summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-01-02s4-dsdb: add linked attributes meta_data handling to replmd_addAndrew Tridgell1-24/+86
This also handles the backlink creation that was previously in the linked_attributes module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: added replmd_delete, based on Eduardos workAndrew Tridgell1-0/+295
This implements repmld_delete(), which handles the meta_data updates for an object when deleting. A delete gets mapped to a combination of a rename followed by a modify request, which has the effect of moving the object into the Deleted Objects container. This is based on the code from Eduardo Lima <eduardoll@gmail.com>. Eduardo's code was modified to take account of the linked attributes changes that Andrew and I have been working on. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: the linked_attributes module no longer handles deletesAndrew Tridgell1-53/+0
delete handling is now moved into repl_meta_data Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: repl_meta_data now replaces objectguid in all casesAndrew Tridgell1-16/+2
We don't want to be debugging two different code paths through the ldb module stack, so better to always do the work of repl_meta_data, even for a standalone server Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: add a comment on the use of ldb_rename()Andrew Tridgell1-0/+3
We need to use ldb_rename() and not dsdb_module_rename() here as we need the rename to be processed by the current module
2010-01-02s4-dsdb: linked_attributes_modify no longer handles modifiesAndrew Tridgell1-183/+0
This functionality has moved into repl_meta_data
2010-01-02s4-dsdb: added support for backlinks in repl_meta_dataAndrew Tridgell1-20/+224
backlinks need more careful handling now that we store the additional meta data for deleted links. It is easier to handle this in repl_meta_data than in linked_attributes. Eventually linked_attributes will disappear, with the functionality moved into repl_meta_data. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: implemeneted replmd_modify_la_replace()Andrew Tridgell1-18/+152
We now have the core code for handling storage of linked attribute meta-data with local modifies Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: add a TODO item for linked attributes in extended_dn_outAndrew Tridgell1-0/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: add support for storing linked attribute meta data in extended DNsAndrew Tridgell1-19/+566
When in functional levels above w2k, we need to store much richer meta data about linkked attributes. We also need to keep deleted linked attributes around to allow the deletion to be propogated to other DCs. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-29dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij2-10/+11
2009-12-21s4-schema: fixed the sorting of schema attributesAndrew Tridgell1-3/+9
another case of unsigned int subtracting breaking sorts. This one surfaced now as attributeID_id now can be larger than 2^31
2009-12-21s4-drs: Implement constraints on ATTID values in prefixMapKamen Mazdrashki2-0/+35
Ref: MS-ADTS, 3.1.1.2.6 ATTRTYP Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21Adapted acl module to skip checks if as_system control is provided.Nadezhda Ivanova1-7/+17
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-drs: Save prefix map using LDB_CONTROL_AS_SYSTEM controlKamen Mazdrashki1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-dsdb-util: Execute ldb_request using LDB_CONTROL_AS_SYSTEMKamen Mazdrashki1-0/+49
This function is intended to be used when data needs to be modified skipping access checks. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-dsdb-util: Utility function to process ldb_request in transactionKamen Mazdrashki1-0/+26
This function is to be used later for manually crafted ldb_requests from within dsdb layer Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-schema: Implement msDS-IntId attribute generationKamen Mazdrashki1-14/+133
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-schema: Constraints on msDS-IntId attributeKamen Mazdrashki1-0/+27
This attribute can not be modified on existing schema object. msDS-IntId is not allowed during attribute creation also. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-schema: Set ATTID in schema cache from "msDS-IntId"Kamen Mazdrashki1-8/+13
According to http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx some Attributes OIDs may not use prefixMap. Setting ATTID in Schema Cache here should work, although this code snippet should be moved in separate function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21Revert "s4-drs: cope with bogus empty attributes from w2k8-r2"Kamen Mazdrashki1-17/+0
This reverts commit 1287c1d115fb7e8f3954bc05ff65007968403a9c. Next patch should fix the "not recognized ATTIDs" problem Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-drs: Fix bug - prefixMap is not updated when adding new OIDs.Kamen Mazdrashki1-2/+1
The bug is that prefixMap is updated only memory when adding new Classs/Attribute that has and OID not in prefixMap already. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-repl: give a reason why the prepare commit failedAndrew Tridgell1-1/+2
