sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code
samba-mirror/source4/dsdb/samdb/samdb.h

324 lines
9.7 KiB
C
Raw Normal View History

r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 15:03:25 +00:00
/*
Unix SMB/CIFS implementation.
interface functions for the sam database
Copyright (C) Andrew Tridgell 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 15:03:25 +00:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 15:03:25 +00:00
*/
#ifndef __SAMDB_H__
#define __SAMDB_H__
struct auth_session_info;
r20826: make the dsdb_control_current_partition struct public and allocate an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
2007-01-16 10:57:55 +00:00
struct dsdb_control_current_partition;
r20682: make the dsdb_extended_replicated_objects_commit() interface a bit more useful, so that we can apply the schema partition objects with one call metze (This used to be commit 165ff94b8a89ef4b9145405633ed11ab9567376b)
2007-01-11 10:21:38 +00:00
struct dsdb_extended_replicated_object;
struct dsdb_extended_replicated_objects;
r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-02 17:09:52 +01:00
struct loadparm_context;
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29 20:24:57 +01:00
struct tevent_context;
r20682: make the dsdb_extended_replicated_objects_commit() interface a bit more useful, so that we can apply the schema partition objects with one call metze (This used to be commit 165ff94b8a89ef4b9145405633ed11ab9567376b)
2007-01-11 10:21:38 +00:00
s4:dsdb/common: add helper functions for trusted domain objects (tdo) The most important things is the dsdb_trust_routing_table with the dsdb_trust_routing_table_load() and dsdb_trust_routing_by_name() functions. The routing table has knowledge about trusted domains/forests and enables the dsdb_trust_routing_by_name() function to find the direct trust that is responsable for the given name. This will be used in the kdc and later winbindd to handle cross-trust/forest routing. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-02-02 13:12:36 +01:00
struct dsdb_trust_routing_table;
r20682: make the dsdb_extended_replicated_objects_commit() interface a bit more useful, so that we can apply the schema partition objects with one call metze (This used to be commit 165ff94b8a89ef4b9145405633ed11ab9567376b)
2007-01-11 10:21:38 +00:00
#include "librpc/gen_ndr/security.h"
ldb: use #include <ldb.h> for ldb thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10 14:12:51 +11:00
#include <ldb.h>
Note the ldb syntax for attribute syntaxes in the table. This includes additional Samba-specific syntaxes made available from the ldif_handlers code. This commit also changes some table to use #defines, to ensure consistancy in other parts of the code. Andrew Bartlett (This used to be commit e26a5efd9a580ed3728e1f449e367b1cd4a73b5f)
2008-08-18 20:30:27 +10:00
#include "lib/ldb-samba/ldif_handlers.h"
r20682: make the dsdb_extended_replicated_objects_commit() interface a bit more useful, so that we can apply the schema partition objects with one call metze (This used to be commit 165ff94b8a89ef4b9145405633ed11ab9567376b)
2007-01-11 10:21:38 +00:00
#include "librpc/gen_ndr/samr.h"
#include "librpc/gen_ndr/drsuapi.h"
#include "librpc/gen_ndr/drsblobs.h"
#include "dsdb/schema/schema.h"
#include "dsdb/samdb/samdb_proto.h"
s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+String This aims to replace (and is based on) the code in ldb_dn.c. It is however much stricter in the DNs it will accept. Andrew Bartlett
2009-11-05 16:57:20 +11:00
#include "dsdb/common/dsdb_dn.h"
s4:dsdb/samdb/samdb.h - fix include ordering in order to prevent warnings on Tru64
2010-11-27 18:30:12 +01:00
#include "dsdb/common/proto.h"
libds: share UF_ flags between samba3 and 4. Guenther
2009-06-12 14:27:19 +02:00
#include "../libds/common/flags.h"
r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 15:03:25 +00:00
r20826: make the dsdb_control_current_partition struct public and allocate an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
2007-01-16 10:57:55 +00:00
#define DSDB_CONTROL_CURRENT_PARTITION_OID "1.3.6.1.4.1.7165.4.3.2"
struct dsdb_control_current_partition {
/*
* this is the version of the dsdb_control_current_partition
* version 0: initial implementation
change the dsdb_control_current_partition to not include internal variables This structures was used in two ways. In one way it held variables that are logically internal to the partition module, and in the other way it was used to pass the partition DN down to other modules. This change makes the structure contain just the dn which is being passed down. This change is part of the support for linked attributes. We will be passing this control down from above the partition module to force which partition a request acts upon. The partition module now only adds this control if it isn't already there.
