summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-11-17s4:schema Add the GUID to each defaultObjectCategory when loading from LDIFAndrew Bartlett1-0/+49
This makes these full extended DNs, so we set the right values into the database, even before we actually set the schema objects themselves. Andrew Bartlett
2009-11-17s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategoryAndrew Bartlett4-1/+67
It is important to always ensure that this attribute has an extended DN if the rest of the database stores things that way. The knowlege of what format the DN is stored on disk with is passed around in an LDB opaque. Andrew Bartlett
2009-11-17s4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schemaAndrew Bartlett2-35/+27
The load of defaultObjectCategory as an extended DN means we need to use the common parsing functions I just split out, rather than the GET_DS_DN macro. The objectGUIDs are loaded so that we can create the extended DN when we load from LDIF (and are loaded for the other cases for consistency). Also adapt callers to API changes needed for common parsing code Andrew Bartlett
2009-11-17s4:dsdb Use the new flags to dsdb_module_search in schema_loadAndrew Bartlett1-1/+3
This loads the defaultObjectCategory DN as an extended DN, so we can apply it, with the associated GUID, when setting this on records in the objectClass module. Previously we would not store the extended DN components for objectCategory. Andrew Bartlett
2009-11-17s4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunctionAndrew Bartlett1-73/+91
This should make it easier to call this function from the DRS schema load code, rather than duplicate it. (we may do the same with other functions in future). Andrew Bartlett
2009-11-17s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used featuresAndrew Bartlett6-11/+84
These flags, also on dsdb_module_search_dn() allow us to add commonly set controls to this pre-packaged blocking search, without rebuilding the whole function in each caller. Andrew Bartlett
2009-11-16s4:SAMLDB moduleMatthias Dieter Wallnöfer1-14/+14
- Add more "\n" to make sure that error messages are displayed immediately - Add a "NULL" in a attribute list
2009-11-16Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-4/+1
"lDAPDisplayName" generator" This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4. abartlet pointed out in a post on the samba-technical list that this isn't necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks functionality of the replication.
2009-11-16s4:dsdb LDB attribute lists must always be a static const char **.Andrew Bartlett1-1/+1
(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack). Andrew Bartlett
2009-11-16s4:provision - Removed dependency on full Samba 3 schema from FDSEndi S. Dewata1-41/+0
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova2-105/+258
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-15s4:dsdb/repl/replicated_objects - Applicate also here the new ↵Matthias Dieter Wallnöfer1-1/+4
"lDAPDisplayName" generator Also here we've to be sure to generate the attribute correctly if it doesn't exist yet.
2009-11-15s4:SAMLDB module - Add support for required and generated schema attributesAndrew Bartlett1-7/+285
This missing support found by Microsoft test suite at AD interop event. Patch by Andrew Bartlett Enhancements by Matthias Dieter Wallnöfer
2009-11-15s4:samdb util - add a call for generating a correct "lDAPDisplayName"Matthias Dieter Wallnöfer1-0/+28
This is needed for the SAMLDB module enhancement regarding schema objects. The algorithm in pseudo code is located in MS-ADTS 3.1.1.2.3.4.
2009-11-14s4-drs: DsExecuteKCC() implementationErick Nascimento2-1/+21
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc(). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-13s4-ldb: changed the DN checks for \n to warningsAndrew Tridgell1-3/+6
a \n is sometimes allowed in AD (eg in deleted DNs). Until we know when is really is allowed, treat it as a warning only.
2009-11-12s4:dsdb Make callbacks in extended_dn_out clearer to followAndrew Bartlett1-1/+6
2009-11-12s4:repl_meta_data Parse linked attributes with schema syntaxesAndrew Bartlett1-39/+44
The bug here was that by assuming all linked attributes were 'normal DNs', we would miss the binary portion of DN+Binary. This patch then has us reparse the string to determine it's GUID, for the GUID lookup, but maintains the binary porition into the on-disk format. Andrew Bartlett
2009-11-12s4:dsdb/schema Add more unit tests for DN+Binary syntaxesAndrew Bartlett1-4/+9
2009-11-12s4:dsdb Improve debug message in extended_dn_outAndrew Bartlett1-1/+3
2009-11-12s4:dsdb/schema Allow a schema set when bound against a remote LDAP serverAndrew Bartlett1-3/+3
2009-11-12s4:dsdb Add expected value tests for most DRS syntax conversionsAndrew Bartlett2-6/+155
I've left out those for which I could not find an expected value in my default Windows 2003 server's database, and the values that rely on the current prefix map at the time. Andrew Bartlett
2009-11-12s4:Fix regression in dsdb_dn code - all parses of the DN would be rejectedAndrew Bartlett1-2/+6
This is most likely the cause of the DRS replication failures I observed with my changes. Andrew Bartlett
2009-11-12s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS importAndrew Bartlett2-44/+49
This will allow us in future to do tests on the LDB values we generate from the DRS replication. Andrew Bartlett
2009-11-12s4:dsdb/schema Simplify schema loading from ldb messagesAndrew Bartlett2-98/+81
It turns out that we always add the class/attribute to the schema.
