| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we should be using the dsdb_module_search*() calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this avoids using a multi-part extended DN in a search that hits the
check in extended_dn_in
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
builtin groups are shown in user tokenGroups searches
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this tests that the remote tokenGroups match the internally calculated
ones
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this DN we have came from an extended DN search, which means it may
have multiple extended components. We need to minimise the DN before
AD will accept it
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this checks that the number of extended components in a DN is valid,
to match MS AD behaviour. We need to do this to ensure that our tools
don't try to do operations that will be invalid when used against MS
servers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This removes a silly cross-dependency between the ldb moudle stack and auth/
Andrew Bartlett
|
|
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Jan 11 12:10:25 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Jan 6 16:07:49 CET 2011 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Dec 23 22:49:41 CET 2010 on sn-devel-104
|
|
Just for consistency.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Dec 23 21:46:38 CET 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Dec 22 13:05:53 CET 2010 on sn-devel-104
|
|
Test setting spn on RWDC, RODC and regular computer object.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
|
|
If this right is granted to a user, they may modify the SPN of an object with some value restrictions
serviceName can be set only if the object is a DC, and then only to the default domain and netbios name, or ntds_guid._msdsc_.forest_domain. If the serviceType is GC, only to the forest root domain. If the serviceType is ldap, then to forest_domain or netbiosname.
InstanceType can be samAccountName or dnsHostName.
|
|
|
|
We now just do or do not call into LDB based on some flags.
This means there may be some more link time dependencies, but we seem
to deal with those better now.
Andrew Bartlett
|
|
This reverts a previous move to have this based around the auth
subsystem, which just spread auth deps all over unrelated code.
Andrew Bartlett
|
|
These local TDB operations can quite safely be handled in a new/nested
event context, rather than using the main event context.
Andrew Bartlett
|
|
|
|
|
|
This version reverts changes from commit b974966cc2b4d0b5b0d83206070b5f7c5c6495d1
and is what Matthieu Patou had commited in d784ecec555a3d9737e6f4b3894f27904d2b833c
with added reference to the schema cache.
I think referencing schema here is the right thing to be done
as thus we garantee that schema cache will stay in memory
for the time our function is executed
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Dec 20 12:01:53 CET 2010 on sn-devel-104
|
|
everything is OK
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Dec 18 05:53:48 CET 2010 on sn-devel-104
|
|
Just 'refresh_fn' and 'loaded_from_module' are copied.
I left 'reload_seq_number' set to 0 intentionally, so that
this Schema cache will looks like a very old one to ,refresh_fn'.
This way, if this shallow copy is attached to LDB, it will be
refreshed as soon as possible by 'refresh_fn'.
|
|
We need to do this as dsdb_reference_schema() function
clears "use_global_schema" ldb flag.
Basically what is going to happen is that after dsdb_reference_schema()
global_schema pointer will continue to point at old schema cache,
while "dsdb_schema" for LDB will point at the working_schema.
After replication is done, we reset "dsdb_schema" for the ldb
with an updated Schema cache, but this leaves global_schema pointer
with its old value, which is not up to date.
So we need to call dsdb_make_schema_global() again so that global_schema
points to a valid Schema cache.
|
|
This reverts commit 25163380239abbad28f1656c42e6fab1b92473d9 because
further analyis showed the real problem was introduced in 0941099a
(which changed the caller behaviour, but only for indexed searches).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Dec 18 02:19:59 CET 2010 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 18 01:33:24 CET 2010 on sn-devel-104
|
|
|
|
working_schema is a shallow copy of current schema and thus
depends on part of it. So we want it to be around as long as
working_schema is used.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Fri Dec 17 23:34:29 CET 2010 on sn-devel-104
|
|
|
|
We need to make LDB consistent here (indexed vs unindexed behaviour
differs here!), but for the moment this is the easiest way out of a
segfault.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 16 06:42:56 CET 2010 on sn-devel-104
|
|
|
|
|
|
|
|
system_session()
Otherwise system_session() creates a LoadParm() instance
which resets certain global parameters to their defaults
from smb.conf ("log level" for instance)
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
|
|
If we get such an msDs-IntId value, then we should just use it,
there is no mapping available for such values
|
|
_dsdb_syntax_OID_oid_drsuapi_to_ldb() fails
I haven't found a way to test this function during replication so far,
but when I do, it will be useful to notice this error in the log file
|
|
Without this check, receiving empty replica leads to a situation
where we left with a working_schema attached to the ldb.
The problem here is that working_schema is not fully functional
schema cache and keeping it attached to the ldb may lead
to modules failing to accomplish their jobs
|
|
|
|
remote-ATTID to local one
We may have no prefix for the remote ATTID (remote OID strictly speaking)
So this is the place for us to update our local prefixMap
adding a prefix for the numeric OID we've recived
|
|
|
|
while committing objects
working_schema is to be used while committing a Schema replica.
When we replicate Schema, then we most probably won't be
able to convert all replicated objects using the current
Schema cache (as we don't know anything about those new objects).
Thus, during Schema replication, we make a temporary
working_schema that contains both our current Schema +
all objects we get on the wire.
When we commit those new objects, we should use our working_schema
(by setting it to the ldb), and after all changes are commited,
we can refresh the schema cache so we have a brand new,
full-featured Schema cache
|
|
in dsdb_attribute_drsuapi_to_ldb() function.
drsuapi_DsReplicaAttribute *in parameter come from remote DC
so we can't rely on in->attid to map it directly to an
dsdb_attribute in our local schema cache
|
|
Without this change, when a schema is set to ldb, the
effect is that dsdb_get_schema() returns global_schema
preferably.
Thus we end up with two schemas in effect:
- global one, which is the old one and it is still used everywhere
- new one, which is just cached in ldb, but can't be used, as
there is no way to access it
|
|
used
Make it much harder to import bad data into the password attributes.
This isn't 100% safe, but much better than no checks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 13 16:17:36 CET 2010 on sn-devel-104
|
|
metze
|
