summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/objectclass.c
AgeCommit message (Collapse)AuthorFilesLines
2012-11-30s4:dsdb/objectclass: do not pass the callers controls on helper searchesStefan Metzmacher1-1/+1
We add AS_SYSTEM and SHOW_RECYCLED to the helper search, don't let the caller specify additional controls. This also fixes a problem when the caller also specified AS_SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-3/+31
Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-08-22s4:dsdb_sort_objectClass_attr - simplify memory context handlingMatthias Dieter Wallnöfer1-26/+3
Do only require the out memory context and build the temporary one in the body of the function. This greatly simplifies the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-14s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett1-1/+1
As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-04-11s4:dsdb/samdb/ldb_modules/schema.c - move "get_last_structural_class()" into ↵Matthias Dieter Wallnöfer1-5/+6
"util.c" And remove this helper module - it does not have much sense keeping it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
2012-04-11s4:dsdb - introduce a only constant-time "get_last_structural_class()" callMatthias Dieter Wallnöfer1-6/+3
With the redesign of the previous patches this has become possible.
2012-04-11s4:dsdb - move "objectclass_sort()" out from the objectclass LDB module into ↵Matthias Dieter Wallnöfer1-217/+36
the schema code This allows it to be useful for the dbchecker utility in respect to object class problems. Fix up the API to only work with standardised LDB "ldb_message_element" structures which do allow much easier interoperations. As a consequence this leads to some changes in the objectclass module as well.
2012-03-26s4:dsdb - enhance "get_last_structural_class()" for optimisationsMatthias Dieter Wallnöfer1-3/+5
If the objectclass entry has been sorted before we are able to determine the (last) structural or 88 object class in constant time. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:objectclass LDB module - fix up the sorting in respect to structural or ↵Matthias Dieter Wallnöfer1-4/+18
88 objectclasses Please have a look at MS-ADTS 3.1.1.1.4. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:objectclass LDB module - clean up "objectclass_sort()"Matthias Dieter Wallnöfer1-24/+13
Make it easier to comprehend Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-12-19s4-dsdb: Relax the conditions where we can't do a subtree deleteMatthieu Patou1-1/+19
If the parent object is a SAM object (as defined in 3.1.1.5.2.3 Special Classes and Attributes of MS-ADTS) then we can use the subtree delete control even if the object is a critical one. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
2011-10-27s4:objectclass LDB module - objectclass modify op. - remove superflous ↵Matthias Dieter Wallnöfer1-8/+4
"talloc_strdup" We are adding strings embedded in the schema structure which is basically global and lives longer than the request - hence no duplication needed. Reviewed-by: abartlet
2011-10-27s4:objectclass LDB module - objectclass modify operationsMatthias Dieter Wallnöfer1-95/+32
According to bug #8486 the modification to direct related structural object classes is possible (equal, child, parent). Reviewed-by: abartlet
2011-10-27s4:objectclass LDB module - forbid to add unrelated objectclassesMatthias Dieter Wallnöfer1-0/+61
E.g. unsatisfied abstract objectclasses, additional top-most structural classes Reviewed-by: abartlet
2011-10-27s4:objectclass LDB module - "objectclass_add" - small optimisationMatthias Dieter Wallnöfer1-4/+2
This saves us from doing one "ldb_msg_find_element". Reviewed-by: abartlet
2011-10-27s4:objectclass LDB module - "check_rodc_ntdsdsa_add"Matthias Dieter Wallnöfer1-1/+1
For convention use "ldb_attr_cmp()". Reviewed-by: abartlet
2011-10-27s4:objectclass LDB module - update copyrightMatthias Dieter Wallnöfer1-1/+1
Reviewed-by: abartlet
2011-09-23build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett1-1/+1
2011-07-26s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou1-2/+3
2011-07-21s4-dsdb: Use controls provided during the request while searching for object ↵Matthieu Patou1-1/+13
to delete If the parent request specify the show_deleted control we must use it in order to be able to see the deleted objects. Also we just allow to trusted connections with the system account to remove deleted objects, others receive an unwilling to perform.
