Age | Commit message (Collapse) | Author | Files | Lines |
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Dec 22 13:05:53 CET 2010 on sn-devel-104
|
|
Test setting spn on RWDC, RODC and regular computer object.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
|
|
If this right is granted to a user, they may modify the SPN of an object with some value restrictions
serviceName can be set only if the object is a DC, and then only to the default domain and netbios name, or ntds_guid._msdsc_.forest_domain. If the serviceType is GC, only to the forest root domain. If the serviceType is ldap, then to forest_domain or netbiosname.
InstanceType can be samAccountName or dnsHostName.
|
|
|
|
We now just do or do not call into LDB based on some flags.
This means there may be some more link time dependencies, but we seem
to deal with those better now.
Andrew Bartlett
|
|
This reverts a previous move to have this based around the auth
subsystem, which just spread auth deps all over unrelated code.
Andrew Bartlett
|
|
These local TDB operations can quite safely be handled in a new/nested
event context, rather than using the main event context.
Andrew Bartlett
|
|
|
|
|
|
This version reverts changes from commit b974966cc2b4d0b5b0d83206070b5f7c5c6495d1
and is what Matthieu Patou had commited in d784ecec555a3d9737e6f4b3894f27904d2b833c
with added reference to the schema cache.
I think referencing schema here is the right thing to be done
as thus we garantee that schema cache will stay in memory
for the time our function is executed
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Dec 20 12:01:53 CET 2010 on sn-devel-104
|
|
everything is OK
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Dec 18 05:53:48 CET 2010 on sn-devel-104
|
|
Just 'refresh_fn' and 'loaded_from_module' are copied.
I left 'reload_seq_number' set to 0 intentionally, so that
this Schema cache will looks like a very old one to ,refresh_fn'.
This way, if this shallow copy is attached to LDB, it will be
refreshed as soon as possible by 'refresh_fn'.
|
|
We need to do this as dsdb_reference_schema() function
clears "use_global_schema" ldb flag.
Basically what is going to happen is that after dsdb_reference_schema()
global_schema pointer will continue to point at old schema cache,
while "dsdb_schema" for LDB will point at the working_schema.
After replication is done, we reset "dsdb_schema" for the ldb
with an updated Schema cache, but this leaves global_schema pointer
with its old value, which is not up to date.
So we need to call dsdb_make_schema_global() again so that global_schema
points to a valid Schema cache.
|
|
This reverts commit 25163380239abbad28f1656c42e6fab1b92473d9 because
further analyis showed the real problem was introduced in 0941099a
(which changed the caller behaviour, but only for indexed searches).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Dec 18 02:19:59 CET 2010 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 18 01:33:24 CET 2010 on sn-devel-104
|
|
|
|
working_schema is a shallow copy of current schema and thus
depends on part of it. So we want it to be around as long as
working_schema is used.
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Fri Dec 17 23:34:29 CET 2010 on sn-devel-104
|
|
|
|
We need to make LDB consistent here (indexed vs unindexed behaviour
differs here!), but for the moment this is the easiest way out of a
segfault.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 16 06:42:56 CET 2010 on sn-devel-104
|
|
|
|
|
|
|
|
system_session()
Otherwise system_session() creates a LoadParm() instance
which resets certain global parameters to their defaults
from smb.conf ("log level" for instance)
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
|
|
If we get such an msDs-IntId value, then we should just use it,
there is no mapping available for such values
|
|
_dsdb_syntax_OID_oid_drsuapi_to_ldb() fails
I haven't found a way to test this function during replication so far,
but when I do, it will be useful to notice this error in the log file
|
|
Without this check, receiving empty replica leads to a situation
where we left with a working_schema attached to the ldb.
The problem here is that working_schema is not fully functional
schema cache and keeping it attached to the ldb may lead
to modules failing to accomplish their jobs
|
|
|
|
remote-ATTID to local one
We may have no prefix for the remote ATTID (remote OID strictly speaking)
So this is the place for us to update our local prefixMap
adding a prefix for the numeric OID we've recived
|
|
|
|
while committing objects
working_schema is to be used while committing a Schema replica.
When we replicate Schema, then we most probably won't be
able to convert all replicated objects using the current
Schema cache (as we don't know anything about those new objects).
Thus, during Schema replication, we make a temporary
working_schema that contains both our current Schema +
all objects we get on the wire.
When we commit those new objects, we should use our working_schema
(by setting it to the ldb), and after all changes are commited,
we can refresh the schema cache so we have a brand new,
full-featured Schema cache
|
|
in dsdb_attribute_drsuapi_to_ldb() function.
drsuapi_DsReplicaAttribute *in parameter come from remote DC
so we can't rely on in->attid to map it directly to an
dsdb_attribute in our local schema cache
|
|
Without this change, when a schema is set to ldb, the
effect is that dsdb_get_schema() returns global_schema
preferably.
Thus we end up with two schemas in effect:
- global one, which is the old one and it is still used everywhere
- new one, which is just cached in ldb, but can't be used, as
there is no way to access it
|
|
used
Make it much harder to import bad data into the password attributes.
This isn't 100% safe, but much better than no checks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 13 16:17:36 CET 2010 on sn-devel-104
|
|
metze
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 23:40:17 CET 2010 on sn-devel-104
|
|
"ldb_private.h" is private and therefore might not always be available.
|
|
Py_RETURN_NONE
This was only thought for Python 2.3 which we generally no longer support (only
pyldb in the LDB library is an exception).
|
|
- Remove memory contexts when not really useful (if only one allocation)
- Try to find out OOM conditions and return correct error codes
- Move the parameter parsing always to the beginning (to prevent
unneeded allocations in case of errors)
|
|
This is consistent with the test names used by selftest, should
make the names less confusing and easier to integrate with other tools.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Dec 10 11:03:28 CET 2010 on sn-devel-104
|
|
|
|
one using this result message.
No need to reference as no one further up the stack uses the result, it is the result of a secondary request sent by aclread.
As a result from code review by Kamen Mazdrashki and Anatoliy Atanasov
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 15:01:51 CET 2010 on sn-devel-104
|
|
this is only set when rpath is used on install. It ensures that
applications that link against Samba libraries get the rpath right
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
|
|
Instead of using ldb_msg_remove_attr, now we are flagging the attributes to be removed,
and allocating the new elements array to be returned at once. This seems to decrease the
overhead by 50 percent.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 12:00:27 CET 2010 on sn-devel-104
|
|
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Dec 6 16:48:35 CET 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Dec 6 15:11:44 CET 2010 on sn-devel-104
|
|
Modified the aclread module to now insert the attributes needed to perform access checks in the same request,
instead of doind a separate search per entry. Also, instanceType is now used to determine id the object has a parent
instead of parentGUID, which saves one additional search in operational.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Dec 6 13:50:19 CET 2010 on sn-devel-104
|
|
The aclread needs to be belod descriptor, as it needs to have the full nTsecurityDescriptor to make the
checks, and the descriptor module may filter out parts of it if SD_FLAGS_CONTROL is provided.
|
|
|