summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2011-08-04s4-dsdb: handle search expressions containing extended DNsAndrew Tridgell2-1/+167
this allows for searches like member=<SID=S-1-2-3> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: added dn_format attribute of a dsdb_attributeAndrew Tridgell3-9/+14
this is faster than string comparisons during searches at runtime Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: fixed outgoing one way link DNsAndrew Tridgell2-3/+63
when we return a DN which is a one way link, fix the string DN component by searching for the GUID and replacing the DN components Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04s4-dsdb: setup a one_way_link attribute on schema attributesAndrew Tridgell2-0/+30
this allows us to quickly determine if a DN is a one way link Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: fixed a warning on dsdb_delete()Andrew Tridgell1-1/+1
struct ldb_dn is never const Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-04s4-dsdb: make requests for STORAGE_FORMAT control non-criticalAndrew Tridgell1-1/+1
this allows us to use dsdb_module_dn_by_guid() from levels below the extended_dn_out module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-03gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett1-0/+1
gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-08-01remove unnecessary dependency on 'events' from ldb modules.Jelmer Vernooij1-35/+35
2011-07-31s4-kcc: correctly populate the neighbor object when taking information from ↵Matthieu Patou1-0/+3
repsTo Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Jul 31 00:17:17 CEST 2011 on sn-devel-104
2011-07-26s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou1-2/+3
2011-07-21s4-kcc: use dsdb_delete() instead of ldb_delete()Andrew Tridgell1-1/+1
this adds the DSDB_SEARCH_SHOW_DELETED flag, which fixes deletion of deleted objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21s4-dsdb: added dsdb_delete() functionAndrew Tridgell1-0/+30
this gives us a delete function that takes the standard set of dsdb flags Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21s4-dsdb: Use controls provided during the request while searching for object ↵Matthieu Patou1-1/+13
to delete If the parent request specify the show_deleted control we must use it in order to be able to see the deleted objects. Also we just allow to trusted connections with the system account to remove deleted objects, others receive an unwilling to perform.
2011-07-21s4-dsdb: check group membership only for non deleted objectsMatthieu Patou1-2/+9
Group membership has been already removed on deleted objects so there is no mean doing something on this kind of object.
2011-07-21update/add my copyrightMatthieu Patou4-0/+4
2011-07-21s4-dsdb: In rootdse add extended dn info on all values for a given attributeMatthieu Patou1-57/+66
And not only on the fist value as it was the case up to this changeset.
2011-07-21s4-dsdb: add dsdb_module_extended function similar to other dsdb_module_* ↵Matthieu Patou1-0/+61
functions
2011-07-21s4-schema: add systemFlags to dsdb classes objectsMatthieu Patou2-0/+2
2011-07-14Add intrasite code test switchDave Craft2-0/+9
kcc_service struct gets a intrasite_code boolean that is filled in via parametric parameter kccsrv:intrasite = [true/false] in smb.conf. This will allow us to continue to utilize old simple KCC topology as continuing default while newer intra-site topology matures further. Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Jul 14 00:19:12 CEST 2011 on sn-devel-104
2011-07-14Add kccsrv_add_repsFrom() possibility of NULL res argumentDave Craft1-2/+2
We need the ability to utilize this function in a different manner. KCC intra-site topology has already vetted the replica as being appropriate to produce a repsFrom from. We do not want kccsrv_add_repsFrom() to produce further checking as was the case for simple topology. Thus if we pass a NULL (res) parameter this extra check will be skipped. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14Remove static to allow availability to other KCC filesDave Craft1-4/+4
kccsrv_replica_flags() and kccsrv_add_repsFrom() need to be available to functions outside kcc_periodic.c Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14kcc_connection invocation_id added to structDave Craft1-0/+1
Utilized by KCC to carry the invocation id of the NTDSDSA that we are replicating the name context from. Utilized when NTDSConnection is created (much like dsa_guid tracks the NTDSDSA objectGUID that we are replicating the name context from). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14KCC NTDSConnection should utilize NTDSCONN_OPT_IS_GENERATEDDave Craft1-1/+9
Previously this set an explicit (0x1) value whereas it can now utilize NTDSCONN_OPT_IS_GENERATED from flags.h Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14Standalone samdb_ntds_site_settings_options() helperDave Craft1-0/+48
A helper function for retrieving the ntds site settings via standalone function call. Used within KCC Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14NTDSConnection and NTDSA Site setting flagsDave Craft1-8/+0
Flags that were missing from flags.h or were incorrectly defined inline to the kcc_topology.c code (and thus unusable elsewhere). These are the NTDSConnection and NTDSDSA Site settings flags. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-13s4-dsdb: fixed the defaultObjectCategory to have a full GUIDAndrew Tridgell1-0/+24
this fixes the DN to have a full GUID for new objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
2011-07-13s4-dsdb: another special case for the "member" attributeAndrew Tridgell1-1/+6
