summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2010-03-26s4-drs: replmd_delete with the 3 stage deletion recycle binEduardo Lima2-105/+204
2010-03-23s4:ldb_modules/util.c - fix two counter variables to be "unsigned"Matthias Dieter Wallnöfer1-2/+2
2010-03-22s4:dsdb Add a shortcut sequence number for schema reloadsAndrew Bartlett1-14/+79
This uses the ldb sequence number, in a hope to detect an unchanged schema quicker. Andrew Bartlett
2010-03-22s4:dsdb Rework schema loading and add schema reloadingAndrew Bartlett1-105/+126
This commit reworks Samba4's schema loading code to detect when it needs to reload the schema. This is done by watching the @REPLCHANGED special DN. The reload happens by means of a callback, which is only set when the schema is loaded from the ldb - not when loaded from an LDIF file or DRS. We also rework the global schema handling - instead of storing the pointer to the global schema in each ldb, we store a flag indicating that the global schema should be returned at run time. This makes it much easier to switch to a new global schema. Andrew Bartlett
2010-03-22s4:dsdb Move dsdb_save_partition_usn() to be a module helper functionAndrew Bartlett2-4/+178
This function should not traverse the module stack again, but instead run from this point. Also add a matching dsdb_module_load_partition_usn() and change repl_meta_data to match. Andrew Bartlett
2010-03-22s4:dsdb Add 'const' to some struct dsdb_schema variablesAndrew Bartlett2-9/+9
We don't currently require this, but we may move this way in future.
2010-03-22s4:dsdb Don't load the schema unconditionallyAndrew Bartlett2-3/+19
Schema loads now come at a price, so avoid doing them if we don't have to (such as when doing an @REPLCHANGED or other special DN based search). Andrew Bartlett
2010-03-18s4:dsdb Move rdn_name down the stackAndrew Bartlett1-1/+1
This is done so that it can be (in future) removed when the OpenLDAP backend is in use and the rdn_val module is used, while keeping as similar semantics as possible between the module stacks. Andrew Bartlett
2010-03-16s4:resolve_oids LDB module - not really a change but a nicer method to call ↵Matthias Dieter Wallnöfer1-1/+2
"talloc_reference"
2010-03-16s4:dsdb - fix up warningsMatthias Dieter Wallnöfer2-4/+8
2010-03-16s4:dsdb Show more detail in failure to compute the aggregate DN.Andrew Bartlett1-1/+1
Andrew Bartlett
2010-03-16s4:dsdb Change dsdb_get_schema() callers to use new talloc argumentAndrew Bartlett12-28/+85
This choses an appropriate talloc context to attach the schema too, long enough lived to ensure it does not go away before the operation compleates. Andrew Bartlett
2010-03-16s4:dsdb Fix warnings in DEBUG() by casting to unsigned long intAndrew Bartlett1-4/+4
2010-03-16s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory contextAndrew Bartlett1-24/+46
dsdb_get_schema() isn't a very cheap call, due to the use of LDB opaque pointers. We need to call it less, and instead pass it as a parameter where possible. This also changes to the new API with a talloc context. Andrew Bartlett
2010-03-16s4:dsdb Don't error out if we can't get the Aggregate schema DN yetAndrew Bartlett1-9/+16
It's easier to just set it up when we can, then to deal with the ordering issues in ldb startup. As long as we have it ready if a real client ever asks for it, then we should be happy. Andrew Bartlett
2010-03-12s4:util.c - "dsdb_check_optional_feature" - counter should be "unsigned"Matthias Dieter Wallnöfer1-1/+1
2010-03-12s4-drs: check if an optional feature is enabledEduardo Lima1-0/+59
2010-03-12Split the dsdb_access_check_on_dn.Nadezhda Ivanova1-5/+44
Split the dsdb_access_check_on_dn so it can be reused for checks from both within the module stack and outside it.
2010-03-12Fixed ACL module to use dsdb_module_* API.Nadezhda Ivanova1-9/+9
2010-03-12Moved access_check_on_dn from acl module as an utility.Nadezhda Ivanova1-156/+19
Made this an utility function so it can be used for access checking outside of the acl ldb module, such as checking validated writes and control access rights in other protocols (e. g drs)
2010-03-09Added a check for permissions to modify the RDN attribute on rename.Nadezhda Ivanova1-0/+12
Necessary because rdn module will be moved lower than acl in the stack.
