summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-10-29s4:samr RPC server - remove wrong implementation of ReplicaSourceNodeNameMatthias Dieter Wallnöfer1-22/+0
This should represent a replication partner - never the DC iself
2010-10-29s4-resolve_oids: Remove redundant check - resolve_oids_need_value() handle thisKamen Mazdrashki1-4/+0
2010-10-29s4-schema_init: we should be able to resolve Syntax OIDs with prefixMap we haveKamen Mazdrashki1-3/+3
If Syntax OID is not in the prefixMap then we are getting an unknown Attribute Syntax (which we can't handle anyway)
2010-10-27s4-ldb: Added the correct extended check for read access to nTSecurityDescriptorNadezhda Ivanova2-1/+63
It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
2010-10-27s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova2-9/+5
determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
2010-10-26s4-dsdb_syntax: *_OID_oid_ldb_to_drsuapi() functions should useKamen Mazdrashki1-6/+6
dsdb_schema_pfm_attid_from_oid() instead of dsdb_schema_pfm_make_attid() as those functions are supposed to return ATTIDs only for OIDs we already know about (i.e. are in prefixMap) Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Oct 26 22:44:36 UTC 2010 on sn-devel-104
2010-10-26s4-prefixMap: split dsdb_schema_make_attid() function into read-only andKamen Mazdrashki1-1/+38
read-write functions. dsdb_schema_make_attid() may change prefixMap implicitly and this is not always desired behavior. The problem was that (1) callers had no control on this behavior (2) callers had no way to know wheter prefixMap has been changed which can lead to hard to find bugs like prefixMap is changed in read operation
2010-10-26s4-prefixmap: Use WERR_NOT_FOUND when OID is not found in current prefixMapKamen Mazdrashki3-3/+3
rather than WERR_DS_NO_MSDS_INTID. WERR_DS_NO_MSDS_INTID is intended to be used for msDsIntId attribute values handling
2010-10-26s4:ldap.py - add a test for attribute ranges - still very basicMatthias Dieter Wallnöfer1-1/+56
And partially outcommented. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Oct 26 18:53:12 UTC 2010 on sn-devel-104
2010-10-26s4:sam.py - enhance users and groups testMatthias Dieter Wallnöfer1-2/+63
2010-10-26s4:samldb LDB module - enhance the "member"-check triggerMatthias Dieter Wallnöfer1-3/+7
- Also multi-valued "member" attributes are allowed - When you try to delete a member from a group which has it primary group set exactly to this group you get "UNWILLING_TO_PERFORM"
2010-10-26s4:ldap.py - enhance and activate the "description" attribute testMatthias Dieter Wallnöfer1-27/+89
It tests only the "description" attribute in particular since it behaves differently from all others.
2010-10-26s4:objectclass_attrs.c - rework to support these special "description" ↵Matthias Dieter Wallnöfer1-10/+40
constraints Only the "description" attribute has this special restrictions.
2010-10-26waf: Stop automaticaly changing dashes to underscores in library names.Jelmer Vernooij2-9/+9
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij2-22/+22
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-35/+35
2010-10-25s4:"samdb_search_count" - introduce a "mem_ctx" parameterMatthias Dieter Wallnöfer2-7/+6
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't? Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
2010-10-25ldb:gendb_* calls: support a "NULL" resultset parameterMatthias Dieter Wallnöfer1-2/+1
This is useful for "samdb_search_count" where only the amount of entries matters.
2010-10-25s4:samldb LDB module - other indentation fixes on error messagesMatthias Dieter Wallnöfer1-9/+12
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 12:31:57 UTC 2010 on sn-devel-104
2010-10-25s4:ldap.py - prove the denied multi-valued replace requestsMatthias Dieter Wallnöfer1-18/+18
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 11:49:19 UTC 2010 on sn-devel-104
2010-10-25s4:objectclass_attrs LDB module - deny multi-valued replace requestsMatthias Dieter Wallnöfer1-0/+13
This is the AD behaviour. But on attributes with the flag "FLAG_ATTR_REQ_PARTIAL_SET_MEMBER" it is allowed.
2010-10-25s4:samldb LDB module - fix indentationsMatthias Dieter Wallnöfer1-15/+28
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 09:48:15 UTC 2010 on sn-devel-104
2010-10-25s4:samldb LDB module - use "uint32_t" for available krbtgt numberMatthias Dieter Wallnöfer1-5/+8
2010-10-25s4:samldb LDB module - assign better memory contexts in some casesMatthias Dieter Wallnöfer1-8/+9
2010-10-24s4:dsdb - remove some calls of "samdb_msg_add_string" when we have talloc'ed ↵Matthias Dieter Wallnöfer1-3/+2
strings They can be substituted by "ldb_msg_add_string" if the string was already talloc'ed. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
2010-10-24s4:dsdb - use LDB results in "add_time_element" and "add_uint64_element"Matthias Dieter Wallnöfer2-24/+35
In both the "objectguid" and the "repl_meta_data" DSDB module. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 24 18:39:43 UTC 2010 on sn-devel-104
2010-10-24s4:dsdb - use the more safe "samdb_msg_add_(u)int*" calls always where possibleMatthias Dieter Wallnöfer4-19/+28
This should prevent all possible integer storage problems in future.
