Age | Commit message (Collapse) | Author | Files | Lines |
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
|
|
Currently it is mapped to Octet String LDAP syntax
for comparison purposes.
According to LDAP rfc we should be using same comparison
as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive.
But according to ms docs binary compare should do the job:
http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Fri Oct 22 22:19:50 UTC 2010 on sn-devel-104
|
|
This implementation doesn't use prefixMap/Schema to validate
numericoid OIDs. We may not have this OID yet, so I see no point
checking schema for if we have it.
Side effect of using prefixMap/Schema for validating numericoids
is that we mistakenly add the OID to the prefixMap.
This led to a corrupted prefixMap in LDB.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
|
|
We didn't seem to get the control created by the time we do searches here.
Andrew Bartlett
Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
added some depenencies needed for -Wl,-no-undefined
|
|
this prevents a duplicate object file
|
|
samdb/ldb_modules/schema_util.c
these functions operate on ldb_modules, so they should be in the
ldb_modules directory. They also should return ldb errors codes, not
WERROR codes, as otherwise the error can be hidden from the ldap
caller
This re-arrangement fixes a dependency loop in the schema/samdb code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Oct 20 13:54:01 UTC 2010 on sn-devel-104
|
|
This helps ensure that we don't get confusing error strings in the
logs on other error cases.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
|
|
If we send the full extended DN, then we risk standards-complient LDAP
servers rejecting it as invalid. Only the DN portion is needed to
resolve the record in any case, and any SID or GUID componenets have
already been evaluated into the DN.
Andrew Bartlett
|
|
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP.
We don't have these sequence numbers in this case.
Andrew Bartlett
|
|
|
|
this is needed to allow it over ldap
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
|
|
if we get an unregistered control in the rootdse module, and the
request comes from an untrusted source (eg. ldap://) then we need to:
1) filter the control out if it is marked non-critical
2) give an error if it is marked critical
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This shows up at build time on MacOS and runtime on Linux when we
use the LDAP backend.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Oct 18 00:57:51 UTC 2010 on sn-devel-104
|
|
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
|
- The "systemFlags" we interpret always as signed
- Use "samdb_msg_add_int" where possible (much saver for integer storing than
ldb_msg_add_fmt)
|
|
integers
Please do always use the functions which specifiy the appropriate integer
length to not run into platform-specific issues. Therefore I'm removing these
generic calls.
|
|
- This is how we always deal with RIDs
- Use an integer-length safe function for the RID update
|
|
delete protection
MS-ADTS 3.1.1.5.5.7.2
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
|
|
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
|
|
"samdb_msg_add_uint", "samdb_msg_add_uint64" and "samdb_msg_set_uint" a bit more
Unsigned int data in AD is a bit problematic to handle. Problem described by
abartlet.
|
|
"samdb_msg_add_string"
"ldb_msg_add_string" is safe here since the integer has already been converted
to a string which is "talloc"ed on "mem_ctx".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
|
|
In LDAP we used signed intege and groups have the highest bit set (ie.
0x80000002). So it will result with values that are > 2^31 when these
value are used on some plateforms (x86 and PPC 64bits in this case) it
causes problem with strtol.
|
|
"ldb_module_get_ctx"
|
|
"samdb_msg_add_string"
|
|
|
|
need to be duplicated
This is done internally by the LDB library - look at "ldb_msg_add_empty".
|
|
This can be substituted by "ldb_msg_add_value".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
And beside this it's also nicer to use standard LDB functions for type
conversions.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct 14 08:26:53 UTC 2010 on sn-devel-104
|
|
- Update the module description
- Fix indentation
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 17:31:29 UTC 2010 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 14:17:31 UTC 2010 on sn-devel-104
|
|
This is exactly that what Windows allows. It was proven by a blackbox test.
And we also need to deny add operations of builtin groups.
|
|
|
|
"isCriticalSystemObject" on modify operations
|
|
entries
They're only allowed to be created with the RELAX control specified.
|
|
This was done according to MS-SAMR 3.1.1.8.2
But do use it only for add operations at the moment.
|
|
Additionally clean up "samldb_fill_object" which is now much easier to
comprehend.
|