2009-09-02 13:36:54 +10:00
* version 1: got rid of backend and module fields
r20826: make the dsdb_control_current_partition struct public and allocate an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
2007-01-16 10:57:55 +00:00
*/
change the dsdb_control_current_partition to not include internal variables This structures was used in two ways. In one way it held variables that are logically internal to the partition module, and in the other way it was used to pass the partition DN down to other modules. This change makes the structure contain just the dn which is being passed down. This change is part of the support for linked attributes. We will be passing this control down from above the partition module to force which partition a request acts upon. The partition module now only adds this control if it isn't already there.
2009-09-02 13:36:54 +10:00
#define DSDB_CONTROL_CURRENT_PARTITION_VERSION 1
r20826: make the dsdb_control_current_partition struct public and allocate an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46)
2007-01-16 10:57:55 +00:00
uint32_t version;
struct ldb_dn *dn;
};
s4-dsdb: added DSDB_REPL_FLAG* to replication this allows the replication server to control replication via a set of flags. Initial flags will allow control for partial replications and full_sync support
2011-09-23 17:27:40 +10:00
/*
flags in dsdb_repl_flags to control replication logic
*/
#define DSDB_REPL_FLAG_PRIORITISE_INCOMING 1
#define DSDB_REPL_FLAG_PARTIAL_REPLICA 2
s4-dsdb: added DSDB_REPL_FLAG_ADD_NCNAME flag
2011-09-28 09:30:44 +10:00
#define DSDB_REPL_FLAG_ADD_NCNAME 4
repl: Give an error if we get a secret when not expecting one We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING This asserts that this is the case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-08-19 13:26:41 +12:00
#define DSDB_REPL_FLAG_EXPECT_NO_SECRETS 8
s4-dsdb: added DSDB_REPL_FLAG* to replication this allows the replication server to control replication via a set of flags. Initial flags will allow control for partial replications and full_sync support
2011-09-23 17:27:40 +10:00
s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updates We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze
2008-09-27 02:27:54 +02:00
#define DSDB_CONTROL_REPLICATED_UPDATE_OID "1.3.6.1.4.1.7165.4.3.3"
s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and extended_dn_store. By splitting the module, the extended_dn_in and extended_dn_store moudles can use extended_dn_out to actually get the extended DN. This avoids code duplication. The extended_dn_out module also contains a client implementation of the OpenLDAP dereference control (draft-masarati-ldap-deref-00). This also introduces a new control 'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module to return whatever the 'storage format' is. This allows us to work with both OpenLDAP (which performs a dereference at run time) and LDB (which stores the GUID and SID on disk). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 09:21:55 +01:00
#define DSDB_CONTROL_DN_STORAGE_FORMAT_OID "1.3.6.1.4.1.7165.4.3.4"
/* DSDB_CONTROL_DN_STORAGE_FORMAT_OID has NULL data and behaves very
* much like LDB_CONTROL_EXTENDED_DN_OID when the DB stores an
* extended DN, and otherwise returns normal DNs */
s4:fix allocated control OIDs for "password_hash" LDB module The password hash module controls overlapped others. Sorry, but the "schema_samba4.ldif" hasn't been kept up-to-date.
2010-06-13 18:19:37 +02:00
#define DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID "1.3.6.1.4.1.7165.4.3.8"
s4:dsdb: add new controls - Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password
2009-09-23 19:25:54 +02:00
struct dsdb_control_password_change_status {
struct {
uint32_t pwdProperties;
uint32_t pwdHistoryLength;
int64_t maxPwdAge;
int64_t minPwdAge;
uint32_t minPwdLength;
bool store_cleartext;
const char *netbios_domain;
const char *dns_domain;
const char *realm;
} domain_data;
enum samPwdChangeReason reject_reason;
};
s4:fix allocated control OIDs for "password_hash" LDB module The password hash module controls overlapped others. Sorry, but the "schema_samba4.ldif" hasn't been kept up-to-date.
