summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-03-12s4-drs: check if an optional feature is enabledEduardo Lima1-0/+59
2010-03-12Split the dsdb_access_check_on_dn.Nadezhda Ivanova1-5/+44
Split the dsdb_access_check_on_dn so it can be reused for checks from both within the module stack and outside it.
2010-03-12Fixed ACL module to use dsdb_module_* API.Nadezhda Ivanova1-9/+9
2010-03-12Moved access_check_on_dn from acl module as an utility.Nadezhda Ivanova1-156/+19
Made this an utility function so it can be used for access checking outside of the acl ldb module, such as checking validated writes and control access rights in other protocols (e. g drs)
2010-03-09Added a check for permissions to modify the RDN attribute on rename.Nadezhda Ivanova1-0/+12
Necessary because rdn module will be moved lower than acl in the stack.
2010-03-07s4:extended_dn_out LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-8/+11
appropriate
2010-03-07s4:repl_meta_data LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-20/+24
appropriate I used "unsigned int" counters where we count LDB objects (LDB specification prescribes to use "unsigned" index variables). But on DSDB replication object counters I used "uint32_t" typed variables as it is suggested. If a counter variable counts both types of objects I used "unsigned int" since size(unsigned int) >= size(uint32_t), but on most platforms equal.
2010-03-07s4:local_password LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-4/+4
appropriate
2010-03-07s4:ranged_results LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-2/+2
appropriate
2010-03-07s4:objectguid LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-1/+1
appropriate
2010-03-07s4:objectclass LDB module - change counter variabls to "unsigned" where ↵Matthias Dieter Wallnöfer1-2/+2
appropriate
2010-03-07s4:anr LDB module - change counter variable to "unsigned"Matthias Dieter Wallnöfer1-1/+1
2010-03-07s4:acl LDB module - change counter variable to "unsigned"Matthias Dieter Wallnöfer1-1/+1
2010-03-07s4:linked_attributes LDB module - change counter variables to "unsigned" ↵Matthias Dieter Wallnöfer1-3/+5
where appropriate
2010-03-07s4:kludge_acl LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-5/+10
appropriate
2010-03-07s4:proxy LDB module - Change counter variables to "unsigned" where appropriateMatthias Dieter Wallnöfer1-5/+6
Use "size_t" when counting string index positions.
2010-03-07s4:schema_data LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-3/+6
appropriate
2010-03-07s4:resolve_oids LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-5/+5
appropriate
2010-03-07s4:rootdse LDB module - change counter variables to "unsigned" where appropriateMatthias Dieter Wallnöfer1-9/+10
2010-03-07s4:partition LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer2-17/+26
appropriate
2010-03-05s4:samdb_privilege.c - Change two counter variables to unsignedMatthias Dieter Wallnöfer1-2/+3
Also here in both cases the unsigned counter fits better than the signed one.
2010-03-05s4:cracknames - Change two counter variables to unsignedMatthias Dieter Wallnöfer1-2/+2
In both cases the unsigned counter fits better: - in the first one since we are counting LDB objects starting from 0 - in the second since we are counting an array starting from 0
2010-03-04s4:operational LDB - don't accidentally "ate" search helper attributes if we ↵Matthias Dieter Wallnöfer1-6/+14
need them for more constructed attributes With this patch we delete the helper attributes at the end where all constructed attributes have already been computed.
2010-03-04s4:operational LDB module - make the counters unsignedMatthias Dieter Wallnöfer1-2/+2
No need to have signed counters here.
2010-03-04s4:operational LDB - implement the "tokenGroups" constructed attributeMatthias Dieter Wallnöfer2-1/+96
It contains the transitive SID closure (expand member/memberOf attributes) of a certain SAM object. The "tokenGroups" attribute never contains the SID of the object itself. References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx, http://support.microsoft.com/kb/301916, MS-ADTS 3.1.1.4.5.19.
2010-03-04s4:operational LDB module - use right memory context int ↵Matthias Dieter Wallnöfer1-2/+2
"construct_primary_group_token" Use the "msg" as temporary context and not "ldb" which lives much longer.
2010-03-03s4:samdb.c - Make it signed-safeMatthias Dieter Wallnöfer1-2/+2
Use an unsigned argument for the numbers of groups and the counter "i" since the function is called only by "auth_generate_session_info" with an unsigned number of groups argument.
