Age | Commit message (Collapse) | Author | Files | Lines |
|
this disables the single value checking for one attribute. It is much
more specific than a general RELAX control, and also more efficient. I
think we should try to have more precise overrides like this, rather
than using RELAX as a general purpose override
|
|
this exposes enough functions for s4 to not need ldb_private.h any
more.
|
|
it causes problems with the openchange build as it is not installed
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 1 21:49:47 UTC 2010 on sn-devel-104
|
|
this allows ldb_wrap to enable s4 modules in a standalone ldb install
without any additional installation
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 1 13:47:33 UTC 2010 on sn-devel-104
|
|
|
|
ldb modules can now add hooks to the command line processing for ldb
tools
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows a ldb module to register a hook function called at various
stages of processing. It will be initially used for ldb command line
hooks, but should work generally.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gets rid of some particularly obscure cpp macros for module lists
|
|
this supports module loading in ldb which uses the approach of "load
all modules in a directory". This is much more flexible than the
current module loading, as it will allow us to load modules for
command line parsing and authentication.
Modules are loaded from a colon separated path, in the environment
variable LDB_MODULES_PATH. If unset, it defaults to LDB_MODULESDIR.
Within each directory modules are loaded recursively (traversing down
the directory tree). The device/inode number of each module is
remembered to prevent us loading a module twice.
Each module is checked for a ldb_init_module() function with
dlsym(). If found, it is called with the ldb module version as an
argument.
|
|
OpenLDAP backend
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 16:40:04 UTC 2010 on sn-devel-104
|
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
these will be used to determine if a ldb request comes from an
untrusted source. We want requests over ldap:// to be marked untrusted
so we can reject unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This must be available to the OpenLDAP backend, to set the GUID values
in some situations. We need a proper ACL mechanism to control the use
or abuse of this control.
This reverts commit 10adee89367cee9add993869280542418fb3d370.
|
|
This makes our LDAP much more secure and less error-prone.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
|
|
This makes it easier to read
|
|
this gives better error checking
|
|
this function takes the operator being invoked, which will allow
schema functions to provide more fine grained control over
comparisons.
The key bug this was introduced to fix is the incorrect handling of
the LDB_OP_PRESENT test for deleted linked attributes. The backends
are unaware of the deleted state of these links, so they cannot do a
LDB_OP_PRESENT test on their own.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
|
|
this is used to help debug async ldb requests. The ldb request handle
now contains a location string and the parent request pointer. This
allows us to print a backtrace of ldb requests in the dsdb modules.
|
|
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
They are not quite safe to use (requires caller to steal
resulting message in own context) and may lead to holding
memory for too long.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Previos implementation from ldb_msg_canonicalize()
was moved into this function and now ldb_msg_canonicalize()
is based on ldb_msg_normalize()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
from client
Old implementation from ldb_msg_diff() was moved into
this this function but with changed interface
so that a memory context may be passed.
ldb_msg_diff() function is now based on ldb_msg_difference(),
which fixes a hidden leak - internal ldb_msg object
(returned from ldb_msg_canonicalize) wasn't freed
and stays attached to ldb_context for the connection lifetime.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These will be used to help avoid the problem we have with hundreds of
places that do "return LDB_ERR_OPERATIONS_ERROR" without an
explanation. It is very difficult to track down ldb errors which don't
have any explanation.
By replacing "return LDB_ERR_OPERATIONS_ERROR;" with "return ldb_operr(ldb);"
we at least get a file:line message in the ldb error string. It isn't
an ideal error message, but it is much better than just "operations
error"
This change also makes ldb_oom() return the error code
(LDB_ERR_OPERATIONS_ERROR) so you can do:
return ldb_oom(ldb);
instead of:
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
|
|
ldb_options_find() allows backends to find options in the options[]
array passed to the connect operation.
This will be used by the ldb_ldap bind code
|
|
|
|
This makes it easier to understand which standard specifies which control.
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
Like TYPESAFE_QSORT() but for the ldb_qsort() function
|
|
This changes the meaning of the ->prev pointer in our doubly linked
lists to point at the end of the list from the front of the list. That
allows us to implement DLIST_ADD_END() and related functions in O(1)
time, which can be a huge saving in many places in Samba.
This also means that the 'type' argument to various DLIST_*() macros
is no longer needed, but I have left it in for now to keep the
patchset small, which will make it easier to revert if any problems
are found. In the future we should remove the 'type' arguments.
(jra. Move the one use of DLIST_TAIL over to the new macros).
|
|
uses of (list)->prev are moved over to DLIST_PREV. This will be replaced
when the final (new) version of the dlinklist.h header is added.
Jeremy.
|
|
|
|
This is needed to support DSDB_FLAG_OWN_MODULE
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
operations.
|
|
|
|
|
|
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
|
|
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|