summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2012-03-26s4-dsdb: use constant-time search for descriptor -> get_last_structural_class()Andrew Bartlett2-2/+4
The objectClass list is sorted at this point, as we are called below the objectclass module here, or are working from a search result. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 05:38:13 CEST 2012 on sn-devel-104
2012-03-26s4:ldap.py - re-introduce the ↵Matthias Dieter Wallnöfer1-11/+4
"(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test This syntax is not supported by Windows AD and should also be denied by s4/LDB. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 02:30:53 CEST 2012 on sn-devel-104
2012-03-26LDB/s4 - do not use the "(dn=...)" syntax on filters anymoreMatthias Dieter Wallnöfer1-5/+5
Make it AD-compatible using "(distinguishedName=...)". Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:ldap.py - test the already mentioned structural object class sorting ↵Matthias Dieter Wallnöfer1-0/+15
behaviour Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:dsdb - enhance "get_last_structural_class()" for optimisationsMatthias Dieter Wallnöfer3-10/+29
If the objectclass entry has been sorted before we are able to determine the (last) structural or 88 object class in constant time. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:objectclass LDB module - fix up the sorting in respect to structural or ↵Matthias Dieter Wallnöfer1-4/+18
88 objectclasses Please have a look at MS-ADTS 3.1.1.1.4. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:objectclass LDB module - clean up "objectclass_sort()"Matthias Dieter Wallnöfer1-24/+13
Make it easier to comprehend Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-20Move NS_GUID_string and NS_GUID_from_string to dsdb-common.Jelmer Vernooij4-1/+64
2012-03-14s4-dsdb: Fix the case for attribute name msDS-hasMasterNCsAmitay Isaacs2-3/+3
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Mar 14 11:59:02 CET 2012 on sn-devel-104
2012-03-10tdb_wrap: Move to specific directory.Jelmer Vernooij1-1/+1
It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
2012-03-02SEGV in acl_validate_spn_value: dnsHostName NULLArvid Requate1-1/+1
This patch addresses a segfault in acl_validate_spn_value which occurs when the "dnsHostName" attribute is missing. This seems to be the case in domains migrated with samba3upgrade. Looks similar to MS KB 817543. Signed-off-by: Nadezhda Ivanova <nivanova@drizzit.(none)> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Mar 2 21:26:40 CET 2012 on sn-devel-104
2012-02-25s4-lib: Remove unused samdb_msg_set_value()Ricky Nance1-15/+0
Found by callcatcher. Ricky Nance
2012-02-25s4-lib: Remove unused samdb_msg_set_string()Ricky Nance1-15/+0
Found by callcatcher. Ricky Nance
2012-02-25s4-lib: Remove unused samdb_msg_set_int()Ricky Nance1-15/+0
Found by callcatcher Ricky Nance
2012-02-20s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett3-3/+6
Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
2012-02-13s4-dsdb: Check if metadata.tdb exists, before trying to open itAmitay Isaacs1-0/+6
This fixes the error output from tdb2 when metadata module tries to create metadata.tdb first time. This error is reported since metadata module tries to check if tdb exists by trying to open tdb file. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon Feb 13 03:02:09 CET 2012 on sn-devel-104
2012-02-01Revert "s4-drs: do not try to contact for replication servers that are not ↵Andrew Tridgell1-38/+4
anymore in reps*" This reverts commit 5bfd6251eb22ff701184a95649822a73cf4d157b. This change has been causing regular segfaults in the build farm since it was applied. I also think it may be unnecessary as dreplsrv_refresh_partitions() should already be achieving the same thing (removing stale replication targets). I think the segfaults were caused by freeing an in-flight DSA, but I have been unable to reproduce it outside of the build farm Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Feb 1 07:49:42 CET 2012 on sn-devel-104
2012-01-30samdb: use compat wrappers for tdb_fetch().Rusty Russell1-6/+6
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now. Similarly, tdb_errorstr() -> tdb_errorstr_compat(). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-24dsdb: Allow DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID to be specified as a flagAndrew Bartlett2-0/+8
2012-01-24python: Change except: statement to except Exception:Amitay Isaacs1-1/+1
This way we only catch true exceptions and keyboard interrupts are not caught here. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
2012-01-16s4:dsdb/password_hash: require a "Primary:Kerberos" blob in ↵Stefan Metzmacher1-0/+16
supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
2012-01-14Intersite KCC flags for pythonDave Craft1-0/+5
Add NTDSSITELINK options to dsdb class for use in python samba_kcc Signed-off-by: Andrew Tridgell <tridge@samba.org>
2012-01-05s4:repl_meta_data LDB module - set "isRecycled" time correctlyMatthias Dieter Wallnöfer1-9/+8
"unix_to_nt_time()" which is based on "time_t" behaves differently for literals > 32 bit on 32 and 64 bit platforms. Reviewed-by: ekacnet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
2011-12-23s4-kcc: Remove also deleted objects that are not in the Deleted Object containerMatthieu Patou2-2/+38
