Age | Commit message (Collapse) | Author | Files | Lines |
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We can use dsdb_module_search() to make this much simpler
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is done by sorting the classes by subClass_order, which will
check if the last structural class is valid to add (in
objectclass_do_add instead checking the last class in the list).
They were being sorted by building a class tree, and adding the
classes to the list in that order. However, AUX classes usually don't
fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I
have changed the behavior to sort the classes by subClass_order
instead.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
user.
Makes sure samAccountName has been specified before adding a
user. This happened while I was trying to add a user with the
posixAccount objectclass. I forgot to specify the user objectClass,
and samba segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
It can now also be used by objectclass.c
get_last_structural_class now ignores AUX classes, because they are
not structural
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Check to see if there were any messages passed to acl_modify before
debugging the first one. I think I caused this by some malformed
LDIF.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
They won't work when the LDB change is done using "samdb_replace"
(consider "samr_password.c" functions).
I think this has been a relict which has been useful before the "password_hash"
module existed. Basically it itself does now the updates.
|
|
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
|
|
There is no reason to have the message non-const here.
|
|
|
|
removing a control means it can't be seen by any other modules, which
is usually not what is wanted. Better to just mark it non-critical,
which means anyone else who wants to look at it can, but if nobody
does its not an error.
|
|
|
|
For controls that need to be seen by more than one module, it is best
to just mark them non-critical when handled, instead of removing
them. Otherwise lower modules can't see them.
In this case we want the operational module to see the SD_FLAGS
control
|
|
This is based on the code from Eduardo Lima <eduardoll@gmail.com>, but
uses the new helper functions added in the last couple of commits
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is based on the function of the same name from Eduardo Lima
<eduardoll@gmail.com>, but using ldb_dn_compare, to give us
comparisons consistent with what the rest of the code uses.
We will use this function in combination with dsdb_wellknown_dn() to
find the Deleted Objects container for any object.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This finds a wellknown object given its GUID
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used by the replmd_delete() code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used to do a sync modify in a module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
needs to ask for the DN in storage format, plus fix compilation errors
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This function will be used for non-search controls, like relax
|
|
This finds a DN given a GUID, searching below the current module in
the module stack.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This also moves the check to before we parse the DN, which saves some
unnecessary work
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used to determine if a extedned DN has the 'DELETED=1'
component
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
When reveal is set, then we show deleted linked attributes and all
linkked attribute components. When not set we show a normal extended
DN.
|
|
- We should clean up such "helper" objects created in this function to don't
have them around until "mem_ctx" is destroyed
- Remove a from my view pointless comment "This is a password set, not change"
since an external argument "user_change" decides this ("modify" or "(re)set")
|
|
This matches the default handling order in the "password_hash" module (it's nice
to have this consistent).
|
|
allowedChildClassesEffective.
Behavior as documented in WSPP and tested. Needs optimisation though.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This allows us to search below the current module. That
will be important when we start using the results of this
search to get the linked attributes meta data right
|
|
msg->elements could be NULL before we add parentGUID
|
|
This avoids not only a possibly non-portable compiler expression, but
also the need to look up the schema each time.
Andrew Bartlett
|
|
The original code here would do a subtree search under each object,
attempting to determine if it was a group. This was incorrect, and
inefficient - we just need to ask for the objectClass attribute, and
check that value before returning the group's RID.
(Much of this patch reworks operational.c to allow a search for 2
attributes for this calculation).
Andrew Bartlett
|
|
This avoids doing a new search from the top of the module stack.
This also removes the helper function dsdb_find_parentguid_by_dn()
which is now unused.
Andrew Bartlett
|
|
|
|
The show_deleted module was using a static private ptr in the module
to hold a parse tree to save on parsing. The code caused this
static ptr to change with each search, which caused incorrect
searches and numerous valgrind errors.
This patch replaces it with a hand-built parse tree.
|
|
In general functions that don't return any memory should not take a memory context.
Otherwise it is too easy to have a bug like this where memory is leaked
|
|
|
|
Updating of uSNChanged broke in a recent change
|