summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-08-25s4-dsdb: assert that base DNs are used correctlyAndrew Tridgell2-0/+8
this will catch future programmer errors with incorrect base DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: enforce NULL DN validity in partition moduleAndrew Tridgell1-0/+3
windows does not allow a search on the empty DN except for rootDSE searches or for phantom_root searches (ie. with --cross-ncs). By enforcing this in Samba we make it more likely that our tests and utilities will work against windows Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed basedn in extended_dn_in moduleAndrew Tridgell1-6/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: cleanup use of NULL vs base DN in samldbAndrew Tridgell1-7/+18
NULL should be used when doing all partition searches. The default basedn should be used when wanting just the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: removed unused function in ACL moduleAndrew Tridgell1-39/+0
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-dsdb: fixed all partitions search in cracknamesAndrew Tridgell1-1/+1
when searching all partitions we must use the NULL basedn, or we will miss partitions in multi-domain setups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-21samdb: Install header file.Jelmer Vernooij1-0/+1
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij2-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-18s4-dsdb: fixed deletion of backlinks for fl2000 DCsAndrew Tridgell1-18/+13
when in FL 2000 we were not correctly deleting backlinks as we uses dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules should use dsdb_module_dn_by_guid() which prevents going to the top level, and finds deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dsdb: added comments and fixed backlink check in repl_meta_dataAndrew Tridgell1-2/+17
added comments explaining the backlink deletion code, plus fix a use of a bitwise operation in a boolean expression, and avoid calling dsdb_functional_level() inside a loop Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18s4-dirsync: use dsdb_module_dn_by_guid() not dsdb_find_dn_by_guid() in modulesAndrew Tridgell1-1/+1
this prevents us going to the top level of the module stack Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4:dsdb: use tevent_ fn names instaed of legacy event_ onesSimo Sorce3-3/+3
2011-08-13s4-dsdb: Provide additional method to connect to specified database pathAmitay Isaacs1-5/+16
samdb_connect() now calls samdb_connect_url() with default "sam.ldb". Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb ensure we honour the hash_values control, even for really odd hashesAndrew Bartlett1-2/+4
2011-08-13s4-dsdb Give a less worrying error message on failure to get a transactionAndrew Bartlett1-1/+1
2011-08-13s4-dsdb Add ability to force a particular SID in the upgrade caseAndrew Bartlett1-1/+16
2011-08-13s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH controlAndrew Bartlett2-0/+9
2011-08-12s4-dsdb: don't cache the NTDS settings DNAndrew Tridgell1-9/+8
this DN can change due to a server rename, so we cannot cache it. It is set by provision, but not anywhere else. This seems to not have a large performance impact Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: expand dsServiceName from GUID form at runtimeAndrew Tridgell1-6/+54
this allows dsServiceName to be stored as an extended DN or GUID form in @ROOTDSE, and its string form will be found at runtime. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: remove the naming_fsmo and pdc_fsmo modulesAndrew Tridgell3-42/+0
these are not needed now that the rootdse modules calculates the validFSMOs attribute at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12s4-dsdb: calculate validFSMOs at runtime instead of pre-computingAndrew Tridgell3-251/+45
this changes the rootdse to compute the validFSMOs attribute at runtime by checking the fSMORoleOwner attribute on the appropriate DN. This avoids the need for the pdc_fsmo and naming_fsmo modules. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-10s4:subtree_rename LDB module - fix the move/rename constraintsMatthias Dieter Wallnöfer1-10/+7
s4:subtree_rename LDB module - fix the move/rename constraints By the inspiration of an email request by ekacnet I have rechecked the move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the MS-ADTS technical documentation. It really turns out that the constraint checking is only performed on the root object of a request. In addition add my copyright notice (I've written these constraint checks). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
2011-08-10s4-dsdb: avoid printing a pointless debug lineMatthieu Patou1-1/+1
2011-08-10s4-drsuapi: crackname search also for deleted objectsMatthieu Patou1-1/+4