2009-12-21s4-kcc: don't crash with a NULL ntds connection listAndrew Tridgell1-3/+3
2009-12-21s4-repl: only try to replicate for NCs that we are a master forAndrew Tridgell1-4/+3
2009-12-21s4-schema: a unsigned comparison bug in the schema codeAndrew Tridgell1-1/+2
2009-12-21s4-drs: another two unsigned comparison bugsAndrew Tridgell1-3/+5
2009-12-21s4-repl: lower debug level of a common messageAndrew Tridgell1-1/+1
2009-12-21s4-dsdb: don't use a non-constant format string for a printf formatAndrew Tridgell1-10/+3
2009-12-21s4-dsdb: added DSDB_MODIFY_RELAX flag to the dsdb_module_*() callsAndrew Tridgell2-0/+8
2009-12-21s4-dsdb: added dsdb_get_extended_dn_uint64()Andrew Tridgell1-3/+11
2009-12-21s4-dsdb: use varargs expression in dsdb_module_search()Andrew Tridgell1-1/+7
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-21s4-dsdb: added two new dsdb_get_extended_dn_*() helper functionsAndrew Tridgell1-0/+43
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-21s4-dsdb: give us an invocationID when in standalone modeAndrew Tridgell1-1/+79
To allow us to use the repl_meta_data module in standalone mode (and thus not have two module stacks to test), we need a invocationID stored somewhere when standalone. This creates a random one, and stores it in @SAMBA_DSDB. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: stop warnings about unknown struct GUID in prototypesAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: greatly simplify the subtree_delete moduleAndrew Tridgell1-117/+20
We can use dsdb_module_search() to make this much simpler Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: fixed the sort in dsdb_find_nc_root()Andrew Tridgell1-1/+6
2009-12-18s4-dsdb: fix handling of AUX classes in objectclass_sortBrendan Powers1-146/+133
This is done by sorting the classes by subClass_order, which will check if the last structural class is valid to add (in objectclass_do_add instead checking the last class in the list). They were being sorted by building a class tree, and adding the classes to the list in that order. However, AUX classes usually don't fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I have changed the behavior to sort the classes by subClass_order instead. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: return an error if samAccountName is not specified when creating a ↵Brendan Powers1-0/+7
user. Makes sure samAccountName has been specified before adding a user. This happened while I was trying to add a user with the posixAccount objectclass. I forgot to specify the user objectClass, and samba segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Move get_last_structural class from descriptor.c to util.cBrendan Powers3-16/+30
It can now also be used by objectclass.c get_last_structural_class now ignores AUX classes, because they are not structural Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Add a check to prevent acl_modify from debuging a NULL messageBrendan Powers1-1/+5
Check to see if there were any messages passed to acl_modify before debugging the first one. I think I caused this by some malformed LDIF. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-17s4:"samdb_set_password" - remove delete instructionsMatthias Dieter Wallnöfer1-7/+2
They won't work when the LDB change is done using "samdb_replace" (consider "samr_password.c" functions). I think this has been a relict which has been useful before the "password_hash" module existed. Basically it itself does now the updates.
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-11/+86
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-12-17s4:dsdb/common/util - make NTTIME attribute wrappers use a "const" messageMatthias Dieter Wallnöfer1-4/+6
There is no reason to have the message non-const here.
2009-12-16s4-dsdb: also mark the relax control non-critical when doneAndrew Tridgell1-5/+3
2009-12-16s4-dsdb: it is a better pattern to mark a control as done than remove itAndrew Tridgell3-21/+7
removing a control means it can't be seen by any other modules, which is usually not what is wanted. Better to just mark it non-critical, which means anyone else who wants to look at it can, but if nobody does its not an error.
2009-12-16s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptorAndrew Tridgell1-10/+19
2009-12-16s4-dsdb: don't actually remove the sd_flags control, just mark it non-criticalAndrew Tridgell1-14/+10
For controls that need to be seen by more than one module, it is best to just mark them non-critical when handled, instead of removing them. Otherwise lower modules can't see them. In this case we want the operational module to see the SD_FLAGS control
2009-12-16s4-dsdb: added dsdb_get_deleted_objects_dn()Andrew Tridgell1-0/+22
This is based on the code from Eduardo Lima <eduardoll@gmail.com>, but uses the new helper functions added in the last couple of commits Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: added dsdb_find_nc_root()Andrew Tridgell1-0/+64
This is based on the function of the same name from Eduardo Lima <eduardoll@gmail.com>, but using ldb_dn_compare, to give us comparisons consistent with what the rest of the code uses. We will use this function in combination with dsdb_wellknown_dn() to find the Deleted Objects container for any object. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>