summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer2-0/+8
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-3/+3
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-23s4 dsdb kcc: Prefer msDS-hasMasterNCs over hasMasterNCs when replicatingKai Blin1-5/+10
2010-10-22s4-dsdb_syntax: Setup "String(Case Sensitive)" syntaxKamen Mazdrashki1-3/+10
Currently it is mapped to Octet String LDAP syntax for comparison purposes. According to LDAP rfc we should be using same comparison as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive. But according to ms docs binary compare should do the job: http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Fri Oct 22 22:19:50 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb/schema_syntax: Separate validation for numericoid OID valuesKamen Mazdrashki1-3/+47
This implementation doesn't use prefixMap/Schema to validate numericoid OIDs. We may not have this OID yet, so I see no point checking schema for if we have it. Side effect of using prefixMap/Schema for validating numericoids is that we mistakenly add the OID to the prefixMap. This led to a corrupted prefixMap in LDB. Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb extended_dn_out: Move lazy dereference control creation to lazy-initAndrew Bartlett1-54/+77
We didn't seem to get the control created by the time we do searches here. Andrew Bartlett Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb: force LDB_ERR_NO_SUCH_ATTRIBUTE on missing schemaInfoAndrew Tridgell1-2/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21s4-dsdb: fixed depenencies for -no-undefinedAndrew Tridgell2-5/+5
added some depenencies needed for -Wl,-no-undefined
2010-10-21s4-dsdb: make ldb_password_hash depend on hdb not HEIMDAL_HDB_KEYSAndrew Tridgell1-1/+1
this prevents a duplicate object file
2010-10-21s4-dsdb: moved a bunch of fuctions from schema/schema_info_attr.c to ↵Andrew Tridgell5-280/+351
samdb/ldb_modules/schema_util.c these functions operate on ldb_modules, so they should be in the ldb_modules directory. They also should return ldb errors codes, not WERROR codes, as otherwise the error can be hidden from the ldap caller This re-arrangement fixes a dependency loop in the schema/samdb code. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
2010-10-21s4-dsdb: make SAMDB_COMMON into a private libraryAndrew Tridgell1-5/+6
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-20s4-schema_init: Print more info about syntax we fail to recognizeKamen Mazdrashki1-2/+4
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Oct 20 13:54:01 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb Reset the error string after 'expected' errors.Andrew Bartlett1-0/+1
This helps ensure that we don't get confusing error strings in the logs on other error cases. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backendsAndrew Bartlett3-2/+83
If we send the full extended DN, then we risk standards-complient LDAP servers rejecting it as invalid. Only the DN portion is needed to resolve the record in any case, and any SID or GUID componenets have already been evaluated into the DN. Andrew Bartlett
2010-10-19s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usnAndrew Bartlett1-1/+1
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP. We don't have these sequence numbers in this case. Andrew Bartlett
2010-10-19s4:dsdb/schema/schema_init.c - remove a duplicated "talloc_free"Matthias Dieter Wallnöfer1-1/+0
2010-10-19s4-dsdb: register the DCPROMO_OID control with the rootdseAndrew Tridgell1-0/+7
this is needed to allow it over ldap Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb: filter unregistered controls in the rootdse moduleAndrew Tridgell1-19/+84
if we get an unregistered control in the rootdse module, and the request comes from an untrusted source (eg. ldap://) then we need to: 1) filter the control out if it is marked non-critical 2) give an error if it is marked critical Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-18s4:"util_ldb" - remove some really unused dependanciesMatthias Dieter Wallnöfer2-2/+0
2010-10-18dsdb simple_ldap_map depends on LDBSAMBAAndrew Bartlett1-1/+1
This shows up at build time on MacOS and runtime on Linux when we use the LDAP backend. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Oct 18 00:57:51 UTC 2010 on sn-devel-104
2010-10-18dsdb: Module aliases require to be prefixed with the subsystem name.Jelmer Vernooij1-2/+2
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer7-87/+7
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer7-7/+87
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-16s4:samldb LDB module - use appropriate fixed-length integer types where neededMatthias Dieter Wallnöfer1-4/+5
- The "systemFlags" we interpret always as signed - Use "samdb_msg_add_int" where possible (much saver for integer storing than ldb_msg_add_fmt)
2010-10-16s4:dsdb/samdb/ldb_modules/util.c - remove now unused functions which set ↵Matthias Dieter Wallnöfer1-74/+0
integers Please do always use the functions which specifiy the appropriate integer length to not run into platform-specific issues. Therefore I'm removing these generic calls.
