summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-12-22dsdb:ldap.py - transform a test call into the new "msg.add" syntaxMatthias Dieter Wallnöfer1-8/+5
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Dec 22 13:05:53 CET 2010 on sn-devel-104
2010-12-22s4-tests: Tests for Validated-SPN implementation.Nadezhda Ivanova1-14/+274
Test setting spn on RWDC, RODC and regular computer object. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
2010-12-22s4-acl: Implementation of Validated-SPN validated writeNadezhda Ivanova1-0/+215
If this right is granted to a user, they may modify the SPN of an object with some value restrictions serviceName can be set only if the object is a DC, and then only to the default domain and netbios name, or ntds_guid._msdsc_.forest_domain. If the serviceType is GC, only to the forest root domain. If the serviceType is ldap, then to forest_domain or netbiosname. InstanceType can be samAccountName or dnsHostName.
2010-12-22s4-dsdb: Added a helper function to get the default dns domain as string.Nadezhda Ivanova1-0/+19
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett1-5/+22
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett1-1/+1
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-12-21s4-auth Remove event context from privilage database handlingAndrew Bartlett2-7/+4
These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
2010-12-21s4:dsdb/schema/schema_* - adaptions needed for removed "const" on OIDsMatthias Dieter Wallnöfer2-2/+5
2010-12-21s4:dsdb/common/util.c - remove unused variable "ndr_err"Matthias Dieter Wallnöfer1-1/+0
2010-12-20s4-pydsdb: Use local memory context in py_dsdb_get_oid_from_attid()Kamen Mazdrashki1-4/+16
This version reverts changes from commit b974966cc2b4d0b5b0d83206070b5f7c5c6495d1 and is what Matthieu Patou had commited in d784ecec555a3d9737e6f4b3894f27904d2b833c with added reference to the schema cache. I think referencing schema here is the right thing to be done as thus we garantee that schema cache will stay in memory for the time our function is executed Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Mon Dec 20 12:01:53 CET 2010 on sn-devel-104
2010-12-18s4-drepl: During Schema replication, we need to save updated prefixMap if ↵Kamen Mazdrashki1-0/+18
everything is OK Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sat Dec 18 05:53:48 CET 2010 on sn-devel-104
2010-12-18s4-dsdb_schema: Copy info needed for Schema refresh in dsdb_schema_copy_shallowKamen Mazdrashki1-0/+4
Just 'refresh_fn' and 'loaded_from_module' are copied. I left 'reload_seq_number' set to 0 intentionally, so that this Schema cache will looks like a very old one to ,refresh_fn'. This way, if this shallow copy is attached to LDB, it will be refreshed as soon as possible by 'refresh_fn'.
2010-12-18s4-drepl: Make refreshed schema a global oneKamen Mazdrashki1-0/+7
We need to do this as dsdb_reference_schema() function clears "use_global_schema" ldb flag. Basically what is going to happen is that after dsdb_reference_schema() global_schema pointer will continue to point at old schema cache, while "dsdb_schema" for LDB will point at the working_schema. After replication is done, we reset "dsdb_schema" for the ldb with an updated Schema cache, but this leaves global_schema pointer with its old value, which is not up to date. So we need to call dsdb_make_schema_global() again so that global_schema points to a valid Schema cache.