2010-10-24ldb: Rename pyldb pkg-config file to pyldb-util, to avoid confusion withJelmer Vernooij1-1/+1
'ldb' python module.
2010-10-24s4: Rename SMBPASSWD to smbpasswd.Jelmer Vernooij1-7/+7
Rename DSDB_MODULE to dsdb_module.
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij2-18/+18
2010-10-24s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,}Jelmer Vernooij1-9/+9
2010-10-24s4: Rename SAMDB_COMMON to samdb_common.Jelmer Vernooij2-6/+6
2010-10-23s4: Rename NSS_WRAPPER to nss_wrapper.Jelmer Vernooij2-3/+3
Only link to nss_wrapper when it is enabled. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Oct 23 23:05:44 UTC 2010 on sn-devel-104
2010-10-23s4: Rename LIBEVENTS to libevents.Jelmer Vernooij1-34/+34
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer2-0/+8
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-3/+3
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-23s4 dsdb kcc: Prefer msDS-hasMasterNCs over hasMasterNCs when replicatingKai Blin1-5/+10
2010-10-22s4-dsdb_syntax: Setup "String(Case Sensitive)" syntaxKamen Mazdrashki1-3/+10
Currently it is mapped to Octet String LDAP syntax for comparison purposes. According to LDAP rfc we should be using same comparison as Directory String (LDB_SYNTAX_DIRECTORY_STRING), but case sensitive. But according to ms docs binary compare should do the job: http://msdn.microsoft.com/en-us/library/cc223200(v=PROT.10).aspx Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Fri Oct 22 22:19:50 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb/schema_syntax: Separate validation for numericoid OID valuesKamen Mazdrashki1-3/+47
This implementation doesn't use prefixMap/Schema to validate numericoid OIDs. We may not have this OID yet, so I see no point checking schema for if we have it. Side effect of using prefixMap/Schema for validating numericoids is that we mistakenly add the OID to the prefixMap. This led to a corrupted prefixMap in LDB. Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Oct 21 23:32:26 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb extended_dn_out: Move lazy dereference control creation to lazy-initAndrew Bartlett1-54/+77
We didn't seem to get the control created by the time we do searches here. Andrew Bartlett Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Thu Oct 21 12:29:54 UTC 2010 on sn-devel-104
2010-10-21s4-dsdb: force LDB_ERR_NO_SUCH_ATTRIBUTE on missing schemaInfoAndrew Tridgell1-2/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21s4-dsdb: fixed depenencies for -no-undefinedAndrew Tridgell2-5/+5
added some depenencies needed for -Wl,-no-undefined
2010-10-21s4-dsdb: make ldb_password_hash depend on hdb not HEIMDAL_HDB_KEYSAndrew Tridgell1-1/+1
this prevents a duplicate object file
2010-10-21s4-dsdb: moved a bunch of fuctions from schema/schema_info_attr.c to ↵Andrew Tridgell5-280/+351
samdb/ldb_modules/schema_util.c these functions operate on ldb_modules, so they should be in the ldb_modules directory. They also should return ldb errors codes, not WERROR codes, as otherwise the error can be hidden from the ldap caller This re-arrangement fixes a dependency loop in the schema/samdb code. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Kamen Mazdrashki <kamenim@samba.org>
2010-10-21s4-dsdb: make SAMDB_COMMON into a private libraryAndrew Tridgell1-5/+6
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-20s4-schema_init: Print more info about syntax we fail to recognizeKamen Mazdrashki1-2/+4
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Oct 20 13:54:01 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb Reset the error string after 'expected' errors.Andrew Bartlett1-0/+1
This helps ensure that we don't get confusing error strings in the logs on other error cases. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
2010-10-19s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backendsAndrew Bartlett3-2/+83
If we send the full extended DN, then we risk standards-complient LDAP servers rejecting it as invalid. Only the DN portion is needed to resolve the record in any case, and any SID or GUID componenets have already been evaluated into the DN. Andrew Bartlett
2010-10-19s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usnAndrew Bartlett1-1/+1
This will happen on an OpenLDAP backend, because @ records are invalid in LDAP. We don't have these sequence numbers in this case. Andrew Bartlett
2010-10-19s4:dsdb/schema/schema_init.c - remove a duplicated "talloc_free"Matthias Dieter Wallnöfer1-1/+0