2010-10-16s4:samba3sid LDB module - handle the RID as uint32_tMatthias Dieter Wallnöfer1-13/+15
- This is how we always deal with RIDs - Use an integer-length safe function for the RID update
2010-10-16s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree ↵Matthias Dieter Wallnöfer2-3/+27
delete protection MS-ADTS 3.1.1.5.5.7.2 Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
2010-10-16s4:dsdb - fix unsigned integer save problems using the "%u" specifierMatthias Dieter Wallnöfer5-17/+31
The issue here is that we have not yet first cast to int32_t explicitly, before we cast to an signed int to printf() into the %d or cast to a int64_t before we then cast to a long long to printf into a %lld. There are *no* unsigned integers in Active Directory LDAP, even the RID allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities. (See the schema, and the syntax definitions in schema_syntax.c). The failure has been detected by Matthieu Patou on the buildfarm host "tridge" due to a malformed "groupType" attribute. The solution is to use the "%d" specifier. Either to use it directly - or better (when possible) use the call "samdb_msg_add_uint" (which encapsulates it). This patch changes such problematic situations.
2010-10-16s4:dsdb/common/util.c - describe the behaviour of the functions ↵Matthias Dieter Wallnöfer1-5/+32
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more Unsigned int data in AD is a bit problematic to handle. Problem described by abartlet.
2010-10-15s4:samdb_msg_add_int* - use "ldb_msg_add_string" rather than ↵Matthias Dieter Wallnöfer1-2/+2
"samdb_msg_add_string" "ldb_msg_add_string" is safe here since the integer has already been converted to a string which is "talloc"ed on "mem_ctx". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
2010-10-15s4 dsdb: fix sign problem on PPC and x86Matthieu Patou1-2/+2
In LDAP we used signed intege and groups have the highest bit set (ie. 0x80000002). So it will result with values that are > 2^31 when these value are used on some plateforms (x86 and PPC 64bits in this case) it causes problem with strtol.
2010-10-15s4:samldb LDB module - cosmetic - use "ldb" variable rather than ↵Matthias Dieter Wallnöfer1-1/+1
"ldb_module_get_ctx"
2010-10-15s4:samdb_create_foreign_security_principal - proof error code of ↵Matthias Dieter Wallnöfer1-3/+6
"samdb_msg_add_string"
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditionsMatthias Dieter Wallnöfer1-0/+6
2010-10-15s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't ↵Matthias Dieter Wallnöfer1-4/+3
need to be duplicated This is done internally by the LDB library - look at "ldb_msg_add_empty".
2010-10-15s4:dsdb - remove "samdb_msg_add_value"Matthias Dieter Wallnöfer1-10/+2
This can be substituted by "ldb_msg_add_value". Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer8-86/+59
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-14s4:samldb LDB module - attempt to fix integer handling on big-endian platformsMatthias Dieter Wallnöfer1-7/+9
And beside this it's also nicer to use standard LDB functions for type conversions. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Oct 14 08:26:53 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - cosmetic fixupsMatthias Dieter Wallnöfer1-9/+9
- Update the module description - Fix indentation Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
2010-10-13samdb: Set soname.Jelmer Vernooij1-1/+2
2010-10-13s4:sam.py - tests for "userAccountControl" attributeMatthias Dieter Wallnöfer1-3/+448
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 17:31:29 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - deny creation of temporary duplicate accountsMatthias Dieter Wallnöfer1-0/+12
2010-10-13s4:samldb LDB module - proof the account type also on LDB modify operationsMatthias Dieter Wallnöfer1-0/+8
2010-10-13s4:sam.py - add a test for the group type changing behaviourMatthias Dieter Wallnöfer1-0/+595
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 14:17:31 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - support the group type changing properlyMatthias Dieter Wallnöfer1-1/+53
This is exactly that what Windows allows. It was proven by a blackbox test. And we also need to deny add operations of builtin groups.
2010-10-13s4:ldap.py - test the "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer1-0/+39
2010-10-13s4:samldb LDB module - deny also the direct modification of ↵Matthias Dieter Wallnöfer1-3/+14
"isCriticalSystemObject" on modify operations
2010-10-13s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" ↵Matthias Dieter Wallnöfer1-0/+9
entries They're only allowed to be created with the RELAX control specified.
2010-10-13s4:samldb LDB module - first implementation of the samldb primary group triggerMatthias Dieter Wallnöfer1-48/+61
This was done according to MS-SAMR 3.1.1.8.2 But do use it only for add operations at the moment.
2010-10-13s4:samldb LDB module - use the new "objectclass_trigger" for add operationsMatthias Dieter Wallnöfer1-142/+33
Additionally clean up "samldb_fill_object" which is now much easier to comprehend.