summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-10-16s4/drs: prefixMap module initial definitionKamen Mazdrashki3-1/+69
2009-10-16s4/drs: Propagate redefinition of drsuapi_DsReplicaOID into code baseKamen Mazdrashki1-61/+105
The biggest change is that 'oid' field is transmited in binary format. Also the field name is changed to 'binary_oid' so that field format to be clear for callers. After those changes, Samba4 should work the way it works before - i.e. no added value here but we should not fail when partial-oid is part of prefixMap transmited from Win server. Also, thre is a bug in this patch - partial-binary-OIDs are not handled correctly. Partial-binary-OIDs received during replication will be encoded, but not handled correctly.
2009-10-15s4-dsdb: implement limit on rDN lengthAndrew Tridgell1-3/+11
w2k8 imposes a limit of 64 characters on the rDN
2009-10-15s4-dsdb: added samdb_rodc() and samdb_ntds_options()Andrew Tridgell2-1/+51
Later we will need to make samdb_rodc() look in the database, but for now we should at least have the function in a central place
2009-10-14s4:password_hash - load the domain parameters from the "loadparm context"Matthias Dieter Wallnöfer1-42/+11
And don't cut them out from the DNS hostname.
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer2-3/+2
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-12s4:objectclass ldb module - Check for empty messagesMatthias Dieter Wallnöfer1-1/+8
I think the check for empty messages fits best here.
2009-10-12s4:schema Add some error checking to the schema loadAndrew Bartlett2-7/+25
2009-10-12s4:dsdb Make dsdb_read_prefixes_from_ldb staticAndrew Bartlett1-1/+3
2009-10-12s4:dsdb Search for the schema with dsdb_module_search(), in schema_fsmoAndrew Bartlett2-122/+102
This avoids using an ldb_search(), which would run from the top of the module stack. This will help us load the schema before the partitions are initialised. Andrew Bartlett
2009-10-12s4:dsdb Add new functions to help modules do an ldb_search()Andrew Bartlett5-43/+173
These take an ldb_module argument, and avoid doing the search from the top of the stack again. (This will help when modules are initialised before being added to the partition set) Andrew Bartlett
2009-10-12s4:provision Remove all references to samba4LocalDomainAndrew Bartlett3-8/+7
This was a bad idea all along, as Simo said at the time. With the full MS schema and enforcement of it, it is an even worse idea. This fixes the provision of the member server in 'make test' Andrew Bartlett
2009-10-08s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer1-11/+14
2009-10-08s4:subtree_delete - Make the initialisation of the child counter more clearMatthias Dieter Wallnöfer1-0/+2
2009-10-07s4-drs: fixed a memory error introduced yesterdayAndrew Tridgell1-1/+1
ids is retrurned via _ids, so it needs to be on the passed in mem_ctx
2009-10-06s4:various LDB modules - "build_request" functions - propagate result codes backMatthias Dieter Wallnöfer4-12/+19
It's very useful to know the exact result code when something fails and not only a generic (by the module) created one. Sure, there are some exception cases with specific results (special message constellations, attributes, values...) which shouldn't be changed at all (examples of them are in the "ldap.py" test). Therefore I looked very carefully to not change them.
2009-10-06s4:rootdse module - intendation fixupMatthias Dieter Wallnöfer1-2/+2
2009-10-06s4:acl module - intendation fix and comment enhancementMatthias Dieter Wallnöfer1-1/+2
2009-10-06s4-repl: added RELAX control and fix transactionsAndrew Tridgell1-8/+57
Added the RELAX control to dsdb_origin_objects_commit(), as it needs to modify system objects. This patch also fixes the use of ldb transactions in that function, and fixes a memory leak.
