summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-03-01s4-repl/working_schema: Ignore some attributes when bulding working schema cacheKamen Mazdrashki1-0/+9
We don't need all object attributes resolved and converted for a working schema to be functional.
2011-03-01s4-replicated_objects: Implement a mechanism to relax some attributes conversionKamen Mazdrashki1-4/+31
during replicated object convert stage. The problem is that we may have loops in schema graph and we can't resolve those loops in just one pass. Ignoring some attributes conversion will allow us to have a functional schema cache that we can use later to resolve all attribute OIDs on another pass
2011-02-28Fix some typesJelmer Vernooij5-13/+13
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-27s4/dsdb-util: Use DS_NTDSDSA_OPT_IS_GC flag definitionKamen Mazdrashki1-1/+1
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sun Feb 27 00:10:45 CET 2011 on sn-devel-104
2011-02-27s4-drepl: Schedule event to trigger replication rather than calling ↵Kamen Mazdrashki1-2/+5
run_pending_ops directly Executing dreplsrv_run_pending_ops() directly may cause a segfault as in case of failure, the _drepl_replica_sync_done_cb() callback gets called *before* drepl_replica_sync() returns. In such case, irpc message gets freed twice - once when irpc_send_reply() gets called and once when drepl_replica_sync() returns
2011-02-27s4-drepl: Fix replica sync callback to really store last error rather than ↵Kamen Mazdrashki1-1/+1
last success
2011-02-27s4-drepl: Refactor dreplsrv_run_pull_ops() toKamen Mazdrashki1-16/+33
1. Take into account DSA options - we should not send replication requests in case OUTBOUND_REPLICATION is disabled 2. Use replication flags for the operation to determine if a forced replication is requested 3. In case outbound replication is disabled and we don't have DRSUAPI_DRS_SYNC_FORCED flag set, then we should record WERR_DS_DRA_SINK_DISABLED error as a last replication result
2011-02-27s4-drepl: Pass replication options from DsReplicaSync callKamen Mazdrashki4-5/+12
2011-02-24build: moved libds/common/flag_mapping.c into a common subsystemAndrew Tridgell4-2/+6
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-22s4-descriptor: Fixed a typo in a comment and clarified it a bit.Nadezhda Ivanova1-2/+2
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Feb 22 12:39:23 CET 2011 on sn-devel-104
2011-02-22s4-descriptor: Fixed some missing curly braces.Nadezhda Ivanova1-10/+13
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett5-6/+4
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-22s4-waf: rename smbpasswd library to smbpasswdparserAndrew Tridgell1-1/+1
this removes a conflict with the s3 smbpasswd binary
2011-02-21s4-descriptor: Fixed some compiler warnings.Nadezhda Ivanova1-2/+2
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Feb 21 18:02:21 CET 2011 on sn-devel-104
2011-02-21s4-descriptor: Removed unnecessary descriptor_change function and unused ↵Nadezhda Ivanova1-387/+0
callbacks.
2011-02-21s4-descriptor: Replaced the async descriptor_change with synchronous ↵Nadezhda Ivanova1-1/+149
descriptor_modify. The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the implementation of SD hierarchy recalculation on modify much easier.
2011-02-21s4-descriptor: Replaced the synchronous descriptor_change with the ↵Nadezhda Ivanova1-1/+108
synchronous descriptor_add. The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the implementation of SD hierarchy recalculation on modify much easier.
