summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/samdb
Commit message (Collapse)AuthorAgeFilesLines
* s4-dsdb: extend the extended_dn_in module to handle DN linksAndrew Tridgell2011-08-041-44/+104
| | | | | | | | | this replaces DN components in incoming filter expressions with the full extended DN of the target, which allows search expressions based on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way links in search expressions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: handle search expressions containing extended DNsAndrew Tridgell2011-08-042-1/+167
| | | | | | | this allows for searches like member=<SID=S-1-2-3> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: fixed outgoing one way link DNsAndrew Tridgell2011-08-042-3/+63
| | | | | | | | when we return a DN which is a one way link, fix the string DN component by searching for the GUID and replacing the DN components Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* remove unnecessary dependency on 'events' from ldb modules.Jelmer Vernooij2011-08-011-35/+35
|
* s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou2011-07-261-2/+3
|
* s4-dsdb: Use controls provided during the request while searching for object ↵Matthieu Patou2011-07-211-1/+13
| | | | | | | | | | to delete If the parent request specify the show_deleted control we must use it in order to be able to see the deleted objects. Also we just allow to trusted connections with the system account to remove deleted objects, others receive an unwilling to perform.
* s4-dsdb: check group membership only for non deleted objectsMatthieu Patou2011-07-211-2/+9
| | | | | Group membership has been already removed on deleted objects so there is no mean doing something on this kind of object.
* update/add my copyrightMatthieu Patou2011-07-213-0/+3
|
* s4-dsdb: In rootdse add extended dn info on all values for a given attributeMatthieu Patou2011-07-211-57/+66
| | | | And not only on the fist value as it was the case up to this changeset.
* s4-dsdb: add dsdb_module_extended function similar to other dsdb_module_* ↵Matthieu Patou2011-07-211-0/+61
| | | | functions
* s4-dsdb: fixed the defaultObjectCategory to have a full GUIDAndrew Tridgell2011-07-131-0/+24
| | | | | | | | | this fixes the DN to have a full GUID for new objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
* s4-dsdb: another special case for the "member" attributeAndrew Tridgell2011-07-131-1/+6
| | | | | | thanks to Matthias for his great test suite work! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb Don't process deletion of member attributes here.Andrew Bartlett2011-07-131-0/+9
| | | | | | | We don't need to compare the delete against the primaryGroupID check here - that test is for adds. Andrew Bartlett
* s4-dsdb: fixed modify of ACLs on deleted objectsAndrew Tridgell2011-07-131-2/+4
| | | | | | this is needed for the dbcheck code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: raise debug level for backlink errorsAndrew Tridgell2011-07-131-1/+1
| | | | | | | when dbcheck is fixing missing backlinks we don't want a DEBUG 0 message Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: moved checking of duplicate member entries to repl_meta_data.cAndrew Tridgell2011-07-132-35/+20
| | | | | | | | | | | | the samldb checks failed to account for the possibility of a member being removed and added in the same modify operation. This happens (for example) when dbcheck is fixing a SID in a DN. The repl_meta_data.c code already has this check, it just wasn't giving the right specialised error code for the 'member' attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dirsync: do not return linked attribute if the target object is no moreMatthieu Patou2011-07-111-0/+29
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: allow objectsid to be specified in a modification operationMatthieu Patou2011-07-111-3/+5
| | | | | | if we have the provision control, it's used by dbcheck Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: if the provision control is specified, update replication metadata ↵Matthieu Patou2011-07-111-1/+7
| | | | | | even if the data hasn't change Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: when replacing linked attribute take always the new dn as the old ↵Matthieu Patou2011-07-111-1/+1
| | | | | | | | | | dn might be broken The usual use case is that you have a not complete linked attribute (ie. without the SID) if we keep using the old dn, then the SID will never be added. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: check for single valued attribute in repl_meta_data moduleMatthieu Patou2011-07-111-0/+11
| | | | | | | | This is needed because we can have more than 1 value in a single valued attribute as we store also deleted values. So we do the check in repl_meta_data and then indicate LDB to do the check. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: deleted objects are expected to be missing mandatory attributesAndrew Tridgell2011-07-111-1/+2
| | | | | | | | | the objectclass_attrs validation that an object contains all mandatory attributes is incorrect for deleted objects, as they get stripped of some mandatory attributes when deleted (for example, objectCategory gets stripped) Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: fixed crash bug in extended_dn_inAndrew Tridgell2011-07-111-2/+4
| | | | | | | | | when extended_dn_in fails to resolve a GUID extended DN component, the debug code assumed that it was a search operation, and accessed ac->req->op.search.base, which is not valid for non-search DN expansions. Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-dsdb: allow removal of unknown attributes if RELAX setAndrew Tridgell2011-07-052-2/+21
| | | | | | this allows attributes not known in the schema to be removed if the caller has set the RELAX control. This will be used by dbcheck to allow cleaning of bad attributes from the database
* s4-dsdb guard principalName parse for invalid inputsAndrew Bartlett2011-07-011-1/+6
