summaryrefslogtreecommitdiff
path: root/source4/lib/ldb
AgeCommit message (Collapse)AuthorFilesLines
2009-12-18s4-ldb: fixed a valgrind error in ldbtestAndrew Tridgell1-0/+2
we were using msg->dn after the ldb it contained had been freed Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: declare ldb_dn_update_components()Andrew Tridgell1-0/+1
2009-12-18s4-dsdb: added ldb_dn_update_components()Andrew Tridgell1-0/+23
This is used to udpate just the DN components of a ldb_dn, leaving the other extended fields alone. It is needed to prevent linked attribute updates from removing other extended components. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-ldb: canonicalise the message on ldb_addAndrew Tridgell1-0/+9
This canonicalise avoids a problem with an add that has multiple elements with the same el->name. That is allowed by MS servers, and by ldb, but it breaks things like the tdb backend and the repl_meta_data RPMD handling. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Add a test for adding, deleting, and appending a posixAccount ↵Brendan Powers1-0/+30
objectClass to a user Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-2/+41
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-12-16s4-ldb: show the OID of any unhandled critical controlsAndrew Tridgell1-4/+9
It isn't very useful just saying that a control is not supported, without saying which one is the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-ldb: fixed a transaction error on prepare_commitAndrew Tridgell1-2/+2
when a prepare commit fails, we need to give a cancel to all modules, not a commit! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-ldb: added --show-deactivated-link command line optionAndrew Tridgell1-1/+8
this adds the SHOW_DEACTIVATED_LINK control
2009-12-15Removed ldb_modify_ctrl from ldb, implemented as a static in ldap_backend.Nadezhda Ivanova2-31/+4
2009-12-14s4-ldb: added a function to filter extended components of a ldb_dnAndrew Tridgell1-0/+16
We need to be able to filter out components that should not be exposed to users
2009-12-14s4-ldb: added a new "reveal" controlAndrew Tridgell3-1/+43
This control will allow inspection of internal ldb values, which would normally be stripped before being presented to users. The first use will be stripping linked attribute meta data extended components.
2009-12-14s4-ldb: sort the linearized extended DN by component nameAndrew Tridgell1-0/+14
This will make life easier when handling deleted linked attributes
2009-12-10Implementation of sDRightsEffective, allowedAttributesEffective and ↵Nadezhda Ivanova1-1/+126
allowedChildClassesEffective. Behavior as documented in WSPP and tested. Needs optimisation though.
2009-12-10s4-ldb: fixed 2 bugs in ldb_dn_set_extended_component()Andrew Tridgell1-2/+5
The first bug was that setting a component twice could cause it to appear twice in the DN. The second bug was that using an existing ldb_val from a previous call of ldb_dn_get_extended_component() as an argument to ldb_dn_set_extended_component() would cause a valgrind error (as the array the val pointed into will change).
2009-12-10s4-ldb: use GUID_to_ndr_blob()Andrew Tridgell1-1/+6
2009-12-09s4-ldb: fixed nested searches inside ldb modulesAndrew Tridgell2-4/+12
We need to keep a search count in ltdb to allow for nesting of searches inside a module Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-09s4-ldb: added a missing ltdb_unlock_read()Andrew Tridgell1-0/+1
2009-12-08s4-ldb: fixed ldbdel with -r (recursive deletion)Andrew Tridgell1-0/+15
We need to delete the deepest DNs first
2009-12-08s4:build Bump ldb and tdb required versions.Andrew Bartlett2-2/+2
Hopefully this will ensure we don't get an older version from the system.
2009-12-07s4:ldb Add a function to match a message against an objectClassAndrew Bartlett2-0/+22
(as objectClass will always be a case insensitive ascii string, we can make a much simpler match function here than for the general case). Andrew Bartlett
2009-12-07s4:ldap.py Improve testsuite for primaryGroupToken behaviourAndrew Bartlett1-0/+22
This tries to show that the domain object should not have a primaryGroupToken, for example. (This passes against the old and new code, as the failure case requires an object with an objectSid, and exactly one group in it's subtree. Sadly I don't know of a valid structure that I can construct to test this). Andrew Bartlett
2009-12-05s4-ldif: Fix memory leek in ldb_ldif_write()Kamen Mazdrashki1-0/+2
2009-12-01s4-ldb: the '1' form of extended_dn search is easier to readAndrew Tridgell1-1/+1
The '1' form gives GUIDs and SIDs in the ascii form as normally used for display.
