summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/samdb
Commit message (Collapse)AuthorAgeFilesLines
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-233-356/+359
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* s4-dsdb: allow modification of some deleted object if the show-deleted ↵Matthieu Patou2012-05-191-4/+9
| | | | | | | control is presented Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
* s4-dsdb: naming context needs to have the extended-dn syntax tooMatthieu Patou2012-05-191-0/+1
|
* s4-schema: Validate more class attribute when adding a new class in the schemaMatthieu Patou2012-05-061-0/+29
| | | | | Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
* s4: use intermediate var, increase lisibilityMatthieu Patou2012-05-051-6/+5
|
* s4-dsdb: Use data_blob_string_const and add explaination for open-coded ↵Andrew Bartlett2012-05-041-4/+6
| | | | | | | function in samldb Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
* s4-dsdb: Use strcasecmp_m() to compare possibly multibyte strings in samldbAndrew Bartlett2012-05-041-5/+5
|
* s4:samldb LDB module - make sure to not add identical ↵Matthias Dieter Wallnöfer2012-05-041-12/+41
| | | | | | | | | | "servicePrincipalName"s more than once The service principal names need to be case-insensitively unique, otherwise we end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error. This issue has been discovered on the technical mailing list (thread: cannot rename windows xp machine in samba4) when trying to rename a AD client workstation.
* s4:samldb LDB module - homogenize LDB search attributes arraysMatthias Dieter Wallnöfer2012-04-301-13/+13
| | | | | | | | | | | First they do not need to be "static" any longer since we have abandoned asynchronous result handling (where global variables have been important). In addition add some "const" in order to protect us from unwanted writes. Reviewed-by: Andrew Bartlett Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Apr 30 16:46:20 CEST 2012 on sn-devel-104
* s4:samldb LDB module - implement "fSMORoleOwner" attribute protectionMatthias Dieter Wallnöfer2012-04-301-0/+76
| | | | | | | | | This is a very essential attribute since it references to various domain master roles (PDC emulator, schema...) depending on which entry it has been set. Incautious modifications can cause severe problems. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
* dsdb: more RELAX to DBCHECK control shift so that only dbcheck can do ↵Matthieu Patou2012-04-291-2/+2
| | | | uncontrolled changes
* dsdb: change control from relax to dbcheckMatthieu Patou2012-04-291-1/+1
| | | | | Comment indicate that this is needed by dbcheck only and it permits other projects to push broken schema and remain undetected
* Cracknames: use krb wrapper functions so it works with MITSimo Sorce2012-04-231-25/+29
| | | | | | | Also avoid a silly game with directly modifying the principal and then calling krb5_principal_unparse_flags to get out a string. If we already assume it is a 2 components name and know what outcome we are going to get, just go ahead and talloc_asprintf the linearized string.
* dsdb: added SHOW_DELETED to samldb_member_check()Andrew Tridgell2012-04-181-1/+1
| | | | | | | when dbcheck is fixing DNs, it will sometimes operated on a deleted DN link Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modifyMichael Adam2012-04-182-0/+35
| | | | | | | | | | | This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
* s4-schema: set subClassOf by default to top if not specifiedMatthieu Patou2012-04-181-0/+6
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* s4-schema: remove unused variableMatthieu Patou2012-04-181-4/+0
|
* s4-schema: Generate some schema related attribute as MS AD is doing if they ↵Matthieu Patou2012-04-181-0/+43
| | | | are not present in ldb requests
* s4: use enums instead of strings it's cheaperMatthieu Patou2012-04-171-14/+40
|
* srv_keytab: Pass krb5_context directly, it's all we use anyways.Simo Sorce2012-04-121-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Remove unneded dependency on kerberos_util.Simo Sorce2012-04-121-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Simplify salt_princ handling.Simo Sorce2012-04-122-9/+63
| | | | | | | | This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Move keytab functions in a separate file.Simo Sorce2012-04-122-1/+2
| | | | | | Confine ldb dependency. Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-ldb: use KRB5_KEY macros to access key elements.Günther Deschner2012-04-121-8/+8
| | | | | | Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
* s4:dsdb/samdb/ldb_modules/schema.c - move "get_last_structural_class()" into ↵Matthias Dieter Wallnöfer2012-04-116-83/+46
| | | | | | | | | "util.c" And remove this helper module - it does not have much sense keeping it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
* s4:dsdb/samdb/ldb_modules/schema.c - inline "get_oc_guid_from_message()" to ↵Matthias Dieter Wallnöfer2012-04-112-18/+23
| | | | | | | its only user Reduce the number of not to be shared functions in "schema.c". Change it to make use of "get_last_structural_class()".
* s4:dsdb - introduce a only constant-time "get_last_structural_class()" callMatthias Dieter Wallnöfer2012-04-113-37/+18
| | | | With the redesign of the previous patches this has become possible.
* s4:dsdb/samdb/ldb_modules/schema.c - inline "acl_check_access_on_class" to ↵Matthias Dieter Wallnöfer2012-04-112-46/+47
| | | | | | its only user Reduce the number of not to be shared functions in "schema.c".
