Age | Commit message (Collapse) | Author | Files | Lines |
|
This wasn't actually causing problems before, as the structures were
the same size.
Andrew Bartlett
|
|
|
|
|
|
This does a talloc check of the returned pointer before casting it.
Andrew Bartlett
|
|
We don't want to steal this pointer away from the caller if it's been
set up from python.
Andrew Bartlett
|
|
when user requires binary data to be displayed
using samba user-friendly ldif handlers
Found using following test search:
bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \
"(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Jan 18 00:40:01 CET 2011 on sn-devel-104
|
|
LDB_FLG_SHOW_BINARY is data representation flag and should
not modify behavior of data checking functions.
This lead to a bug in lib/ldb/ldb_tdb/ldb_index.c as ltdb_index_key()
function relies on ldb_should_b64_encode function to determine
how to process index keys.
Found using following test search:
bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \
"(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
|
|
We must not specify explicitly owner and group. As there is a difference between WIN_2003 and WIN_2008, we should let descriptor
module compute the correct default ones. Also removed inherited ACEs, they are ignored during SD creation anyway.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 18:23:24 CET 2011 on sn-devel-104
|
|
object had no SACL.
--Pair-Programmed-With: Zahari Zahariev
|
|
This option sorts the ACE lists during SD comparison in collision view to make it easier to
determine of a difference is only in ACE order, and if not, where do differences start.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Jan 17 06:09:23 CET 2011 on sn-devel-104
|
|
dsdb_module_search()
this ensures we follow the module stack, and set the parent on child
requests
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is used to mark a ldb child request trusted, if the caller has
validated all inputs. This will be used when creating new child
requests with trusted inputs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Jan 17 01:27:10 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
Use the temporary list unless we have at least the three main
"namingContexts" from the rootDSE available (Default, Configuration, Schema -
these are mandatory on all AD deployments!).
This bug has been discovered by Nadya in relation with her SD work.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
|
|
This should obviously point to the wrapper not the call itself.
Found out by Tru64 host build warning.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
|
|
To prevent platform-dependant problems.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
|
|
socket
This fixes bug #7887.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 22:33:13 CET 2011 on sn-devel-104
|
|
The LSA object creation protection changed to the trusted/untrusted
connection model.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
|
|
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 08:19:40 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we should be using the dsdb_module_search*() calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this avoids using a multi-part extended DN in a search that hits the
check in extended_dn_in
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
builtin groups are shown in user tokenGroups searches
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
otherwise msg->dn would be non-minimal and would fail in searches
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this tests that the remote tokenGroups match the internally calculated
ones
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
this DN we have came from an extended DN search, which means it may
have multiple extended components. We need to minimise the DN before
AD will accept it
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this removes any extraneous components from a DN. For an extended DN,
this means removing the string DN and all but the first extended
component.
This is needed as AD returns "invalid syntax" if you don't use
a minimal DN as the base DN for a search. A non-minimal DN also
doesn't ever match in a search expression.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we now know that these are tombstone records, with a timestamp
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this checks that the number of extended components in a DN is valid,
to match MS AD behaviour. We need to do this to ensure that our tools
don't try to do operations that will be invalid when used against MS
servers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this returns the number of extended components. We need this to
validate a DN in the extended_dn_in module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Andrew Bartlett
|
|
This allows the session key, security_token and credentials to be
manipulated from python.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This will be a building block for a tokenGroups test, which can
compare against a remote server (in particular the rootDSE) against
what we would calculate the tokenGroups to be.
(this meant moving some parts out of the auth_sam code into the
containing library)
Andrew Bartlett
|
|
This isn't quite as good as using tokenGroups, but that is only
available for BASE searches, and this isn't how the all the callers
work at the moment.
Andrew Bartlett
|
|
This removes a silly cross-dependency between the ldb moudle stack and auth/
Andrew Bartlett
|