summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/samldb.c
AgeCommit message (Collapse)AuthorFilesLines
2010-01-08s4-dsdb: added an extended operation for allocating a new RID poolAndrew Tridgell1-1/+31
This will be called by getncchanges when a client asks for a DRSUAPI_EXOP_FSMO_RID_ALLOC operation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-dsdb: move the RID allocation logic into ridalloc.cAndrew Tridgell1-88/+5
This will end up having the RID Manager logic as well, so all the RID pool allocation logic is in one spot Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-samldb: use RID Set to allocate user/group RIDsAndrew Tridgell1-559/+104
This is the first step towards DRS-friendly RID allocation. We now get the next rid from the RID Set object Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-05s4:SAMLDB LDB module - Fix trailing whitespacesMatthias Dieter Wallnöfer1-17/+17
2010-01-05s4:SAMLDB LDB module - Rework to allow checks for wrong ↵Matthias Dieter Wallnöfer1-50/+96
"defaultObjectCategory" attributes This allows a stricter check for "defaultObjectCategory" attributes which is performed when the "relax" control isn't specified. Additional note: As the added comment points out this isn't complete. And I personally think that moving this at some point to the "objectclass" module is a better idea to make this fully work (since there we have direct access to the schema). If someone has a good idea how to do this please inform me. Anyway, the SAMLDB module does require some restructure since at the moment it's very overloaded and therefore a bit a mess. In the meantime I started to work on a new approach to realise it in a better way.
2009-12-16s4-dsdb: rename dsdb_module_search_handle_flags to dsdb_request_add_controlsAndrew Tridgell1-1/+1
This function will be used for non-search controls, like relax
2009-11-30s4-drs: Using dsdb_msg_add_guid() utility functionFernando J V da Silva1-24/+2
Uses the dsdb_msg_add_guid() to add any kind of GUID attribute to a ldb_message in several places of samba4 code. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-17s4:SAMLDB DSDB module - Add "\n"s on debug messagesMatthias Dieter Wallnöfer1-2/+2
2009-11-17s4:SAMLDB DSDB module - Remove "\n" in LDB error messagesMatthias Dieter Wallnöfer1-25/+31
abartlet suggested me to not use anymore "\n"s in those kind of outputs. Plus, enhance a search filter to consider also "builtinDomain" objects which are basically domain objects too.
2009-11-17s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategoryAndrew Bartlett1-0/+5
It is important to always ensure that this attribute has an extended DN if the rest of the database stores things that way. The knowlege of what format the DN is stored on disk with is passed around in an LDB opaque. Andrew Bartlett
2009-11-16s4:SAMLDB moduleMatthias Dieter Wallnöfer1-14/+14
- Add more "\n" to make sure that error messages are displayed immediately - Add a "NULL" in a attribute list
2009-11-16s4:dsdb LDB attribute lists must always be a static const char **.Andrew Bartlett1-1/+1
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack). Andrew Bartlett
2009-11-15s4:SAMLDB module - Add support for required and generated schema attributesAndrew Bartlett1-7/+285
This missing support found by Microsoft test suite at AD interop event. Patch by Andrew Bartlett Enhancements by Matthias Dieter Wallnöfer
2009-11-02s4 - SID allocation using FDS DNA pluginEndi S. Dewata1-10/+19
2009-10-12s4:provision Remove all references to samba4LocalDomainAndrew Bartlett1-6/+5
This was a bad idea all along, as Simo said at the time. With the full MS schema and enforcement of it, it is an even worse idea. This fixes the provision of the member server in 'make test' Andrew Bartlett
2009-10-02s4-samdb: added some debuggingAndrew Tridgell1-2/+8
This helped track down the samba3sam.py failures
2009-09-28s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as criticalAndrew Tridgell1-0/+10
We may also need to remove the isCriticalSystemObject when the machine is demoted
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell1-6/+2
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.
