summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-04-26s4-ddb: don't create partitions with the UNINSTANT flag setAndrew Tridgell1-1/+14
these partitions and not on the server we are replicating from. Also check for deleted partitions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26s4-drs: make links to foreign partitions non-fatalAndrew Tridgell1-8/+6
DN links outside the set of partitions we are replication should be allowed. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell4-4/+4
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-dsdb: removed an unused variableAndrew Tridgell1-1/+0
2010-04-22s4-dsdb: moved rodc schema validation to samldb.cAndrew Tridgell2-33/+37
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Do not allow system-critical attributes to be RODC filteredFernando J V da Silva1-0/+33
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDsAndrew Bartlett1-0/+24
The SIDs in some queries were not being passed as binary, but as strings in comparison with the securityIdentifer object. We need to recognise that these are SIDs in the simple_ldap_map. Andrew Bartlett
2010-04-22s4:OpenLDAP-backend Use the new rdnval module in OpenLDAPAndrew Bartlett2-3/+8
This is rather than rdn_name, which tries to do the job on the client side. We need to leave this module in the stack for Fedora DS (and of course the LDB backend). Andrew Bartlett
2010-04-22s4:dsdb Revert accidentilly commited change for LDAP backendsAndrew Bartlett1-1/+1
In the future, LDAP backends will be resposible for maintaining the 'name' attributes. Andrew Bartlett
2010-04-20s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()Andrew Bartlett1-1/+1
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett
2010-04-16s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid()Nadezhda Ivanova1-24/+5
2010-04-15s4:rootdse: only return "tokenGroups", when the client asked for themStefan Metzmacher1-1/+1
metze
2010-04-13s4:acl/descriptor LDB module - distinguish between root and default basednMatthias Dieter Wallnöfer2-0/+12
The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments).
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer6-9/+10
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-13s4:objectclass LDB module - remove a unneeded newlineMatthias Dieter Wallnöfer1-2/+1
2010-04-12s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functionsMatthias Dieter Wallnöfer1-1/+1
Purely cosmetic change.
2010-04-11subunit: Remove more test output that could be interpreted by subunit.Jelmer Vernooij1-1/+1
2010-04-10s4:dsdb Don't return operational attributes on special DNsAndrew Bartlett1-0/+5
2010-04-10s4:rootdse Implement "tokenGroups" in the rootDSEAndrew Bartlett1-0/+18
This returns the currently connected user's full token. This is very useful for debugging, and should be used in ACL tests. Andrew Bartlett
2010-04-10s4:dsdb Improve error message in extended_dn_inAndrew Bartlett1-1/+1
This error occours when an extended DN cannot be resolved, so it's most helpful to print the problematic extended DN. Andrew Bartlett
2010-04-10s4:schema Try to fix OpenLDAP backend after schema reload support.Andrew Bartlett1-4/+2
If we can't get @REPLCHANGED, default to a value of 0. Andrew Bartlett
2010-04-09s4/samldb: schemaInfo attribute must be updated when adding new Schema objectKamen Mazdrashki1-0/+50
2010-04-08s4:dsdb - Handle INVALID_DN_SYNTAX from OpenLDAP in ↵Endi S. Dewata1-1/+1
dsdb_module_load_partition_usn(). Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: waf quicktest nearly worksAndrew Tridgell1-45/+41
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+309
2010-03-26s4-drs: replmd_delete with the 3 stage deletion recycle binEduardo Lima2-105/+204
2010-03-23s4:ldb_modules/util.c - fix two counter variables to be "unsigned"Matthias Dieter Wallnöfer1-2/+2
2010-03-22s4:dsdb Add a shortcut sequence number for schema reloadsAndrew Bartlett1-14/+79
This uses the ldb sequence number, in a hope to detect an unchanged schema quicker. Andrew Bartlett
2010-03-22s4:dsdb Rework schema loading and add schema reloadingAndrew Bartlett1-105/+126
This commit reworks Samba4's schema loading code to detect when it needs to reload the schema. This is done by watching the @REPLCHANGED special DN. The reload happens by means of a callback, which is only set when the schema is loaded from the ldb - not when loaded from an LDIF file or DRS. We also rework the global schema handling - instead of storing the pointer to the global schema in each ldb, we store a flag indicating that the global schema should be returned at run time. This makes it much easier to switch to a new global schema. Andrew Bartlett
2010-03-22s4:dsdb Move dsdb_save_partition_usn() to be a module helper functionAndrew Bartlett2-4/+178
This function should not traverse the module stack again, but instead run from this point. Also add a matching dsdb_module_load_partition_usn() and change repl_meta_data to match. Andrew Bartlett
2010-03-22s4:dsdb Add 'const' to some struct dsdb_schema variablesAndrew Bartlett2-9/+9
We don't currently require this, but we may move this way in future.
