summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/operational.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-21s4-ldap: Fixed a problem with NC's having a parentGUID attributeNadezhda Ivanova1-13/+27
NC's other than default NC had a parentGUID, due to an incorrect check of whether the object has a parent. Fixed by checking object's instanceType instead.
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-1/+1
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-07-08s4-source4/dsdb/samdb/ldb_modules/operational.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-3/+7
2010-07-07s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell1-20/+16
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-06-23s4:operational LDB module - fix a misleading commentMatthias Dieter Wallnöfer1-1/+2
2010-06-20s4: Using control bypassoperational allow the logic of this module to be ↵Matthieu Patou1-10/+39
bypassed for some given attributes Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-06-19dsdb: Make module ops struct for each module public.Jelmer Vernooij1-1/+1
2010-06-15dsdb: Fix includes when building against system ldb.Jelmer Vernooij1-2/+2
2010-05-20s4:operational LDB module - fix warnings (missing parameters, unused variable)Matthias Dieter Wallnöfer1-3/+5
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett1-10/+10
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-05-20s4:auth Add dependency from the operational module onto authAndrew Bartlett1-1/+4
We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett
2010-05-20s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett1-80/+66
This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
2010-05-20s4:dsdb disable tokenGroups until end of rewriteAndrew Bartlett1-1/+2
I need to change the functions this calls Andrew Bartlett
2010-05-18Remove more usages of iconv_convenience in files which were apparently not ↵Jelmer Vernooij1-3/+1
recompiled by waf.
2010-05-09s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumberAndrew Bartlett1-10/+76
This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett
2010-05-03s4/rodc: Implement msDS-isRODC constructed attrAnatoliy Atanasov1-1/+152
2010-04-10s4:dsdb Don't return operational attributes on special DNsAndrew Bartlett1-0/+5
2010-03-16s4:dsdb Don't error out if we can't get the Aggregate schema DN yetAndrew Bartlett1-9/+16
It's easier to just set it up when we can, then to deal with the ordering issues in ldb startup. As long as we have it ready if a real client ever asks for it, then we should be happy. Andrew Bartlett
2010-03-04s4:operational LDB - don't accidentally "ate" search helper attributes if we ↵Matthias Dieter Wallnöfer1-6/+14
need them for more constructed attributes With this patch we delete the helper attributes at the end where all constructed attributes have already been computed.
2010-03-04s4:operational LDB module - make the counters unsignedMatthias Dieter Wallnöfer1-2/+2
No need to have signed counters here.
2010-03-04s4:operational LDB - implement the "tokenGroups" constructed attributeMatthias Dieter Wallnöfer1-0/+95
It contains the transitive SID closure (expand member/memberOf attributes) of a certain SAM object. The "tokenGroups" attribute never contains the SID of the object itself. References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx, http://support.microsoft.com/kb/301916, MS-ADTS 3.1.1.4.5.19.
2010-03-04s4:operational LDB module - use right memory context int ↵Matthias Dieter Wallnöfer1-2/+2
"construct_primary_group_token" Use the "msg" as temporary context and not "ldb" which lives much longer.
2010-02-21s4:operational LDB module - enable support for passing referrals through itMatthias Dieter Wallnöfer1-2/+1
2009-12-16s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptorAndrew Tridgell1-10/+19
2009-12-12s4:operational LDB module - cosmetic - reorder an attribute listMatthias Dieter Wallnöfer1-8/+8
This matches the default handling order in the "password_hash" module (it's nice to have this consistent).
2009-12-09s4-dsdb: fixed steal of parentGUID for empty msgAndrew Tridgell1-4/+10
msg->elements could be NULL before we add parentGUID
2009-12-07s4:dsdb Use ldb_match_msg_objectclass in operational.cAndrew Bartlett1-6/+1
This avoids not only a possibly non-portable compiler expression, but also the need to look up the schema each time. Andrew Bartlett
2009-12-07s4:dsdb Make primaryGroupToken calculation more efficient and correctAndrew Bartlett1-20/+46
The original code here would do a subtree search under each object, attempting to determine if it was a group. This was incorrect, and inefficient - we just need to ask for the objectClass attribute, and check that value before returning the group's RID. (Much of this patch reworks operational.c to allow a search for 2 attributes for this calculation). Andrew Bartlett
2009-12-07s4:dsdb Make parentGUID handler use dsdb_module_search_dn()Andrew Bartlett1-18/+29
This avoids doing a new search from the top of the module stack. This also removes the helper function dsdb_find_parentguid_by_dn() which is now unused. Andrew Bartlett
2009-12-07s4:dsdb Hide the LM password by default tooAndrew Bartlett1-1/+2
2009-12-04s4-drsutil: fixed a memory leak in samdb_search_countAndrew Tridgell1-1/+4
In general functions that don't return any memory should not take a memory context. Otherwise it is too easy to have a bug like this where memory is leaked
2009-12-03s4:operational LDB module - Fix usage of LDB constantsMatthias Dieter Wallnöfer1-4/+4
2009-11-26s4:operational LDB module - Don't do the write checks hereMatthias Dieter Wallnöfer1-16/+0
Let this perform the schema in the "objectclass" module.
2009-11-24s4:operational LDB module - Prevent the modification of operational attributesAndrew Bartlett1-0/+16
(merged by Andrew Bartlett) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-24s4:dsdb Return the subSchemaSubEntry operational attribute on every objectAndrew Bartlett1-4/+40
2009-11-20Cosmetic patch - fixed case of attribute name.Nadezhda Ivanova1-1/+1
2009-11-20s4-dsdb: some more attribuutes that we should only give if asked forAndrew Tridgell1-1/+6
2009-11-20s4-dsdb: removed attributes that should not be displayed by defaultAndrew Tridgell1-0/+37
Some attributes (like ntSecurityDescriptor) are stored in our db, but should only be displayed if asked for. This also applied to parentGUID from old installs, which is now generated.
2009-11-20s4-drs: Synchronous Implementation of generated parentGUIDFernando J V da Silva1-2/+34
This generated parentGUID on demand, rather than getting it from the database Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell1-15/+11
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.
2009-08-11s4:operational - Remove some outdated commentsMatthias Dieter Wallnöfer1-12/+0
2009-08-11s4:operational module - move and enhancementsMatthias Dieter Wallnöfer1-0/+347
This moves the "operational" LDB module to the right place under "dsdb/samdb/ldb_modules" (suggested by abartlet) and enhances it for supporting dynamic generated "primaryGroupToken" for AD groups. This should fix bug #6466.