summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/objectclass.c
AgeCommit message (Collapse)AuthorFilesLines
2009-12-18s4-dsdb: fix handling of AUX classes in objectclass_sortBrendan Powers1-146/+133
This is done by sorting the classes by subClass_order, which will check if the last structural class is valid to add (in objectclass_do_add instead checking the last class in the list). They were being sorted by building a class tree, and adding the classes to the list in that order. However, AUX classes usually don't fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I have changed the behavior to sort the classes by subClass_order instead. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-30s4-dsdb: don't call ldb_next_init() twice in objectclass moduleAndrew Tridgell1-1/+1
2009-11-26s4:objectclass LDB module - Prevent write operations on constructed attributesMatthias Dieter Wallnöfer1-6/+19
2009-11-20s4-drs: Removes stored parentGUID's creation and renamingFernando J V da Silva1-80/+7
parentGUID is now created on demand in operational.c Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-17s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategoryAndrew Bartlett1-1/+26
It is important to always ensure that this attribute has an extended DN if the rest of the database stores things that way. The knowlege of what format the DN is stored on disk with is passed around in an LDB opaque. Andrew Bartlett
2009-11-09s4-samdb: remove the rDN size constraint of 64Andrew Tridgell1-3/+10
This size constraint is not correct in it's current form, as windows does send us rDN values for CN with lengths longer than 64. Once we know how this constraint really works we can add it back in.
2009-10-15s4-dsdb: implement limit on rDN lengthAndrew Tridgell1-3/+11
w2k8 imposes a limit of 64 characters on the rDN
2009-10-12s4:objectclass ldb module - Check for empty messagesMatthias Dieter Wallnöfer1-1/+8
I think the check for empty messages fits best here.
2009-10-03s4:objectclass - Free unused memory from responsesMatthias Dieter Wallnöfer1-0/+3
2009-10-03s4:dsdb Use possibleInferiors to restrict creation of child objectsAndrew Bartlett1-4/+15
This also uses systemPossibleInferiors when the 'relax' control is specified, which is done by the provision. Andrew Bartlett
2009-10-03s4:dsdb Add objectClass and RDN constraints to objectClass moduleAndrew Bartlett1-8/+35
These additional constraints are applied, found by the Microsoft testsuite. - When the parent is not present, we now return 'NO_SUCH_OBJECT'. - Restrict the choice of RDN to the correct one per the schema - Honour the allowedChildClasses attribute from the parent's objectClass. Andrew Bartlett
2009-10-03s4:dsdb Don't allow creation of systemOnly objectclassesMatthias Dieter Wallnöfer1-0/+6
(except as part of the provision, which specifies the 'relax' control) Andrew Bartlett
2009-10-02s4:dsdb Return correct error on invalid attributeAndrew Bartlett1-1/+2
This error per the Microsoft testsuite
2009-10-02s4:dsdb Don't allow creating of new objects with an isDefunct schema classAndrew Bartlett1-1/+7
2009-10-02s4:Ensure the selected RDN is the right one per the schemaAndrew Bartlett1-1/+7
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett
2009-09-21s4:dsdb Fix of double addition of SD-sNadezhda Ivanova1-0/+2
Also add error strings in descriptor module
2009-09-16Owner and group defaulting.Nadezhda Ivanova1-57/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-08-26s4:dsdb Use helper function to add 'show deleted' controlAndrew Bartlett1-20/+10
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 to use ldb_request_add_control() instead of a manual construction. Andrew Bartlett
2009-08-25fixed DRS rename of deleted objectsAndrew Tridgell1-1/+20
The objectclass module checks that the target parent exists, and refuses renames if it doesn't exist. For this to work for deleted objects we have to do the search in the objectclass module with the "show deleted" control enabled.
2009-08-05s4:dsdb Don't cast an ldb_val into a const char * for schema lookupsAndrew Bartlett1-2/+3
This removes a number of cases where we did a cast into a const char * of an ldb_val. While convention is to alway have an extra \0 at data[length] in the ldb_val, this is not required, and does not occour at least on build farm host 'svart'. Andrew Bartlett
2009-03-17added support for parentGUIDAndrew Tridgell1-5/+84
This is made up of 4 parts: 1) change our schema to include the parentGUID attribute type 2) in the add hook in the objectclass module, get the objectGUID of the parent and add it to the message as parentGUID 3) in the rename hook in the objectclass module, get the objectGUID of the new parent, and insert an async modify request after the renmam is done 4) added a simple test suite
2009-02-23Fix headers, ldb_includes.h is a private header,Simo Sorce1-0/+1
do not reference it from ldb.h
2009-01-30Fix all other modules to use ldb_module.h instead of ldb_private.hSimo Sorce1-57/+78
The only 2 modules escaping the rule so far are rootdse and partitions
2008-11-17s4:dsdb/samdb: don't allow objects without objectClassStefan Metzmacher1-2/+2
We're using @ROOTDSE instead of CN=ROOTDSE. metze
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-3/+9
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-29LDB ASYNC: samba4 modulesSimo Sorce1-457/+295
2008-09-08Try to implement the right logic for systemFlagsAndrew Bartlett1-0/+37
The MS-ADTS document has quite detailed instrucitons on how these flags should be processed. This change also causes the correct sign-wrapping to occour, as these are declared as signed integers. Andrew Bartlett (This used to be commit 5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
