summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-12-18s4-dsdb: stop warnings about unknown struct GUID in prototypesAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: greatly simplify the subtree_delete moduleAndrew Tridgell1-117/+20
We can use dsdb_module_search() to make this much simpler Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: fixed the sort in dsdb_find_nc_root()Andrew Tridgell1-1/+6
2009-12-18s4-dsdb: fix handling of AUX classes in objectclass_sortBrendan Powers1-146/+133
This is done by sorting the classes by subClass_order, which will check if the last structural class is valid to add (in objectclass_do_add instead checking the last class in the list). They were being sorted by building a class tree, and adding the classes to the list in that order. However, AUX classes usually don't fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I have changed the behavior to sort the classes by subClass_order instead. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: return an error if samAccountName is not specified when creating a ↵Brendan Powers1-0/+7
user. Makes sure samAccountName has been specified before adding a user. This happened while I was trying to add a user with the posixAccount objectclass. I forgot to specify the user objectClass, and samba segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Move get_last_structural class from descriptor.c to util.cBrendan Powers3-16/+30
It can now also be used by objectclass.c get_last_structural_class now ignores AUX classes, because they are not structural Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Add a check to prevent acl_modify from debuging a NULL messageBrendan Powers1-1/+5
Check to see if there were any messages passed to acl_modify before debugging the first one. I think I caused this by some malformed LDIF. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-17s4:"samdb_set_password" - remove delete instructionsMatthias Dieter Wallnöfer1-7/+2
They won't work when the LDB change is done using "samdb_replace" (consider "samr_password.c" functions). I think this has been a relict which has been useful before the "password_hash" module existed. Basically it itself does now the updates.
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-11/+86
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-12-17s4:dsdb/common/util - make NTTIME attribute wrappers use a "const" messageMatthias Dieter Wallnöfer1-4/+6
There is no reason to have the message non-const here.
2009-12-16s4-dsdb: also mark the relax control non-critical when doneAndrew Tridgell1-5/+3
2009-12-16s4-dsdb: it is a better pattern to mark a control as done than remove itAndrew Tridgell3-21/+7
removing a control means it can't be seen by any other modules, which is usually not what is wanted. Better to just mark it non-critical, which means anyone else who wants to look at it can, but if nobody does its not an error.
2009-12-16s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptorAndrew Tridgell1-10/+19
2009-12-16s4-dsdb: don't actually remove the sd_flags control, just mark it non-criticalAndrew Tridgell1-14/+10
For controls that need to be seen by more than one module, it is best to just mark them non-critical when handled, instead of removing them. Otherwise lower modules can't see them. In this case we want the operational module to see the SD_FLAGS control
2009-12-16s4-dsdb: added dsdb_get_deleted_objects_dn()Andrew Tridgell1-0/+22
This is based on the code from Eduardo Lima <eduardoll@gmail.com>, but uses the new helper functions added in the last couple of commits Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: added dsdb_find_nc_root()Andrew Tridgell1-0/+64
This is based on the function of the same name from Eduardo Lima <eduardoll@gmail.com>, but using ldb_dn_compare, to give us comparisons consistent with what the rest of the code uses. We will use this function in combination with dsdb_wellknown_dn() to find the Deleted Objects container for any object. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: added dsdb_wellknown_dn()Andrew Tridgell1-0/+32
This finds a wellknown object given its GUID Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: added a dsdb_module_rename() callAndrew Tridgell1-0/+43
This will be used by the replmd_delete() code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: added dsdb_module_modify()Andrew Tridgell1-0/+40
This is used to do a sync modify in a module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: fixed dsdb_module_dn_by_guid()Andrew Tridgell1-3/+7
needs to ask for the DN in storage format, plus fix compilation errors
2009-12-16s4-dsdb: dsdb_flags should be unsignedAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: rename dsdb_module_search_handle_flags to dsdb_request_add_controlsAndrew Tridgell3-6/+10
This function will be used for non-search controls, like relax
2009-12-16s4-dsdb: added dsdb_module_dn_by_guid()Andrew Tridgell1-0/+41
This finds a DN given a GUID, searching below the current module in the module stack. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: use dsdb_dn_is_deleted_val()Andrew Tridgell1-25/+22
This also moves the check to before we parse the DN, which saves some unnecessary work Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: added dsdb_dn_is_deleted_val()Andrew Tridgell1-0/+14
This is used to determine if a extedned DN has the 'DELETED=1' component Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-15Fixed a problem with duplicate values of allowedAttributesEffective.Nadezhda Ivanova2-2/+13
2009-12-14s4-dsdb: added REVEAL_INTERNALS flag to dsdb_module_search_handle_flags()Andrew Tridgell2-0/+8
2009-12-14s4-dsdb: return a zero guid on error in samdb_result_guid()Andrew Tridgell1-1/+1
2009-12-14s4-dsdb: use the reveal control to hide/show extended DN componentsAndrew Tridgell1-1/+44
When reveal is set, then we show deleted linked attributes and all linkked attribute components. When not set we show a normal extended DN.