2010-06-13 18:19:37 +02:00
#define DSDB_CONTROL_PASSWORD_HASH_VALUES_OID "1.3.6.1.4.1.7165.4.3.9"
s4:dsdb: add new controls - Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password
2009-09-23 19:25:54 +02:00
s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-08-15 19:52:18 +02:00
#define DSDB_CONTROL_PASSWORD_CHANGE_OID "1.3.6.1.4.1.7165.4.3.10"
s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the control This contains the NT and/or LM hash of the password specified by the user.
2010-08-15 20:01:27 +02:00
struct dsdb_control_password_change {
const struct samr_Password *old_nt_pwd_hash;
const struct samr_Password *old_lm_pwd_hash;
};
s4:dsdb Add control for signaling between repl_meta_data and linked_attributes This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett
2010-06-14 15:30:36 +10:00
/**
DSDB_CONTROL_APPLY_LINKS is internal to Samba4 - a token passed between repl_meta_data and linked_attributes modules
*/
#define DSDB_CONTROL_APPLY_LINKS "1.3.6.1.4.1.7165.4.3.11"
s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID When importing users from Samba3 we need to control all values. metze
2010-06-30 08:24:35 +02:00
/*
* this should only be used for importing users from Samba3
*/
#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "1.3.6.1.4.1.7165.4.3.12"
s4 dsdb: create a new control: changereplmetadata This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-22 19:56:37 +04:00
/**
OID used to allow the replacement of replPropertyMetaData.
It is used when the current replmetadata needs to be edited.
*/
#define DSDB_CONTROL_CHANGEREPLMETADATA_OID "1.3.6.1.4.1.7165.4.3.14"
s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h This makes clear that struct dsdb_control_password_change belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID. metze
2011-10-07 09:49:48 +02:00
/* passed when we want to get the behaviour of the non-global catalog port */
#define DSDB_CONTROL_NO_GLOBAL_CATALOG "1.3.6.1.4.1.7165.4.3.17"
/* passed when we want special behaviour for partial replicas */
#define DSDB_CONTROL_PARTIAL_REPLICA "1.3.6.1.4.1.7165.4.3.18"
/* passed when we want special behaviour for dbcheck */
#define DSDB_CONTROL_DBCHECK "1.3.6.1.4.1.7165.4.3.19"
dsdb: Allocate new OID to allow updates of a read-only replica Normally this would be a very bad idea, but the specific case of fixing the instanceType is the only case where this makes sense. Andrew Bartlett
2012-07-18 17:13:30 +10:00
/* passed when dbcheck wants to modify a read only replica (very special case) */
#define DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA "1.3.6.1.4.1.7165.4.3.19.1"
s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID Which allows the caller to pass a given 'pwdLastSet' value (every useful for migrations). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
2011-10-05 14:59:59 +02:00
/* passed when importing plain text password on upgrades */
#define DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.20"
s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-22 17:42:32 +01:00
/*
* passed from the descriptor module in order to
* store the recalucated nTSecurityDescriptor without
* modifying the replPropertyMetaData.
*/
#define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID "1.3.6.1.4.1.7165.4.3.21"
CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
2014-12-04 17:23:29 +13:00
/*
* passed when creating a interdomain trust account through LSA
* to relax constraints in the samldb ldb module.
*/
#define DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID "1.3.6.1.4.1.7165.4.3.23"
s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requests Tombstone reanimation requries some special handling which is going to affect several modules. Most notably: - a bit different access checks in acl.c - restore certain attributes during modify requests in samldb.c Control added also to schema_samba4.ldif by Andrew Bartlett hence the "pair programmed with" tag. Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-10-28 15:03:59 +01:00
/*
* Internal control to mark requests as being part of Tombstone restoring
* procedure - it requires slightly special behavior like:
* - a bit different security checks
* - restoring certain attributes to their default values, etc
*/
#define DSDB_CONTROL_RESTORE_TOMBSTONE_OID "1.3.6.1.4.1.7165.4.3.24"
dbcheck: Add explict tests for unknown and unsorted attributeID values Unknown attributeID values would cause an exception previously, and unsorted attributes cause a failure to replicate with Samba 4.2. In commit 61b978872fe86906611f64430b2608f5e7ea7ad8 we started to sort these values correctly, but previous versions of Samba did not sort them correctly (we sorted high-bit-set values as negative), and then after 9c9df40220234cba973e84b4985d90da1334a1d1 we stoped accepting these. To ensure we are allowed to make this unusual change to the replPropertyMetaData, a new OID is allocated and checked for in repl_meta_data.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-07-23 16:01:14 +12:00
/**
OID used to allow the replacement of replPropertyMetaData.