2009-09-07s4:samldb - Fix typoMatthias Dieter Wallnöfer1-1/+1
2009-09-07s4:samldb - Major reworkMatthias Dieter Wallnöfer1-243/+1000
This fixes up the change of the primary group of a user when using the ADUC console: - When the "primaryGroupId" attribute changes, we have to delete the "member"/"memberOf" attribute reference of the new primary group and add one for the old primary group. - Deny deletion of primary groups according to Windows Server (so we cannot have invalid "primaryGroupID" attributes in our AD). - We cannot add a primary group directly before it isn't a secondary one of a user account. - We cannot add a secondary reference ("member" attribute) when the group has been chosen as primary one. This also removes the LDB templates which are basically overhead now. This should also fix bug #6599.
2009-08-11s4:samldb module - Remove duplicate lineMatthias Dieter Wallnöfer1-1/+0
2009-08-07fixed several places that unnecessarily take a reference to the event contextAndrew Tridgell1-4/+0
These references were triggering the ambiguous talloc_free errors from the recent talloc changes when the server is run using the 'standard' process model instead of the 'single' process model. I am aiming to move the build farm to use the 'standard' process model soon, as part of an effort to make our test environment better match the real deployment of Samba4. The references are not needed as the way that the event context is used is as the 'top parent', so when the event context is freed then all of the structures that were taking a reference to the event context were actually freed as well, thus making the references redundent.
2009-07-13libds: merge the UF<->ACB flag mapping functions.Günther Deschner1-4/+4
Guenther
2009-07-02we can't use the unique index code for samAccountNameAndrew Tridgell1-7/+74
Using ldb unique indexes for samAccountName doesn't work with DRS as the other DC may send us a deleted record (tombstone record), which has the same samAccountName as an existing record. That would then create two records in the same partition with the same samAccountName. So we needed to put back the logic in samldb.c which explicitly checked whether a samAccountName already exists on add
2009-06-01we don't need the unique checks in the samldb code nowAndrew Tridgell1-162/+2
These attributes now use the unique indexing flag
2009-01-30Fix all other modules to use ldb_module.h instead of ldb_private.hSimo Sorce1-63/+113
The only 2 modules escaping the rule so far are rootdse and partitions
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-17s4:samldb: make use of dom_sid_split_rid()Andrew Bartlett1-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17s4:samldb: improve error stringsAndrew Bartlett1-6/+8
When things go wrong with LDB, this routine seems to be particularly sensitive to it. This extra debugging should help the next poor soul who breaks LDB. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij1-2/+2
remove some unused functions.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-29s4:samldb: use the code path with async ldbStefan Metzmacher1-43/+4
This removes the event_context leak that caused NT_STATUS_TOO_MANY_OPENED_FILES in the server, because of all the epool fds metze
2008-09-29LDB ASYNC: samba4 modulesSimo Sorce1-527/+1106
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-5/+5
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-08-21Don't maniplate control entries in samldbAndrew Bartlett1-0/+4
(This used to be commit 8003ee9abf474de534677283fc499f9a3d992b20)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+1
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-03-28Convert some more files to GPLv3.Andrew Kroeger1-1/+1
(This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907)
2008-03-14Allow more 'domain' objects when looking for a unqiue SID.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit db3b5f16ec8d9b83d8a82a535a4847dce5923663)
2008-02-28Users and computers now share the same template.Andrew Bartlett1-35/+100
Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
2008-02-20Fix use of some modules (needed _PUBLIC_).Jelmer Vernooij1-1/+1
(This used to be commit ce332130ea77159832da23bab760fa26921719e2)
2008-02-20Use struct-based rather than function-based initialization for ldb modules ↵Jelmer Vernooij1-7/+1
everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b)
2008-01-26ldb: Add ldb_oom() calls in a couple of places.Jelmer Vernooij1-1/+5
(This used to be commit 1163c2ad54b122487fa25960b8989f0f6d0b8c64)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-1/+1
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-1/+2
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-12-21r25949: Make error messages clearer and more correct.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit f0a0d73f768434cb474b311d7c366d1f2a06c8f4)
2007-12-21r25940: Rework the samldb and templates handling.Andrew Bartlett1-35/+48
Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-4/+5
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-12-21r25780: fix bool returnStefan Metzmacher1-1/+1
metze (This used to be commit 7b77210d3e2c644d28d6e3795e6c4423dc6ea4bf)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-1/+1
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)