summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2012-08-28s4-dsdb: Remove double-free in update_keytab moduleAndrew Bartlett1-2/+0
2012-08-28s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in syncAndrew Bartlett3-0/+539
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-23s4-dsdb: Remove unused variablesAndrew Bartlett1-5/+0
2012-08-23s4-dsdb: Do not use a possibly-old loadparm context in schema reloadAndrew Bartlett1-7/+3
The loadparm context on the schema DB might have gone away already. Pre-cache the schema refresh interval at load time to avoid worrying about this. Andrew Bartlett
2012-08-22s4:samldb LDB module - remove unused "member" attribute from search filterMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22s4:dsdb - always fail if a search filter could not be parsedMatthias Dieter Wallnöfer1-0/+3
A NULL string/expression returns the generic "(objectClass=*)" filter Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22s4:dsdb_sort_objectClass_attr - simplify memory context handlingMatthias Dieter Wallnöfer1-26/+3
Do only require the out memory context and build the temporary one in the body of the function. This greatly simplifies the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-17s4-dsdb: Ensure we always free tmp_ctx in schema refresh checkAndrew Bartlett1-0/+2
This was found based on a log provided by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky! In that log, over 2.5 days this particular allocation was repeated: 1715099 talloc_new: ../source4/dsdb/samdb/ldb_modules/schema_load.c:120 contains 0 bytes in 1 blocks Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 17 06:21:18 CEST 2012 on sn-devel-104
2012-08-14s4-dsdb: Use samdb_dn_is_our_ntdsa()Andrew Bartlett2-4/+34
This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett
2012-08-14s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett4-8/+9
As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-08-11s4-dsdb: Take more care in handling of global schema memoryAndrew Bartlett1-1/+3
This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and to be more careful about what schema is set (only setting a global schema if the original schema was global). In particular, the new working_schema is not given a talloc reference to the old schema. This ensures that the old schema can go away when no longer used. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104
2012-08-11s4-dsdb: Remove support for per-partition sequence numbersAndrew Bartlett1-23/+0
These sequence numbers were only used for telling if the schema was changed, and are no longer directly related to the replication USN. The per-partition replication USN can be obtained from the @REPLCHANGED record on the per-partition database, and this is done with an ldb_search(). Andrew Bartlett
2012-08-11s4-dsdb: Use only the replication USN for schema reload.Andrew Bartlett1-60/+0
This way we do not track both the partition seq number and the replication USN for schema reload purposes. We only need one indication of actual data change, and the replication per-partition sequence number is no more expensive to obtain than the ldb per-partition sequence number. Andrew Bartlett
2012-08-10build: rename security → samba-securityBjörn Jacke2-9/+9
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
2012-08-09s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sortAndrew Bartlett1-7/+0
In all callers, we must already have a attributeID for each of the values or else we would have already given an error, or could not have obtained the message over DRS. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 9 11:39:54 CEST 2012 on sn-devel-104
2012-08-09s4-dsdb: Do not reload partition metadata except on transaction startAndrew Bartlett1-11/+0
This ensures that we do not add objects that should go into a partition, but we simply return that an object is not present if the connection was created before the partition was loaded. It is rare to create a new partition. Andrew Bartlett
2012-08-09s4-dsdb: Change talloc parentAndrew Bartlett1-1/+1
This matches the rest of the function. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 9 06:26:36 CEST 2012 on sn-devel-104
2012-08-09s4-dsdb: Remove ldb_sequence_type argument from ↵Andrew Bartlett2-4/+4
partition_primary_sequence_number We always want LDB_SEQ_HIGHEST_SEQ here. Andrew Bartlett
2012-08-09s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdbAndrew Bartlett2-150/+53
This simple operation does not need to be encased in generic ldb extended operations. Andrew Bartlett
2012-08-09s4-dsdb: Reduce calls to the ldb layer by reloading less oftenAndrew Bartlett2-14/+26
We do not need to reload the partition list to get the global sequence number, as that number is stored in the metadata.tdb, not the ldb files. Andrew Bartlett
2012-07-31s4-dsdb: Replace any existing lastKnownParent attribute during deleteAndrew Bartlett1-1/+1
This allows a lastKnownParent from LostAndFound to be replaced. Andrew Bartlett
2012-07-31s4-dsdb: Improve tracing in repl_meta_dataAndrew Bartlett1-7/+8
When we call ldb_module_done() rather than just calling the callback, we make log entries that are critical in debugging. Andrew Bartlett
2012-07-31s4-dsdb: Handle rename conflicts in both directionsAndrew Bartlett1-49/+87
Previously we would only consider renaming the local object, now we can cope with renaming the remote object as well. This should avoid most of the cases where Samba AD replication can just stop. Andrew Bartlett
2012-07-31s4-dsdb: Request extended DN and show deleted when searching for a possible ↵Andrew Bartlett1-2/+4
parent This fixes up the lastKnownParent attribute on lostAndFound objects to have a GUID (found by dbcheck). Andrew Bartlett
2012-07-29s4-dsdb: Fill in lastKnownParent when moving to lostAndFoundAndrew Bartlett2-0/+46
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 29 16:51:34 CEST 2012 on sn-devel-104
2012-07-29s4-dsdb: Do not strip base components off DN before searching for NC rootAndrew Bartlett1-7/+10
2012-07-29s4-dsdb: Change move to lostAndFound to use container in this partiion and ↵Andrew Bartlett1-2/+31