* s4:dsdb - move "objectclass_sort()" out from the objectclass LDB module into ↵Matthias Dieter Wallnöfer2012-04-111-217/+36
| | | | | | | | | | the schema code This allows it to be useful for the dbchecker utility in respect to object class problems. Fix up the API to only work with standardised LDB "ldb_message_element" structures which do allow much easier interoperations. As a consequence this leads to some changes in the objectclass module as well.
* s4:acl LDB module - remove set but unused variablesMatthias Dieter Wallnöfer2012-04-111-5/+0
|
* s4:objectclass LDB module - remove unneeded build dependenciesMatthias Dieter Wallnöfer2012-04-111-1/+1
|
* s4-dsdb: use constant-time search for descriptor -> get_last_structural_class()Andrew Bartlett2012-03-262-2/+4
| | | | | | | | | | The objectClass list is sorted at this point, as we are called below the objectclass module here, or are working from a search result. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 05:38:13 CEST 2012 on sn-devel-104
* s4:dsdb - enhance "get_last_structural_class()" for optimisationsMatthias Dieter Wallnöfer2012-03-263-10/+29
| | | | | | | | If the objectclass entry has been sorted before we are able to determine the (last) structural or 88 object class in constant time. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:objectclass LDB module - fix up the sorting in respect to structural or ↵Matthias Dieter Wallnöfer2012-03-261-4/+18
| | | | | | | | | 88 objectclasses Please have a look at MS-ADTS 3.1.1.1.4. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:objectclass LDB module - clean up "objectclass_sort()"Matthias Dieter Wallnöfer2012-03-261-24/+13
| | | | | | | Make it easier to comprehend Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Move NS_GUID_string and NS_GUID_from_string to dsdb-common.Jelmer Vernooij2012-03-202-1/+2
|
* tdb_wrap: Move to specific directory.Jelmer Vernooij2012-03-101-1/+1
| | | | | | | | | | It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
* SEGV in acl_validate_spn_value: dnsHostName NULLArvid Requate2012-03-021-1/+1
| | | | | | | | | | | This patch addresses a segfault in acl_validate_spn_value which occurs when the "dnsHostName" attribute is missing. This seems to be the case in domains migrated with samba3upgrade. Looks similar to MS KB 817543. Signed-off-by: Nadezhda Ivanova <nivanova@drizzit.(none)> Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Mar 2 21:26:40 CET 2012 on sn-devel-104
* s4-dsdb: Check if metadata.tdb exists, before trying to open itAmitay Isaacs2012-02-131-0/+6
| | | | | | | | | | This fixes the error output from tdb2 when metadata module tries to create metadata.tdb first time. This error is reported since metadata module tries to check if tdb exists by trying to open tdb file. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon Feb 13 03:02:09 CET 2012 on sn-devel-104
* samdb: use compat wrappers for tdb_fetch().Rusty Russell2012-01-301-6/+6
| | | | | | | | TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now. Similarly, tdb_errorstr() -> tdb_errorstr_compat(). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* s4:dsdb/password_hash: require a "Primary:Kerberos" blob in ↵Stefan Metzmacher2012-01-161-0/+16
| | | | | | | | | | | | supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
* s4:repl_meta_data LDB module - set "isRecycled" time correctlyMatthias Dieter Wallnöfer2012-01-051-9/+8
| | | | | | | | | | "unix_to_nt_time()" which is based on "time_t" behaves differently for literals > 32 bit on 32 and 64 bit platforms. Reviewed-by: ekacnet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
* s4-ldb: Add isRecycled when is defined in the schemaMatthieu Patou2011-12-231-3/+9
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-dsdb: Relax the conditions where we can't do a subtree deleteMatthieu Patou2011-12-191-1/+19
| | | | | | | | | If the parent object is a SAM object (as defined in 3.1.1.5.2.3 Special Classes and Attributes of MS-ADTS) then we can use the subtree delete control even if the object is a critical one. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
* s4-dsdb: Added metadata to partition module for global sequence numberAmitay Isaacs2011-11-295-17/+612
| | | | | | | This adds support for global sequence number which is independent of partition information. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: use dsdb_module_extended instead of duplicate codeAmitay Isaacs2011-11-292-31/+13
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: Return ldb_result context in dsdb_module_extendedAmitay Isaacs2011-11-291-3/+20
| | | | | | | The result of the extended operation is now available in the calling routine. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number supportAmitay Isaacs2011-11-292-140/+13
| | | | | | | This was a hack for LDAP backends to store a sequence number as a timestamp. It is still supported in standalone ldb tdb backend. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4:update_keytab LDB module - no need to filter for the DNMatthias Dieter Wallnöfer2011-11-261-2/+2
| | | | | | | We launch a search request with base scope on exactly the same DN (see downwards). Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-dsdb: Modify the repl_meta_data behavior to allow Metadata change on ↵Matthieu Patou2011-11-191-2/+8
| | | | | | | attribute interSiteTopologyGenerator even if the value didn't change Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-07-01 06:43:20 +0000