2011-04-07s4:objectclass LDB module - "ldb_msg_sanity_check" call not really neededMatthias Dieter Wallnöfer1-5/+0
This call should only be performed at the beginning of a request. "ldb_msg_sanity_check" checks for DN validity (which should already have been done at the beginning of the request) and empty attributes (which should be done by the "objectclass_attrs" LDB module). Hence it is superflous here. Reviewed-by: abartlet
2011-04-07s4:objectclass LDB module - fix a comment - add a ")"Matthias Dieter Wallnöfer1-1/+1
Reviewed-by: abartlet
2011-03-04Revert "s4:objectclass LDB module - if we cannot find DN's parent then the ↵Matthias Dieter Wallnöfer1-3/+1
DN itself is invalid" This is not needed anymore with the new DN checking. This reverts commit 5896b7299331aedd065397d2078c62d85bcf68f6. Reviewed by: Tridge
2011-03-04s4:objectclass LDB module - fix a commentMatthias Dieter Wallnöfer1-1/+1
Reviewed by: Tridge
2011-03-04s4:objectclass LDB module - if we cannot find DN's parent then the DN itself ↵Matthias Dieter Wallnöfer1-1/+3
is invalid ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This one gets triggered if we perform "add" requests without the LDAP server. Reviewed by: Tridge
2011-02-28Fix some typesJelmer Vernooij1-4/+4
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-01-25s4:dsdb/samdb/ldb_modules/objectclass.c - move LSA specific object checks ↵Matthias Dieter Wallnöfer1-31/+0
into "objectclass_attrs" LDB module LSA object classes are protected on both LDAP add and LDAP modify operations, so I've refactored the previous check in the objectclass LDB module only for LDAP adds in a new one in the objectclass_attrs LDB module for both adds and modifies. This is the result of the investigations done by Hongwei Sun and I in the last months. Interestingly these protection mechansim doesn't apply on LDAP deletes! Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell1-4/+4
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-26s4:objectclass LDB module - simply use "msg" when requesting the messageMatthias Dieter Wallnöfer1-2/+2
2010-11-26s4:objectclass LDB module - move the "mem_ctx" allocation to a better placeMatthias Dieter Wallnöfer1-7/+6
It's only needed if we've a schema around.
2010-11-26s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)Andrew Bartlett1-15/+28
This arranged the check to avoid talloc_strdup() (the schema pointers are constant, and can be relied upon), and checks the untrusted bit first (it is faster), before the ldb_attr_cmp(). The strcmp() here was valid, if unusual, because the ldapDisplayName values are already in the correct case, but strcasecmp() is more correct, as for the small extra cost, we avoid a difficult to diagnose bug later. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-26s4-objectclass Use a specific local variable name, not 'value'Andrew Bartlett1-4/+5
This makes it clearer what the local variable in use here does. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-25s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer1-7/+1
domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer1-3/+7
is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - move one checks into the "objectclass derivation ↵Matthias Dieter Wallnöfer1-11/+17
loop" This denies objects created from possible derivated classes from the prohibited ones. Also small cosmetic improvements for another check.
2010-11-24s4:objectclass LDB module - some more or less cosmetic return value macro ↵Matthias Dieter Wallnöfer1-14/+22
changes Sometimes "ldb_module_oom" fits better than "ldb_operr" or "ldb_oom".
2010-11-16s4:objectclass LDB module - the "olddn" is the special DN for rename requestsMatthias Dieter Wallnöfer1-1/+1
2010-11-16s4:objectclass LDB module - free "nc_root" after name context comparisonsMatthias Dieter Wallnöfer1-0/+2
2010-11-15s4:objectclass LDB module - improve the default name context checking on ↵Matthias Dieter Wallnöfer1-16/+12
modifications Pointed out by abartlet
2010-11-15s4:objectclass LDB module - implement the "objectClass" change restrictions ↵Matthias Dieter Wallnöfer1-0/+25
on Windows 2000 forest function level Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
2010-11-13s4:objectclass LDB module - multiple "objectClass" change elements are ↵Matthias Dieter Wallnöfer1-161/+169
unfortunately still allowed The test message has been compressed - therefore I've now used "modify_ldif".
2010-11-12s4:objectclass LDB module - we should not simply ignore additional ↵Matthias Dieter Wallnöfer1-2/+16
"objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer1-1/+3
This should prevent crashes as pointed out on the mailing list.
2010-11-11s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer1-11/+39
Detected by a testcase written by Zahari Zahariev.
2010-11-08s4:objectclass LDB module - no idea why we'd need the "objectGUID" hereMatthias Dieter Wallnöfer1-1/+1
2010-11-03s4:objectclass LDB module - the structural objectclass has always to be ↵Matthias Dieter Wallnöfer1-0/+6
specified Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 3 16:20:55 UTC 2010 on sn-devel-104
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-19s4-dsdb: register the DCPROMO_OID control with the rootdseAndrew Tridgell1-0/+7
this is needed to allow it over ldap Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
2010-10-16s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree ↵Matthias Dieter Wallnöfer1-1/+16
delete protection MS-ADTS 3.1.1.5.5.7.2 Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104