2010-03-22s4:dsdb Don't load the schema unconditionallyAndrew Bartlett2-3/+19
Schema loads now come at a price, so avoid doing them if we don't have to (such as when doing an @REPLCHANGED or other special DN based search). Andrew Bartlett
2010-03-18s4:dsdb Move rdn_name down the stackAndrew Bartlett1-1/+1
This is done so that it can be (in future) removed when the OpenLDAP backend is in use and the rdn_val module is used, while keeping as similar semantics as possible between the module stacks. Andrew Bartlett
2010-03-16s4:resolve_oids LDB module - not really a change but a nicer method to call ↵Matthias Dieter Wallnöfer1-1/+2
"talloc_reference"
2010-03-16s4:dsdb - fix up warningsMatthias Dieter Wallnöfer2-4/+8
2010-03-16s4:dsdb Show more detail in failure to compute the aggregate DN.Andrew Bartlett1-1/+1
Andrew Bartlett
2010-03-16s4:dsdb Change dsdb_get_schema() callers to use new talloc argumentAndrew Bartlett12-28/+85
This choses an appropriate talloc context to attach the schema too, long enough lived to ensure it does not go away before the operation compleates. Andrew Bartlett
2010-03-16s4:dsdb Fix warnings in DEBUG() by casting to unsigned long intAndrew Bartlett1-4/+4
2010-03-16s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory contextAndrew Bartlett1-24/+46
dsdb_get_schema() isn't a very cheap call, due to the use of LDB opaque pointers. We need to call it less, and instead pass it as a parameter where possible. This also changes to the new API with a talloc context. Andrew Bartlett
2010-03-16s4:dsdb Don't error out if we can't get the Aggregate schema DN yetAndrew Bartlett1-9/+16
It's easier to just set it up when we can, then to deal with the ordering issues in ldb startup. As long as we have it ready if a real client ever asks for it, then we should be happy. Andrew Bartlett
2010-03-12s4:util.c - "dsdb_check_optional_feature" - counter should be "unsigned"Matthias Dieter Wallnöfer1-1/+1
2010-03-12s4-drs: check if an optional feature is enabledEduardo Lima1-0/+59
2010-03-12Split the dsdb_access_check_on_dn.Nadezhda Ivanova1-5/+44
Split the dsdb_access_check_on_dn so it can be reused for checks from both within the module stack and outside it.
2010-03-12Fixed ACL module to use dsdb_module_* API.Nadezhda Ivanova1-9/+9
2010-03-12Moved access_check_on_dn from acl module as an utility.Nadezhda Ivanova1-156/+19
Made this an utility function so it can be used for access checking outside of the acl ldb module, such as checking validated writes and control access rights in other protocols (e. g drs)
2010-03-09Added a check for permissions to modify the RDN attribute on rename.Nadezhda Ivanova1-0/+12
Necessary because rdn module will be moved lower than acl in the stack.
2010-03-07s4:extended_dn_out LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-8/+11
appropriate
2010-03-07s4:repl_meta_data LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-20/+24
appropriate I used "unsigned int" counters where we count LDB objects (LDB specification prescribes to use "unsigned" index variables). But on DSDB replication object counters I used "uint32_t" typed variables as it is suggested. If a counter variable counts both types of objects I used "unsigned int" since size(unsigned int) >= size(uint32_t), but on most platforms equal.
2010-03-07s4:local_password LDB module - change counter variables to "unsigned" where ↵Matthias Dieter Wallnöfer1-4/+4
appropriate