summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-06-28Implementation of self membership validated right.Nadezhda Ivanova2-1/+131
When this right is granted, the user can add or remove themselves from a group even if they dont have write property right.
2010-06-28s4/drs: re-implement 'renaming' object replicationKamen Mazdrashki1-18/+53
We should rename objects only after we make sure, that changes on the partner DC are newer than what we have. This fixes a bug, when we have following situation with 2 DCs: - we have an object O on the two DCs - we rename (delete) object O on DC1 - DC1 replicates from DC2 In the above scenario, object O will be renamed back to its original name (i.e. it will be restored). Now, we check that DC2 state is older than what we have, so nothing happens with object's DN.
2010-06-26s4:dsdb/ridalloc: add comment about windows behavior regarding rIDUsedPoolStefan Metzmacher1-1/+6
metze
2010-06-25s4/drs: DsReplicaSync should search partition to SyncKamen Mazdrashki2-6/+38
by any valid DSName attribute given, be it - partition DN, partition GUID or partition SID
2010-06-24s4-python: python is not always in /usr/binAndrew Tridgell2-2/+2
Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-23libds:common Remove DS_DC_* domain functionality flagsAndrew Bartlett1-10/+0
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set. Andrew Bartlett
2010-06-23s4:operational LDB module - fix a misleading commentMatthias Dieter Wallnöfer1-1/+2
2010-06-22s4:password_hash LDB module - fix another problem regarding the lanman hashMatthias Dieter Wallnöfer1-13/+16
When a user only provides only the lanman hash (and nothing else) and the lanman authentication is deactivated then we end in an account with no password attribute at all! Lock this down.
2010-06-21s4:dsdb_load_partition_usn - free the right memory context (tmp_ctx)Matthias Dieter Wallnöfer1-2/+1
2010-06-21s4/dsdb: msg_idx->dn should be allocated in msg_idx mem contextKamen Mazdrashki1-1/+1
2010-06-21s4/dsdb: Move schema accessors cleanup in separate functionKamen Mazdrashki1-18/+21
This way dsdb_setup_sorted_accessors() will free memory allocated for accessor arrays correctly in case of failure,
2010-06-21s4/dsdb-schema: Index attributes on msDS-IntId valueKamen Mazdrashki3-7/+28
O(n) search for dsdb_attribute by msDS-IntId value was replaced by binary-search in ordered index. I've choosen the approach of separate index on msDS-IntId values as I think it is more clear what we are searching for. And it should little bit faster as we can clearly determine in which index to perform the search based on ATTID value - ATTIDs based on prefixMap and ATTIDs based on msDS-IntId are in separate ranges. Other way to implement this index was to merge msDS-IntId values in attributeID_id index. This led me to a shorted but not so obvious implementation.
2010-06-20s4:subtree_delete LDB module - now do support tree delete operationsMatthias Dieter Wallnöfer1-9/+45
2010-06-20s4:dsdb - add a new dsdb delete function which understands the tree delete ↵Matthias Dieter Wallnöfer3-2/+62
control
2010-06-20s4:samldb LDB module - remove "samldb_set_defaultObjectCategory"Matthias Dieter Wallnöfer1-78/+0
As far as I can tell and the test show the DN gets now normalised automatically when stored into the database. Anyway, if we find a case where this doesn't happen then I propose to do it centrally for all DN attributes in common since we should get away from special attribute hacks as far as possible.
2010-06-20pydsdb: Mark all SamDB and Schema methods that are in pydsdb asJelmer Vernooij1-15/+15
private, to discourage them being called directly.
2010-06-20s4: Using control bypassoperational allow the logic of this module to be ↵Matthieu Patou1-10/+39
bypassed for some given attributes Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-06-19pydsdb: Move write_prefixes_from_schema_to_ldb to pydsdb from pyglue.Jelmer Vernooij1-0/+26
2010-06-19pydsdb: Move dsdb_set_schema_from_ldb to pydsdb.Jelmer Vernooij1-0/+31
2010-06-19pydsdb: Move set_schema_from_ldif function to pydsdb from pyglue.Jelmer Vernooij1-0/+20
2010-06-19s4:instancetype LDB module - "instanceType" is single-valued - MS-ADTS ↵Matthias Dieter Wallnöfer1-2/+12
3.1.1.5.2.2
2010-06-19s4:objectclass LDB module - disable delete operations when ↵Matthias Dieter Wallnöfer1-5/+80
"SYSTEM_FLAG_DISALLOW_DELETE" is specified
2010-06-19s4:rootdse LDB module - strip trailing whitespacesMatthias Dieter Wallnöfer1-24/+24
2010-06-19s4:rootdse LDB module - protect add and delete operations on the rootdse entryMatthias Dieter Wallnöfer1-4/+34
2010-06-19s4:rootdse LDB module - Return "UNWILLING_TO_PERFORM" when no attribute fits ↵Matthias Dieter Wallnöfer1-1/+2
on a change
2010-06-19s4:rootdse LDB module - refactor error messagesMatthias Dieter Wallnöfer1-24/+29
Fix indentations, use "set_errstring" when no "asprintf" functionality required.