2009-11-12s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changesAndrew Bartlett3-30/+38
These changes include reworking the code to call ldb_module_get_ctx() less often (avoid the function calls, particularly during the step into a complex function). Andrew Bartlett
2009-11-12s4:dsdb Ensure we allow 'odd' lengths for DN+StringAndrew Bartlett1-5/+5
(Found in a code review by metze) Andrew Bartlett
2009-11-12s4:dsdb Add extensive tests for the behaviour of dsdb_dnAndrew Bartlett1-0/+357
2009-11-12s4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schemaAndrew Bartlett3-64/+87
This converts the code from using the binary DN code in ldb_dn to using a special Samba-specfic wrapper around ldb_dn. We also use the dsdb_dn code for DN+Binary and DN+String comparisons (changed from treating them as Binary blobs) Andrew Bartlett
2009-11-12s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+StringAndrew Bartlett4-1/+343
This aims to replace (and is based on) the code in ldb_dn.c. It is however much stricter in the DNs it will accept. Andrew Bartlett
2009-11-12lib/util Split data_blob_hex_string() into upper and lowerAndrew Bartlett1-5/+5
Rather than have a repeat of the bugs we found at the plugfest where hexidecimal strings must be in upper or lower case in particular places, ensure that each caller chooses which case they want. This reverts most of the callers back to upper case, as things were before tridge's patch. The critical call in the extended DN code is of course handled in lower case. Andrew Bartlett
2009-11-09s4-samdb: remove the rDN size constraint of 64Andrew Tridgell1-3/+10
This size constraint is not correct in it's current form, as windows does send us rDN values for CN with lengths longer than 64. Once we know how this constraint really works we can add it back in.
2009-11-07s4:dsdb/common/util - samdb_result_hashes - use "unsigned int" for countersMatthias Dieter Wallnöfer1-2/+1
2009-11-06s4:samdb_check_password - allow the password string to be NULLMatthias Dieter Wallnöfer1-0/+1
This deactivates the password complexity check, but not the minimum password length one, since the length is specified. This change is needed by my password module work.
2009-11-06s4:samdb_validate_password - Adapt the function to use the UNIX charset for ↵Matthias Dieter Wallnöfer1-20/+7
the password data blob
2009-11-06s4/drs: Refactor to be more SAMBA.Coding style compliantKamen Mazdrashki2-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Remove unused structures and functionsKamen Mazdrashki2-93/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: remove unused num_prefixes and prefixes from dsdb_schemaKamen Mazdrashki3-6/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_create_prefix_mapping() refactoredKamen Mazdrashki1-11/+9
TODO: this function may be refactored further. Actually we don't need to look up for the OID supplied, but just call sdb_schema_pfm_make_attid() - it will search for the OID anyway and add it if necessary Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: prefixMap lookup by full_OID implementationKamen Mazdrashki1-0/+25
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_write_prefixes_from_schema_to_ldb() refactoredKamen Mazdrashki1-39/+35
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_read_prefixes_from_ldb() refactoredKamen Mazdrashki1-54/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: refactor dsdb_load_oid_mappings_ldb() to use ↵Kamen Mazdrashki1-33/+29
_dsdb_prefixmap_from_ldb_val() Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: Load prefixMap from ldb_val moved in separate functionKamen Mazdrashki1-0/+35
It is to be used later in several places when we need such conversion. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_schema_pfm_from_drsuapi_pfm() to accept partial drsuapi_prefixMapKamen Mazdrashki2-22/+46
"partial drsuapi_prefixMap" is a prefix map without last entry being special - i.e. map that does not contains schema_info entry. Test for dsdb_schema_pfm_from_drsuapi_pfm() were also extended to cover both 'full' and 'partial' map conversion. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_map_int2oid() replaced by dsdb_schema_pfm_oid_from_attid()Kamen Mazdrashki2-30/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_map_oid2int() replaced by dsdb_schema_pfm_make_attid()Kamen Mazdrashki3-19/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_verify_oid_mappings_drsuapi() replaced by ↵Kamen Mazdrashki2-72/+1
dsdb_schema_pfm_contains_drsuapi_pfm() dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented prefixMap interface. This name was choosen to clearly show, that this a week verification in case we want to determine if remote schema is changed. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_get_oid_mappings_drsuapi() to use new prefixMap interfaceKamen Mazdrashki1-34/+3
dsdb_get_oid_mappings_drsuapi() just need to call dsdb_drsuapi_pfm_from_schema_pfm() to get filled-in DRSUAPI prefixMap. Perhaps it won't be bad to rename this function to have more expressive name in the future Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_load_oid_mappings_drsuapi() -> dsdb_load_prefixmap_from_drsuapi()Kamen Mazdrashki1-52/+13
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use dsdb_schema_pfm_from_drsuapi_pfm() function to load drsuapi_prefixMap into schema->prefixmap Signed-off-by: Stefan Metzmacher <metze@samba.org>