| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We add AS_SYSTEM and SHOW_RECYCLED to the helper search,
don't let the caller specify additional controls.
This also fixes a problem when the caller also specified AS_SYSTEM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Do only require the out memory context and build the temporary one in
the body of the function. This greatly simplifies the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
|
|
"util.c"
And remove this helper module - it does not have much sense keeping it.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
|
|
With the redesign of the previous patches this has become possible.
|
|
the schema code
This allows it to be useful for the dbchecker utility in respect to
object class problems.
Fix up the API to only work with standardised LDB "ldb_message_element"
structures which do allow much easier interoperations. As a consequence this
leads to some changes in the objectclass module as well.
|
|
If the objectclass entry has been sorted before we are able to determine
the (last) structural or 88 object class in constant time.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
88 objectclasses
Please have a look at MS-ADTS 3.1.1.1.4.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Make it easier to comprehend
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
If the parent object is a SAM object (as defined in 3.1.1.5.2.3
Special Classes and Attributes of MS-ADTS) then we can use the subtree
delete control even if the object is a critical one.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
|
|
"talloc_strdup"
We are adding strings embedded in the schema structure which is basically
global and lives longer than the request - hence no duplication needed.
Reviewed-by: abartlet
|
|
According to bug #8486 the modification to direct related structural
object classes is possible (equal, child, parent).
Reviewed-by: abartlet
|
|
E.g. unsatisfied abstract objectclasses, additional top-most structural
classes
Reviewed-by: abartlet
|
|
This saves us from doing one "ldb_msg_find_element".
Reviewed-by: abartlet
|
|
For convention use "ldb_attr_cmp()".
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
|
|
|
|
to delete
If the parent request specify the show_deleted control we must use it in
order to be able to see the deleted objects.
Also we just allow to trusted connections with the system account to
remove deleted objects, others receive an unwilling to perform.
|
|
This call should only be performed at the beginning of a request.
"ldb_msg_sanity_check" checks for DN validity (which should already have been
done at the beginning of the request) and empty attributes (which should
be done by the "objectclass_attrs" LDB module).
Hence it is superflous here.
Reviewed-by: abartlet
|
|
Reviewed-by: abartlet
|
|
DN itself is invalid"
This is not needed anymore with the new DN checking.
This reverts commit 5896b7299331aedd065397d2078c62d85bcf68f6.
Reviewed by: Tridge
|
|
Reviewed by: Tridge
|
|
is invalid
ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This
one gets triggered if we perform "add" requests without the LDAP server.
Reviewed by: Tridge
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
|
|
into "objectclass_attrs" LDB module
LSA object classes are protected on both LDAP add and LDAP modify
operations, so I've refactored the previous check in the objectclass LDB
module only for LDAP adds in a new one in the objectclass_attrs LDB
module for both adds and modifies.
This is the result of the investigations done by Hongwei Sun and I in
the last months.
Interestingly these protection mechansim doesn't apply on LDAP deletes!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
It's only needed if we've a schema around.
|
|
This arranged the check to avoid talloc_strdup() (the schema pointers
are constant, and can be relied upon), and checks the untrusted bit
first (it is faster), before the ldb_attr_cmp().
The strcmp() here was valid, if unusual, because the ldapDisplayName
values are already in the correct case, but strcasecmp() is more
correct, as for the small extra cost, we avoid a difficult to diagnose
bug later.
Andrew Bartlett
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
This makes it clearer what the local variable in use here does.
Andrew Bartlett
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
domain objects
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
|
|
is specified
This fits better than the RELAX one.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
|
|
loop"
This denies objects created from possible derivated classes from the prohibited
ones.
Also small cosmetic improvements for another check.
|
|
changes
Sometimes "ldb_module_oom" fits better than "ldb_operr" or "ldb_oom".
|
|
|
|
|
|
modifications
Pointed out by abartlet
|
|
on Windows 2000 forest function level
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
|
|
unfortunately still allowed
The test message has been compressed - therefore I've now used "modify_ldif".
|
|
"objectClass" attribute changes
There first one we perform all other tentatives are terminated with
ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
|
|
This should prevent crashes as pointed out on the mailing list.
|
|
Detected by a testcase written by Zahari Zahariev.
|
|
|
|
specified
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 3 16:20:55 UTC 2010 on sn-devel-104
|
|
|
|
|
|
this is needed to allow it over ldap
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
|
|
delete protection
MS-ADTS 3.1.1.5.5.7.2
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
|
