summaryrefslogtreecommitdiffstats
path: root/source4/dsdb
Commit message (Collapse)AuthorAgeFilesLines
* dsdb: reset schema->{classes,attributes}_to_remove_size to 0Stefan Metzmacher2013-06-111-1/+3
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jun 11 11:40:39 CEST 2013 on sn-devel-104
* dsdb: use the correct talloc parent in dsdb_repl_merge_working_schema()Stefan Metzmacher2013-06-111-2/+2
| | | | | | | schema->{classes,attributes} are the DLIST pointer not an array. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Revert "s4-dsdb: Remove strcasecmp() fallback in ↵Andrew Bartlett2013-06-111-0/+7
| | | | | | | | | | | | | replmd_ldb_message_element_attid_sort" This reverts commit d799b25dd3ed0f72ee03949225ba241c5538d7d6. Sometimes the schema just isn't right. A segfault is not the correct answer in those cases. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:samldb LDB module - MS-SAMR 3.1.1.8.10 "userAccountControl"Matthias Dieter Wallnöfer2013-06-102-17/+147
| | | | | | | | | | | | "UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are used for special semantics. "UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED" forces password expiration. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
* s4:samldb LDB module - permit "userAccountControl" modifications without ↵Matthias Dieter Wallnöfer2013-06-052-2/+58
| | | | | | | | | | | | acct. type Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in MS-SAMR section 3.1.1.8.10. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
* s4:samldb LDB module - "userAccountControl" = 0 means UF_NORMAL_ACCOUNT on addMatthias Dieter Wallnöfer2013-06-052-21/+37
| | | | | | Windows Server 2008 has changed semantics in comparison to Server 2003. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-repl_meta_data: Move TODO comment about conflicts and missing parentsAndrew Bartlett2013-05-281-9/+4
| | | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue May 28 18:11:00 CEST 2013 on sn-devel-104
* dsdb-repl_meta_data: Handle renames better, considering only the RDN as ↵Andrew Bartlett2013-05-281-76/+141
| | | | | | | | | | given, and then the parent as given This ignores the full DN as given, because the parent compents might be out of date. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-linked_attributes: Do not crash if the target GUID can not be foundAndrew Bartlett2013-05-281-0/+15
| | | | | | | | | | Note that we must not give an error when we cannot find the object that should hold the backlink, there really isn't anything we can do in this case. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-repl: merge the logic from libnet_vampire_cb_apply_schema()Stefan Metzmacher2013-05-231-6/+113
| | | | | | | | | | | This way libnet_vampire_cb_apply_schema() is able to use dsdb_repl_resolve_working_schema(). Pair-Programmed-With: Matthieu Patou <mat@matws.net> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-repl: split out dsdb_repl_resolve_working_schemaStefan Metzmacher2013-05-231-53/+94
| | | | | | | | | | This can be reused later in other places. Pair-Programmed-With: Matthieu Patou <mat@matws.net> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-drs: when replicating schema object checks ask for removal of previous ↵Matthieu Patou2013-05-231-3/+4
| | | | | | | | | version if exists (bug #8680) Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make deduplication of class and schema possible (bug #8680)Matthieu Patou2013-05-233-10/+113
| | | | | | | | | | | | | | When a class or an attribute is replicated it might already exists in the existing schema, so while replicating the new version of this object we want to get rid of the old version of the object is the current validating schema so that we don't end up having duplicates. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Matthieu Patou <mat@matws.net> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: schema_fill_possible_inferiors() should rebuild everthingStefan Metzmacher2013-05-231-2/+2
| | | | | | | | | commit cd7f3fd07215a7b8372b6b623faed02ae1310cb1 reverted the change of commit c2853f55fc603d4875bb1e50a1cbf409df0421ea. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix warning by setting the variable from GUID to const GUIDMatthieu Patou2013-05-201-1/+2
| | | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix more unused varsMatthieu Patou2013-05-201-2/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix a warning about a set but unused variable by actually using itMatthieu Patou2013-05-201-0/+5
| | | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix warnings about set but unused variablesMatthieu Patou2013-05-202-10/+1
| | | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* operational: remove double loopsMatthieu Patou2013-05-201-31/+47
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: remove looping on all schema classes for system_possible_inferriorMatthieu Patou2013-05-201-34/+19
| | | | | | | | The logic to populate possible inferriors and system possible inferriors is the same so instead of looping twice we do both attributes (depending on the type of the class) in the same loop Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb python tests - set the executable flagMatthias Dieter Wallnöfer2013-05-172-0/+0
| | | | | | | Reviewed-by: Matthieu Patou <mat@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Fri May 17 15:11:29 CEST 2013 on sn-devel-104
* dsdb: Expand on what the error finding the ntSecurityDescriptor was in acl_readAndrew Bartlett2013-05-161-2/+8
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-schema: Print clear debug message when we find a OID in our local DB we ↵Andrew Bartlett2013-05-161-0/+1
| | | | | | | | | | | cannot convert We need to work out why we are unable to make a mapping for an OID in our database, because we should not have been able to add it without such a mapping. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-repl: Allow the name attribute (and name-based schema lookups) to be ↵Andrew Bartlett2013-05-161-12/+19