2010-02-25s4:partition DSDB module - Generate basic referralsMatthias Dieter Wallnöfer2-47/+144
This is a first, very basic implementation of the referrals (more informations at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12). To have the full referral support (and to always point to the right host) the full implementation using DNS will be needed (at the moment we always point to the main DC which is referenceable through the DNS domainname). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:partition DSDB module - change the search and domain scope control handlingMatthias Dieter Wallnöfer1-35/+22
The domain scope control is always removed, from the search one only the two interesting flags (which are handled) and it is marked as non-critical. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:SAMLDB module - ignore referralsMatthias Dieter Wallnöfer1-5/+6
They don't cause any harm to our functionality - so ignore them were not needed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-24dsdb: Add a more explicit error message for constructed attributesMatthieu Patou1-0/+1
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-24s4/schema: Move msDS-IntId implementation to samldb.c moduleKamen Mazdrashki2-149/+87
msDS-IntId attribute should be replicated, so it must be implemented in a module that is before repl_meta_data module (thanks abartlet for pointing this out). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-21s4:operational LDB module - enable support for passing referrals through itMatthias Dieter Wallnöfer1-2/+1
2010-02-21s4:partition DSDB module - Cosmetic fixupsMatthias Dieter Wallnöfer1-16/+23
2010-02-21s4:password_hash - Fix up request message pointersMatthias Dieter Wallnöfer1-7/+7
For add requests we need the add request messages, for modify requests we need the modify request messages.
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett2-2/+5
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-16s4-samdb: use dsdb_search() in cracknamesAndrew Tridgell1-57/+24
greatly simplifies some of the cracknames code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: move dsdb_request_add_controls() into dsdb/common/util.cAndrew Tridgell4-85/+13
This will be used to allow the flag based ldb functions to work on both a ldb or a module, thus saving a lot of specialist functions.
2010-02-16s4-rootdse: we don't need DSDB_FLAG_OWN_MODULE hereAndrew Tridgell1-2/+2
2010-02-16s4-drs: enable the recyclebin optional featureEduardo Lima1-19/+250
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-15s4-dsdb: don't change replPropertyMetaData if the value hasn't changedAndrew Tridgell1-4/+20
When updating replPropertyMetaData, check if the value being stored is the same as the current value, and skip the update if it is. This is based on a patch by Fernando J V da Silva <fernandojvsilva@yahoo.com.br>
2010-02-15s4-drs: Fixes bugs regarding Urgent Replication on wrong situationsFernando J V da Silva1-7/+16
It fixes the bug which causes an urgent replication to be enabled incorrectly when an object is modified, but it should happen only when it was created. This patch also fixes the bug that enable an urgent replication when an object is deleted, but it should happen only when it was modified and fixes the bug that does not enable an urgent replication when an object is deleted and it should happen only when it is deleted (not when it is modified). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-13s4: use LDB_TYPESAFE_QSORT() instead of ldb_qsort()Andrew Tridgell1-5/+2
2010-02-13s4-dsdb: use TYPESAFE_QSORT() in dsdb codeAndrew Tridgell4-19/+11
2010-02-10util: rewrite dlinklist.h so that DLIST_ADD_END() is O(1)Andrew Tridgell1-2/+1
This changes the meaning of the ->prev pointer in our doubly linked lists to point at the end of the list from the front of the list. That allows us to implement DLIST_ADD_END() and related functions in O(1) time, which can be a huge saving in many places in Samba. This also means that the 'type' argument to various DLIST_*() macros is no longer needed, but I have left it in for now to keep the patchset small, which will make it easier to revert if any problems are found. In the future we should remove the 'type' arguments. (jra. Move the one use of DLIST_TAIL over to the new macros).
2010-02-10s4-dsdb: update repl_meta_data.c to use new DLIST_ macrosJeremy Allison1-3/+2
2010-02-08s4:subtree_delete - "NULL" as format string isn't allowed on FreeBSDMatthias Dieter Wallnöfer1-2/+3
I changed the format string into "(objectClass=*)" which should be an equivalent expression for choosing all available objects. Consider bug 7115 for the issue.
2010-02-04s4:mark the SYSTEM control always as non-criticalMatthias Dieter Wallnöfer1-0/+29
It is needed to not break the various LDAP backends. For reference look at bug #7040.
2010-02-02Change uint_t to unsigned int in source4Matt Kraai1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-17s4-dsdb: isGlobalCatalogReady should be shown by defaultAndrew Tridgell1-1/+1
This caused repadmin.exe to crash. Thanks to Hongwei for tracking this down for us.