Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Split the dsdb_access_check_on_dn so it can be reused for checks
from both within the module stack and outside it.
|
|
|
|
Made this an utility function so it can be used for access checking
outside of the acl ldb module, such as checking validated writes and
control access rights in other protocols (e. g drs)
|
|
Necessary because rdn module will be moved lower than acl in the stack.
|
|
appropriate
|
|
appropriate
I used "unsigned int" counters where we count LDB objects (LDB specification
prescribes to use "unsigned" index variables).
But on DSDB replication object counters I used "uint32_t" typed variables as it
is suggested.
If a counter variable counts both types of objects I used "unsigned int" since
size(unsigned int) >= size(uint32_t), but on most platforms equal.
|
|
appropriate
|
|
appropriate
|
|
appropriate
|
|
appropriate
|
|
|
|
|
|
where appropriate
|
|
appropriate
|
|
Use "size_t" when counting string index positions.
|
|
appropriate
|
|
appropriate
|
|
|
|
appropriate
|
|
Also here in both cases the unsigned counter fits better than the signed one.
|
|
In both cases the unsigned counter fits better:
- in the first one since we are counting LDB objects starting from 0
- in the second since we are counting an array starting from 0
|
|
need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
|
|
No need to have signed counters here.
|
|
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
|
|
"construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
|
|
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
|
|
This is a first, very basic implementation of the referrals (more informations
at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12).
To have the full referral support (and to always point to the right host) the
full implementation using DNS will be needed (at the moment we always point to
the main DC which is referenceable through the DNS domainname).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The domain scope control is always removed, from the search one only the two
interesting flags (which are handled) and it is marked as non-critical.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
They don't cause any harm to our functionality - so ignore them were not needed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
msDS-IntId attribute should be replicated, so it must be
implemented in a module that is before repl_meta_data module
(thanks abartlet for pointing this out).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
For add requests we need the add request messages, for modify requests we need
the modify request messages.
|
|
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
|
|
greatly simplifies some of the cracknames code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used to allow the flag based ldb functions to work on
both a ldb or a module, thus saving a lot of specialist functions.
|
|
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
When updating replPropertyMetaData, check if the value being stored is
the same as the current value, and skip the update if it is.
This is based on a patch by Fernando J V da Silva <fernandojvsilva@yahoo.com.br>
|
|
It fixes the bug which causes an urgent replication to be enabled
incorrectly when an object is modified, but it should happen only
when it was created. This patch also fixes the bug that enable an
urgent replication when an object is deleted, but it should happen
only when it was modified and fixes the bug that does not enable
an urgent replication when an object is deleted and it should happen
only when it is deleted (not when it is modified).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
This changes the meaning of the ->prev pointer in our doubly linked
lists to point at the end of the list from the front of the list. That
allows us to implement DLIST_ADD_END() and related functions in O(1)
time, which can be a huge saving in many places in Samba.
This also means that the 'type' argument to various DLIST_*() macros
is no longer needed, but I have left it in for now to keep the
patchset small, which will make it easier to revert if any problems
are found. In the future we should remove the 'type' arguments.
(jra. Move the one use of DLIST_TAIL over to the new macros).
|
|
|
|
I changed the format string into "(objectClass=*)" which should be an
equivalent expression for choosing all available objects.
Consider bug 7115 for the issue.
|
|
It is needed to not break the various LDAP backends. For reference look at
bug #7040.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This caused repadmin.exe to crash. Thanks to Hongwei for tracking this
down for us.
|