It is used when the current replmetadata needs only to be re-sorted, but not edited.
*/
#define DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID "1.3.6.1.4.1.7165.4.3.25"
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID This will be used to let the "password_hash" module know that the value of pwdLastSet was defaulted to 0 in the "samldb" module on add. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-11 08:31:46 +01:00
/*
* pass the default state of pwdLastSet between the "samldb" and "password_hash"
* modules.
*/
#define DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID "1.3.6.1.4.1.7165.4.3.26"
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-27 16:52:54 +02:00
/*
* pass the userAccountControl changes between the "samldb" and "password_hash"
* modules.
*/
#define DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID "1.3.6.1.4.1.7165.4.3.27"
struct dsdb_control_password_user_account_control {
uint32_t req_flags; /* the flags given by the client request */
uint32_t old_flags; /* the old flags stored (0 on add) */
uint32_t new_flags; /* the new flags stored */
};
provision: Ignore duplicate attid and governsID check During the provision this causes a huge performance hit as these two attributes are unindexed. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2016-06-30 15:03:39 +12:00
/*
* Ignores strict checking when adding objects to samldb.
* This is used when provisioning, as checking all objects when added
* was slow due to an unindexed search.
*/
#define DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID "1.3.6.1.4.1.7165.4.3.28"
dsdb: add vanish links control Normally linked attributes are deleted by marking them as with RMD flags, but sometimes we want them to vanish without trace. At those times we set the DSDB_CONTROL_REPLMD_VANISH_LINKS control. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2016-07-06 11:54:25 +12:00
/* passed when we want to thoroughly delete linked attributes */
#define DSDB_CONTROL_REPLMD_VANISH_LINKS "1.3.6.1.4.1.7165.4.3.29"
r20587: prepare the DSDB_EXTENDED_REPLICATED_OBJECTS_OID handling metze (This used to be commit ef3b325db060d43a7c2e058f6b8914b5867cd321)
2007-01-06 10:15:02 +00:00
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
r20629: add a wrapper function for ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, out, &ext_res); which prepares the replicated objects, the repl_meta_data ldb module will then add the uSNCreated, uSNChanged and some other things and will apply the objects to the partition specific ldb metze (This used to be commit 48d568a75b8109807af29f5d9604240c20c1a116)
2007-01-09 11:15:56 +00:00
struct dsdb_extended_replicated_object {
struct ldb_message *msg;
repl: Enforce that we have parent objects for all replicated objects The creating of replicated objects without their parent object allows database corruption as they can end up under the wrong object. We need to re-try the replication with the DRSUAPI_DRS_GET_ANC flag set to get the objects in tree order. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-09 17:05:56 +13:00
struct GUID object_guid;
struct GUID *parent_guid;
r20726: - only add the rdn attribute and it's meta_data when the 'name' attribute is there - add the values for objectGUID and whenChanged inside the ldb module, so that the ldb module has only replicated attributes as input metze (This used to be commit 0ecb07e0526462529fb21cec30e789a9002b30a1)
2007-01-13 10:53:12 +00:00
const char *when_changed;
r20680: prepare the helper functions for applying replicated objects to pass all needed info to the repl_meta_data module metze (This used to be commit d5db31cde279cf05bd13bcf0da03767ab3498079)
2007-01-11 09:45:30 +00:00
struct replPropertyMetaDataBlob *meta_data;
s4-dsdb: Fill in lastKnownParent when moving to lostAndFound Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 29 16:51:34 CEST 2012 on sn-devel-104
2012-07-28 15:27:26 +10:00
/* Only used for internal processing in repl_meta_data */
struct ldb_dn *last_known_parent;
