Age | Commit message (Collapse) | Author | Files | Lines |
|
we were using msg->dn after the ldb it contained had been freed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This canonicalise avoids a problem with an add that has multiple
elements with the same el->name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
objectClass to a user
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
|
|
It isn't very useful just saying that a control is not supported,
without saying which one is the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when a prepare commit fails, we need to give a cancel to all modules,
not a commit!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this adds the SHOW_DEACTIVATED_LINK control
|
|
|
|
We need to be able to filter out components that should not be exposed
to users
|
|
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
|
|
This will make life easier when handling deleted linked attributes
|
|
allowedChildClassesEffective.
Behavior as documented in WSPP and tested. Needs optimisation though.
|
|
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
|
|
|
|
We need to keep a search count in ltdb to allow for nesting
of searches inside a module
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
We need to delete the deepest DNs first
|
|
Hopefully this will ensure we don't get an older version from the system.
|
|
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
|
|
This tries to show that the domain object should not have a
primaryGroupToken, for example. (This passes against the old and new
code, as the failure case requires an object with an objectSid, and
exactly one group in it's subtree. Sadly I don't know of a valid structure
that I can construct to test this).
Andrew Bartlett
|
|
|
|
The '1' form gives GUIDs and SIDs in the ascii form as normally used
for display.
|
|
Tridge found that the partitions.c module was being initialised twice,
and setting the partitions into the rootDSE twice.
Andrew Bartlett
|
|
Includes the following verifications for the constructed parentGUID:
- Checks if it returns nothing when there is no parent object
- Ensures that attributes mentioned after the parentGUID
are returned correctly (this avoid a bug pointed out by Tridge
during sync constructed parentGUID development)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this makes the usage clearer
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This comes from a tip from Howard Chu. Apparently some clients
will send a -ve page size value.
|
|
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We were trying to open $SERVER:3268 regardless, which could result in
creating a file called "localdc1:3268", which led to subsequent test
failures
|
|
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
|
|
|
|
(Deny creation of entries with operational attributes specified)
|
|
Apparently Windows Server (2003) doesn't like the comma delimiter here. I got
always error 16 ("LDB_NO_SUCH_ATTRIBUTE"). With this change the test works
again.
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
I've forgotten to add this when checking in the reworked SAMLDB module
|
|
|
|
metze
|
|
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
ldb_msg_add_dn does not copy the dn linearized string
|
|
a helper function to a DN element to an ldb_msg using ldb_msg_add_string.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- The outside API contains "DN" string arguments: Bad. Since in this way we
fully rely on the outside calls regarding the right DN format. Solution: Use
always a "struct ldb_dn" entry. Since this one is interchangeable and we can
handle it in our preferred way.
|
|
- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit
to be more powerful (added a second length check and do both before the string
comparison)
|
|
This tests the fix for double rename/add and indexing
|
|
This is useful for speed tests with large numbers of records.
|
|
this prevents output being buffered when redirected to a file. Useful
for larger ldb command line operations
|
|
When we rename or modify a record, we need to update the indexes at
the same time. It is important that we use the DN of the actual
message that is stored in the database to do this, not the DN that was
passed in by the user. If the two differ in case then the index
records needs to use the 'real' record DN, as index handling is
currently case sensitive.
|