2010-12-18Revert "s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later"Andrew Bartlett1-0/+1
This reverts commit 25163380239abbad28f1656c42e6fab1b92473d9 because further analyis showed the real problem was introduced in 0941099a (which changed the caller behaviour, but only for indexed searches). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Dec 18 02:19:59 CET 2010 on sn-devel-104
2010-12-18ldb: Rename controls_except_specified -> ldb_controls_except_specified.Jelmer Vernooij1-2/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 18 01:33:24 CET 2010 on sn-devel-104
2010-12-18ldb: Rename last instance of save_controls -> ldb_save_controls.Jelmer Vernooij1-1/+1
2010-12-17s4-drepl: Reference current Schema cache into working_schema contextKamen Mazdrashki1-1/+1
working_schema is a shallow copy of current schema and thus depends on part of it. So we want it to be around as long as working_schema is used. Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Fri Dec 17 23:34:29 CET 2010 on sn-devel-104
2010-12-17s4-drepl: Fix log message to be shown on its own lineKamen Mazdrashki1-1/+1
2010-12-16s4-dsdb Don't talloc_free() ares on failure, as LDB might free it laterAndrew Bartlett1-1/+0
We need to make LDB consistent here (indexed vs unindexed behaviour differs here!), but for the moment this is the easiest way out of a segfault. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 16 06:42:56 CET 2010 on sn-devel-104
2010-12-16s4-dsdb Use sid_blob_parse()Andrew Bartlett1-3/+3
2010-12-15s4-tests: Added tests for LDAP add/delete/modify using anonymous login.Nadezhda Ivanova1-8/+50
2010-12-15s4-dsdb: Fixed incorrect LDAP return code when anonymous login is used.Nadezhda Ivanova1-1/+1
2010-12-15s4-dsdb/tests/python: Explicitly pass comamnd line LoadParm() instance to ↵Kamen Mazdrashki9-10/+10
system_session() Otherwise system_session() creates a LoadParm() instance which resets certain global parameters to their defaults from smb.conf ("log level" for instance) Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
2010-12-15s4-dsdb_schema: Handle remote ATTIDs based on msDs-IntId valueKamen Mazdrashki1-4/+17
If we get such an msDs-IntId value, then we should just use it, there is no mapping available for such values
2010-12-15s4-schema_syntax: Log error message when ↵Kamen Mazdrashki1-1/+5
_dsdb_syntax_OID_oid_drsuapi_to_ldb() fails I haven't found a way to test this function during replication so far, but when I do, it will be useful to notice this error in the log file
2010-12-15s4-drepl: We won't need a working schema for empty replicas sent.Kamen Mazdrashki1-2/+5
Without this check, receiving empty replica leads to a situation where we left with a working_schema attached to the ldb. The problem here is that working_schema is not fully functional schema cache and keeping it attached to the ldb may lead to modules failing to accomplish their jobs
2010-12-15s4-dsdb_schema: We need base_dn in Schema's shallow copy tooKamen Mazdrashki1-1/+7
2010-12-15s4-schema_syntax: We should use make_ATTID function when converting ↵Kamen Mazdrashki1-1/+1
remote-ATTID to local one We may have no prefix for the remote ATTID (remote OID strictly speaking) So this is the place for us to update our local prefixMap adding a prefix for the numeric OID we've recived
2010-12-15s4-drepl: User working schema for commiting objects when replicating Schema NCKamen Mazdrashki1-6/+4
2010-12-15s4-repl: Allow dsdb_replicated_objects_commit() to use different schema ↵Kamen Mazdrashki2-0/+57
while committing objects working_schema is to be used while committing a Schema replica. When we replicate Schema, then we most probably won't be able to convert all replicated objects using the current Schema cache (as we don't know anything about those new objects). Thus, during Schema replication, we make a temporary working_schema that contains both our current Schema + all objects we get on the wire. When we commit those new objects, we should use our working_schema (by setting it to the ldb), and after all changes are commited, we can refresh the schema cache so we have a brand new, full-featured Schema cache
2010-12-15s4-schema_syntax: Use remote prefixMap to map remote ATTID to local oneKamen Mazdrashki1-5/+13
in dsdb_attribute_drsuapi_to_ldb() function. drsuapi_DsReplicaAttribute *in parameter come from remote DC so we can't rely on in->attid to map it directly to an dsdb_attribute in our local schema cache
2010-12-15s4-dsdb_schema: Seize using global_schema when referencing new schema for an LDBKamen Mazdrashki1-0/+6
Without this change, when a schema is set to ldb, the effect is that dsdb_get_schema() returns global_schema preferably. Thus we end up with two schemas in effect: - global one, which is the old one and it is still used everywhere - new one, which is just cached in ldb, but can't be used, as there is no way to access it
2010-12-13s4:dsdb:password_hash: verify content if the BYPASS_PASSWORD_HASH control is ↵Stefan Metzmacher1-2/+395
used Make it much harder to import bad data into the password attributes. This isn't 100% safe, but much better than no checks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Dec 13 16:17:36 CET 2010 on sn-devel-104
2010-12-13s4:dsdb:util: dsdb_get_single_valued_attr() only needs a const ldb_messagesStefan Metzmacher1-1/+1
metze
2010-12-12s4:dsdb/pydsdb.c - don't throw another exception on "PyObject_AsDn"Matthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 23:40:17 CET 2010 on sn-devel-104
2010-12-12ldb:pyldb.h - revert to the previous header behaviourMatthias Dieter Wallnöfer1-1/+3
"ldb_private.h" is private and therefore might not always be available.