repl: Enforce that we have parent objects for all replicated objects The creating of replicated objects without their parent object allows database corruption as they can end up under the wrong object. We need to re-try the replication with the DRSUAPI_DRS_GET_ANC flag set to get the objects in tree order. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-09 17:05:56 +13:00
struct ldb_dn *local_parent_dn;
r20629: add a wrapper function for ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, out, &ext_res); which prepares the replicated objects, the repl_meta_data ldb module will then add the uSNCreated, uSNChanged and some other things and will apply the objects to the partition specific ldb metze (This used to be commit 48d568a75b8109807af29f5d9604240c20c1a116)
2007-01-09 11:15:56 +00:00
};
r20587: prepare the DSDB_EXTENDED_REPLICATED_OBJECTS_OID handling metze (This used to be commit ef3b325db060d43a7c2e058f6b8914b5867cd321)
2007-01-06 10:15:02 +00:00
struct dsdb_extended_replicated_objects {
r20729: add a version number to struct dsdb_extended_replicated_objects metze (This used to be commit 2e79863d54030526841e5858e7be6a815c25593b)
2007-01-13 11:37:13 +00:00
/*
* this is the version of the dsdb_extended_replicated_objects
* version 0: initial implementation
*/
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes The caller needs to know about them in order to decide about possible notifications. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-13 08:15:20 +02:00
#define DSDB_EXTENDED_REPLICATED_OBJECTS_VERSION 3
r20729: add a version number to struct dsdb_extended_replicated_objects metze (This used to be commit 2e79863d54030526841e5858e7be6a815c25593b)
2007-01-13 11:37:13 +00:00
uint32_t version;
s4-dsdb: added DSDB_REPL_FLAG* to replication this allows the replication server to control replication via a set of flags. Initial flags will allow control for partial replications and full_sync support
2011-09-23 17:27:40 +10:00
/* DSDB_REPL_FLAG_* flags */
uint32_t dsdb_repl_flags;
r20599: - forward extended operations in the partitions module - by default the operations goes to all partitions - but some wellkown ones will go to just one partition (DSDB_EXTENDED_REPLICATED_OBJECTS_OID for now) I'll soon change the partitions module so that it'll attach a DSDB_CONTROL_PARTITION_CONTEXT_OID control to give the repl_meta_data or other partition specific modules a chance to to know for which partition it should work. metze (This used to be commit 0ed53c6d0f4a4e43ff9c8943730eeb57c735201b)
2007-01-07 19:11:27 +00:00
struct ldb_dn *partition_dn;
r20629: add a wrapper function for ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, out, &ext_res); which prepares the replicated objects, the repl_meta_data ldb module will then add the uSNCreated, uSNChanged and some other things and will apply the objects to the partition specific ldb metze (This used to be commit 48d568a75b8109807af29f5d9604240c20c1a116)
2007-01-09 11:15:56 +00:00
r20709: pass a repsFromTo1 struct down as it contains all needed info for the source dsa and the highwater mark vector metze (This used to be commit a31e017e5388e5abd6ed9d09adcf26d2527954a6)
2007-01-12 16:02:10 +00:00
const struct repsFromTo1 *source_dsa;
r20705: store the "replUpToDateVector" attribute in DSDB_EXTENDED_REPLICATED_OBJECTS metze (This used to be commit c9e7a58f6a16dfa28323fd0fd01ad6ee516c51b0)
2007-01-12 13:17:25 +00:00
const struct drsuapi_DsReplicaCursor2CtrEx *uptodateness_vector;
r20629: add a wrapper function for ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, out, &ext_res); which prepares the replicated objects, the repl_meta_data ldb module will then add the uSNCreated, uSNChanged and some other things and will apply the objects to the partition specific ldb metze (This used to be commit 48d568a75b8109807af29f5d9604240c20c1a116)
2007-01-09 11:15:56 +00:00
uint32_t num_objects;
struct dsdb_extended_replicated_object *objects;
add the the linked attributes elements to the repl structure This exposes the linked_attributes to the repl_meta_data module
2009-09-03 12:52:31 +10:00
uint32_t linked_attributes_count;
s4:dsdb/repl: let dsdb_replicated_objects_convert() change remote to local attid for linked attributes We already do that for objects in dsdb_convert_object_ex(). We need to be consistent and do the same for linked attributes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-08 09:10:48 +02:00
