Age | Commit message (Collapse) | Author | Files | Lines |
|
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows us to quickly determine if a DN is a one way link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
struct ldb_dn is never const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
|
|
repsTo
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Jul 31 00:17:17 CEST 2011 on sn-devel-104
|
|
|
|
this adds the DSDB_SEARCH_SHOW_DELETED flag, which fixes deletion of
deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives us a delete function that takes the standard set of dsdb
flags
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
to delete
If the parent request specify the show_deleted control we must use it in
order to be able to see the deleted objects.
Also we just allow to trusted connections with the system account to
remove deleted objects, others receive an unwilling to perform.
|
|
Group membership has been already removed on deleted objects so there is
no mean doing something on this kind of object.
|
|
|
|
And not only on the fist value as it was the case up to this changeset.
|
|
functions
|
|
|
|
kcc_service struct gets a intrasite_code
boolean that is filled in via parametric parameter
kccsrv:intrasite = [true/false] in smb.conf. This
will allow us to continue to utilize old simple
KCC topology as continuing default while newer
intra-site topology matures further.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Jul 14 00:19:12 CEST 2011 on sn-devel-104
|
|
We need the ability to utilize this function in a different
manner. KCC intra-site topology has already vetted the
replica as being appropriate to produce a repsFrom from.
We do not want kccsrv_add_repsFrom() to produce further
checking as was the case for simple topology. Thus if
we pass a NULL (res) parameter this extra check will
be skipped.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
kccsrv_replica_flags() and
kccsrv_add_repsFrom() need to be available to functions
outside kcc_periodic.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Utilized by KCC to carry the invocation id of the NTDSDSA
that we are replicating the name context from. Utilized
when NTDSConnection is created (much like dsa_guid tracks
the NTDSDSA objectGUID that we are replicating the name
context from).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Previously this set an explicit (0x1) value whereas it
can now utilize NTDSCONN_OPT_IS_GENERATED from flags.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
A helper function for retrieving the ntds site settings
via standalone function call. Used within KCC
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Flags that were missing from flags.h or were incorrectly
defined inline to the kcc_topology.c code (and thus unusable
elsewhere). These are the NTDSConnection and NTDSDSA Site
settings flags.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this fixes the DN to have a full GUID for new objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
|
|
thanks to Matthias for his great test suite work!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We don't need to compare the delete against the primaryGroupID check
here - that test is for adds.
Andrew Bartlett
|
|
we can't convert 0 NTTIME via a unix time_t
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is needed for the dbcheck code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when dbcheck is fixing missing backlinks we don't want a DEBUG 0
message
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
the samldb checks failed to account for the possibility of a member
being removed and added in the same modify operation. This happens
(for example) when dbcheck is fixing a SID in a DN.
The repl_meta_data.c code already has this check, it just wasn't
giving the right specialised error code for the 'member' attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows conversion from a DRS attribute ID to a LDAP display name
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
if we have the provision control, it's used by dbcheck
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
even if the data hasn't change
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
dn might be broken
The usual use case is that you have a not complete linked attribute (ie.
without the SID) if we keep using the old dn, then the SID will never be
added.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is needed because we can have more than 1 value in a single valued
attribute as we store also deleted values. So we do the check in repl_meta_data
and then indicate LDB to do the check.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
the objectclass_attrs validation that an object contains all mandatory
attributes is incorrect for deleted objects, as they get stripped of
some mandatory attributes when deleted (for example, objectCategory
gets stripped)
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
when extended_dn_in fails to resolve a GUID extended DN component, the
debug code assumed that it was a search operation, and accessed
ac->req->op.search.base, which is not valid for non-search DN
expansions.
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows attributes not known in the schema to be removed if the
caller has set the RELAX control. This will be used by dbcheck to
allow cleaning of bad attributes from the database
|
|
We need to ensure that if this parses name.name_string as just one
val, then we don't read uninitialised and possibly unallocated memory.
Found by Adam Thorn <alt36@cam.ac.uk>
While we are checking that, we need to fix the strncasecmp() check to
first check if the string is the expected length, then check for a
match against sAMAccountName-without-doller, as otherwise we will
permit a string such as machinefoo to match a sAMAccountName of
machine.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jul 1 03:55:00 CEST 2011 on sn-devel-104
|
|
This is pointless, but MacOS X (version 10.6.8 was tested) apparently
sets machine$ into this field.
Andrew Bartlett
|
|
|
|
this allows dbcheck to fix bad attributes
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
|
|
if we search with a base DN that has both a GUID and a SID, then use
the GUID first. This matters for the S-1-5-17 SID.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When searching using extended DNs, if there are multiple matches then
return an object not found error. This is needed for the case of a
duplicate objectSid, which happens for S-1-5-17
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives you access to the syntax oid of an attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|