2009-10-03s4:objectclass - Free unused memory from responsesMatthias Dieter Wallnöfer1-0/+3
2009-10-03s4:schema_inferiors - Fix wrong checkMatthias Dieter Wallnöfer1-1/+1
2009-10-03s4:dsdb Use possibleInferiors to restrict creation of child objectsAndrew Bartlett1-4/+15
This also uses systemPossibleInferiors when the 'relax' control is specified, which is done by the provision. Andrew Bartlett
2009-10-03s4:dsdb add systemPossibleInferiors to schema codeAndrew Bartlett2-0/+21
This allows us to figure out what the system can add, which will not be in possibleInferiors due to the systemOnly flag. Andrew Bartlett
2009-10-03s4:dsdb Add objectClass and RDN constraints to objectClass moduleAndrew Bartlett1-8/+35
These additional constraints are applied, found by the Microsoft testsuite. - When the parent is not present, we now return 'NO_SUCH_OBJECT'. - Restrict the choice of RDN to the correct one per the schema - Honour the allowedChildClasses attribute from the parent's objectClass. Andrew Bartlett
2009-10-03s4:dsdb Don't allow creation of systemOnly objectclassesMatthias Dieter Wallnöfer2-4/+10
(except as part of the provision, which specifies the 'relax' control) Andrew Bartlett
2009-10-02s4:repl_meta_data - variousMatthias Dieter Wallnöfer1-9/+38
- Add more "talloc_free"s and right error values where needed - Add a pre-lookup for entries before searching for metadata attribute (also suggested by TODO list) - Now the most part of "ldap.py" works again
2009-10-02s4:dsdb Return correct error on invalid attributeAndrew Bartlett1-1/+2
This error per the Microsoft testsuite
2009-10-02s4:dsdb Pass down the exact error code on failure in repl_meta_dataAndrew Bartlett1-5/+5
2009-10-02s4:samdb_set_password - Return the maximum password age when requested (not ↵Matthias Dieter Wallnöfer1-2/+3
the minimum one)
2009-10-02s4:samdb_set_password - cosmetic fixesMatthias Dieter Wallnöfer1-44/+58
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-6/+8
2009-10-02s4:dsdb Fix crash from LDAP login of DOM\\Andrew Bartlett1-5/+3
The issue here is that when we resolve DOM\\ into an NT4 name, we would not initilise the nt4_account output. Andrew Bartlett
2009-10-02s4:dsdb rework instanceType module - put instanceType in provisionAndrew Bartlett1-29/+9
The instanceType needs to be specified in future because that's how the partitions are actually created.
2009-10-02s4:dsdb Don't allow creating of new objects with an isDefunct schema classAndrew Bartlett1-1/+7
2009-10-02s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OIDAndrew Bartlett2-0/+144
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett
2009-10-02s4-ldb: Use relax control to check in replace metadata module if we accept ↵Matthieu Patou1-5/+38
request that specify objectGUID attribute.
2009-10-02s4:Ensure the selected RDN is the right one per the schemaAndrew Bartlett1-1/+7
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett
2009-10-02s4-samldb: the samldb module requires that the primary group existsAndrew Tridgell1-9/+17
We need to create Domain Users in the test ldb
2009-10-02s4-samdb: added some debuggingAndrew Tridgell1-2/+8
This helped track down the samba3sam.py failures
2009-10-02s4:dsdb/common/sidmap - RemoveMatthias Dieter Wallnöfer2-613/+0
As metze pointed out - this seems to be completely dead code. I too didn't find any dependencies in other code parts. Therefore remove it.
2009-10-02s4-ldb: accept the binary DN OIDs in extended DN modulesAndrew Tridgell2-4/+8
2009-10-02s4-ldb: Add support for binary blobs in DNsAndrew Tridgell1-23/+113
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-09-30s4:dsdb/common/util - remove introduced "samdb_is_capable_dc" callMatthias Dieter Wallnöfer1-57/+0
I came up with a better solution which is invoked when we try to join a domain as a DC (in file "libnet_become_dc.c"). Consider a following commit for this patch.
2009-09-28s4-kcc: fixed corruption of repsFrom records by kccAndrew Tridgell1-4/+2
We were re-using a stack variable outside of the stack scope
2009-09-28s4-kcc: remove stale repsFrom entries in kcc runAndrew Tridgell1-0/+11
2009-09-28s4-dsdb: don't return the partition root objectsAndrew Tridgell1-1/+19
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object.
2009-09-28s4-dsdb: removed extraneous debug messagesAndrew Tridgell1-4/+0
2009-09-28s4-dsdb: update replPropertyMetaData on linked attribute source attributesAndrew Tridgell1-0/+23
2009-09-28s4-dsdb: fixed searching for GUID based DNs between partitionsAndrew Tridgell1-2/+16
2009-09-28s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as criticalAndrew Tridgell1-0/+10
We may also need to remove the isCriticalSystemObject when the machine is demoted