2010-12-12s4:dsdb/pydsdb.c and web_server/wsgi.c - remove accidentally introduced ↵Matthias Dieter Wallnöfer1-4/+0
Py_RETURN_NONE This was only thought for Python 2.3 which we generally no longer support (only pyldb in the LDB library is an exception).
2010-12-12s4:dsdb/pydsdb.c - clean up memory handlingMatthias Dieter Wallnöfer1-54/+70
- Remove memory contexts when not really useful (if only one allocation) - Try to find out OOM conditions and return correct error codes - Move the parameter parsing always to the beginning (to prevent unneeded allocations in case of errors)
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij2-5/+5
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-10s4-tests: Modified sec_descriptor.py to use the sd_utils helpers.Nadezhda Ivanova1-208/+171
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Dec 10 11:03:28 CET 2010 on sn-devel-104
2010-12-10s4-tests: Modified acl.py to use the sd_utils helpers.Nadezhda Ivanova1-127/+86
2010-12-08s4-acl: Replaced talloc_reference with talloc_steal, as aclread is the only ↵Nadezhda Ivanova1-6/+3
one using this result message. No need to reference as no one further up the stack uses the result, it is the result of a secondary request sent by aclread. As a result from code review by Kamen Mazdrashki and Anatoliy Atanasov Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 8 15:01:51 CET 2010 on sn-devel-104
2010-12-08s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell1-1/+1
this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
2010-12-08s4-acl: Changed the mechanism of attribute removal to speed it up.Nadezhda Ivanova1-41/+88
Instead of using ldb_msg_remove_attr, now we are flagging the attributes to be removed, and allocating the new elements array to be returned at once. This seems to decrease the overhead by 50 percent. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 8 12:00:27 CET 2010 on sn-devel-104
2010-12-08s4-dsdb: register samba handlers in dsdb moduleAndrew Tridgell1-0/+6
2010-12-06s4-acl: Remove unused variables from aclread module.Nadezhda Ivanova1-8/+0
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Dec 6 16:48:35 CET 2010 on sn-devel-104
2010-12-06s4:acl_read LDB module - fix attributes listMatthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Dec 6 15:11:44 CET 2010 on sn-devel-104
2010-12-06s4-acl: Some optimisation of the aclread moduleNadezhda Ivanova1-58/+75
Modified the aclread module to now insert the attributes needed to perform access checks in the same request, instead of doind a separate search per entry. Also, instanceType is now used to determine id the object has a parent instead of parentGUID, which saves one additional search in operational. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Dec 6 13:50:19 CET 2010 on sn-devel-104
2010-12-06s4-acl: Moved aclread module below descriptor and acl.Nadezhda Ivanova1-1/+1
The aclread needs to be belod descriptor, as it needs to have the full nTsecurityDescriptor to make the checks, and the descriptor module may filter out parts of it if SD_FLAGS_CONTROL is provided.
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer2-15/+21