Age | Commit message (Collapse) | Author | Files | Lines |
|
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
In lsa_BinaryString length and size are byte counts!
TODO: we may need to do byte order conversion in this functions too...
metze
|
|
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".
metze
|
|
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".
metze
|
|
|
|
|
|
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This returns the DN of our RID Set object
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This returns a 'reference' DN, which is a link to a DN, from the
specified object. It is then used by samdb_server_reference_dn() which
returns the serverReference DN, and samdb_rid_manager_dn() which
returns the rIDManagerReference DN.
|
|
This allows for more flags in the future
|
|
need to be careful with those temporary contexts
|
|
wellknown GUID
This also fixes a memory leak
|
|
|
|
|
|
|
|
This is used to detect if a link has been stored in the w2k3 extended
format
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This function is intended to be used when data needs
to be modified skipping access checks.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This function is to be used later for manually crafted
ldb_requests from within dsdb layer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
They won't work when the LDB change is done using "samdb_replace"
(consider "samr_password.c" functions).
I think this has been a relict which has been useful before the "password_hash"
module existed. Basically it itself does now the updates.
|
|
There is no reason to have the message non-const here.
|
|
This is based on the code from Eduardo Lima <eduardoll@gmail.com>, but
uses the new helper functions added in the last couple of commits
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is based on the function of the same name from Eduardo Lima
<eduardoll@gmail.com>, but using ldb_dn_compare, to give us
comparisons consistent with what the rest of the code uses.
We will use this function in combination with dsdb_wellknown_dn() to
find the Deleted Objects container for any object.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This finds a wellknown object given its GUID
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used to determine if a extedned DN has the 'DELETED=1'
component
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
- We should clean up such "helper" objects created in this function to don't
have them around until "mem_ctx" is destroyed
- Remove a from my view pointless comment "This is a password set, not change"
since an external argument "user_change" decides this ("modify" or "(re)set")
|
|
|
|
|
|
|
|
|
|
This avoids doing a new search from the top of the module stack.
This also removes the helper function dsdb_find_parentguid_by_dn()
which is now unused.
Andrew Bartlett
|
|
In general functions that don't return any memory should not take a memory context.
Otherwise it is too easy to have a bug like this where memory is leaked
|
|
|
|
OR-Name syntax through DRS calls looks like DN-Binary syntax
|
|
dsdb_find_parentguid_by_dn() returns the parentGUID for a given DN
dsdb_msg_add_guid() adds a GUID value to a given message (either
objectGUID or parentGUID).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is needed for the SAMLDB module enhancement regarding schema objects.
The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
|
|
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
when is really is allowed, treat it as a warning only.
|
|
I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.
Andrew Bartlett
|
|
These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).
Andrew Bartlett
|
|
(Found in a code review by metze)
Andrew Bartlett
|
|
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
|
|
This deactivates the password complexity check, but not the minimum password
length one, since the length is specified.
This change is needed by my password module work.
|
|
the password data blob
|