summaryrefslogtreecommitdiff
path: root/source4/lib/ldb
AgeCommit message (Collapse)AuthorFilesLines
2010-01-08s4-secdesc: fixed the sec_descriptor.py testAndrew Tridgell1-42/+74
The test was using a "changetype: add" to try and add a member to a group, where it should use a "changetype: modify" with a "add: member" Also fixed the recovery when the test fails part way through (delete the test users at the start as well as the end) Nadya, please check!
2010-01-08s4-ldb: improve error handling in indexing codeAndrew Tridgell2-5/+34
When we get an indexing failure we want a clear error message
2010-01-05s4:ldap_schema.py - add an additional check for validity of ↵Matthias Dieter Wallnöfer1-0/+25
"defaultObjectCategory"
2010-01-05s4:ldap_schema.py - Move generated attributes checkMatthias Dieter Wallnöfer1-15/+15
Make more clear that they're created before the "schemaUpdateNow".
2010-01-04Fix the merged build. Probably not strictly correct but allows us to "make ↵Jeremy Allison1-1/+1
test". Jeremy.
2010-01-02ldb: Fix the standalone ldb build.Jelmer Vernooij1-14/+14
2010-01-02s4-ldb: fixed valgrind error: ares can be freed by callbackAndrew Tridgell1-4/+1
2010-01-02s4-ldaptest: need to use MessageElement for modify messagesAndrew Tridgell1-2/+4
Without MessageElement() the flags are not set, which is invalid
2010-01-02s4-ldb: show an error string, as well as error messageAndrew Tridgell1-3/+4
This makes it easier to track down error mismatches from the test suite
2010-01-02s4-ldbtest: fixed message element in modifyAndrew Tridgell1-1/+2
a flags value of zero is not valid
2010-01-02s4-ldb: allow modules to override error return valuesAndrew Tridgell1-2/+4
The samldb module overrides the error code for some returns when handling primaryGroupID. We need to take the error from the async callback to allow this to work reliably
2010-01-02s4-ldbmodify: show the error code as well as error stringAndrew Tridgell1-1/+2
2010-01-02s4-ldb: declate ldb_val_to_time()Andrew Tridgell1-0/+6
2010-01-02s4-ldb: use safe length limited conversions for int64 and timeAndrew Tridgell1-13/+48
2010-01-02s4-ldb: added ldb_val_to_time() Andrew Tridgell1-0/+27
This is intended as a replacement for ldb_string_to_time() for ldb_val inputs. This ensures it is length limited and includes additional validity checks
2010-01-02s4-ldb: show the error code as well as errstrAndrew Tridgell1-2/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-ldb: added ldb_module_get_ops()Andrew Tridgell2-0/+6
This is needed to support DSDB_FLAG_OWN_MODULE Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-ldb: use the RELAX control to disable single value checking on replaceAndrew Tridgell3-5/+16
When using w2k3 linked attributes we are allowed to have multiple values on a single valued attribute. This happens when the other values are deleted. Setting the RELAX control tell the ldb-tdb backend to not check for this on replace, which means the caller has to check for single valued violations.
2009-12-31pyldb: Add dom_sid.split in favor of less powerful dom_sid_to_rid().Jelmer Vernooij2-10/+10
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-23s4:ldb Fix declaration in the middle of the codeSimo Sorce1-2/+4
2009-12-23s4: Fix the buildSimo Sorce1-0/+1
2009-12-23s4: tests controls parsing and using for ldbadd/ldbedit/ldbmodifyMatthieu Patou4-1/+90
2009-12-23s4: make ldbadd/ldbmodify/ldbdelete really use the --controls switchMatthieu Patou6-9/+230
2009-12-22Samba4 and LDB requires talloc 2.0.1Andrew Bartlett1-1/+1
reported by ewoud@kohlvanwijngaarden.nl
2009-12-21provision/pyldb: Avoid linking in static python ldb module.Jelmer Vernooij2-2/+3
2009-12-21s4-tort: Tests for "msDS-IntId" attribute implementedKamen Mazdrashki1-2/+281
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-21s4-tort: Move Schema tests from ldap.py into separate moduleKamen Mazdrashki2-133/+221
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-18Added oid for AS_SYSTEM control, used to bypass access checks for system ↵Nadezhda Ivanova1-0/+6
operations.
