summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell4-4/+4
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-drs: removed dsdb_validate_client_flags()Andrew Tridgell2-37/+0
This test is in the wrong place. We end up validating our own flags. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: removed an unused variableAndrew Tridgell1-1/+0
2010-04-22s4-dsdb: added dsdb_validate_invocation_id()Andrew Tridgell1-0/+87
this validates that a invocationID matches an account sid This will be used to ensure that we don't allow DRS replication from someone a non-DC or administrator Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: added dsdb_get_extended_dn_sid()Andrew Tridgell2-12/+34
This will be used by the RODC code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: moved rodc schema validation to samldb.cAndrew Tridgell2-33/+37
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+1
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s40-drs: Do not send GetNCChanges messages to RODCsFernando J V da Silva1-0/+11
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: dsdb_validate_client_flags() functionFernando J V da Silva1-0/+28
This function is intended to check if some client is not lying about his flags. At this moment, it only checks for RODC flags. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva4-37/+64
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: Do not allow system-critical attributes to be RODC filteredFernando J V da Silva1-0/+33
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDsAndrew Bartlett1-0/+24
The SIDs in some queries were not being passed as binary, but as strings in comparison with the securityIdentifer object. We need to recognise that these are SIDs in the simple_ldap_map. Andrew Bartlett
2010-04-22s4:OpenLDAP-backend Use the new rdnval module in OpenLDAPAndrew Bartlett2-3/+8
This is rather than rdn_name, which tries to do the job on the client side. We need to leave this module in the stack for Fedora DS (and of course the LDB backend). Andrew Bartlett
2010-04-22s4:dsdb Revert accidentilly commited change for LDAP backendsAndrew Bartlett1-1/+1
In the future, LDAP backends will be resposible for maintaining the 'name' attributes. Andrew Bartlett
2010-04-21s4-schema: allow revision numbers of zeroAndrew Tridgell1-6/+3
w2k8r2 sends a revision of zero in the initial schema replication during a net vampire Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-20s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()Andrew Bartlett3-2/+75
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett
2010-04-17s4:dsdb/dns/dns_update.c - fix a typoMatthias Dieter Wallnöfer1-1/+1
2010-04-16s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid()Nadezhda Ivanova2-55/+7
2010-04-15s4:rootdse: only return "tokenGroups", when the client asked for themStefan Metzmacher1-1/+1
metze
2010-04-15pydsdb: Fix memory leak on invalid parameters, formatting, trivialJelmer Vernooij1-8/+15
typos.
2010-04-15s4 python: Add a function to get the oid of an attribute when the attid is knownMatthieu Patou1-0/+37
This function is mainly to help decoding replPropertyMetaData in python Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-04-13s4:samdb_server_site_name - fix indentationMatthias Dieter Wallnöfer1-4/+6
2010-04-13s4:acl/descriptor LDB module - distinguish between root and default basednMatthias Dieter Wallnöfer2-0/+12
The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments).
2010-04-13s4:dsdb/common/util.c - add a call which determines centrally the forest DNS ↵Matthias Dieter Wallnöfer1-0/+19
domainname
2010-04-13s4:remove "samdb_root_dn", "samdb_base_dn", "samdb_config_dn" and ↵Matthias Dieter Wallnöfer1-20/+0
"samdb_schema_dn" They aren't needed anymore.
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer11-21/+24
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-13s4:objectclass LDB module - remove a unneeded newlineMatthias Dieter Wallnöfer1-2/+1
2010-04-12s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functionsMatthias Dieter Wallnöfer1-1/+1
Purely cosmetic change.
2010-04-11subunit: Remove more test output that could be interpreted by subunit.Jelmer Vernooij1-1/+1
2010-04-11subunit: Support formatting compatible with upstream subunit, for consistency.Jelmer Vernooij1-1/+1
Upstream subunit makes a ":" after commands optional, so I've fixed any places where we might trigger commands accidently. I've filed a bug about this in subunit.
2010-04-11s4:samdb_server_site_dn - free unused DNs in the right wayMatthias Dieter Wallnöfer1-2/+2
2010-04-10s4:dsdb Don't use the permissive modify control on schemaInfo updatesAndrew Bartlett1-2/+2
The use of 'replace' is enough to wipe out the old value, whatever it is, we don't need to set 'permissive modify' too. Additionally, this seems to be causing trouble for the OpenLDAP backend Andrew Bartlett
2010-04-10s4:dsdb Don't return operational attributes on special DNsAndrew Bartlett1-0/+5
2010-04-10s4:rootdse Implement "tokenGroups" in the rootDSEAndrew Bartlett1-0/+18
This returns the currently connected user's full token. This is very useful for debugging, and should be used in ACL tests. Andrew Bartlett
2010-04-10s4:dsdb Improve error message in extended_dn_inAndrew Bartlett1-1/+1
This error occours when an extended DN cannot be resolved, so it's most helpful to print the problematic extended DN. Andrew Bartlett
2010-04-10s4:schema Try to fix OpenLDAP backend after schema reload support.Andrew Bartlett1-4/+2
If we can't get @REPLCHANGED, default to a value of 0. Andrew Bartlett
2010-04-09s4/dsdb: Set schemaInfo attribute value during provisioningKamen Mazdrashki1-0/+49
After provisioning new Forest, schemaInfo should be set to a value with revision=1 and current invocation_id
2010-04-09s4/dsdb: split writing of schemaInfo blob in two partsKamen Mazdrashki1-21/+46
ldb_msg preparation is moved into separate function so that it can be used for implementing schemaInfo updates both on module stack (dsdb_module_... functions) and directly on ldb_context
2010-04-09s4/dsdb: Let caller to control if valid invocationId is critical or ↵Kamen Mazdrashki3-3/+8
zero-guid is acceptable
2010-04-09s4/dsdb: Use dsdb_schema_info object to create default schemaInfo valuesKamen Mazdrashki2-7/+22
2010-04-09s4/dsdb: Use dsdb_schema_info object to verify schema_info blobsKamen Mazdrashki2-21/+20
2010-04-09s4/waf: add new files to WAF buildKamen Mazdrashki1-1/+1
2010-04-09s4/samldb: schemaInfo attribute must be updated when adding new Schema objectKamen Mazdrashki1-0/+50
2010-04-09s4/dsdb: dsdb_schema_info object implementationKamen Mazdrashki2-1/+385
2010-04-09s4/dsdb: Define dsdb representation for schemaInfo attributeKamen Mazdrashki1-0/+8
2010-04-08s4-python: Move load_partition_usn to dsdb module.Jelmer Vernooij3-2/+51
2010-04-08s4:dsdb - Handle INVALID_DN_SYNTAX from OpenLDAP in ↵Endi S. Dewata1-1/+1
dsdb_module_load_partition_usn(). Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-04-08s4-python: Move set_global_schema to pydsdb.Jelmer Vernooij1-35/+104
2010-04-07s4-python: Move samdb_ntds_objectGUID to pydsdb.Jelmer Vernooij1-0/+148
2010-04-06s4-python: Move set_opaque_integer to pyldb.Jelmer Vernooij1-66/+0
generated by cgit (git 2.34.1) at 2024-11-27 13:25:08 +0000