summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/descriptor.c
AgeCommit message (Collapse)AuthorFilesLines
2012-05-19s4-dsdb: allow modification of some deleted object if the show-deleted ↵Matthieu Patou1-4/+9
control is presented Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
2012-04-11s4:dsdb/samdb/ldb_modules/schema.c - move "get_last_structural_class()" into ↵Matthias Dieter Wallnöfer1-3/+4
"util.c" And remove this helper module - it does not have much sense keeping it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
2012-04-11s4:dsdb - introduce a only constant-time "get_last_structural_class()" callMatthias Dieter Wallnöfer1-4/+2
With the redesign of the previous patches this has become possible.
2012-03-26s4-dsdb: use constant-time search for descriptor -> get_last_structural_class()Andrew Bartlett1-2/+2
The objectClass list is sorted at this point, as we are called below the objectclass module here, or are working from a search result. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 05:38:13 CEST 2012 on sn-devel-104
2012-03-26s4:dsdb - enhance "get_last_structural_class()" for optimisationsMatthias Dieter Wallnöfer1-2/+4
If the objectclass entry has been sorted before we are able to determine the (last) structural or 88 object class in constant time. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-11-16s4-dsdb: rework the NC detection for the descriptor calculationMatthieu Patou1-12/+31
This checks if instanceType attribute is available, and if INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then the DN is NC root and security descriptor is not inherited from parent SD. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2011-09-23build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett1-1/+1
2011-03-19source4/dsdb/samdb: Fix prototypes for all functions.Jelmer Vernooij1-1/+1
2011-02-22s4-descriptor: Fixed a typo in a comment and clarified it a bit.Nadezhda Ivanova1-2/+2
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Feb 22 12:39:23 CET 2011 on sn-devel-104
2011-02-22s4-descriptor: Fixed some missing curly braces.Nadezhda Ivanova1-10/+13
2011-02-21s4-descriptor: Fixed some compiler warnings.Nadezhda Ivanova1-2/+2
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Feb 21 18:02:21 CET 2011 on sn-devel-104
2011-02-21s4-descriptor: Removed unnecessary descriptor_change function and unused ↵Nadezhda Ivanova1-387/+0
callbacks.
2011-02-21s4-descriptor: Replaced the async descriptor_change with synchronous ↵Nadezhda Ivanova1-1/+149
descriptor_modify. The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the implementation of SD hierarchy recalculation on modify much easier.
2011-02-21s4-descriptor: Replaced the synchronous descriptor_change with the ↵Nadezhda Ivanova1-1/+108
synchronous descriptor_add. The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the implementation of SD hierarchy recalculation on modify much easier.
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell1-2/+2
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-12-18Revert "s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later"Andrew Bartlett1-0/+1
This reverts commit 25163380239abbad28f1656c42e6fab1b92473d9 because further analyis showed the real problem was introduced in 0941099a (which changed the caller behaviour, but only for indexed searches). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Dec 18 02:19:59 CET 2010 on sn-devel-104
2010-12-16s4-dsdb Don't talloc_free() ares on failure, as LDB might free it laterAndrew Bartlett1-1/+0
We need to make LDB consistent here (indexed vs unindexed behaviour differs here!), but for the moment this is the easiest way out of a segfault. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 16 06:42:56 CET 2010 on sn-devel-104
2010-12-02s4-dsdb/descriptor: comment typoKamen Mazdrashki1-1/+1
2010-11-16s4:descriptor LDB module - also "get_default_ag" should make use of ↵Matthias Dieter Wallnöfer1-12/+12
"dsdb_find_nc_root"
2010-11-16s4:descriptor LDB module - handle the NCs in a more generic way by using ↵Matthias Dieter Wallnöfer1-10/+22
"dsdb_find_nc_root"
2010-11-16s4:descriptor LDB module - make more clear that special control entries ↵Matthias Dieter Wallnöfer1-0/+7
never should be handled by modules
2010-11-07s4:descriptor LDB module - make the "nTSecurityDescriptor" attribute fully ↵Matthias Dieter Wallnöfer1-47/+61
behave as in AD - fix crash when provided "nTSecurityDescriptor" attribute is empty - print out the correct error codes if it's provided multi-valued - simplify the "recalculate_sd" control handling
2010-11-07s4:descriptor LDB module - save a pointer to the request message on the ↵Matthias Dieter Wallnöfer1-33/+33
temporary "ac" context This prevents two calls of "ldb_msg_copy_shallow".