2008-03-13Bail out, rather than segfault on no domain sid.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit 7e85f318b571d1a909dffad0ecd661468ed497ca)
2008-03-13Don't segfault on invalid objectClass input.Andrew Bartlett1-6/+13
If the objectClass found does not include a defaultSecurityDescriptor, then we should not segfault in the SDDL parser. Andrew Bartlett (This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8)
2008-02-20Fix use of some modules (needed _PUBLIC_).Jelmer Vernooij1-1/+1
(This used to be commit ce332130ea77159832da23bab760fa26921719e2)
2008-02-20Use struct-based rather than function-based initialization for ldb modules ↵Jelmer Vernooij1-7/+1
everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b)
2008-01-18Only set showOnlyInAdvancedView: TRUE when adding default values.Andrew Bartlett1-2/+2
False is the default, so only set this when the schema requires the hiding behaviour. Andrew Bartlett (This used to be commit 45f6ccefda39e8f0a9820ba55b1924b7cfb12262)
2008-01-18Add showInAdvancedViewOnly to every new objectAndrew Bartlett1-0/+4
Unless already set, the default value for this comes from the defaultHidingValue in the schema. Andrew Bartlett (This used to be commit 673f1805006f879fa5302aab8411767a22488e64)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-1/+4
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26540: Revert my previous commit after concerns raised by Andrew.Jelmer Vernooij1-3/+3
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21r26539: Remove unnecessary statics.Jelmer Vernooij1-3/+3
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21r26297: Correct error message. This function verifies attributes, notAndrew Bartlett1-1/+1
objectclasses. Andrew Bartlett (This used to be commit 47422b5e59027461efd7bc45534f9da8e37e3f48)
2007-12-21r26282: These modules expect errors, but if we don't wipe the error string, weAndrew Bartlett1-0/+3
get phony error strings at the caller, which is very confusing. Andrew Bartlett (This used to be commit 9ac7f4f6098b392dbe4a883a802d2417e074586a)
2007-12-21r25942: Make various ldb modules handle an LDB backend that enforces validityAndrew Bartlett1-9/+20
of Base DNs in searches (returning an error of LDB_ERR_NO_SUCH_ENTRY). We need to handle this if ldb_tdb is to behave correctly compared with LDAP, as well as if we are using an LDAP backend. In doing so, I realised that subtree_rename and subtree_delete (prevention) need rather different wait loops, so it seemed easier to split it out into it's own module. I've fixed the licence on both of these modules to be GPLv3. Andrew Bartlett (This used to be commit d3894c90f31fb45e038ab478cd9d7d34962d069b)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-5/+4
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-12-21r25762: This test belongs best with the other checks for a valid parent, inAndrew Bartlett1-0/+8
the objectclass module. Andrew Bartlett (This used to be commit 16a292fcb134adec110cbc4c8f0fb03323750a45)
2007-12-21r25755: Fix a couple of memory leaks, in particular a new leak onto the NULLAndrew Bartlett1-3/+5
context caused by my objectclass module work. Andrew Bartlett (This used to be commit 2a835d900fee71e4461d5d18e39b4358fa6fdfba)
2007-12-21r25754: More work on normal forms for ldb input.Andrew Bartlett1-69/+147
This patch is to ensure that all attributes are in the same case as the schema specifies. In the process, I ensure that all attributes are indeed in the schema. This ensures we use the schema case, not the user supplied case for future responses, which assists any (incorrect, but possible) case sensitive processing on a client. I've also removed more of the subtle 'schema &&' that metze objected to in the for loops, moving to a much more explicit 'if (schema)'. Andrew Bartlett (This used to be commit bfc96fff063e7cc278755c043b9da0ed4b75a615)
2007-12-21r25750: Update the objectclass module to improve consistency in Samba4.Andrew Bartlett1-78/+351
The aim here is to ensure that if we have CN=Users,DC=samba,DC=example,DC=com that we cannot have a DN of the form cn=admin ,cn=useRS,DC=samba,DC=example,DC=com This module pulls apart the DN, fixes up the relative DN part, and searches for the parent to copy the base from. I've used the objectclass module, as I intend to also validate the placement of child objects, by reading the allowedChildClasses virtual attribute. In the future, I'll also force the attribute names to be consistant (using the case from the schema). Andrew Bartlett (This used to be commit c0a0c69ac5a81cfcb7c7d5ba38db59f8686c30ab)
2007-12-21r25705: Ensure we return the out value to the caller.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 3434262ad74c366ac58319c70880ca50898fa78c)
2007-12-21r25704: Handle the chicken-and-egg problem of setting up the LDB before we getAndrew Bartlett1-8/+15
a schema. perhaps i need to look into metze's 'load a schema from ldif' code. Andrew Bartlett (This used to be commit f350ef5f19ec755c93c6c09210cdf276d1b66877)
2007-12-21r25702: Clarify comments and make this module more strict on objectclasses.Andrew Bartlett1-10/+13
This is becoming the schema module... Andrew Bartlett (This used to be commit ecea817a3e793f8ac0187dd83a29e62a7d645868)
2007-10-10r24914: In response to bug #4892 by Matthias Wallnöfer <mwallnoefer@yahoo.de>,Andrew Bartlett1-8/+38
allow the objectclass module to reconstruct the objectclass hierarchy, rather than using templates. The issue being fixed in particular is that 'top' was not being set on containers. This should ensure we do this right for all objects. Andrew Bartlett (This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6)
2007-10-10r24731: Remove unused code - if we hit these error conditions, then we areAndrew Bartlett1-5/+0
dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed)