summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-11-23s4/schema: Handle Object(OR-Name) syntax in extended_dn_out moduleKamen Mazdrashki1-4/+12
Windows displays attribute values with Object(OR-Name) syntax in plain DN format when queried through LDAP. Hence, we need to post-process such values specially in extended_dn_out.c module so they are always shown as plain DN, no matter what controls are passed for search request.
2009-11-23s4/schema: Object(OR-Name) syntax handling for DRS callsKamen Mazdrashki3-6/+11
OR-Name syntax through DRS calls looks like DN-Binary syntax
2009-11-23s4/schema(tort): Inject authOrig attribute into schema loaded for testsKamen Mazdrashki1-1/+44
2009-11-23s4/schema(tort): Add test for Object(OR-Name) syntaxKamen Mazdrashki1-0/+8
2009-11-23s4/schema(tort): Test LDB_SYNTAX_DN with extended_dn in [GUID;SID;DN] formKamen Mazdrashki1-1/+9
2009-11-22Fixed incorrect indentation.Nadezhda Ivanova1-7/+6
2009-11-21Implemented LDAP_SERVER_SD_FLAGS_OID on search requests.Nadezhda Ivanova2-22/+165
2009-11-20Cosmetic patch - fixed case of attribute name.Nadezhda Ivanova1-1/+1
2009-11-20Implementation of LDAP_SERVER_SD_FLAGS_OID on modify requests.Nadezhda Ivanova1-16/+133
2009-11-20s4-dsdb: some more attribuutes that we should only give if asked forAndrew Tridgell1-1/+6
2009-11-20added new function "ldb_msg_add_dn"Crístian Deives1-2/+3
a helper function to a DN element to an ldb_msg using ldb_msg_add_string. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-20s4-dsdb: removed attributes that should not be displayed by defaultAndrew Tridgell1-0/+37
Some attributes (like ntSecurityDescriptor) are stored in our db, but should only be displayed if asked for. This also applied to parentGUID from old installs, which is now generated.
2009-11-20s4-drs: Removes stored parentGUID's creation and renamingFernando J V da Silva1-80/+7
parentGUID is now created on demand in operational.c Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-20s4-drs: Synchronous Implementation of generated parentGUIDFernando J V da Silva1-2/+34
This generated parentGUID on demand, rather than getting it from the database Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-20s4-drs: Utility functions to deal with GUIDFernando J V da Silva1-0/+99
dsdb_find_parentguid_by_dn() returns the parentGUID for a given DN dsdb_msg_add_guid() adds a GUID value to a given message (either objectGUID or parentGUID). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-20s4-dsdb: make sure mod_usn list is zeroed on each transactionAndrew Tridgell1-7/+10
2009-11-17s4:SAMLDB DSDB module - Add "\n"s on debug messagesMatthias Dieter Wallnöfer1-2/+2
2009-11-17s4:SAMLDB DSDB module - Remove "\n" in LDB error messagesMatthias Dieter Wallnöfer1-25/+31
abartlet suggested me to not use anymore "\n"s in those kind of outputs. Plus, enhance a search filter to consider also "builtinDomain" objects which are basically domain objects too.
2009-11-17s4:dsdb/schema: let schema_supclasses() return the correct pointerStefan Metzmacher1-2/+2
str_list_unique() changes the pointer via talloc_realloc(). metze
2009-11-17s4:schema Add the GUID to each defaultObjectCategory when loading from LDIFAndrew Bartlett1-0/+49
This makes these full extended DNs, so we set the right values into the database, even before we actually set the schema objects themselves. Andrew Bartlett
2009-11-17s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategoryAndrew Bartlett4-1/+67
It is important to always ensure that this attribute has an extended DN if the rest of the database stores things that way. The knowlege of what format the DN is stored on disk with is passed around in an LDB opaque. Andrew Bartlett
2009-11-17s4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schemaAndrew Bartlett2-35/+27
The load of defaultObjectCategory as an extended DN means we need to use the common parsing functions I just split out, rather than the GET_DS_DN macro. The objectGUIDs are loaded so that we can create the extended DN when we load from LDIF (and are loaded for the other cases for consistency). Also adapt callers to API changes needed for common parsing code Andrew Bartlett
2009-11-17s4:dsdb Use the new flags to dsdb_module_search in schema_loadAndrew Bartlett1-1/+3
This loads the defaultObjectCategory DN as an extended DN, so we can apply it, with the associated GUID, when setting this on records in the objectClass module. Previously we would not store the extended DN components for objectCategory. Andrew Bartlett
2009-11-17s4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunctionAndrew Bartlett1-73/+91
This should make it easier to call this function from the DRS schema load code, rather than duplicate it. (we may do the same with other functions in future). Andrew Bartlett
2009-11-17s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used featuresAndrew Bartlett6-11/+84
These flags, also on dsdb_module_search_dn() allow us to add commonly set controls to this pre-packaged blocking search, without rebuilding the whole function in each caller. Andrew Bartlett
2009-11-16s4:SAMLDB moduleMatthias Dieter Wallnöfer1-14/+14
- Add more "\n" to make sure that error messages are displayed immediately - Add a "NULL" in a attribute list
2009-11-16Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-4/+1
"lDAPDisplayName" generator" This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4. abartlet pointed out in a post on the samba-technical list that this isn't necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks functionality of the replication.