2011-08-09s4-dsdb clarify that failure to load the schema items from DRS is expectedAndrew Bartlett1-3/+3
This happens if we have a custom schema - we need to build up the schema until it loads, by converting more objects. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
2011-08-09move schema_fill_constructed() call to dsdb_setup_sorted_accessors()Andrew Bartlett1-5/+7
2011-08-09s4-dsdb Remove unused schema functionAndrew Bartlett1-18/+0
2011-08-09s4-dsdb: added SAMDB_INDEXING_VERSION to @INDEXLISTAndrew Tridgell1-0/+11
this can be used to force re-indexing of samdb when we change something that affects index comparison, in this case the canonicalisation of booleans Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: fixed booling conversion to check value lengthAndrew Tridgell1-11/+14
this ensures we don't look past the end of the data Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: add auto-normalisation of attributesAndrew Tridgell3-3/+57
this auto-normalises some attributes when they are added/modified. The list that we auto-normalise is currently: Boolean INT32 INTEGER UTC_TIME This fixes a problem with groupType being stored in an unnormalised form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure rIDSetReferences is stored as an extended DNAndrew Tridgell2-2/+18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-dsdb: ensure we setup the dn_format field in schema attributesAndrew Tridgell2-31/+40
this ensures we setup dn_format when we do runtime schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-09s4-acl-test: use symbolic names for groupTypeAndrew Tridgell1-11/+16
clearer than magic numbers
2011-08-09s4-dsdb: make extended_dn_in a bit more efficientAndrew Tridgell1-9/+17
checking filter elements in the right order makes it a little faster
2011-08-09s4-dsdb: use dn_format shortcut to find DN formatAndrew Tridgell2-4/+4
this saves some string comparisons
2011-08-07pyldb: Consistently use pyldb_ prefix.Jelmer Vernooij1-11/+10
2011-08-04s4-dsdb: extend the extended_dn_in module to handle DN linksAndrew Tridgell1-44/+104
this replaces DN components in incoming filter expressions with the full extended DN of the target, which allows search expressions based on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way links in search expressions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04s4-dsdb: handle search expressions containing extended DNsAndrew Tridgell2-1/+167
this allows for searches like member=<SID=S-1-2-3> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: added dn_format attribute of a dsdb_attributeAndrew Tridgell3-9/+14
this is faster than string comparisons during searches at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: fixed outgoing one way link DNsAndrew Tridgell2-3/+63
when we return a DN which is a one way link, fix the string DN component by searching for the GUID and replacing the DN components Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04s4-dsdb: setup a one_way_link attribute on schema attributesAndrew Tridgell2-0/+30
this allows us to quickly determine if a DN is a one way link Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: fixed a warning on dsdb_delete()Andrew Tridgell1-1/+1
struct ldb_dn is never const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: make requests for STORAGE_FORMAT control non-criticalAndrew Tridgell1-1/+1
this allows us to use dsdb_module_dn_by_guid() from levels below the extended_dn_out module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-03gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett1-0/+1
gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-08-01remove unnecessary dependency on 'events' from ldb modules.Jelmer Vernooij1-35/+35
2011-07-31s4-kcc: correctly populate the neighbor object when taking information from ↵Matthieu Patou1-0/+3
repsTo Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Jul 31 00:17:17 CEST 2011 on sn-devel-104
2011-07-26s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou1-2/+3
2011-07-21s4-kcc: use dsdb_delete() instead of ldb_delete()Andrew Tridgell1-1/+1
this adds the DSDB_SEARCH_SHOW_DELETED flag, which fixes deletion of deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21s4-dsdb: added dsdb_delete() functionAndrew Tridgell1-0/+30
this gives us a delete function that takes the standard set of dsdb flags Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21s4-dsdb: Use controls provided during the request while searching for object ↵Matthieu Patou1-1/+13
to delete If the parent request specify the show_deleted control we must use it in order to be able to see the deleted objects. Also we just allow to trusted connections with the system account to remove deleted objects, others receive an unwilling to perform.