add debugging The logic looking for LostAndFound failed for a user, so add extensive debugging to make this eaiser to trace down in future. Andrew Bartlett
2012-07-29s4-dsdb: Provide a way to force incoming renames to take priorityAndrew Bartlett1-2/+4
This should mean that a samba-tool drs replicate --full-sync forces a replication of all objects, regardless of if we think the local name is newer and regards any local name as being in conflict. Andrew Bartlett
2012-07-29s4-dsdb: Provide a way to handle conflicts due to renameAndrew Bartlett1-25/+102
This allows us to proceed with replication when the source DC is sending us an object which has a matching object in this NC (by name) but not by GUID. Andrew Bartlett
2012-07-18dsdb: Allocate new OID to allow updates of a read-only replicaAndrew Bartlett3-5/+13
Normally this would be a very bad idea, but the specific case of fixing the instanceType is the only case where this makes sense. Andrew Bartlett
2012-07-18s4-dsdb: Allow dbcheck to correct an incorrect instanceTypeAndrew Bartlett1-3/+5
2012-07-06s4-dsdb: Give a much better error message when parentGUID generation failsAndrew Bartlett1-3/+3
2012-07-06s4-dsdb: Use parent_object_guid to find the correct parent for new objectsAndrew Bartlett2-1/+118
This allows the parent to be renmaed while a new object is added on another replica. This rename may also be a delete, in which case we must move it to lostandfound. Andrew Bartlett
2012-06-27s4-dsdb: Remove hooks for non-directory password handlingAndrew Bartlett1-12/+0
This was an interesting hack, and the local_password module still exists, but until it has a use case and a test case, remove the bypass of password_hash. Andrew Bartlett
2012-06-26s4-samldb: do not talloc_steal() the elements of the original requestAndrew Bartlett1-4/+10
2012-06-22s4-dsdb: operational handle modifyTimeStamp on the CN=aggregate DNMatthieu Patou1-1/+37
modifyTimeStamp is a generated attribute, for most object it's generated directly from the whenChanged attribute. But for the CN=aggregate object in the schema we have to handle it in a different way, that's because for this object whenChanged!=modifyTimeStamp (as checked against Windows 2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the most recently modified and loaded schema object (that is to the one with the highest USN before the schema was reload due to timeout or by the reloadSchemaNow command). Some third party are using this information to know if they have to update their schema cache and also to check that schema updates have been correctly reloaded by the DC, a good example of this behavior is exchange 2010.
2012-06-22s4-dsdb: Check for key SCHEMA_SEQ_NUM in metadata.tdb updatesMatthieu Patou1-2/+184
If the value has changed then reload the schema, this means that now the schema is only reloaded on a periodical basis or if we have been asked explicitly to do it and not necesserly if the schema partition has changed.
2012-06-22s4-dsdb: Add/Update SCHEMA_SEQ_NUM key in the metadata.tdb after schemaUpdateNowMatthieu Patou4-2/+43
The idea is to signal to other process accessing the database that the schema was forced to be reloaded and so they should reload as well.
2012-06-22s4-dsdb: move schema_load at the top of module stackMatthieu Patou1-1/+1
2012-06-22s4-extended: do not try to fix if there is no schemaMatthieu Patou1-0/+4
2012-06-22s4-drsuapi: Fix a const warningMatthieu Patou1-1/+1
2012-06-22s4-drsuapi: rework the crackname implementation of functionnal namesMatthieu Patou1-24/+122
2012-06-22s4-dsdb-linkedattributes: register the VERIFY_NAME control, handle it when ↵Matthieu Patou1-10/+97
we are a GC In theory when presented this control and not a GC we should use the specified name as the DC to contact for cross-domain link verification. But for the moment we don't support this so we just fail when we have this control and are not a GC.
2012-06-22s4-dsdb: support otherWellKnownObjectsMatthieu Patou1-24/+31
2012-06-22s4-dsdb: Try to avoid much of the time a db search for msDS-IntIDMatthieu Patou3-14/+97
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID). If so generate another random value. If not check if the highest USN in the database for the schema partition is the one that we know. If so it means that's only this ldb context that is touching the schema in the database. If not it means that's someone else has modified the database while we are doing our changes too (this case should be very bery rare) in order to be sure do the search in the database.
2012-06-22dsdb-schema: do not reload more often than schema_reload_intervalMatthieu Patou3-2/+41
Samba 4 use to try to reload the schema every time dsdb_get_schema was called (which could be 20+ time per ldb request). Now we only reload at most every xx seconds (xx being the value of dsdb:"schema_reload_interval" or 120). The timestamp of the last reloaded schema is kept in the dsdb_schema object. There is also a timestamp in the ldb_context, that is used by the LDAP server to know if it has to reload the schema after handling the request. This is used to allow that the schema will be immediately reload after a schemaUpdateNow request has been issued, the reload can't occur in the handling of the LDAP request itself because we have a transaction autostarted.
2012-06-22s4-dsdb: fix a warning about unused variableMatthieu Patou1-3/+0
2012-06-19ldb: use tdb directly, not tdb_compat.Rusty Russell1-6/+6
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-07build: Add missing deps and make MESSAGING a private libraryAndrew Bartlett1-1/+1
To remove finddcs_nbt these missing deps need to be added. These subsystems linked to to implicit dependencies provided by finddcs. Due to the new arrangmenet of subsystems, MESSAGING needs to be a private library to avoid being a source of duplicate symbols. Andrew Bartlett
2012-05-30dsdb: Fix error checking conditions in partition_metadata moduleAmitay Isaacs1-7/+7
Thanks to Matthieu Patou <mat@matws.net> for pointing it out. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104