2009-12-18s4-ldb: fixed a valgrind error in ldbtestAndrew Tridgell1-0/+2
we were using msg->dn after the ldb it contained had been freed Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: declare ldb_dn_update_components()Andrew Tridgell1-0/+1
2009-12-18s4-dsdb: added ldb_dn_update_components()Andrew Tridgell1-0/+23
This is used to udpate just the DN components of a ldb_dn, leaving the other extended fields alone. It is needed to prevent linked attribute updates from removing other extended components. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-ldb: canonicalise the message on ldb_addAndrew Tridgell1-0/+9
This canonicalise avoids a problem with an add that has multiple elements with the same el->name. That is allowed by MS servers, and by ldb, but it breaks things like the tdb backend and the repl_meta_data RPMD handling. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Add a test for adding, deleting, and appending a posixAccount ↵Brendan Powers1-0/+30
objectClass to a user Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-2/+41
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-12-16s4-ldb: show the OID of any unhandled critical controlsAndrew Tridgell1-4/+9
It isn't very useful just saying that a control is not supported, without saying which one is the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-ldb: fixed a transaction error on prepare_commitAndrew Tridgell1-2/+2
when a prepare commit fails, we need to give a cancel to all modules, not a commit! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-ldb: added --show-deactivated-link command line optionAndrew Tridgell1-1/+8
this adds the SHOW_DEACTIVATED_LINK control
2009-12-15Removed ldb_modify_ctrl from ldb, implemented as a static in ldap_backend.Nadezhda Ivanova2-31/+4
2009-12-14s4-ldb: added a function to filter extended components of a ldb_dnAndrew Tridgell1-0/+16
We need to be able to filter out components that should not be exposed to users
2009-12-14s4-ldb: added a new "reveal" controlAndrew Tridgell3-1/+43
This control will allow inspection of internal ldb values, which would normally be stripped before being presented to users. The first use will be stripping linked attribute meta data extended components.
2009-12-14s4-ldb: sort the linearized extended DN by component nameAndrew Tridgell1-0/+14
This will make life easier when handling deleted linked attributes
2009-12-10Implementation of sDRightsEffective, allowedAttributesEffective and ↵Nadezhda Ivanova1-1/+126
allowedChildClassesEffective. Behavior as documented in WSPP and tested. Needs optimisation though.
2009-12-10s4-ldb: fixed 2 bugs in ldb_dn_set_extended_component()Andrew Tridgell1-2/+5
The first bug was that setting a component twice could cause it to appear twice in the DN. The second bug was that using an existing ldb_val from a previous call of ldb_dn_get_extended_component() as an argument to ldb_dn_set_extended_component() would cause a valgrind error (as the array the val pointed into will change).
2009-12-10s4-ldb: use GUID_to_ndr_blob()Andrew Tridgell1-1/+6
2009-12-09s4-ldb: fixed nested searches inside ldb modulesAndrew Tridgell2-4/+12
We need to keep a search count in ltdb to allow for nesting of searches inside a module Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-09s4-ldb: added a missing ltdb_unlock_read()Andrew Tridgell1-0/+1
2009-12-08s4-ldb: fixed ldbdel with -r (recursive deletion)Andrew Tridgell1-0/+15
We need to delete the deepest DNs first
2009-12-08s4:build Bump ldb and tdb required versions.Andrew Bartlett2-2/+2
Hopefully this will ensure we don't get an older version from the system.
2009-12-07s4:ldb Add a function to match a message against an objectClassAndrew Bartlett2-0/+22
(as objectClass will always be a case insensitive ascii string, we can make a much simpler match function here than for the general case). Andrew Bartlett
2009-12-07s4:ldap.py Improve testsuite for primaryGroupToken behaviourAndrew Bartlett1-0/+22
This tries to show that the domain object should not have a primaryGroupToken, for example. (This passes against the old and new code, as the failure case requires an object with an objectSid, and exactly one group in it's subtree. Sadly I don't know of a valid structure that I can construct to test this). Andrew Bartlett