summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2011-07-11s4-dsdb: when replacing linked attribute take always the new dn as the old ↵Matthieu Patou1-1/+1
dn might be broken The usual use case is that you have a not complete linked attribute (ie. without the SID) if we keep using the old dn, then the SID will never be added. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: check for single valued attribute in repl_meta_data moduleMatthieu Patou1-0/+11
This is needed because we can have more than 1 value in a single valued attribute as we store also deleted values. So we do the check in repl_meta_data and then indicate LDB to do the check. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: deleted objects are expected to be missing mandatory attributesAndrew Tridgell1-1/+2
the objectclass_attrs validation that an object contains all mandatory attributes is incorrect for deleted objects, as they get stripped of some mandatory attributes when deleted (for example, objectCategory gets stripped) Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-11s4-dsdb: fixed crash bug in extended_dn_inAndrew Tridgell1-2/+4
when extended_dn_in fails to resolve a GUID extended DN component, the debug code assumed that it was a search operation, and accessed ac->req->op.search.base, which is not valid for non-search DN expansions. Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-05s4-dsdb: allow removal of unknown attributes if RELAX setAndrew Tridgell2-2/+21
this allows attributes not known in the schema to be removed if the caller has set the RELAX control. This will be used by dbcheck to allow cleaning of bad attributes from the database
2011-07-01s4-dsdb guard principalName parse for invalid inputsAndrew Bartlett1-1/+6
We need to ensure that if this parses name.name_string as just one val, then we don't read uninitialised and possibly unallocated memory. Found by Adam Thorn <alt36@cam.ac.uk> While we are checking that, we need to fix the strncasecmp() check to first check if the string is the expected length, then check for a match against sAMAccountName-without-doller, as otherwise we will permit a string such as machinefoo to match a sAMAccountName of machine. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 1 03:55:00 CEST 2011 on sn-devel-104
2011-07-01s4-dsdb Allow a servicePrincipalName of machine$Andrew Bartlett1-0/+6
This is pointless, but MacOS X (version 10.6.8 was tested) apparently sets machine$ into this field. Andrew Bartlett
2011-06-22s4-dsdb: bypass validation when relax setAndrew Tridgell1-1/+2
this allows dbcheck to fix bad attributes Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
2011-06-22s4-dsdb: prioritise GUID in extended_dn_inAndrew Tridgell1-8/+11
if we search with a base DN that has both a GUID and a SID, then use the GUID first. This matters for the S-1-5-17 SID. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4-dsdb: catch duplicate matches in extended_dn_inAndrew Tridgell1-0/+12
When searching using extended DNs, if there are multiple matches then return an object not found error. This is needed for the case of a duplicate objectSid, which happens for S-1-5-17 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-10s4-drs: ensure we add a RMD_ADDTIME when upgrading a linked attributeAndrew Tridgell1-1/+2
if the link was a w2k style, and we are upgrading it, then set the RMD_ADDTIME to the current time
2011-06-07s4-dsdb: cope with missing backlinks in rpmd handlingAndrew Tridgell1-1/+10
if backlinks have not propogated correctly in a previous replication this allows us to recover
2011-06-06s4-param Remove 'sid generator'Andrew Bartlett1-9/+5
This was only used by the Fedora DS backend for Samba4. We agreed to no longer support external LDAP backends. Andrew Bartlett
2011-06-06s4-param Remove 'sam database' parameterAndrew Bartlett1-1/+1
This now just relies on the private dir parameter, which remains. Andrew Bartlett
2011-05-25s4:samldb LDB module - check if the RODC group exists if creating an RODCMatthias Dieter Wallnöfer1-13/+43
Older AD deployments simply don't have it and hence there is no RODC support. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
2011-05-25s4:samldb LDB module - better to call "samldb_prim_group_trigger"Matthias Dieter Wallnöfer1-1/+1
"samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change" for a LDB modify operation. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - convert a "dsdb_module_search" into ↵Matthias Dieter Wallnöfer1-5/+2
"dsdb_module_search_dn" It saves us from checking the number of returned entries. Reviewed-by: abartlet
2011-05-25s4:samldb LDB modules - only objectClass "computer" is allowed to embed all ↵Matthias Dieter Wallnöfer1-3/+33
types of account Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer1-3/+22
Tests against Windows Server show that it gets set to "FALSE" (not deleted) if we change the account type to a domain member. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix the behaviour when changing the "userAccountControl"Matthias Dieter Wallnöfer1-14/+31
Ekacnet was not quite right yet but his patch made me think further. This primary group changing is only needed if the account type changes. With this patch we do one more search if the "userAccountControl" changes but we save us from doing these unneeded and wrong modify replace operations most of the time. Reviewed-by: abartlet
2011-05-21s4:samldb LDB module - don't change the "primaryGroupId" on LDB ↵Matthieu Patou1-1/+16
modifications unless we are a computer/dc/rodc Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2011-05-21s4:ldb-samba/ldb_wrap.*-dsdb/samdb/samdb.c - handle LDB connection flags as ↵Matthias Dieter Wallnöfer1-1/+1
