summaryrefslogtreecommitdiffstats
path: root/source4/dsdb
Commit message (Collapse)AuthorAgeFilesLines
* s4-dsdb: make subtree_rename errors clearerAndrew Tridgell2011-02-071-10/+10
|
* s4-dsdb Add tests to ensure we don't break the rootDSE function levels againAndrew Bartlett2011-02-021-0/+33
| | | | | | | | | | This both checks that the levels make sense, and they match what they should be based on in the DB. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 2 06:09:53 CET 2011 on sn-devel-104
* s4-dsdb Fix generation of rootDSE domainControllerFunctionalityAndrew Bartlett2011-02-021-1/+3
| | | | | | | | | | The issue here is that when the samdb calls were removed, this call relied on going back to the top of the module stack, so as to re-enter the rootDSE search handler. It makes more sense to check the @ROOTDSE record directly, and therefore not to invoke the search() handler during the init. Andrew Bartlett
* s4-python Ensure we add the Samba python path first.Andrew Bartlett2011-02-0211-11/+11
| | | | | | | This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
* s4-acl: Fixed returning uninitialized ldap error in case of some critical ↵Nadezhda Ivanova2011-01-281-7/+10
| | | | | | | errors. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Fri Jan 28 12:04:01 CET 2011 on sn-devel-104
* s4:ldap.py - check the write protection on LSA objectsMatthias Dieter Wallnöfer2011-01-251-5/+30
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
* s4:dsdb/samdb/ldb_modules/objectclass.c - move LSA specific object checks ↵Matthias Dieter Wallnöfer2011-01-252-32/+29
| | | | | | | | | | | | | | into "objectclass_attrs" LDB module LSA object classes are protected on both LDAP add and LDAP modify operations, so I've refactored the previous check in the objectclass LDB module only for LDAP adds in a new one in the objectclass_attrs LDB module for both adds and modifies. This is the result of the investigations done by Hongwei Sun and I in the last months. Interestingly these protection mechansim doesn't apply on LDAP deletes! Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-repl_meta_data: replmd_update_is_newer() should not return true if ↵Kamen Mazdrashki2011-01-221-3/+3
| | | | | | | metadata stamps are equal Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sat Jan 22 12:22:30 CET 2011 on sn-devel-104
* s4-repl_meta_data: Print out what is wrong when we fail to modify objectKamen Mazdrashki2011-01-221-0/+1
|
* s4-repl_meta_data: We should not use USNs in metadata comparisonsKamen Mazdrashki2011-01-221-11/+0
| | | | If object is changed by same DC, then version should be incremented
* s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett2011-01-203-41/+29
| | | | | | | | | | | | This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
* s4-dsdb Don't use None as the input to the GENSEC loop in tokengroups testAndrew Bartlett2011-01-191-1/+1
| | | | | | The input to gensec.update() should always be a string. Andrew Bartlett
* s4-dsdb Add PAC validation test to tokengroups test.Andrew Bartlett2011-01-191-20/+78
| | | | | | | | | | | | | This confirms that the groups obtained from a Kerberos PAC match those that a manual search of a target LDAP server would reveal. This should allow mixing of a KDC specified by krb5.conf to test Samba or Windows alternatly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jan 19 13:13:48 CET 2011 on sn-devel-104
* s4-dsdb Add a test of the tokenGroups behaviour on the user's DN.Andrew Bartlett2011-01-191-3/+21
| | | | Andrew Bartlett
* s4-tests: Added a test for correct inheritance of IO flagged ACEs.Nadezhda Ivanova2011-01-181-0/+18
| | | | | Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104
* s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell2011-01-174-26/+32
| | | | | | | dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
* s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell2011-01-1724-231/+331
| | | | | | | this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb_find_nc_root - fix it up to let the provisioning work correctlyMatthias Dieter Wallnöfer2011-01-151-2/+2
| | | | | | | | | | | Use the temporary list unless we have at least the three main "namingContexts" from the rootDSE available (Default, Configuration, Schema - these are mandatory on all AD deployments!). This bug has been discovered by Nadya in relation with her SD work. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
* s4:urgent_replication.py - remove a now superflous RELAX controlMatthias Dieter Wallnöfer2011-01-141-1/+1
| | | | | | | | The LSA object creation protection changed to the trusted/untrusted connection model. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
* s4:samldb LDB module - fix "userAccountControl" handlingMatthias Dieter Wallnöfer2011-01-142-15/+39
| | | | | | | | "UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags are set on LDAP add operations. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
* s4-dsdb: only enforce the extended dn rules over ldapAndrew Tridgell2011-01-141-2/+21
| | | | | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
* s4-dsdb: removed the last use of samdb_search_*() from the dsdb ldb modulesAndrew Tridgell2011-01-141-4/+12
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: removed some more samdb_search_*() calls from samldb.cAndrew Tridgell2011-01-141-26/+69
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: replaced another use of samdb_search in a ldb moduleAndrew Tridgell2011-01-141-4/+10
| | | | | | we should be using the dsdb_module_search*() calls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed primaryGroupID to use dsdb_module_search_dn()Andrew Tridgell2011-01-141-6/+14
