| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This function is intended to be used when data needs
to be modified skipping access checks.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This function is to be used later for manually crafted
ldb_requests from within dsdb layer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This attribute can not be modified on existing schema object.
msDS-IntId is not allowed during attribute creation also.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
According to http://msdn.microsoft.com/en-us/library/cc223224%28PROT.13%29.aspx
some Attributes OIDs may not use prefixMap.
Setting ATTID in Schema Cache here should work, although
this code snippet should be moved in separate function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This reverts commit 1287c1d115fb7e8f3954bc05ff65007968403a9c.
Next patch should fix the "not recognized ATTIDs" problem
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The bug is that prefixMap is updated only memory when
adding new Classs/Attribute that has and OID not in
prefixMap already.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
To allow us to use the repl_meta_data module in standalone mode (and
thus not have two module stacks to test), we need a invocationID
stored somewhere when standalone. This creates a random one, and
stores it in @SAMBA_DSDB.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We can use dsdb_module_search() to make this much simpler
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is done by sorting the classes by subClass_order, which will
check if the last structural class is valid to add (in
objectclass_do_add instead checking the last class in the list).
They were being sorted by building a class tree, and adding the
classes to the list in that order. However, AUX classes usually don't
fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I
have changed the behavior to sort the classes by subClass_order
instead.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
user.
Makes sure samAccountName has been specified before adding a
user. This happened while I was trying to add a user with the
posixAccount objectclass. I forgot to specify the user objectClass,
and samba segfaulted. It now returns LDB_ERR_CONSTRAINT_VIOLATION.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
It can now also be used by objectclass.c
get_last_structural_class now ignores AUX classes, because they are
not structural
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Check to see if there were any messages passed to acl_modify before
debugging the first one. I think I caused this by some malformed
LDIF.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
They won't work when the LDB change is done using "samdb_replace"
(consider "samr_password.c" functions).
I think this has been a relict which has been useful before the "password_hash"
module existed. Basically it itself does now the updates.
|
|
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
|
|
There is no reason to have the message non-const here.
|
|
|
|
removing a control means it can't be seen by any other modules, which
is usually not what is wanted. Better to just mark it non-critical,
which means anyone else who wants to look at it can, but if nobody
does its not an error.
|
|
|
|
For controls that need to be seen by more than one module, it is best
to just mark them non-critical when handled, instead of removing
them. Otherwise lower modules can't see them.
In this case we want the operational module to see the SD_FLAGS
control
|
|
This is based on the code from Eduardo Lima <eduardoll@gmail.com>, but
uses the new helper functions added in the last couple of commits
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is based on the function of the same name from Eduardo Lima
<eduardoll@gmail.com>, but using ldb_dn_compare, to give us
comparisons consistent with what the rest of the code uses.
We will use this function in combination with dsdb_wellknown_dn() to
find the Deleted Objects container for any object.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This finds a wellknown object given its GUID
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used by the replmd_delete() code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used to do a sync modify in a module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
needs to ask for the DN in storage format, plus fix compilation errors
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This function will be used for non-search controls, like relax
|
|
This finds a DN given a GUID, searching below the current module in
the module stack.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This also moves the check to before we parse the DN, which saves some
unnecessary work
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used to determine if a extedned DN has the 'DELETED=1'
component
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
When reveal is set, then we show deleted linked attributes and all
linkked attribute components. When not set we show a normal extended
DN.
|