2009-12-01s4:ldap.py Add test of namingContext behaviour after tridge found a bugAndrew Bartlett1-0/+15
Tridge found that the partitions.c module was being initialised twice, and setting the partitions into the rootDSE twice. Andrew Bartlett
2009-11-30s4-drs: Test situations for runtime constructed parentGUIDFernando J V da Silva1-1/+24
Includes the following verifications for the constructed parentGUID: - Checks if it returns nothing when there is no parent object - Ensures that attributes mentioned after the parentGUID are returned correctly (this avoid a bug pointed out by Tridge during sync constructed parentGUID development) Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-30s4-ldb: changed ldb_msg_add_dn() to ldb_msg_add_linearized_dn()Crístian Deives3-8/+12
this makes the usage clearer Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-30s4-ldb: check for -ve value for page sizeAndrew Tridgell1-0/+5
This comes from a tip from Howard Chu. Apparently some clients will send a -ve page size value.
2009-11-28s4-ldb: make it much easier to use common ldb controlsAndrew Tridgell2-15/+64
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou2-0/+33
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4-ldb: improve detection of whether the server has a GC portAndrew Tridgell1-5/+9
We were trying to open $SERVER:3268 regardless, which could result in creating a file called "localdc1:3268", which led to subsequent test failures
2009-11-27s4-ldb: better to test for valid arguments in ldb library than commandlineAndrew Tridgell2-9/+10
We were testing for valid DNs in ldbrename in the command line tool. This hid a bug in the ldb library where we caught a bad DN in the objectclass module rather than in the main ldb code. It is better to do validation of the DNs passed on the command line in the library code, as this gives us more consistent error handling between the programming APIs for ldb and the command line.
2009-11-27s4:ldb Provide bindings for ldb_transaction_prepare_commit()Andrew Bartlett1-0/+9
2009-11-26s4:ldap.py - add a test for the enhanced operational attributes checkMatthias Dieter Wallnöfer1-0/+11
(Deny creation of entries with operational attributes specified)
2009-11-24s4:ldap.py - fix the schema update test on Windows ServerMatthias Dieter Wallnöfer1-1/+2
Apparently Windows Server (2003) doesn't like the comma delimiter here. I got always error 16 ("LDB_NO_SUCH_ATTRIBUTE"). With this change the test works again.
2009-11-24s4:ldap.py - activate test for operational attributesMatthias Dieter Wallnöfer1-8/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-24s4:ldap.py Add tests for subSchemaSubEntryAndrew Bartlett1-0/+12
2009-11-23s4:ldap.py - Add a check for the generated "schemaIDGUID"Matthias Dieter Wallnöfer1-0/+2
I've forgotten to add this when checking in the reworked SAMLDB module
2009-11-21Implemented LDAP_SERVER_SD_FLAGS_OID on search requests.Nadezhda Ivanova1-4/+60
2009-11-20s4:lib/ldb: change version to 0.9.9 after some critical index fixesStefan Metzmacher1-1/+1
metze
2009-11-20Implementation of LDAP_SERVER_SD_FLAGS_OID on modify requests.Nadezhda Ivanova1-5/+107
2009-11-20Some changes to allow processing of ldap controls on modify requests.Nadezhda Ivanova3-6/+90
ldap_backend used to filter out ldap controls on modify. Also, modified python binding for ldap_modify to allow writing tests for such controls.
2009-11-20s4-ldb: added a warning about ldb_msg_add_dnAndrew Tridgell1-0/+2
ldb_msg_add_dn does not copy the dn linearized string
2009-11-20added new function "ldb_msg_add_dn"Crístian Deives3-7/+14
a helper function to a DN element to an ldb_msg using ldb_msg_add_string. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-20ldb:ldb_tdb backend/indexes - Outside APIMatthias Dieter Wallnöfer3-28/+30
- The outside API contains "DN" string arguments: Bad. Since in this way we fully rely on the outside calls regarding the right DN format. Solution: Use always a "struct ldb_dn" entry. Since this one is interchangeable and we can handle it in our preferred way.
2009-11-20ldb:ldb_tdb backend/indexes - DN comparisonMatthias Dieter Wallnöfer1-4/+5
- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit to be more powerful (added a second length check and do both before the string comparison)
2009-11-20s4-ldb: added a double-rename testAndrew Tridgell1-0/+24
This tests the fix for double rename/add and indexing
2009-11-20s4-ldb: when -v is specified, show progress of ldbadd/ldbmodifyAndrew Tridgell2-2/+8
This is useful for speed tests with large numbers of records.
2009-11-20s4-ldb: make ldb tools line bufferedAndrew Tridgell1-0/+3
this prevents output being buffered when redirected to a file. Useful for larger ldb command line operations
2009-11-20s4-ldb: fixed an issue in rename/modify indexingAndrew Tridgell1-16/+16
When we rename or modify a record, we need to update the indexes at the same time. It is important that we use the DN of the actual message that is stored in the database to do this, not the DN that was passed in by the user. If the two differ in case then the index records needs to use the 'real' record DN, as index handling is currently case sensitive.