Age | Commit message (Collapse) | Author | Files | Lines |
|
When using w2k3 linked attributes we are allowed to have multiple
values on a single valued attribute. This happens when the other
values are deleted.
Setting the RELAX control tell the ldb-tdb backend to not check for
this on replace, which means the caller has to check for single valued
violations.
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
|
|
reported by ewoud@kohlvanwijngaarden.nl
|
|
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
operations.
|
|
we were using msg->dn after the ldb it contained had been freed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This canonicalise avoids a problem with an add that has multiple
elements with the same el->name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
objectClass to a user
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
|
|
It isn't very useful just saying that a control is not supported,
without saying which one is the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when a prepare commit fails, we need to give a cancel to all modules,
not a commit!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this adds the SHOW_DEACTIVATED_LINK control
|
|
|
|
We need to be able to filter out components that should not be exposed
to users
|
|
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
|
|
This will make life easier when handling deleted linked attributes
|
|
allowedChildClassesEffective.
Behavior as documented in WSPP and tested. Needs optimisation though.
|
|
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
|
|
|
|
We need to keep a search count in ltdb to allow for nesting
of searches inside a module
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
We need to delete the deepest DNs first
|
|
Hopefully this will ensure we don't get an older version from the system.
|
|
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
|
|
This tries to show that the domain object should not have a
primaryGroupToken, for example. (This passes against the old and new
code, as the failure case requires an object with an objectSid, and
exactly one group in it's subtree. Sadly I don't know of a valid structure
that I can construct to test this).
Andrew Bartlett
|
|
|
|
The '1' form gives GUIDs and SIDs in the ascii form as normally used
for display.
|
|
Tridge found that the partitions.c module was being initialised twice,
and setting the partitions into the rootDSE twice.
Andrew Bartlett
|
|
Includes the following verifications for the constructed parentGUID:
- Checks if it returns nothing when there is no parent object
- Ensures that attributes mentioned after the parentGUID
are returned correctly (this avoid a bug pointed out by Tridge
during sync constructed parentGUID development)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This comes from a tip from Howard Chu. Apparently some clients
will send a -ve page size value.
|
|
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We were trying to open $SERVER:3268 regardless, which could result in
creating a file called "localdc1:3268", which led to subsequent test
failures
|
|
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
|
|
|
|
(Deny creation of entries with operational attributes specified)
|
|
Apparently Windows Server (2003) doesn't like the comma delimiter here. I got
always error 16 ("LDB_NO_SUCH_ATTRIBUTE"). With this change the test works
again.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
I've forgotten to add this when checking in the reworked SAMLDB module
|
|
|