| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Reviewed-by: abartlet
|
|
This is a much better solution than we had before - so all important DN
checks are enforced for each type of LDB database (and not limited to DSDB).
Many "ldb_dn_validate" checks will now become obsolete.
Reviewed by: Tridge
|
|
this is used to mark a ldb child request trusted, if the caller has
validated all inputs. This will be used when creating new child
requests with trusted inputs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
this exposes enough functions for s4 to not need ldb_private.h any
more.
|
|
this supports module loading in ldb which uses the approach of "load
all modules in a directory". This is much more flexible than the
current module loading, as it will allow us to load modules for
command line parsing and authentication.
Modules are loaded from a colon separated path, in the environment
variable LDB_MODULES_PATH. If unset, it defaults to LDB_MODULESDIR.
Within each directory modules are loaded recursively (traversing down
the directory tree). The device/inode number of each module is
remembered to prevent us loading a module twice.
Each module is checked for a ldb_init_module() function with
dlsym(). If found, it is called with the ldb module version as an
argument.
|
|
the ldap server will mark a control with a NULL oid in order to remove
it. This prevents a O(n^2) cost in control handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
these will be used to determine if a ldb request comes from an
untrusted source. We want requests over ldap:// to be marked untrusted
so we can reject unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is deliberate behaviour.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Oct 11 13:45:14 UTC 2010 on sn-devel-104
|
|
The private event context only needs to live as long as ldb itself.
Andrew Bartlett
|
|
this is used to help debug async ldb requests. The ldb request handle
now contains a location string and the parent request pointer. This
allows us to print a backtrace of ldb requests in the dsdb modules.
|
|
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These will be used to help avoid the problem we have with hundreds of
places that do "return LDB_ERR_OPERATIONS_ERROR" without an
explanation. It is very difficult to track down ldb errors which don't
have any explanation.
By replacing "return LDB_ERR_OPERATIONS_ERROR;" with "return ldb_operr(ldb);"
we at least get a file:line message in the ldb error string. It isn't
an ideal error message, but it is much better than just "operations
error"
This change also makes ldb_oom() return the error code
(LDB_ERR_OPERATIONS_ERROR) so you can do:
return ldb_oom(ldb);
instead of:
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
To count LDB objects use variables of type "unsigned (int)" or "long long int"
on binary or downto searches.
To count characters in strings use "size_t".
To calculate differences between pointers use "ptrdiff_t".
|
|
This canonicalise avoids a problem with an add that has multiple
elements with the same el->name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when a prepare commit fails, we need to give a cancel to all modules,
not a commit!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This helps pin down where errors occour, by printing a call stack and
setting error strings and trace messages in the transaction case.
Andrew Bartlett
|
|
This will be used to allow cancelling of transactions in a child after
a fork()
|
|
|
|
|
|
This adds ldb_debug_add() and ldb_debug_end() to format multiline
messages
|
|
|
|
When LDB_FLG_ENABLE_TRACING is set ldb will send full traces
of all operations and results
|
|
|
|
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
|
|
|
|
The reason we need this is to make multi-tdb transactions safe, with
the partition module. The linked_attributes and repl_meta_data modules
now do extra processing when the transaction ends, and that processing
can fail. When it fails we need to cancel the transaction, which we
can only do if the hook is on the prepare commit instead of the end
transaction call. Otherwise the partition module cannot ensure that no
commit has been done on another partition.
|
|
|
|
|
|
of LDB
(including the one in Samba 3).
|
|
metze
|
|
metze
|
|
behavior anyway, and given we can only have one transaction active per
ldb context this is the only sane model we can support.
Fix ldb_tdb transactions, we could return back with an error with neither
committing nor canceling the actual tdb transaction in some error paths
within the ltdb commit and cancel transaction paths.
Added also some debugging to trace what was going on.
|
|
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
|
|
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
it should always have been. Make it also async so that it is not a special case.
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
(This used to be commit 40b71bbd718f6dee70c0611e527f55c56623dea6)
|
|
metze
(This used to be commit 1d5b714438a955d76f92f4ccd8aa2f7f89ffa5fd)
|
|
Current glibc libraries include a function called init_module(). If we
use the same name, then a dlsym() can find the glibc function if the
module doesn't have an initialisation function.
In ldb, none of our modules have an init_module(), so we end up calling the libc
functions with bogus arguments.
(This used to be commit 1b0621068998590e7b1e9528b78744dcd2cd5909)
|
