summaryrefslogtreecommitdiffstats
path: root/source4/dsdb
Commit message (Collapse)AuthorAgeFilesLines
...
* dsdb-tests: Remove pointless creation of ldaptestouAndrew Bartlett2014-04-021-1/+0
| | | | | | | | | | This is not used in this test, and is not removed by the test either. Andrew Bartlett Change-Id: I34366d469a1ebed04c3cea5a7f206cb0bf433e03 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/ldb_modules: avoid invalid pointer type warningsStefan Metzmacher2014-04-022-5/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/ldb_modules: avoid str_list related const warningsStefan Metzmacher2014-04-022-3/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/ldb_modules: avoid declaration after code warningsStefan Metzmacher2014-04-022-2/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tdb_wrap: Remove tdb_wrap_open_ againVolker Lendecke2014-03-312-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Avoid passing lp_ctx to tdb_wrap_open in partition_metadata_openVolker Lendecke2014-03-311-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Avoid passing lp_ctx to tdb_wrap_open in schema_metadata_openVolker Lendecke2014-03-311-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Improve missing objectClass handlingAndrew Bartlett2014-03-271-13/+13
| | | | | | | | | | | | | | This attempts to permit deletion of objects that have no objectClass to allow dbcheck to clean up a corrupt database. It is not complete, the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still fail, but this is as much as is safe to do without a way to replicate the original issue. Andrew Bartlett Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Improve errors and checks for missing objectClass valuesAndrew Bartlett2014-03-271-2/+9
| | | | | | Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag worksAndrew Bartlett2014-03-271-5/+13
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do not update notify_uSN until the transaction is genuinely committed ↵Andrew Bartlett2014-03-271-7/+7
| | | | | | | | to the DB Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I734bc75ed348de8f0a5ff92e18e08de2340b8951 Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do checks for invalid renames in samldb, before repl_meta_dataAndrew Bartlett2014-03-262-238/+271
| | | | | | | | | | | | | | | | This ensures that conflict objects can be created in CN=System, and that we do not stop replication just because some other DC allowed a rename we do not like. This is achived by doing the work in the samldb module, which is above repl_meta_data in the stack. Andrew Bartlett Change-Id: I8c1a7d3e0fbd5a470cf1326cc055044ca885f7d9 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenter Kukkukk <kukks@samba.org> Tested-by: Guenter Kukkukk <kukks@samba.org>
* s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()Stefan Metzmacher2014-03-251-7/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Further assert that we always have an objectClass and an rDNAndrew Bartlett2014-03-171-32/+118
| | | | | | | | | | | | | | | | | | | | | | | We must have these two elements in a replPropertyMetaData for it to be valid. We may have to relax this for new partition creation, but for now we want to find and isolate the database corruption. The printing of the LDIF is moved above the checks to make it easier to diagnoise the failures when further reproduced. Based initially on a patch originally by Arvid Requate <requate@univention.de> Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I5f583d89e6d4c5e8e2d9667f336a0e8fd8347b25 Reviewed-on: https://gerrit.samba.org/164 Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Mar 17 06:44:17 CET 2014 on sn-devel-104
* dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantitiesAndrew Bartlett2014-03-141-4/+18
| | | | | | | | | | | | | | enum is an int, and therefore signed. Some attributes have the high bit set. Andrew Bartlett Change-Id: I39a5499b7c6bbb763e15977d802cda8c69b94618 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/163 Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 14 10:16:41 CET 2014 on sn-devel-104
* Remove the remaining uses of the macro NT_STATUS_HAVE_NO_MEMORY_AND_FREE in ↵Garming Sam2014-03-051-6/+12
| | | | | | | | | | | | | the codebase. Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: Id1b540cde127395a7b27385a7c0fe79f3a145c73 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.Garming Sam2014-03-053-30/+120
| | | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:dsdb/repl: make use of dcerpc_binding_get_string_option("host")Stefan Metzmacher2014-02-131-4/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:dsdb/repl: make dreplsrv_get_target_principal() staticStefan Metzmacher2014-02-131-5/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:dsdb/repl: make use of dcerpc_binding_set_string_option("target_principal")Stefan Metzmacher2014-02-131-1/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:samdb: respect SEARCH_FLAG_PRESERVEONDELETEArvid Requate2014-02-061-2/+7