2010-11-07s4:descriptor LDB module - by "dsdb_next_callback" we don't need anymore the ↵Matthias Dieter Wallnöfer1-33/+2
default operation callback implementations Only customised ones still need to remain.
2010-11-07s4:descriptor LDB module - remove a bit pointless memory contextMatthias Dieter Wallnöfer1-9/+1
For only one operation we do not need an additional "mem_ctx". "ac" should be enough (see for example the samldb LDB module).
2010-11-07s4:descriptor LDB module - remove a "ldb_msg_sanity_check" callMatthias Dieter Wallnöfer1-7/+0
This check (the structural objectclass) is performed in the objectclass LDB module.
2010-11-07s4:descriptor LDB module - don't ignore referrals if we are executing an ↵Matthias Dieter Wallnöfer1-4/+2
ordinary external search operation Referrals are valid results.
2010-11-03s4:descriptor LDB module - a bit cleanupMatthias Dieter Wallnöfer1-13/+34
- add more OOM checks where needed - remove message of an error which cannot happen anymore (since now the structural objectclass is always checked by the objectclass LDB module) Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 3 18:30:52 UTC 2010 on sn-devel-104
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-10dsdb/modules: Split up helpers a bit to prevent recursive dependencies.Jelmer Vernooij1-0/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
2010-09-25ldb: mark the location of a lot more ldb requestsAndrew Tridgell1-0/+4
2010-09-25s4-dsdb: added tagging of requests in dsdb modulesAndrew Tridgell1-0/+1
this allows you to call dsdb_req_chain_debug() in gdb or when writing debug code to see the request chain
2010-08-01s4:descriptor LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-4/+3
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-07-07s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell1-8/+7
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-06-19dsdb: Make module ops struct for each module public.Jelmer Vernooij1-2/+0
2010-06-15dsdb: Fix includes when building against system ldb.Jelmer Vernooij1-2/+2
2010-06-06s4:descriptor LDB module - cosmetic fixupMatthias Dieter Wallnöfer1-4/+4
2010-06-01s4: check the sacl and dacl pointers on the old sdAnatoliy Atanasov1-2/+2
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-7/+4
2010-05-04s4/rodc: Fix the callbacks up the stack to handle referrals on modify requestsAnatoliy Atanasov1-0/+5
2010-04-22s4-dsdb: removed an unused variableAndrew Tridgell1-1/+0
2010-04-13s4:acl/descriptor LDB module - distinguish between root and default basednMatthias Dieter Wallnöfer1-0/+6
The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments).
2010-03-16s4:dsdb Change dsdb_get_schema() callers to use new talloc argumentAndrew Bartlett1-2/+2
This choses an appropriate talloc context to attach the schema too, long enough lived to ensure it does not go away before the operation compleates. Andrew Bartlett
2010-01-02s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdbAndrew Tridgell1-0/+8
w2k8-r2 gives a "schema mismatch" error if the revision is not set to REVISION_ADS and you replicate the ntsecuritydescriptor using DRS. Nadya, please check this! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Move get_last_structural class from descriptor.c to util.cBrendan Powers1-16/+1
It can now also be used by objectclass.c get_last_structural_class now ignores AUX classes, because they are not structural Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: don't actually remove the sd_flags control, just mark it non-criticalAndrew Tridgell1-14/+10
For controls that need to be seen by more than one module, it is best to just mark them non-critical when handled, instead of removing them. Otherwise lower modules can't see them. In this case we want the operational module to see the SD_FLAGS control
2009-12-09s4-dsdb: added dsdb_functional_level() helper functionAndrew Tridgell1-7/+1
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-4/+11
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-22Fixed incorrect indentation.Nadezhda Ivanova1-7/+6
generated by cgit (git 2.34.1) at 2024-08-03 06:09:42 +0000