struct drsuapi_DsReplicaLinkedAttribute *linked_attributes;
repl: Enforce that we have parent objects for all replicated objects The creating of replicated objects without their parent object allows database corruption as they can end up under the wrong object. We need to re-try the replication with the DRSUAPI_DRS_GET_ANC flag set to get the objects in tree order. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-09 17:05:56 +13:00
WERROR error;
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes The caller needs to know about them in order to decide about possible notifications. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-13 08:15:20 +02:00
bool originating_updates;
r20587: prepare the DSDB_EXTENDED_REPLICATED_OBJECTS_OID handling metze (This used to be commit ef3b325db060d43a7c2e058f6b8914b5867cd321)
2007-01-06 10:15:02 +00:00
};
s4:dsdb Rework modules create new partitions at runtime This is done by passing an extended operation to the partitions module to extend the @PARTITION record and to extend the in-memory list of partitions. This also splits things up into module parts that belong above and below repl_meta_data Also slit the partitions module into two files due to the complexity of the code Andrew Barltett
2009-10-02 10:28:29 +10:00
#define DSDB_EXTENDED_CREATE_PARTITION_OID "1.3.6.1.4.1.7165.4.4.4"
struct dsdb_create_partition_exop {
struct ldb_dn *new_dn;
};
dsdb: add a comment about the parameter to DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID metze (This used to be commit 2f06fbe06be2e1b77ea013ddba853ce819e58e88)
2008-07-24 10:00:20 +02:00
/*
* the schema_dn is passed as struct ldb_dn in
* req->op.extended.data
*/
Handle schema reloading request. The ldif for that operation looks like this: dn: changetype: Modify add: schemaUpdateNow schemaUpdateNow: 1 It uses the rootdse's object functional attribute schemaUpdateNow. In rootdse_modify() this command is being recognized and it is send as extended operation with DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID. In the partition module its dispatched to the schema_fsmo module. The request is processed in the schema_fsmo module by schema_fsmo_extended(). (This used to be commit 39f9184ddf215f2b512319211c0a05702218ef87)
2008-07-23 09:59:17 +03:00
#define DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID "1.3.6.1.4.1.7165.4.4.2"
s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modify This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
2012-04-06 02:20:37 +02:00
#define DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID "1.3.6.1.4.1.7165.4.4.6"
s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00) At this time, the ldb_controls infrustructure does not handle request and reply controls having different formats, so this is purely the client implementation (ie, there is no decode of the client->server packet, and no encode of the server->client packet). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-16 08:28:55 +01:00
#define DSDB_OPENLDAP_DEREFERENCE_CONTROL "1.3.6.1.4.1.4203.666.5.16"
struct dsdb_openldap_dereference {
const char *source_attribute;
const char **dereference_attribute;
};
struct dsdb_openldap_dereference_control {
struct dsdb_openldap_dereference **dereference;
};
struct dsdb_openldap_dereference_result {
const char *source_attribute;
const char *dereferenced_dn;
int num_attributes;
struct ldb_message_element *attributes;
};
struct dsdb_openldap_dereference_result_control {
struct dsdb_openldap_dereference_result **attributes;
};
s4-dsdb: Try to avoid much of the time a db search for msDS-IntID We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID). If so generate another random value. If not check if the highest USN in the database for the schema partition is the one that we know. If so it means that's only this ldb context that is touching the schema in the database. If not it means that's someone else has modified the database while we are doing our changes too (this case should be very bery rare) in order to be sure do the search in the database.
