Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Few comments split on several lines also...
(Sorry Metze, I know you hate reviewing "and this, and that"
type of patches, but those are just cosmetics)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
|
|
|
|
We already choose the right entry by specifying the right basedn with scope
"LDB_SCOPE_BASE".
|
|
|
|
This is needed so we can find and free old schemas based using
the cached pointer
|
|
It was reported by aatanasov that we kept around one whole schema per
modification made. This does not fix that, but I hope moves us closer
to a fix
The most important part of the fix is that:
- if (schema_out != schema_in) {
- talloc_unlink(schema_in, ldb);
- }
was the wrong way around. This is now handled in the schema_set calls.
Andrew Bartlett
|
|
Especially the "free"s after "ldb_msg_diff" are very important since the diff
message is allocated on the long-living LDB context.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
|
|
This way dsdb_setup_sorted_accessors() will
free memory allocated for accessor arrays correctly
in case of failure,
|
|
O(n) search for dsdb_attribute by msDS-IntId value was
replaced by binary-search in ordered index.
I've choosen the approach of separate index on msDS-IntId values
as I think it is more clear what we are searching for.
And it should little bit faster as we can clearly determine
in which index to perform the search based on ATTID value -
ATTIDs based on prefixMap and ATTIDs based on msDS-IntId
are in separate ranges.
Other way to implement this index was to merge msDS-IntId values
in attributeID_id index.
This led me to a shorted but not so obvious implementation.
|
|
There is no need to do a full ldb_match_msg() for a simple case
insensitive string.
Andrew Bartlett
|
|
I'm not sure why I removed these in fe3e1af901c970f738bee92baac5d7d4f5736e17
Andrew Bartlett
|
|
|
|
Having no value for schemaInfo is totally OK as it turns out.
In such cases, we should use a default value with
all fields set to 0.
|
|
zero-guid is acceptable
|
|
|
|
This commit reworks Samba4's schema loading code to detect when it
needs to reload the schema. This is done by watching the @REPLCHANGED
special DN.
The reload happens by means of a callback, which is only set when the
schema is loaded from the ldb - not when loaded from an LDIF file or
DRS.
We also rework the global schema handling - instead of storing the
pointer to the global schema in each ldb, we store a flag indicating
that the global schema should be returned at run time. This makes it
much easier to switch to a new global schema.
Andrew Bartlett
|
|
When specified, we talloc_reference onto this context to ensure that
pointers found in it are valid for the life of the objects they are
placed into. (Such as the string form of LDAP attributes).
Andrew Bartlett
|
|
Counters which are used in the way "for (i = 0; array[i] != NULL; i++)" I
modified to "unsigned" since for sure we don't want to have negative array
indexes there.
|
|
This allows for controls to be added easily where they are needed.
|
|
|
|
another case of unsigned int subtracting breaking sorts. This one
surfaced now as attributeID_id now can be larger than 2^31
|
|
|
|
This makes these full extended DNs, so we set the right values into
the database, even before we actually set the schema objects
themselves.
Andrew Bartlett
|
|
|
|
It turns out that we always add the class/attribute to the schema.
|
|
|
|
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
|
|
This helps ensure we don't load the schema too often in the provision
(allowing a reference in of the schema before the modules load).
Andrew Bartlett
|
|
This allows us to load the schema against one ldb context, but apply
it to another. This will be useful in the provision script, as we
need the schema before we start the LDAP server backend.
Adnrew Bartlett
|
|
Before this change, the first opener of the sam ldb context would
become the owner of the global schema, then the autofree context got a
reference to the schema. Any subsequent opens of the sam ldb also got
a reference. This meant that the talloc hierarchy was inconsistent
between the first sam ldb open and subsequent opens. With this change
the autofree context becomes the owner of the global schema, and all
ldb contexts get a reference.
|
|
|
|
|
|
|
|
|
|
Sadly it still segfaults at this stage
Andrew Bartlett
|
|
|
|
This is all working towards supporting the full WSPP schema without a
major performance penalty.
We now use binary searches when looking up classes and attributes. We
also avoid the loop loading the attributes into ldb, by adding a hook
to override the ldb attribute search function in a module. The
attributes can thus be loaded once, and then saved as part of the
global schema.
Also added support for a few more key attribute syntaxes, as needed
for the full schema.
|
|
This removes a level of indirection via external binaries in the
provision-backend code, and also makes better use of our internal code
for loading schema from an LDIF file.
Remaining to do: Sort the output again, as the load from LDIF is
unsorted (also needed because the normal LDB load from sorted input is too slow
anyway, and is only needed here).
Andrew Bartlett
|
|
do not reference it from ldb.h
|
|
The only 2 modules escaping the rule so far are rootdse and partitions
|
|
3.
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
This also tries to simplify the logic in the schema -> @ATTRIBUTES and
@INDEXES code.
Andrew Bartlett
(This used to be commit a383b8bf88a5681f9c9c6839ba645c872a735051)
|
|
I think it is just too complex and error prone to init and cancel
transactions during the module init code. Instead, this isn't prone
to races as it will always achieve a steady state (eventually), and
most cases will never do the write.
Andrew Bartlett
(This used to be commit d60977cc7f89f89f34187f310c91d1ab7db6ccf2)
|
|
Something in the search stack adds a distinguisedName record, which
isn't in the message we generate. So we compare, fail and rewrite the
record - every time ldb starts up...
Andrew Bartlett
(This used to be commit 44775d1ed4a4b8edc66a06e2b3710aba6a0dd019)
|