For the configuration container we do a full scan at every run of the kcc-delete service. For the base DN we introduce a new parameter that avoid the full scan to kick just when samba starts. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4-ldb: Add isRecycled when is defined in the schemaMatthieu Patou1-3/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19s4-dsdb: Relax the conditions where we can't do a subtree deleteMatthieu Patou1-1/+19
If the parent object is a SAM object (as defined in 3.1.1.5.2.3 Special Classes and Attributes of MS-ADTS) then we can use the subtree delete control even if the object is a critical one. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
2011-12-13s4:pydsdb: remove unused variable from py_dsdb_am_pdc()Stefan Metzmacher1-1/+0
metze
2011-12-09s4:dsdb/common/util.c - test LDB result against LDB_SUCCESS as we are always ↵Matthias Dieter Wallnöfer1-1/+1
doing Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
2011-12-08Invocation of samba_kcc from KCC taskDave Craft3-21/+89
Modification to periodic and explicit invocation paths of the KCC topology generation code. Managed via samba_runcmd_send() API. The samba_kcc script is invoked if (kccsrv:samba_kcc = true) appears in smb.conf Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-08Add subreq and status to kcc_service structDave Craft1-2/+9
The subreq and status fields in the kcc_service struct are added for execution management of the external samba_kcc python script. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-07pydsdb: provide a am_pdc hook like am_rodc to python scriptsAndrew Bartlett1-0/+22
2011-12-05s4-drs: do not try to contact for replication servers that are not anymore ↵Matthieu Patou1-6/+40
in reps* Servers connection can be removed from repsTo and respFrom either due to DC demote or topology change by the KCC, if a server is removed from the reps* it must be effectivly removed from the list of server that we will contact for getNcChanges and for replicaSync. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
2011-12-05s4-resolver: do not use all the A and AAAA records, those after a NS are not ↵Matthieu Patou1-1/+1
the one we want to use
2011-12-05s4-drs: mark WERR_DS_DRA_BUSY as a non error in DsReplicaUpdateRefsMatthieu Patou1-2/+22
2011-11-29s4-repl: Check if GC SPN exists before using it for replicationAmitay Isaacs1-3/+54
Sometimes windows DC will set up dNSHostname before setting up GC SPN and that causes replication errors since samba tries to use GC SPN, which does not yet exist locally. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Added metadata to partition module for global sequence numberAmitay Isaacs5-17/+612
This adds support for global sequence number which is independent of partition information. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: use dsdb_module_extended instead of duplicate codeAmitay Isaacs2-31/+13
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Return ldb_result context in dsdb_module_extendedAmitay Isaacs1-3/+20
The result of the extended operation is now available in the calling routine. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number supportAmitay Isaacs2-140/+13
This was a hack for LDAP backends to store a sequence number as a timestamp. It is still supported in standalone ldb tdb backend. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-26s4:update_keytab LDB module - no need to filter for the DNMatthias Dieter Wallnöfer1-2/+2
We launch a search request with base scope on exactly the same DN (see downwards). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-19s4-dsdb: Modify the repl_meta_data behavior to allow Metadata change on ↵Matthieu Patou1-2/+8
attribute interSiteTopologyGenerator even if the value didn't change Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
2011-11-18dsdb: Fix the password expiry calculationAmitay Isaacs1-1/+1
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
2011-11-17s4-dsdb: Remove unsed variableAmitay Isaacs1-2/+0
2011-11-16s4-dsdb: rework the NC detection for the descriptor calculationMatthieu Patou1-12/+31
This checks if instanceType attribute is available, and if INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then the DN is NC root and security descriptor is not inherited from parent SD. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2011-11-15s4:partition LDB module - fix handling regarding special DNs on searchesMatthias Dieter Wallnöfer1-0/+5
Normally they should always be passed to the main backend unless something different has been specified. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 15 22:43:06 CET 2011 on sn-devel-104
2011-11-15s4:dsdb/schema_data: reject schema update unless they're allowedStefan Metzmacher1-0/+12
"dsdb:schema update allowed = yes" is now needed in smb.conf to enable schema updates, as schema updates are a currenty a good way to prevent samba from startup again, because of errors in the schema definition. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
2011-11-15s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updatesStefan Metzmacher3-2/+17
By default schema updates are not allowed anymore, as we don't have complete validation code to prevent database corruption. metze
2011-11-15s4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, ↵Stefan Metzmacher1-0/+28
msDS-IntId As windows we return CONSTRAINT_VIOLATION now. metze
2011-11-15s4:dsdb/schema_data: make sure we reject schema changes if we're not the ↵Stefan Metzmacher1-0/+101
schema master metze
2011-11-15s4:dsdb/schema_data: make sure we only allow objects one level below the ↵Stefan Metzmacher1-1/+33
schema base The objectclass module should also check for this, but make sure we also reject it on things like provision. metze