| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- Also multi-valued "member" attributes are allowed
- When you try to delete a member from a group which has it primary group set
exactly to this group you get "UNWILLING_TO_PERFORM"
|
|
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't?
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 12:31:57 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 09:48:15 UTC 2010 on sn-devel-104
|
|
|
|
|
|
strings
They can be substituted by "ldb_msg_add_string" if the string was already
talloc'ed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
|
|
samdb/ldb_modules/schema_util.c
these functions operate on ldb_modules, so they should be in the
ldb_modules directory. They also should return ldb errors codes, not
WERROR codes, as otherwise the error can be hidden from the ldap
caller
This re-arrangement fixes a dependency loop in the schema/samdb code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
|
|
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
|
- The "systemFlags" we interpret always as signed
- Use "samdb_msg_add_int" where possible (much saver for integer storing than
ldb_msg_add_fmt)
|
|
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
|
|
In LDAP we used signed intege and groups have the highest bit set (ie.
0x80000002). So it will result with values that are > 2^31 when these
value are used on some plateforms (x86 and PPC 64bits in this case) it
causes problem with strtol.
|
|
"ldb_module_get_ctx"
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
And beside this it's also nicer to use standard LDB functions for type
conversions.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct 14 08:26:53 UTC 2010 on sn-devel-104
|
|
- Update the module description
- Fix indentation
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
|
|
|
|
|
|
This is exactly that what Windows allows. It was proven by a blackbox test.
And we also need to deny add operations of builtin groups.
|
|
"isCriticalSystemObject" on modify operations
|
|
This was done according to MS-SAMR 3.1.1.8.2
But do use it only for add operations at the moment.
|
|
Additionally clean up "samldb_fill_object" which is now much easier to
comprehend.
|
|
This was done according to MS-SAMR 3.1.1.8.1
I need to perform some RELAX checks since otherwise the provision wouldn't work
anymore.
|
|
|
|
It's a bit redundant given that we have the "type" variable on "ac".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 6 10:20:45 UTC 2010 on sn-devel-104
|
|
operations
- Perform only shallow copies (should be enough)
- Perform only one copy per operation (also on modifications)
- Build a new request on modify operations if needed ("modified" flag) - this
makes it look cleaner
- Fix an important bug: the "el" pointers could have changed after
modifications. Therefore we have to refresh them on the FLAG_DELETE checks
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 5 09:24:57 UTC 2010 on sn-devel-104
|
|
|
|
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
with a primary group specified
It can only be changed afterwards. We allow a "relax"ed exception for the
provision state since we need this for the guest account.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
detection also on modify operations
Also requested by MS-SAMR 3.1.1.8.1.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
LDAP filters
This makes also lookups through special backends as "samba3sam" work.
|
|
|
|
modify operations"
This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d.
This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this.
I will rework this further.
|
|
This completely destroys the program logic (async callbacks). Sorry for
introducing this.
|
|
derivation from "userAccountControl"
Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
|
|
|
|
operations
We perform always only one shallow copy operation of the message on the "req"
context. This allows to free the "ac" context when we've prepared all our
changes.
|
|
that it is only in use by the delete operation
add and modify helpers will stay on the top of the add and modify operation
since they will likely be shared as much as possible.
|
|
operation handler
|
|
be again synchronous
Also to make it easier to comprehend
|
|
This looks more straight-forward now.
|
|
Since we get more and more rid of async stuff we don't need this in the context
anymore.
|
|
"sAMAccountName"
Purely cosmetic - but nicer to read
|
|
And a small cosmetic change.
I like to have the real attribute names in the function denominations
|
|
To make it more understandable
|
|
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