2010-06-19s4:objectclass LDB module - use the old DN when displaying error messagesMatthias Dieter Wallnöfer1-2/+2
2010-06-19s4:objectclass LDB module - add a better message when the parent DN is invalidMatthias Dieter Wallnöfer1-2/+3
2010-06-19s4:objectclass LDB module - add an error message when someone tries to add ↵Matthias Dieter Wallnöfer1-3/+4
entries without objectclasses
2010-06-19s4:objectclass LDB module - handle the case when there is a retry to add the ↵Matthias Dieter Wallnöfer1-0/+26
root basedn This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a very special referral: one with the DN itself and the hostname is the last component value of the DN.
2010-06-19dsdb: Fix includes when building against system ldb.Jelmer Vernooij2-0/+4
2010-06-19dsdb: Use Samba includes so _PUBLIC_ is defined.Jelmer Vernooij2-2/+2
2010-06-19dsdb: Make module ops struct for each module public.Jelmer Vernooij7-8/+6
2010-06-18s4:objectclass LDB module - move "mem_ctx" initialisation lowerMatthias Dieter Wallnöfer1-16/+11
Saves us some "talloc_free"s on error cases
2010-06-16s4: Fix build when there is a system-provided ldb.Jelmer Vernooij1-1/+1
2010-06-16s4:linked attributes LDB module - strip trailing whitespacesMatthias Dieter Wallnöfer1-35/+35
2010-06-16s4:linked_attributes LDB module - cosmeticsMatthias Dieter Wallnöfer1-12/+10
- unsigned counters for LDB objects - we tend to have the "ret" variable always as the last declaration to see which type of error a function returns
2010-06-16s4:lib: merge LDB_WRAP and LDBSAMBA and make LDBSAMBA a library.Stefan Metzmacher1-1/+1
This is needed to remove samba specifc symbols from the bundled ldb, in order to get the ABI right. metze Signed-off-by: Andreas Schneider <asn@samba.org>
2010-06-16s4:dsdb Allow renames with (now removed) linked attributesAndrew Bartlett1-3/+11
It is important to allow the rename, even if we just have one-way links, as this happens on deleted objects, which have the backlinks alredy removed by repl_meta_data. Andrew Bartlett
2010-06-16s4:dsdb Fix linked_attributes to cope with the Feb 2010 changes to DLISTAndrew Bartlett1-2/+6
The DLIST macros changed in behaviour in Feb 2010, and walking the lists backwards is no longer safe if you don't use the macros. Andrew Bartlett
2010-06-16s4:dsdb Assert that we can't get backlinks as input in linked_attributesAndrew Bartlett1-2/+15
The objectclass_attr module should prevent users creating such links, and the mrepl_meta_data module should only create them in functional level 2003 or above. Andrew Bartlett
2010-06-16s4:dsdb use dsdb_module_modify() rather than ldb_next_request()Andrew Bartlett1-22/+2
This does exactly the same thing, but with less code. Andrew Bartlett
2010-06-16s4:dsdb Handle backlinks for Windows 2000 level linked attributesAndrew Bartlett2-12/+928
This revives the code from 5964acfa741d691c0196f91c0796122ec025f177, before tridge and I simplified this too much, and removed the Windows 2000 functional level linked attribute support. By telling the linked_attributes module that repl_meta_data has handled the links, we avoid a conflict for the new style (functional level 2003 and above) linked attributes. However, we still need backlinks for 2000 style linked attributes, so this allows that code in the linked_attributes module to be revived to handle those. Andrew Bartlett
2010-06-16s4:dsdb Add control for signaling between repl_meta_data and linked_attributesAndrew Bartlett2-0/+6
This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett
2010-06-15dsdb: Fix includes when building against system ldb.Jelmer Vernooij5-44/+45
2010-06-15dsdb: Build modules as external modules when using system ldb.Jelmer Vernooij1-3/+37
2010-06-15s4:dsdb Move linked attribute restrictions to objectclass_attrsAndrew Bartlett1-0/+9
This puts more of the schema restrictions in one place. Andrew Bartlett
2010-06-15s4:dsdb Add const to dsdb_dn functions that operate on an ldb_val.Andrew Bartlett1-2/+2
Andrew Bartlett
2010-06-15s4:provision Allow a specific prefix map to be loaded into a new schema ↵Andrew Bartlett1-1/+1
provision This allows the prefixMap from a DRS server to be used when loading the schema from the local files. This helps us then import other schema with this map in place. Andrew Bartlett Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
2010-06-15s4:dsdb Allow the setting an override on the schemaAndrew Bartlett2-6/+23
The change here is to try and convert a per the previous rules, but if we don't know a particular OID as a attributeID, then store it as an OID (for example). This allows known values to be converted as before, but still copes with unknown values. Andrew Bartlett Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>