2009-12-13s4:"samdb_set_password_sid" - clean up created objects correctlyMatthias Dieter Wallnöfer1-2/+14
- We should clean up such "helper" objects created in this function to don't have them around until "mem_ctx" is destroyed - Remove a from my view pointless comment "This is a password set, not change" since an external argument "user_change" decides this ("modify" or "(re)set")
2009-12-12s4:operational LDB module - cosmetic - reorder an attribute listMatthias Dieter Wallnöfer1-8/+8
This matches the default handling order in the "password_hash" module (it's nice to have this consistent).
2009-12-10Implementation of sDRightsEffective, allowedAttributesEffective and ↵Nadezhda Ivanova2-43/+612
allowedChildClassesEffective. Behavior as documented in WSPP and tested. Needs optimisation though.
2009-12-10s4-schema: use GUID_to_ndr_blob()Andrew Tridgell2-17/+15
2009-12-10s4-schema: use binsearch.hAndrew Tridgell1-48/+21
2009-12-10s4-dsdb: use GUID_to_ndr_blob()Andrew Tridgell4-34/+15
2009-12-10s4-dsdb: simplify samdb_result_guid()Andrew Tridgell1-11/+4
2009-12-10s4-dsdb: simplify linked attributes code using GUID functionsAndrew Tridgell1-18/+16
2009-12-10s4-dsdb: simplify schema code using new GUID functionsAndrew Tridgell2-34/+22
2009-12-10s4-dsdb: use GUID_from_ndr_blob() to create dsdb_get_extended_dn_guid()Andrew Tridgell1-0/+14
2009-12-09s4-dsdb: added dsdb_functional_level() helper functionAndrew Tridgell4-15/+20
2009-12-09s4-dsdb: use dsdb_module_search_dn in repl_meta_dataAndrew Tridgell1-1/+4
This allows us to search below the current module. That will be important when we start using the results of this search to get the linked attributes meta data right
2009-12-09s4-dsdb: fixed steal of parentGUID for empty msgAndrew Tridgell1-4/+10
msg->elements could be NULL before we add parentGUID
2009-12-07s4:dsdb Use ldb_match_msg_objectclass in operational.cAndrew Bartlett1-6/+1
This avoids not only a possibly non-portable compiler expression, but also the need to look up the schema each time. Andrew Bartlett
2009-12-07s4:dsdb Make primaryGroupToken calculation more efficient and correctAndrew Bartlett1-20/+46
The original code here would do a subtree search under each object, attempting to determine if it was a group. This was incorrect, and inefficient - we just need to ask for the objectClass attribute, and check that value before returning the group's RID. (Much of this patch reworks operational.c to allow a search for 2 attributes for this calculation). Andrew Bartlett
2009-12-07s4:dsdb Make parentGUID handler use dsdb_module_search_dn()Andrew Bartlett2-76/+29
This avoids doing a new search from the top of the module stack. This also removes the helper function dsdb_find_parentguid_by_dn() which is now unused. Andrew Bartlett
2009-12-07s4:dsdb Hide the LM password by default tooAndrew Bartlett1-1/+2
2009-12-04s4-ldb: fixed show_deleted module not to corrupt parse treesAndrew Tridgell1-23/+26
The show_deleted module was using a static private ptr in the module to hold a parse tree to save on parsing. The code caused this static ptr to change with each search, which caused incorrect searches and numerous valgrind errors. This patch replaces it with a hand-built parse tree.
2009-12-04s4-drsutil: fixed a memory leak in samdb_search_countAndrew Tridgell2-5/+9
In general functions that don't return any memory should not take a memory context. Otherwise it is too easy to have a bug like this where memory is leaked
2009-12-03s4:operational LDB module - Fix usage of LDB constantsMatthias Dieter Wallnöfer1-4/+4
2009-12-03s4-drs: fixed updating of uSNChanged in replmd_modifyAndrew Tridgell1-3/+2
Updating of uSNChanged broke in a recent change