| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(merged by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
|
|
Windows displays attribute values with Object(OR-Name) syntax
in plain DN format when queried through LDAP.
Hence, we need to post-process such values specially
in extended_dn_out.c module so they are always shown as plain DN,
no matter what controls are passed for search request.
|
|
|
|
|
|
|
|
|
|
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Some attributes (like ntSecurityDescriptor) are stored in our db, but
should only be displayed if asked for. This also applied to parentGUID
from old installs, which is now generated.
|
|
parentGUID is now created on demand in operational.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This generated parentGUID on demand, rather than getting it from the
database
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
abartlet suggested me to not use anymore "\n"s in those kind of outputs.
Plus, enhance a search filter to consider also "builtinDomain" objects which
are basically domain objects too.
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.
Previously we would not store the extended DN components for
objectCategory.
Andrew Bartlett
|
|
These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.
Andrew Bartlett
|
|
- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list
|
|
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).
Andrew Bartlett
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
This missing support found by Microsoft test suite at AD interop event.
Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer
|
|
|
|
The bug here was that by assuming all linked attributes were 'normal
DNs', we would miss the binary portion of DN+Binary.
This patch then has us reparse the string to determine it's GUID, for
the GUID lookup, but maintains the binary porition into the on-disk
format.
Andrew Bartlett
|
|
|
|
These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).
Andrew Bartlett
|
|
This converts the code from using the binary DN code in ldb_dn to
using a special Samba-specfic wrapper around ldb_dn.
We also use the dsdb_dn code for DN+Binary and DN+String comparisons
(changed from treating them as Binary blobs)
Andrew Bartlett
|
|
This aims to replace (and is based on) the code in ldb_dn.c. It is
however much stricter in the DNs it will accept.
Andrew Bartlett
|
|
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett
|
|
This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
While this logic (avoiding to prefix a non-filename with a path) is
important in the code this was copied from (private_dir()), none of
the callers of this function need it.
Andrew Bartlett
|
|
This allows us to change the escaping function without breaking
existing installs. The new escaping function (used for new databases)
is RFC1738 URI encoding, except for the trivial cases without special
characters.
The new databases are also placed in a subdirectory, sam.ldb.d per an
earlier suggestion by metze.
Andrew Bartlett
|
|
Calling it from samdb_connect() can cause a stale schema to be put
into the global schema.
Thanks to Andrew Bartlett for spotting this.
|
|
If we get an error ending a transaction on one partition we need to
continue on the other partitions.
|
|
This means we need to create a fake 'module' which only has a 'next'
pointer, so that we can now ldb_next_request() (which incorporates
tracing). The remainaing stub of partition_request() is retained so
that we can indicate which partition an operation is destined for.
Similar tracing is added to the transaction handlers.
Andrew Bartlett
|
|
The schema update now request is now handled above the partitions
module.
Andrew Bartlett
|
