Age | Commit message (Collapse) | Author | Files | Lines |
|
building smbtorture4 with configure --disable-shared failed
with an error that ldb.h could not be found
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed by: Tridge
|
|
is invalid
ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This
one gets triggered if we perform "add" requests without the LDAP server.
Reviewed by: Tridge
|
|
This was already done in repl_meta_data, but it needs to be done here
as well to cope with Windows 2000 level links.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 2 02:03:58 CET 2011 on sn-devel-104
|
|
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Feb 22 12:39:23 CET 2011 on sn-devel-104
|
|
|
|
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.
Andrew Bartlett
|
|
this removes a conflict with the s3 smbpasswd binary
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Feb 21 18:02:21 CET 2011 on sn-devel-104
|
|
callbacks.
|
|
descriptor_modify.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
|
|
synchronous descriptor_add.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
it does exactly what we need here
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Feb 15 16:55:32 CET 2011 on sn-devel-104
|
|
This is the same way as it is done in the samldb LDB module.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 12:08:26 CET 2011 on sn-devel-104
|
|
ntds_guid is NULL otherwise as it doesn't make sense for
not a DC object
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
|
|
|
|
as a counterpart for samdb_find_ntdsguid_for_computer()
to be used in LDB modules
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Feb 14 08:45:51 CET 2011 on sn-devel-104
|
|
This approach just asks the tdb backend to handle the single valued
constraint for us
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
|
|
The issue here is that when the samdb calls were removed, this call
relied on going back to the top of the module stack, so as to re-enter
the rootDSE search handler. It makes more sense to check the @ROOTDSE
record directly, and therefore not to invoke the search() handler
during the init.
Andrew Bartlett
|
|
errors.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Jan 28 12:04:01 CET 2011 on sn-devel-104
|
|
into "objectclass_attrs" LDB module
LSA object classes are protected on both LDAP add and LDAP modify
operations, so I've refactored the previous check in the objectclass LDB
module only for LDAP adds in a new one in the objectclass_attrs LDB
module for both adds and modifies.
This is the result of the investigations done by Hongwei Sun and I in
the last months.
Interestingly these protection mechansim doesn't apply on LDAP deletes!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metadata stamps are equal
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Jan 22 12:22:30 CET 2011 on sn-devel-104
|
|
|
|
If object is changed by same DC, then version should be incremented
|
|
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **. This is in keeping with
the other sid lists in the security_token etc.
In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.
Andrew Bartlett
|
|
dsdb_module_search()
this ensures we follow the module stack, and set the parent on child
requests
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we should be using the dsdb_module_search*() calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this avoids using a multi-part extended DN in a search that hits the
check in extended_dn_in
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
builtin groups are shown in user tokenGroups searches
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this checks that the number of extended components in a DN is valid,
to match MS AD behaviour. We need to do this to ensure that our tools
don't try to do operations that will be invalid when used against MS
servers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This removes a silly cross-dependency between the ldb moudle stack and auth/
Andrew Bartlett
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Dec 23 22:49:41 CET 2010 on sn-devel-104
|
|
Just for consistency.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Dec 23 21:46:38 CET 2010 on sn-devel-104
|
|
If this right is granted to a user, they may modify the SPN of an object with some value restrictions
serviceName can be set only if the object is a DC, and then only to the default domain and netbios name, or ntds_guid._msdsc_.forest_domain. If the serviceType is GC, only to the forest root domain. If the serviceType is ldap, then to forest_domain or netbiosname.
InstanceType can be samAccountName or dnsHostName.
|
|
This reverts a previous move to have this based around the auth
subsystem, which just spread auth deps all over unrelated code.
Andrew Bartlett
|