2011-02-21pyldb: add tests for getting control resultsMatthieu Patou1-0/+8
2011-02-21s4-unittests: replace assertEquals(res, []) by assertEquals(len(res), 0)Matthieu Patou2-25/+25
2011-02-18s4-dsdb: operational module does not need auth any moreAndrew Tridgell2-3/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-15s4-ldb_modules/operational: Make use of dsdb_module_reference_dn() functionKamen Mazdrashki1-17/+4
it does exactly what we need here Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Feb 15 16:55:32 CET 2011 on sn-devel-104
2011-02-15s4:sam.py - add another "description" test caseMatthias Dieter Wallnöfer1-0/+13
Exactly for the syntax which is needed by Volker in s3's "pdb_ads". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Feb 15 16:10:15 CET 2011 on sn-devel-104
2011-02-15s4:acl LDB module - interpret "userAccountControl" as "uint32_t"Matthias Dieter Wallnöfer1-3/+3
This is the same way as it is done in the samldb LDB module. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Feb 15 12:08:26 CET 2011 on sn-devel-104
2011-02-14s4-ldb_modules/acl: Use ntds_guid for SPN check only we have a DC objectKamen Mazdrashki1-6/+5
ntds_guid is NULL otherwise as it doesn't make sense for not a DC object Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
2011-02-14s4-ldb_modules/acl: Get correct NTDSDSA objectGUID to check SPN forKamen Mazdrashki1-2/+17
2011-02-14s4-ldb_modules/util: Implement dsdb_module_find_ntdsguid_for_computer()Kamen Mazdrashki1-0/+30
as a counterpart for samdb_find_ntdsguid_for_computer() to be used in LDB modules
2011-02-14s4/ldb_modules/acl.c: Fix calculation for samAccountName string lenKamen Mazdrashki1-1/+1
2011-02-14s4-dsdb: cope with broken exchange schema with single valued backlinksAndrew Tridgell1-0/+7
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Feb 14 08:45:51 CET 2011 on sn-devel-104
2011-02-14s4-dsdb: fixed problem with constrained modification of description attributeAndrew Tridgell1-44/+13
This approach just asks the tdb backend to handle the single valued constraint for us Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-13Fix typosVolker Lendecke1-1/+1
2011-02-10s4-tests: Some tests that prove behavior for INHERITED user-provided ACEs is ↵Nadezhda Ivanova1-0/+34
different if the P flag is set. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Feb 10 12:31:34 CET 2011 on sn-devel-104
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell34-53/+53
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-2/+2
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-07s4-dsdb: make subtree_rename errors clearerAndrew Tridgell1-10/+10
2011-02-02s4-dsdb Add tests to ensure we don't break the rootDSE function levels againAndrew Bartlett1-0/+33
This both checks that the levels make sense, and they match what they should be based on in the DB. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 2 06:09:53 CET 2011 on sn-devel-104
2011-02-02s4-dsdb Fix generation of rootDSE domainControllerFunctionalityAndrew Bartlett1-1/+3
The issue here is that when the samdb calls were removed, this call relied on going back to the top of the module stack, so as to re-enter the rootDSE search handler. It makes more sense to check the @ROOTDSE record directly, and therefore not to invoke the search() handler during the init. Andrew Bartlett
2011-02-02s4-python Ensure we add the Samba python path first.Andrew Bartlett11-11/+11
This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
2011-01-28s4-acl: Fixed returning uninitialized ldap error in case of some critical ↵Nadezhda Ivanova1-7/+10
errors. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Jan 28 12:04:01 CET 2011 on sn-devel-104
2011-01-25s4:ldap.py - check the write protection on LSA objectsMatthias Dieter Wallnöfer1-5/+30
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
2011-01-25s4:dsdb/samdb/ldb_modules/objectclass.c - move LSA specific object checks ↵Matthias Dieter Wallnöfer2-32/+29
into "objectclass_attrs" LDB module LSA object classes are protected on both LDAP add and LDAP modify operations, so I've refactored the previous check in the objectclass LDB module only for LDAP adds in a new one in the objectclass_attrs LDB module for both adds and modifies. This is the result of the investigations done by Hongwei Sun and I in the last months. Interestingly these protection mechansim doesn't apply on LDAP deletes! Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-01-22s4-repl_meta_data: replmd_update_is_newer() should not return true if ↵Kamen Mazdrashki1-3/+3
metadata stamps are equal Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sat Jan 22 12:22:30 CET 2011 on sn-devel-104
2011-01-22s4-repl_meta_data: Print out what is wrong when we fail to modify objectKamen Mazdrashki1-0/+1
2011-01-22s4-repl_meta_data: We should not use USNs in metadata comparisonsKamen Mazdrashki1-11/+0
If object is changed by same DC, then version should be incremented
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett3-41/+29
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-19s4-dsdb Don't use None as the input to the GENSEC loop in tokengroups testAndrew Bartlett1-1/+1
The input to gensec.update() should always be a string. Andrew Bartlett
2011-01-19s4-dsdb Add PAC validation test to tokengroups test.Andrew Bartlett1-20/+78
This confirms that the groups obtained from a Kerberos PAC match those that a manual search of a target LDAP server would reveal. This should allow mixing of a KDC specified by krb5.conf to test Samba or Windows alternatly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jan 19 13:13:48 CET 2011 on sn-devel-104
2011-01-19s4-dsdb Add a test of the tokenGroups behaviour on the user's DN.Andrew Bartlett1-3/+21
Andrew Bartlett
2011-01-18s4-tests: Added a test for correct inheritance of IO flagged ACEs.Nadezhda Ivanova1-0/+18
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104
2011-01-17s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell4-26/+32
dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell24-231/+331
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>