unsigned The LDB API ("ldb_connect") prescribes that they should be "unsigned". Signed-off-by: Metze
2011-05-21s4-dsdb: implementation of the dirsync controlMatthieu Patou3-0/+1369
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: introduce dsdb_module_search_treeMatthieu Patou1-24/+63
With this function your own search tree can be specified This function is similar to ldb_build_search_req_ex as it allows to pass a parse tree structure. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: relax a bit the checks on read acl when dirsync control is specifiedMatthieu Patou1-12/+42
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: create flag for requesting ACL relax in case of DIRSYNC requestMatthieu Patou1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4: do not change the critical flag when it's on a dirsync controlMatthieu Patou1-1/+5
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-03Remove strlower_m() and strupper_m() from source4 and common code.Andrew Bartlett1-2/+1
This function is problematic because a string may expand in size when changed into upper or lower case. This will then push characters off the end of the string in the s3 implementation, or panic in the former s4 implementation. Andrew Bartlett
2011-05-03s4-messaging Rename messaging -> imessagingAndrew Bartlett2-6/+6
This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett
2011-04-29s4:"ldb_connect" calls - proof for "!= LDB_SUCCESS"Matthias Dieter Wallnöfer1-1/+1
Reviewed-by: abartlet
2011-04-29s4:repl_meta_data LDB module - quiet a discard const ptr warningMatthias Dieter Wallnöfer1-1/+1
2011-04-15s4-dsdb: Add more information on why we don't check the SD controlMatthieu Patou1-0/+5
Signed-off-by: Nadezhda Ivanova <nivanova@samba.org> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Apr 15 16:16:27 CEST 2011 on sn-devel-104
2011-04-15s4-dsdb: If current attribute list is empty use the one from the requestMatthieu Patou1-1/+1
This will avoid overwritting attribute list made by upper modules. Signed-off-by: Nadezhda Ivanova <nivanova@samba.org>
2011-04-07s4:objectclass LDB module - "ldb_msg_sanity_check" call not really neededMatthias Dieter Wallnöfer1-5/+0
This call should only be performed at the beginning of a request. "ldb_msg_sanity_check" checks for DN validity (which should already have been done at the beginning of the request) and empty attributes (which should be done by the "objectclass_attrs" LDB module). Hence it is superflous here. Reviewed-by: abartlet
2011-04-07s4:objectclass LDB module - fix a comment - add a ")"Matthias Dieter Wallnöfer1-1/+1
Reviewed-by: abartlet
2011-04-06s4:dsdb/repl_meta_data: update replPropertyMetaData on originating renamesStefan Metzmacher1-6/+122
The version of the "name" attribute needs to change even if the value is the same. This also normalizes the rdn attribute name based on the schema. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Apr 6 19:55:50 CEST 2011 on sn-devel-104
2011-04-06s4:dsdb/repl_meta_data: allow passing an explicit attribute list to ↵Stefan Metzmacher1-4/+15
replmd_update_rpmd() This will be used for renames. metze
2011-04-06s4:dsdb/repl_meta_data: normalize the rdn attribute name based on the schemaStefan Metzmacher1-5/+15
metze
2011-04-06s4: Update/Set local USN only on attribute that have been modified/createdMatthieu Patou1-9/+15
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-04s4-dsdb: implemented creation of conflict recordsAndrew Tridgell1-48/+356
when a record with the same DN gets created on two DCs at the same time, this creates a replication conflict. To resolve this conflict one of the DCs needs to create a conflict record, which is a rename of one of the two DNs, based on which one is newer. This prevents replication from failing when DCs are temporarily disconnected and then have conflicts when they next replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Apr 4 03:27:07 CEST 2011 on sn-devel-104
2011-03-31s4-dsdb: cope with failed searches in the linked attributes callbackAndrew Tridgell1-16/+15
This fixes a bug where we try to add an empty backlink because the search for the forward link failed. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 31 13:37:36 CEST 2011 on sn-devel-104
2011-03-29s4-dsdb: allow modification of linked attribute targets with relaxAndrew Tridgell1-1/+2
this is used to help recover a corrupt database. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29s4-fsmo: make rootDSE modify for FSMO transfer asyncAndrew Tridgell1-12/+50
this gives the ldap client the error code from the transfer Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29s4-dsdb: only allow administrators to trigger FSMO role transfersAndrew Tridgell1-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell2-5/+3
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-20dsdb: read acl, sd can be null and ret == LDB_SUCCESSMatthieu Patou1-1/+1
2011-03-20dsdb: acl_read fix a missed talloc_stealMatthieu Patou1-0/+1
2011-03-19source4/dsdb/samdb: Fix prototypes for all functions.Jelmer Vernooij4-2/+4
2011-03-18s4-rootdse: improved operations error messagesAndrew Tridgell1-8/+4
this gives better localisation of errors in rootdse. This is to help track down a production error Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Mar 18 05:46:58 CET 2011 on sn-devel-104
2011-03-10s4:extended_dn_store LDB module - use the new request as generic memory contextsMatthias Dieter Wallnöfer1-2/+2
To prevent memory leaks under valgrind.