| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
this can be used to force re-indexing of samdb when we change
something that affects index comparison, in this case the
canonicalisation of booleans
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this ensures we don't look past the end of the data
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this auto-normalises some attributes when they are added/modified. The
list that we auto-normalise is currently:
Boolean
INT32
INTEGER
UTC_TIME
This fixes a problem with groupType being stored in an unnormalised
form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this ensures we setup dn_format when we do runtime schema changes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
clearer than magic numbers
|
|
checking filter elements in the right order makes it a little faster
|
|
this saves some string comparisons
|
|
|
|
this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way
links in search expressions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows us to quickly determine if a DN is a one way link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
struct ldb_dn is never const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
|
|
repsTo
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Jul 31 00:17:17 CEST 2011 on sn-devel-104
|
|
|
|
this adds the DSDB_SEARCH_SHOW_DELETED flag, which fixes deletion of
deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives us a delete function that takes the standard set of dsdb
flags
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
to delete
If the parent request specify the show_deleted control we must use it in
order to be able to see the deleted objects.
Also we just allow to trusted connections with the system account to
remove deleted objects, others receive an unwilling to perform.
|
|
Group membership has been already removed on deleted objects so there is
no mean doing something on this kind of object.
|
|
|
|
And not only on the fist value as it was the case up to this changeset.
|
|
functions
|
|
|
|
kcc_service struct gets a intrasite_code
boolean that is filled in via parametric parameter
kccsrv:intrasite = [true/false] in smb.conf. This
will allow us to continue to utilize old simple
KCC topology as continuing default while newer
intra-site topology matures further.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Jul 14 00:19:12 CEST 2011 on sn-devel-104
|
|
We need the ability to utilize this function in a different
manner. KCC intra-site topology has already vetted the
replica as being appropriate to produce a repsFrom from.
We do not want kccsrv_add_repsFrom() to produce further
checking as was the case for simple topology. Thus if
we pass a NULL (res) parameter this extra check will
be skipped.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
kccsrv_replica_flags() and
kccsrv_add_repsFrom() need to be available to functions
outside kcc_periodic.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Utilized by KCC to carry the invocation id of the NTDSDSA
that we are replicating the name context from. Utilized
when NTDSConnection is created (much like dsa_guid tracks
the NTDSDSA objectGUID that we are replicating the name
context from).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Previously this set an explicit (0x1) value whereas it
can now utilize NTDSCONN_OPT_IS_GENERATED from flags.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
A helper function for retrieving the ntds site settings
via standalone function call. Used within KCC
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Flags that were missing from flags.h or were incorrectly
defined inline to the kcc_topology.c code (and thus unusable
elsewhere). These are the NTDSConnection and NTDSDSA Site
settings flags.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this fixes the DN to have a full GUID for new objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
|
|
thanks to Matthias for his great test suite work!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We don't need to compare the delete against the primaryGroupID check
here - that test is for adds.
Andrew Bartlett
|
|
we can't convert 0 NTTIME via a unix time_t
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is needed for the dbcheck code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when dbcheck is fixing missing backlinks we don't want a DEBUG 0
message
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
the samldb checks failed to account for the possibility of a member
being removed and added in the same modify operation. This happens
(for example) when dbcheck is fixing a SID in a DN.
The repl_meta_data.c code already has this check, it just wasn't
giving the right specialised error code for the 'member' attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows conversion from a DRS attribute ID to a LDAP display name
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
if we have the provision control, it's used by dbcheck
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
even if the data hasn't change
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
dn might be broken
The usual use case is that you have a not complete linked attribute (ie.
without the SID) if we keep using the old dn, then the SID will never be
added.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is needed because we can have more than 1 value in a single valued
attribute as we store also deleted values. So we do the check in repl_meta_data
and then indicate LDB to do the check.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
