Age | Commit message (Collapse) | Author | Files | Lines |
|
This matches the default handling order in the "password_hash" module (it's nice
to have this consistent).
|
|
allowedChildClassesEffective.
Behavior as documented in WSPP and tested. Needs optimisation though.
|
|
|
|
|
|
|
|
This allows us to search below the current module. That
will be important when we start using the results of this
search to get the linked attributes meta data right
|
|
msg->elements could be NULL before we add parentGUID
|
|
This avoids not only a possibly non-portable compiler expression, but
also the need to look up the schema each time.
Andrew Bartlett
|
|
The original code here would do a subtree search under each object,
attempting to determine if it was a group. This was incorrect, and
inefficient - we just need to ask for the objectClass attribute, and
check that value before returning the group's RID.
(Much of this patch reworks operational.c to allow a search for 2
attributes for this calculation).
Andrew Bartlett
|
|
This avoids doing a new search from the top of the module stack.
This also removes the helper function dsdb_find_parentguid_by_dn()
which is now unused.
Andrew Bartlett
|
|
|
|
The show_deleted module was using a static private ptr in the module
to hold a parse tree to save on parsing. The code caused this
static ptr to change with each search, which caused incorrect
searches and numerous valgrind errors.
This patch replaces it with a hand-built parse tree.
|
|
In general functions that don't return any memory should not take a memory context.
Otherwise it is too easy to have a bug like this where memory is leaked
|
|
|
|
Updating of uSNChanged broke in a recent change
|
|
Uses the dsdb_msg_add_guid() to add any kind of GUID attribute
to a ldb_message in several places of samba4 code.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
It is up to other modules to complain if
ldb_transaction_prepare_commit() is called before
ldb_transaction_begin_transaction()
Andrew Bartlett
|
|
|
|
Let this perform the schema in the "objectclass" module.
|
|
|
|
The original code had the wrong module names, and use strcasecmp()
incorrectly.
Andrew Bartlett
|
|
|
|
(merged by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
|
|
Windows displays attribute values with Object(OR-Name) syntax
in plain DN format when queried through LDAP.
Hence, we need to post-process such values specially
in extended_dn_out.c module so they are always shown as plain DN,
no matter what controls are passed for search request.
|
|
|
|
|
|
|
|
|
|
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Some attributes (like ntSecurityDescriptor) are stored in our db, but
should only be displayed if asked for. This also applied to parentGUID
from old installs, which is now generated.
|
|
parentGUID is now created on demand in operational.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This generated parentGUID on demand, rather than getting it from the
database
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
abartlet suggested me to not use anymore "\n"s in those kind of outputs.
Plus, enhance a search filter to consider also "builtinDomain" objects which
are basically domain objects too.
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.
Previously we would not store the extended DN components for
objectCategory.
Andrew Bartlett
|
|
These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.
Andrew Bartlett
|
|
- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list
|
|
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).
Andrew Bartlett
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
This missing support found by Microsoft test suite at AD interop event.
Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer
|