thanks to Matthias for his great test suite work! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb Don't process deletion of member attributes here.Andrew Bartlett1-0/+9
We don't need to compare the delete against the primaryGroupID check here - that test is for adds. Andrew Bartlett
2011-07-13dsdb: fixed special case of zero NTTIMEAndrew Tridgell1-0/+20
we can't convert 0 NTTIME via a unix time_t Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb: fixed modify of ACLs on deleted objectsAndrew Tridgell1-2/+4
this is needed for the dbcheck code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb: raise debug level for backlink errorsAndrew Tridgell1-1/+1
when dbcheck is fixing missing backlinks we don't want a DEBUG 0 message Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13pydsdb: added get_backlink_from_lDAPDisplayName()Andrew Tridgell1-0/+45
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13s4-dsdb: moved checking of duplicate member entries to repl_meta_data.cAndrew Tridgell2-35/+20
the samldb checks failed to account for the possibility of a member being removed and added in the same modify operation. This happens (for example) when dbcheck is fixing a SID in a DN. The repl_meta_data.c code already has this check, it just wasn't giving the right specialised error code for the 'member' attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-11dsdb: added get_lDAPDisplayName_by_attidAndrew Tridgell1-0/+33
this allows conversion from a DRS attribute ID to a LDAP display name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-11s4-dirsync: do not return linked attribute if the target object is no moreMatthieu Patou1-0/+29
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: allow objectsid to be specified in a modification operationMatthieu Patou1-3/+5
if we have the provision control, it's used by dbcheck Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-python: Add functions to get linkid and systemflags of an attributeMatthieu Patou1-0/+68
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: if the provision control is specified, update replication metadata ↵Matthieu Patou1-1/+7
even if the data hasn't change Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: when replacing linked attribute take always the new dn as the old ↵Matthieu Patou1-1/+1
dn might be broken The usual use case is that you have a not complete linked attribute (ie. without the SID) if we keep using the old dn, then the SID will never be added. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: check for single valued attribute in repl_meta_data moduleMatthieu Patou1-0/+11
This is needed because we can have more than 1 value in a single valued attribute as we store also deleted values. So we do the check in repl_meta_data and then indicate LDB to do the check. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s4-dsdb: deleted objects are expected to be missing mandatory attributesAndrew Tridgell1-1/+2
the objectclass_attrs validation that an object contains all mandatory attributes is incorrect for deleted objects, as they get stripped of some mandatory attributes when deleted (for example, objectCategory gets stripped) Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-11s4-dsdb: fixed crash bug in extended_dn_inAndrew Tridgell1-2/+4
when extended_dn_in fails to resolve a GUID extended DN component, the debug code assumed that it was a search operation, and accessed ac->req->op.search.base, which is not valid for non-search DN expansions. Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-05s4-dsdb: allow removal of unknown attributes if RELAX setAndrew Tridgell2-2/+21
this allows attributes not known in the schema to be removed if the caller has set the RELAX control. This will be used by dbcheck to allow cleaning of bad attributes from the database
2011-07-01s4-dsdb guard principalName parse for invalid inputsAndrew Bartlett1-1/+6
We need to ensure that if this parses name.name_string as just one val, then we don't read uninitialised and possibly unallocated memory. Found by Adam Thorn <alt36@cam.ac.uk> While we are checking that, we need to fix the strncasecmp() check to first check if the string is the expected length, then check for a match against sAMAccountName-without-doller, as otherwise we will permit a string such as machinefoo to match a sAMAccountName of machine. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 1 03:55:00 CEST 2011 on sn-devel-104
2011-07-01s4-dsdb Allow a servicePrincipalName of machine$Andrew Bartlett1-0/+6
This is pointless, but MacOS X (version 10.6.8 was tested) apparently sets machine$ into this field. Andrew Bartlett
2011-06-22s4-schema: avoid segfaulting if id3.guid is NULLMatthieu Patou1-2/+1
2011-06-22s4-dsdb: bypass validation when relax setAndrew Tridgell1-1/+2
this allows dbcheck to fix bad attributes Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
2011-06-22s4-dsdb: prioritise GUID in extended_dn_inAndrew Tridgell1-8/+11
if we search with a base DN that has both a GUID and a SID, then use the GUID first. This matters for the S-1-5-17 SID. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4-dsdb: catch duplicate matches in extended_dn_inAndrew Tridgell1-0/+12
When searching using extended DNs, if there are multiple matches then return an object not found error. This is needed for the case of a duplicate objectSid, which happens for S-1-5-17 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22pydsdb: added get_syntax_oid_from_lDAPDisplayName()Andrew Tridgell1-0/+40
this gives you access to the syntax oid of an attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>