summaryrefslogtreecommitdiff
path: root/source4/dsdb/common
AgeCommit message (Collapse)AuthorFilesLines
2011-12-09s4:dsdb/common/util.c - test LDB result against LDB_SUCCESS as we are always ↵Matthias Dieter Wallnöfer1-1/+1
doing Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
2011-11-18dsdb: Fix the password expiry calculationAmitay Isaacs1-1/+1
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
2011-11-02dsdb: Handle the case when extended rights string is NULLAmitay Isaacs1-4/+7
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Nov 2 07:03:40 CET 2011 on sn-devel-104
2011-10-04s4-dsdb: fixed re-join of subdomainAndrew Tridgell1-3/+4
if we repeat the join of a subdomain then we try to re-create the NC for the subdomain during a DsAddEntry(). This allows that re-creation to succeed if the NC already exists
2011-10-04s4-dsdb: simplify samdb_is_gc()Andrew Tridgell1-28/+2
we already have a function for returning the NTDS options
2011-10-04s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICAAndrew Tridgell2-0/+67
this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-22s4-dsdb: added NO_GLOBAL_CATALOG controlAndrew Tridgell2-1/+11
this control is used to ask samdb to not return searches with a basedn in partial repica partitions, which is needed to support the difference between a search on the 3268 GC ldap port and the non-GC 389 port
2011-09-22s4-dsdb: failing to find the object is not an error in dsdb_loadreps()Andrew Tridgell1-3/+8
we may not have replicated the partition yet, so this should be considered the same as having no repsFrom/repsTo
2011-09-08s4-dsdb: fixed compiler warningAndrew Tridgell1-1/+1
sid can be const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-05s4-dsdb Print clearer error messages when invalid account flags are ↵Andrew Bartlett1-0/+9
specified on add
2011-08-26s4-dsdb Return ACL errors as ldb_errstring()Andrew Bartlett1-0/+3
This string is reported to the caller, which makes debugging much easier. Andrew Bartlett
2011-08-25s4-dsdb: added samdb_ntds_msdcs_dns_name()Andrew Tridgell1-2/+37
this gets the DNS name for a NTDS GUID, based on the forest DNS name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: added samdb_dn_to_dns_domain()Andrew Tridgell1-0/+36
this converts a DC into the equivalent DNS domain. It is used when forming t_msdcs NTDS DNS names Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell1-0/+3
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb Give a less worrying error message on failure to get a transactionAndrew Bartlett1-1/+1
2011-08-13s4-dsdb Add ability to force a particular SID in the upgrade caseAndrew Bartlett1-1/+16
2011-08-13s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH controlAndrew Bartlett2-0/+9
2011-08-12s4-dsdb: don't cache the NTDS settings DNAndrew Tridgell1-9/+8
this DN can change due to a server rename, so we cannot cache it. It is set by provision, but not anywhere else. This seems to not have a large performance impact Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04s4-dsdb: added dn_format attribute of a dsdb_attributeAndrew Tridgell1-7/+0
this is faster than string comparisons during searches at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: fixed a warning on dsdb_delete()Andrew Tridgell1-1/+1
struct ldb_dn is never const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: make requests for STORAGE_FORMAT control non-criticalAndrew Tridgell1-1/+1
this allows us to use dsdb_module_dn_by_guid() from levels below the extended_dn_out module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-21s4-dsdb: added dsdb_delete() functionAndrew Tridgell1-0/+30
this gives us a delete function that takes the standard set of dsdb flags Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-14Standalone samdb_ntds_site_settings_options() helperDave Craft1-0/+48
A helper function for retrieving the ntds site settings via standalone function call. Used within KCC Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-10s4-drs: cope with missing RMD_ADDTIME in linked attributesAndrew Tridgell1-1/+1
upgraded links can be missing the RMD_ADDTIME field
2011-05-08s4-dsdb Add transactions to dsdb modify helpersAndrew Bartlett1-0/+18
2011-05-03s4-socket: rename allow_access() to socket_allow_access()Andrew Tridgell1-1/+1
this prevents a symbol collision with s3 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-04-04s4-dsdb: added a ldb err -> NTSTATUS mappingAndrew Tridgell1-0/+78
this is not perfect, but its better than always giving NT_STATUS_UNSUCCESSFUL in our RPC servers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-04s4/ldb - remove now superflous "ldb_dn_validate" checksMatthias Dieter Wallnöfer2-3/+3
If we immediately afterwards perform an LDB base operation then we don't need an explicit "ldb_dn_validate" check anymore (only OOM makes sense). Reviewed by: Tridge
2011-03-01s4:dsdb - always handle the attribute "options" as 32bit unsigned integerMatthias Dieter Wallnöfer1-2/+3
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as 64-bit integer. Reviewed by: Kamenim and Metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
2011-03-01s4:dsdb/common/util.c - remove "samdb_find_or_add_value"Matthias Dieter Wallnöfer1-8/+0
This isn't used anymore. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-03-01s4:dsdb/common/util.c - fully remove "samdb_msg_add_string"Matthias Dieter Wallnöfer1-18/+3
This isn't needed anymore and will be substituted by "ldb_msg_add_string". Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-03-01s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer2-10/+8
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-28Fix some typesJelmer Vernooij1-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-27s4/dsdb-util: Use DS_NTDSDSA_OPT_IS_GC flag definitionKamen Mazdrashki1-1/+1
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sun Feb 27 00:10:45 CET 2011 on sn-devel-104
2011-02-24build: moved libds/common/flag_mapping.c into a common subsystemAndrew Tridgell2-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell2-3/+3
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett1-7/+6
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-15s4:dsdb_find_nc_root - fix it up to let the provisioning work correctlyMatthias Dieter Wallnöfer1-2/+2
Use the temporary list unless we have at least the three main "namingContexts" from the rootDSE available (Default, Configuration, Schema - these are mandatory on all AD deployments!). This bug has been discovered by Nadya in relation with her SD work. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: minimise the DN in group expansionAndrew Tridgell1-0/+5
this DN we have came from an extended DN search, which means it may have multiple extended components. We need to minimise the DN before AD will accept it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb Implement tokenGroups expansion directly in ldb operational moduleAndrew Bartlett1-0/+167
This removes a silly cross-dependency between the ldb moudle stack and auth/ Andrew Bartlett
2010-12-22s4-dsdb: Added a helper function to get the default dns domain as string.Nadezhda Ivanova1-0/+19
2010-12-21s4:dsdb/common/util.c - remove unused variable "ndr_err"Matthias Dieter Wallnöfer1-1/+0
2010-12-16s4-dsdb Use sid_blob_parse()Andrew Bartlett1-3/+3
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-4/+4
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-5/+6
2010-12-04s4:dsdb/common/util_samr.c and auth/sam.c - fix error messageMatthias Dieter Wallnöfer1-2/+2
2010-12-04s4:dsdb/common/util_samr.c - "dsdb_enum_group_mem" - fix it up regarding non ↵Matthias Dieter Wallnöfer1-7/+16
SAM members For example contacts.
2010-12-01s4:dsdb/common/util.c - "samdb_msg_add_add/delval" - introduce also here the ↵Matthias Dieter Wallnöfer1-2/+2
better memory context "msg->elements" fits better than "msg".
2010-11-16s4:"dsdb_find_nc_root" - let it work also when the "namingContexts" ↵Matthias Dieter Wallnöfer1-8/+34
attribute isn't available yet This is needed on provisioning when the modules aren't set up yet.
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer1-0/+5
This should prevent crashes as pointed out on the mailing list.