| | | | | | | | | | | | According to MS-ADTS section 3.1.1.5.5.1.1 the searchFlags must be checked. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Feb 6 21:42:22 CET 2014 on sn-devel-104
* dsdb: Add more tests for DN+String and DN+Binary comparisonsAndrew Bartlett2014-02-051-0/+14
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 5 10:41:37 CET 2014 on sn-devel-104
* dsdb: Return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS rather than OPERATIONS_ERROR ↵Andrew Bartlett2014-02-051-4/+7
| | | | | | | | | | | | on EACCES and EPERM This makes provision errors clearer in Samba. Andrew Bartlett Reviewed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-2/+2
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb fix compiler warningsChristian Ambach2013-12-121-1/+1
| | | | | | | about potentially uninitialized variables Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-dsdb: Fix a use after free segfault.Andreas Schneider2013-11-121-3/+4
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Nov 12 19:22:28 CET 2013 on sn-devel-104
* s4:dsdb: Move cldap netlogon functions into samdb/ldb_modulesBenjamin Franzke2013-11-114-2/+464
| | | | | | | | As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2013-11-112-11/+74
| | | | | | | | | | | | | | | | | | | | | | This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamicBenjamin Franzke2013-11-111-20/+19
| | | | | | | | This replaced the *module parameter, and uses ac->module in the function instead, same for *req and *attrs. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* samdb: Fix CID 241968 Uninitialized pointer readVolker Lendecke2013-11-111-1/+1
| | | | | | | Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* dsdb: Fix Coverity ID 1034907 Dereference before null checkVolker Lendecke2013-11-111-1/+1
| | | | | | | "module" has already been dereferenced by ldb_module_get_private(module) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an ↵Nadezhda Ivanova2013-11-032-5/+15
| | | | | | | | | | | | originating add operation As described in MS-ATDS 3.1.1.5.2.8. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
* s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2013-10-252-1/+31
| | | | | | | | | | Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova2013-10-143-3/+40
| | | | | | | | | | | | According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
* dsdb: Provide a clearer error when we fail to store the sequence number in ↵Andrew Bartlett2013-10-101-6/+19
| | | | | | | metadata.tdb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb/tests/ldap: fix test_distinguished_name against w2k8r2Stefan Metzmacher2013-10-101-2/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'Stefan Metzmacher2013-10-101-1/+1
| | | | | | | | | | | The attribute on the RootDSE object is called 'dnsHostName' instead of 'dNSHostName' (which is used in the schema and on all other directory objects). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2Stefan Metzmacher2013-10-101-4/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLsAndrew Bartlett2013-09-261-1/+1
| | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Note that this doesn't fix the userParameters problem completely, but it doesn't truncate the userParameters value anymore. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Sep 26 22:05:12 CEST 2013 on sn-devel-104
* pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.Andrew Bartlett2013-09-241-0/+5
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* pydsdb: Give KeyError when we fail a schema lookup in pythonAndrew Bartlett2013-09-241-8/+8
| | | | | | | | | This allows sensible exception handling. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* Fix DN RDN case in partition namesHoward Chu2013-09-243-31/+35
| | | | | | | | | | | Move fix_dn from extended_dn_out.c to util.c Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 24 07:43:39 CEST 2013 on sn-devel-104
* Fix entryCSN formatHoward Chu2013-09-231-1/+7
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Drop paged-search from OpenLDAP stackHoward Chu2013-09-231-1/+1
| | | | | | | | Unnecessary, waste of time Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Add LDB_MAP_RENDROP optionHoward Chu2013-09-231-1/+1
| | | | | | | | | | Like LDB_MAP_RENAME, but drop the attribute if it occurs in an Add request. Used for distinguishedName attribute, is read-only and generated but for some bizarre reason AD allows it in an Add request. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Return a couple more attrs by defaultHoward Chu2013-09-231-0/+2
| | | | | | | | Seems to want name and distinguishedName to always be returned. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
generated by cgit (git 2.34.1) at 2025-08-30 14:31:14 +0000