| | | | | | | | | | | | | | | | | We need to ensure that if this parses name.name_string as just one val, then we don't read uninitialised and possibly unallocated memory. Found by Adam Thorn <alt36@cam.ac.uk> While we are checking that, we need to fix the strncasecmp() check to first check if the string is the expected length, then check for a match against sAMAccountName-without-doller, as otherwise we will permit a string such as machinefoo to match a sAMAccountName of machine. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 1 03:55:00 CEST 2011 on sn-devel-104
* s4-dsdb Allow a servicePrincipalName of machine$Andrew Bartlett2011-07-011-0/+6
| | | | | | | This is pointless, but MacOS X (version 10.6.8 was tested) apparently sets machine$ into this field. Andrew Bartlett
* s4-dsdb: bypass validation when relax setAndrew Tridgell2011-06-221-1/+2
| | | | | | | this allows dbcheck to fix bad attributes Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
* s4-dsdb: prioritise GUID in extended_dn_inAndrew Tridgell2011-06-221-8/+11
| | | | | | | if we search with a base DN that has both a GUID and a SID, then use the GUID first. This matters for the S-1-5-17 SID. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: catch duplicate matches in extended_dn_inAndrew Tridgell2011-06-221-0/+12
| | | | | | | | When searching using extended DNs, if there are multiple matches then return an object not found error. This is needed for the case of a duplicate objectSid, which happens for S-1-5-17 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: ensure we add a RMD_ADDTIME when upgrading a linked attributeAndrew Tridgell2011-06-101-1/+2
| | | | | if the link was a w2k style, and we are upgrading it, then set the RMD_ADDTIME to the current time
* s4-dsdb: cope with missing backlinks in rpmd handlingAndrew Tridgell2011-06-071-1/+10
| | | | | if backlinks have not propogated correctly in a previous replication this allows us to recover
* s4-param Remove 'sid generator'Andrew Bartlett2011-06-061-9/+5
| | | | | | | This was only used by the Fedora DS backend for Samba4. We agreed to no longer support external LDAP backends. Andrew Bartlett
* s4-param Remove 'sam database' parameterAndrew Bartlett2011-06-061-1/+1
| | | | | | This now just relies on the private dir parameter, which remains. Andrew Bartlett
* s4:samldb LDB module - check if the RODC group exists if creating an RODCMatthias Dieter Wallnöfer2011-05-251-13/+43
| | | | | | | | | | Older AD deployments simply don't have it and hence there is no RODC support. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed May 25 10:26:37 CEST 2011 on sn-devel-104
* s4:samldb LDB module - better to call "samldb_prim_group_trigger"Matthias Dieter Wallnöfer2011-05-251-1/+1
| | | | | | | "samldb_prim_group_trigger" which as a wrapper calls "samldb_prim_group_change" for a LDB modify operation. Reviewed-by: abartlet
* s4:samldb LDB module - convert a "dsdb_module_search" into ↵Matthias Dieter Wallnöfer2011-05-251-5/+2
| | | | | | | | "dsdb_module_search_dn" It saves us from checking the number of returned entries. Reviewed-by: abartlet
* s4:samldb LDB modules - only objectClass "computer" is allowed to embed all ↵Matthias Dieter Wallnöfer2011-05-251-3/+33
| | | | | | types of account Reviewed-by: abartlet
* s4:samldb LDB module - fix "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer2011-05-251-3/+22
| | | | | | | Tests against Windows Server show that it gets set to "FALSE" (not deleted) if we change the account type to a domain member. Reviewed-by: abartlet
* s4:samldb LDB module - fix the behaviour when changing the "userAccountControl"Matthias Dieter Wallnöfer2011-05-251-14/+31
| | | | | | | | | | Ekacnet was not quite right yet but his patch made me think further. This primary group changing is only needed if the account type changes. With this patch we do one more search if the "userAccountControl" changes but we save us from doing these unneeded and wrong modify replace operations most of the time. Reviewed-by: abartlet
* s4:samldb LDB module - don't change the "primaryGroupId" on LDB ↵Matthieu Patou2011-05-211-1/+16
| | | | | | modifications unless we are a computer/dc/rodc Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4:ldb-samba/ldb_wrap.*-dsdb/samdb/samdb.c - handle LDB connection flags as ↵Matthias Dieter Wallnöfer2011-05-211-1/+1
| | | | | | | | unsigned The LDB API ("ldb_connect") prescribes that they should be "unsigned". Signed-off-by: Metze
* s4-dsdb: implementation of the dirsync controlMatthieu Patou2011-05-213-0/+1369
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: introduce dsdb_module_search_treeMatthieu Patou2011-05-211-24/+63
| | | | | | | | | With this function your own search tree can be specified This function is similar to ldb_build_search_req_ex as it allows to pass a parse tree structure. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: relax a bit the checks on read acl when dirsync control is specifiedMatthieu Patou2011-05-211-12/+42
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: create flag for requesting ACL relax in case of DIRSYNC requestMatthieu Patou2011-05-211-0/+1
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4: do not change the critical flag when it's on a dirsync controlMatthieu Patou2011-05-211-1/+5
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* Remove strlower_m() and strupper_m() from source4 and common code.Andrew Bartlett2011-05-031-2/+1
| | | | | | | | | This function is problematic because a string may expand in size when changed into upper or lower case. This will then push characters off the end of the string in the s3 implementation, or panic in the former s4 implementation. Andrew Bartlett
* s4-messaging Rename messaging -> imessagingAndrew Bartlett2011-05-032-6/+6
| | | | | | | This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett
* s4:"ldb_connect" calls - proof for "!= LDB_SUCCESS"Matthias Dieter Wallnöfer2011-04-291-1/+1
| | | | Reviewed-by: abartlet
* s4:repl_meta_data LDB module - quiet a discard const ptr warningMatthias Dieter Wallnöfer2011-04-291-1/+1
|
generated by cgit (git 2.34.1) at 2025-08-28 16:40:51 +0000