2010-03-07s4:extended_dn_out LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-8/+11
appropriate
2010-03-07s4:repl_meta_data LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-20/+24
appropriate I used "unsigned int" counters where we count LDB objects (LDB specification prescribes to use "unsigned" index variables). But on DSDB replication object counters I used "uint32_t" typed variables as it is suggested. If a counter variable counts both types of objects I used "unsigned int" since size(unsigned int) >= size(uint32_t), but on most platforms equal.
2010-03-07s4:local_password LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-4/+4
appropriate
2010-03-07s4:ranged_results LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-2/+2
appropriate
2010-03-07s4:objectguid LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-1/+1
appropriate
2010-03-07s4:objectclass LDB module - change counter variabls to "unsigned" where ↵Matthias Dieter Wallnöfer1-2/+2
appropriate
2010-03-07s4:anr LDB module - change counter variable to "unsigned"Matthias Dieter Wallnöfer1-1/+1
2010-03-07s4:acl LDB module - change counter variable to "unsigned"Matthias Dieter Wallnöfer1-1/+1
2010-03-07s4:linked_attributes LDB module - change counter variables to "unsigned" ↵Matthias Dieter Wallnöfer1-3/+5
where appropriate
2010-03-07s4:kludge_acl LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-5/+10
appropriate
2010-03-07s4:proxy LDB module - Change counter variables to "unsigned" where appropriateMatthias Dieter Wallnöfer1-5/+6
Use "size_t" when counting string index positions.
2010-03-07s4:schema_data LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-3/+6
appropriate
2010-03-07s4:resolve_oids LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-5/+5
appropriate
2010-03-07s4:rootdse LDB module - change counter variables to "unsigned" where appropriateMatthias Dieter Wallnöfer1-9/+10
2010-03-07s4:partition LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer2-17/+26
appropriate
2010-03-04s4:operational LDB - don't accidentally "ate" search helper attributes if we ↵Matthias Dieter Wallnöfer1-6/+14
need them for more constructed attributes With this patch we delete the helper attributes at the end where all constructed attributes have already been computed.
2010-03-04s4:operational LDB module - make the counters unsignedMatthias Dieter Wallnöfer1-2/+2
No need to have signed counters here.
2010-03-04s4:operational LDB - implement the "tokenGroups" constructed attributeMatthias Dieter Wallnöfer2-1/+96
It contains the transitive SID closure (expand member/memberOf attributes) of a certain SAM object. The "tokenGroups" attribute never contains the SID of the object itself. References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx, http://support.microsoft.com/kb/301916, MS-ADTS 3.1.1.4.5.19.
2010-03-04s4:operational LDB module - use right memory context int ↵Matthias Dieter Wallnöfer1-2/+2
"construct_primary_group_token" Use the "msg" as temporary context and not "ldb" which lives much longer.
2010-02-25s4:partition DSDB module - Generate basic referralsMatthias Dieter Wallnöfer2-47/+144
This is a first, very basic implementation of the referrals (more informations at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12). To have the full referral support (and to always point to the right host) the full implementation using DNS will be needed (at the moment we always point to the main DC which is referenceable through the DNS domainname). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:partition DSDB module - change the search and domain scope control handlingMatthias Dieter Wallnöfer1-35/+22
The domain scope control is always removed, from the search one only the two interesting flags (which are handled) and it is marked as non-critical. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:SAMLDB module - ignore referralsMatthias Dieter Wallnöfer1-5/+6
They don't cause any harm to our functionality - so ignore them were not needed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-24dsdb: Add a more explicit error message for constructed attributesMatthieu Patou1-0/+1
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-24s4/schema: Move msDS-IntId implementation to samldb.c moduleKamen Mazdrashki2-149/+87
msDS-IntId attribute should be replicated, so it must be implemented in a module that is before repl_meta_data module (thanks abartlet for pointing this out). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-21s4:operational LDB module - enable support for passing referrals through itMatthias Dieter Wallnöfer1-2/+1
2010-02-21s4:partition DSDB module - Cosmetic fixupsMatthias Dieter Wallnöfer1-16/+23
2010-02-21s4:password_hash - Fix up request message pointersMatthias Dieter Wallnöfer1-7/+7
For add requests we need the add request messages, for modify requests we need the modify request messages.
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett1-1/+2
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-16s4-dsdb: move dsdb_request_add_controls() into dsdb/common/util.cAndrew Tridgell4-85/+13
This will be used to allow the flag based ldb functions to work on both a ldb or a module, thus saving a lot of specialist functions.