| | | | | | | this avoids using a multi-part extended DN in a search that hits the check in extended_dn_in Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed filtering of tokengroupsAndrew Tridgell2011-01-141-5/+3
| | | | | | builtin groups are shown in user tokenGroups searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-test: added a tokengroups testAndrew Tridgell2011-01-141-0/+100
| | | | | | | this tests that the remote tokenGroups match the internally calculated ones Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-samdb: give a more useful debug when we can't open the privileges dbAndrew Tridgell2011-01-141-0/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: minimise the DN in group expansionAndrew Tridgell2011-01-141-0/+5
| | | | | | | | this DN we have came from an extended DN search, which means it may have multiple extended components. We need to minimise the DN before AD will accept it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: validate number of extended componentsAndrew Tridgell2011-01-141-2/+10
| | | | | | | | | this checks that the number of extended components in a DN is valid, to match MS AD behaviour. We need to do this to ensure that our tools don't try to do operations that will be invalid when used against MS servers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb Implement tokenGroups expansion directly in ldb operational moduleAndrew Bartlett2011-01-143-30/+269
| | | | | | This removes a silly cross-dependency between the ldb moudle stack and auth/ Andrew Bartlett
* s4:extended_dn_out LDB module - initialise "have_reveal_control"Matthias Dieter Wallnöfer2011-01-121-1/+1
|
* s4-tests: Tests for expansion of ACEs containing generic information.Nadezhda Ivanova2011-01-111-2/+59
| | | | | Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Jan 11 12:10:25 CET 2011 on sn-devel-104
* acl tests: Fix import.Jelmer Vernooij2011-01-061-4/+7
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Jan 6 16:07:49 CET 2011 on sn-devel-104
* Remove unused imports.Jelmer Vernooij2011-01-066-14/+7
|
* s4-python: Add missing prototypes.Jelmer Vernooij2011-01-031-0/+2
|
* s4:acl LDB module - "acl_rename" - memory contexts fixupMatthias Dieter Wallnöfer2010-12-231-5/+19
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Dec 23 22:49:41 CET 2010 on sn-devel-104
* s4:acl LDB module - add a missing "talloc_free(tmp_ctx)" in an error pathMatthias Dieter Wallnöfer2010-12-231-0/+1
| | | | | | | Just for consistency. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Dec 23 21:46:38 CET 2010 on sn-devel-104
* dsdb:ldap.py - transform a test call into the new "msg.add" syntaxMatthias Dieter Wallnöfer2010-12-221-8/+5
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Dec 22 13:05:53 CET 2010 on sn-devel-104
* s4-tests: Tests for Validated-SPN implementation.Nadezhda Ivanova2010-12-221-14/+274
| | | | | | | Test setting spn on RWDC, RODC and regular computer object. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
* s4-acl: Implementation of Validated-SPN validated writeNadezhda Ivanova2010-12-221-0/+215
| | | | | | If this right is granted to a user, they may modify the SPN of an object with some value restrictions serviceName can be set only if the object is a DC, and then only to the default domain and netbios name, or ntds_guid._msdsc_.forest_domain. If the serviceType is GC, only to the forest root domain. If the serviceType is ldap, then to forest_domain or netbiosname. InstanceType can be samAccountName or dnsHostName.
* s4-dsdb: Added a helper function to get the default dns domain as string.Nadezhda Ivanova2010-12-221-0/+19
|
* s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett2010-12-211-5/+22
| | | | | | | | | We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
* s4-auth rework session_info handling not to require an auth contextAndrew Bartlett2010-12-211-1/+1
| | | | | | | This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
* s4-auth Remove event context from privilage database handlingAndrew Bartlett2010-12-212-7/+4
| | | | | | | These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
* s4:dsdb/schema/schema_* - adaptions needed for removed "const" on OIDsMatthias Dieter Wallnöfer2010-12-212-2/+5
|
* s4:dsdb/common/util.c - remove unused variable "ndr_err"Matthias Dieter Wallnöfer2010-12-211-1/+0
|
* s4-pydsdb: Use local memory context in py_dsdb_get_oid_from_attid()Kamen Mazdrashki2010-12-201-4/+16
| | | | | | | | | | | | | This version reverts changes from commit b974966cc2b4d0b5b0d83206070b5f7c5c6495d1 and is what Matthieu Patou had commited in d784ecec555a3d9737e6f4b3894f27904d2b833c with added reference to the schema cache. I think referencing schema here is the right thing to be done as thus we garantee that schema cache will stay in memory for the time our function is executed Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Mon Dec 20 12:01:53 CET 2010 on sn-devel-104
* s4-drepl: During Schema replication, we need to save updated prefixMap if ↵Kamen Mazdrashki2010-12-181-0/+18
| | | | | | | everything is OK Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sat Dec 18 05:53:48 CET 2010 on sn-devel-104
* s4-dsdb_schema: Copy info needed for Schema refresh in dsdb_schema_copy_shallowKamen Mazdrashki2010-12-181-0/+4
| | | | | | | | Just 'refresh_fn' and 'loaded_from_module' are copied. I left 'reload_seq_number' set to 0 intentionally, so that this Schema cache will looks like a very old one to ,refresh_fn'. This way, if this shallow copy is attached to LDB, it will be refreshed as soon as possible by 'refresh_fn'.
generated by cgit (git 2.34.1) at 2024-10-02 16:33:31 +0000