2009-11-16s4:dsdb LDB attribute lists must always be a static const char **.Andrew Bartlett1-1/+1
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack). Andrew Bartlett
2009-11-16s4:provision - Removed dependency on full Samba 3 schema from FDSEndi S. Dewata1-41/+0
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova2-105/+258
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-15s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-1/+4
"lDAPDisplayName" generator Also here we've to be sure to generate the attribute correctly if it doesn't exist yet.
2009-11-15s4:SAMLDB module - Add support for required and generated schema attributesAndrew Bartlett1-7/+285
This missing support found by Microsoft test suite at AD interop event. Patch by Andrew Bartlett Enhancements by Matthias Dieter Wallnöfer
2009-11-15s4:samdb util - add a call for generating a correct "lDAPDisplayName"Matthias Dieter Wallnöfer1-0/+28
This is needed for the SAMLDB module enhancement regarding schema objects. The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
2009-11-14s4-drs: DsExecuteKCC() implementationErick Nascimento2-1/+21
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc(). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-13s4-ldb: changed the DN checks for \n to warningsAndrew Tridgell1-3/+6
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know when is really is allowed, treat it as a warning only.
2009-11-12s4:dsdb Make callbacks in extended_dn_out clearer to followAndrew Bartlett1-1/+6
2009-11-12s4:repl_meta_data Parse linked attributes with schema syntaxesAndrew Bartlett1-39/+44
The bug here was that by assuming all linked attributes were 'normal DNs', we would miss the binary portion of DN+Binary. This patch then has us reparse the string to determine it's GUID, for the GUID lookup, but maintains the binary porition into the on-disk format. Andrew Bartlett
2009-11-12s4:dsdb/schema Add more unit tests for DN+Binary syntaxesAndrew Bartlett1-4/+9
2009-11-12s4:dsdb Improve debug message in extended_dn_outAndrew Bartlett1-1/+3
2009-11-12s4:dsdb/schema Allow a schema set when bound against a remote LDAP serverAndrew Bartlett1-3/+3
2009-11-12s4:dsdb Add expected value tests for most DRS syntax conversionsAndrew Bartlett2-6/+155
I've left out those for which I could not find an expected value in my default Windows 2003 server's database, and the values that rely on the current prefix map at the time. Andrew Bartlett
2009-11-12s4:Fix regression in dsdb_dn code - all parses of the DN would be rejectedAndrew Bartlett1-2/+6
This is most likely the cause of the DRS replication failures I observed with my changes. Andrew Bartlett
2009-11-12s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS importAndrew Bartlett2-44/+49
This will allow us in future to do tests on the LDB values we generate from the DRS replication. Andrew Bartlett
2009-11-12s4:dsdb/schema Simplify schema loading from ldb messagesAndrew Bartlett2-98/+81
It turns out that we always add the class/attribute to the schema.
2009-11-12s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changesAndrew Bartlett3-30/+38
These changes include reworking the code to call ldb_module_get_ctx() less often (avoid the function calls, particularly during the step into a complex function). Andrew Bartlett
2009-11-12s4:dsdb Ensure we allow 'odd' lengths for DN+StringAndrew Bartlett1-5/+5
(Found in a code review by metze) Andrew Bartlett
2009-11-12s4:dsdb Add extensive tests for the behaviour of dsdb_dnAndrew Bartlett1-0/+357
2009-11-12s4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schemaAndrew Bartlett3-64/+87
This converts the code from using the binary DN code in ldb_dn to using a special Samba-specfic wrapper around ldb_dn. We also use the dsdb_dn code for DN+Binary and DN+String comparisons (changed from treating them as Binary blobs) Andrew Bartlett
2009-11-12s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+StringAndrew Bartlett4-1/+343
This aims to replace (and is based on) the code in ldb_dn.c. It is however much stricter in the DNs it will accept. Andrew Bartlett
2009-11-12lib/util Split data_blob_hex_string() into upper and lowerAndrew Bartlett1-5/+5
Rather than have a repeat of the bugs we found at the plugfest where hexidecimal strings must be in upper or lower case in particular places, ensure that each caller chooses which case they want. This reverts most of the callers back to upper case, as things were before tridge's patch. The critical call in the extended DN code is of course handled in lower case. Andrew Bartlett