1-13/+27
the password change control And introduce parameters to pass the old password hashes.
2010-08-17s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer1-1/+1
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-3/+3
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-16s4:samdb_set_password_sid - fix commentMatthias Dieter Wallnöfer1-1/+2
Add more possible result NTSTATUS codes
2010-08-15s4:samdb_set_password - fix formattingMatthias Dieter Wallnöfer1-1/+2
(Sorry, I've overseen this)
2010-08-15s4:samdb_set_password - implement the extended LDAP error code detectionMatthias Dieter Wallnöfer1-9/+17
2010-08-14s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵Matthias Dieter Wallnöfer1-0/+2
account doesn't exist This is for the (SAMR) account detection protection mechanism.
2010-08-10s4:dsdb/common/util.c - provide a call which returns the forest function levelMatthias Dieter Wallnöfer1-2/+15
Sooner or later we'll need this too since not all operations depend only on the current's domain function level (see the MS-ADTS docs).