| | | | | | | | | | skipped in dsdb_repl_make_working_schema() This allows us to use a schema that may only be valid for attributeID based lookups, during the schema load. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* source4/dsdb/schema/schema_convert_to_ol.c: Fix typo in comment.Karolin Seeger2013-05-151-1/+1
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* source4/dsdb/samdb/ldb_modules/local_password.c: Fix typo in comment.Karolin Seeger2013-05-151-1/+1
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb-drepl: create a new schedulable event for running pending operationsMatthieu Patou2013-05-153-1/+79
| | | | | | | | | | | So instead of running dreplsrv_periodic_schedule when receiving a DRS_REPLICA_SYNC request which will force the DC to look for changes with all the DC it usually replicate to, we reduce it to the DC specified in the DRS_REPLICA_SYNC request. It will allow also to do have the correct options as set by the client who send the DRS_REPLICA_SYNC. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: make the name of non related class more obviousMatthieu Patou2013-05-141-2/+3
| | | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb: Fix warnings about not set / set but unused / shadowed variablesMatthieu Patou2013-04-197-20/+5
| | | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Apr 19 13:15:40 CEST 2013 on sn-devel-104
* dsdb: Check for pointers before we deference them.Andreas Schneider2013-03-051-7/+7
| | | | Reviewed-by: David Disseldorp <ddiss@samba.org>
* dsdb-descriptor: Avoid segfault copying an SD without an owner or groupAndrew Bartlett2013-02-221-4/+12
| | | | | | | | | | | This is an unusual SD, but it does exist is some very old upgraded databases. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Feb 22 11:06:17 CET 2013 on sn-devel-104
* dsdb-descriptor: Spell out security descriptor flags as constantsAndrew Bartlett2013-02-222-2/+2
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'Rusty Russell2013-02-201-3/+10
| | | | | | | | | | | Since we open with dbwrap, it auto-converts old tdbs (which it will rename to secrets.tdb.bak once it's done). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
* dsdb-operational: rework the loop for attribute removalMatthieu Patou2013-02-081-41/+92
| | | | | | | | Instead of doing ldb_in_list size(operational_remove) * (attrs_user + attr_searched) * number of entries times to get the list of attributes to remove we construct this list before the search and then use it for every entries. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-repl: make message more clearerMatthieu Patou2013-02-081-2/+2
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replmetadata: raise msg level for conflict resolution so that we don't ↵Matthieu Patou2013-02-081-2/+2
| | | | | | polute logs Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-repl: do not ask to add ref when doing getncchange for an exopMatthieu Patou2013-02-081-0/+7
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-cracknames: Fix potential double free and memory leaksMatthieu Patou2013-02-081-2/+4
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/util: rework samdb_check_password() to support utf8Stefan Metzmacher2013-02-041-5/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dsdb/password_hash: rename variable 'stat' to 'vstat'Stefan Metzmacher2013-02-041-5/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dsdb/password_hash: make sure that io->n.cleartext_utf8.data is a null ↵Stefan Metzmacher2013-02-041-0/+23
| | | | | | | terminated string Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dsdb-descriptor: get_default_group() should always return the DAG sid (bug ↵Stefan Metzmacher2013-01-271-5/+10
| | | | | | | #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/sec_descriptor: the default owner behavior depends on ↵Stefan Metzmacher2013-01-271-4/+4
| | | | | | | | | domainControllerFunctionality (bug #9481) Not on the domainFunctionality. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: remove unused variableStefan Metzmacher2013-01-231-1/+0
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jan 23 20:04:09 CET 2013 on sn-devel-104
* drepl-notify: change misleading messageMatthieu Patou2013-01-221-1/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Fix warning about unused varMatthieu Patou2013-01-211-2/+0
| | | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 21 17:51:16 CET 2013 on sn-devel-104
* dsdb: Explain ordering constraints on the ACL module as well.Andrew Bartlett2013-01-211-2/+2
| | | | | | | | Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Ensure "authenticated users" is processed for group membershipsAndrew Bartlett2013-01-212-31/+25
| | | | | | | | | | | | | | | | | | This change moves the addition of "Authenticated Users" from the very end of the token processing to the start. The reason is that we need to see if "Authenticated Users" is a member of other builtin groups, just as we would for any other SID. This picks up the "Pre-Windows 2000 Compatible Access" group, which is in turn often used in ACLs on LDAP objects. Without this change, the eventual token does not contain S-1-5-32-554 and users other than "Administrator" are unable to read uidNumber (in particular). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: handle node initialisation in one spot in ↵Andrew Bartlett2013-01-212-11/+10
| | | | | | | | | | | | | | | | | | | | | | | insert_in_object_tree() This removes special-case for initalising the children array in insert_in_object_tree(). talloc_realloc() handles the intial allocate case perfectly well, so there is no need to have this duplicated. This also restores having just one place were the rest of the elements are intialised, to ensure uniform behaviour. To do this, we have to rework insert_in_object_tree to have only one output variable, both because having both root and new_node as output variables was too confusing, and because otherwise the two pointers were being allowed to point at the same memory. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUIDStefan Metzmacher2013-01-211-2/+7
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-27 00:26:53 +0000