2012-05-12 02:13:42 -07:00
struct samldb_msds_intid_persistant {
uint32_t msds_intid;
};
#define SAMLDB_MSDS_INTID_OPAQUE "SAMLDB_MSDS_INTID_OPAQUE"
s4:dsdb Rework modules create new partitions at runtime This is done by passing an extended operation to the partitions module to extend the @PARTITION record and to extend the in-memory list of partitions. This also splits things up into module parts that belong above and below repl_meta_data Also slit the partitions module into two files due to the complexity of the code Andrew Barltett
2009-10-02 10:28:29 +10:00
#define DSDB_PARTITION_DN "@PARTITION"
#define DSDB_PARTITION_ATTR "partition"
s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory It is important to always ensure that this attribute has an extended DN if the rest of the database stores things that way. The knowlege of what format the DN is stored on disk with is passed around in an LDB opaque. Andrew Bartlett
2009-11-16 18:46:28 +11:00
#define DSDB_EXTENDED_DN_STORE_FORMAT_OPAQUE_NAME "dsdb_extended_dn_store_format"
struct dsdb_extended_dn_store_format {
bool store_extended_dn_in_ldb;
};
s4:dsdb Move module configuration from each ldb into samba_dsdb.c This makes getting the module order correct, the obligation of Samba4 developers, and not system administrators. In particular, once an ldb is updated to use only the 'samba_dsdb' module, no further changes to the ldb should be required when upgrading to later Samba4 versions. (thanks to metze for the suggestion of samba_dsdb as a long-term stable name for the module) Andrew Bartlett
2009-11-23 20:30:35 +11:00
#define DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME "DSDB_OPAQUE_PARTITION_MODULE_MSG"
s4-dsdb: added an extended operation for allocating a new RID pool This will be called by getncchanges when a client asks for a DRSUAPI_EXOP_FSMO_RID_ALLOC operation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-06 19:34:14 +11:00
/* this takes a struct dsdb_fsmo_extended_op */
#define DSDB_EXTENDED_ALLOCATE_RID_POOL "1.3.6.1.4.1.7165.4.4.5"
struct dsdb_fsmo_extended_op {
uint64_t fsmo_info;
struct GUID destination_dsa_guid;
};
dsdb: Add python hooks to allocate a RID set and allocate a RID pool This will help us to correct errors during dbcheck Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
2016-10-28 16:08:57 +13:00
/* this takes no data */
#define DSDB_EXTENDED_CREATE_OWN_RID_SET "1.3.6.1.4.1.7165.4.4.8"
/* this takes a struct dsdb_extended_allocate_rid */
#define DSDB_EXTENDED_ALLOCATE_RID "1.3.6.1.4.1.7165.4.4.9"
struct dsdb_extended_allocate_rid {
uint32_t rid;
};
s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-22 17:42:32 +01:00
/*
* passed from the descriptor module in order to
* store the recalucated nTSecurityDescriptor without
* modifying the replPropertyMetaData.
*/
#define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID "1.3.6.1.4.1.7165.4.4.7"
struct dsdb_extended_sec_desc_propagation_op {
struct ldb_dn *nc_root;
struct ldb_dn *dn;
bool include_self;
};
s4-dsdb: create flag for requesting ACL relax in case of DIRSYNC request Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-16 11:46:40 +04:00
#define DSDB_ACL_CHECKS_DIRSYNC_FLAG 0x1
s4-samldb: Do not allow deletion of objects with RID < 1000 According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
2013-10-14 12:38:10 +03:00
#define DSDB_SAMDB_MINIMUM_ALLOWED_RID 1000
s4-dsdb: Add/Update SCHEMA_SEQ_NUM key in the metadata.tdb after schemaUpdateNow The idea is to signal to other process accessing the database that the schema was forced to be reloaded and so they should reload as well.
2012-05-30 10:43:27 -07:00
#define DSDB_METADATA_SCHEMA_SEQ_NUM "SCHEMA_SEQ_NUM"
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA With this it's possible to add a replPropertyMetaData entry for an empty attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-01 23:13:21 +02:00
/*
* must be in LDB_FLAG_INTERNAL_MASK
* see also the values in lib/ldb/include/ldb_module.h
*/
#define DSDB_FLAG_INTERNAL_FORCE_META_DATA 0x10000
samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB This will allow us to introduce new database features that are backward compatible from the point of view of older versions of Samba, but which will be damaged by modifying the database with such a version. For example, if linked attributes are stored in sorted order in 4.7, and this change, without any values in current_supportedFeatures is itself included in 4.6, then our sortedLinks are backward compatible to that release. That is with 4.6 (including this patch) which doesn't care about ordering -- but a downgraded 4.7 database used by 4.6 will be broken when later used with 4.7. If we add a 'sortedLinks' feature flag in compatibleFeatures, we can detect that. This will allow us to determine if the database still contains unsorted links, as that information allows us to make the code handling links much more efficient. We won't add the actual flag until all the code is in place. Andrew wrote the actual code and Douglas wrote the tests, and they cross-reviewed. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Piar-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> selftest: check for database features flags
2017-01-12 16:51:45 +13:00
#define SAMBA_COMPATIBLE_FEATURES_ATTR "compatibleFeatures"
#define SAMBA_REQUIRED_FEATURES_ATTR "requiredFeatures"
schema: Set flag into @INDEXLIST to indicate we support feature flags Because @INDEXLIST is rewritten by all Samba versions, we can detect that we have opened the database with an older version that does not support the feature flags by the absense of this in @INDEXLIST Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-02-03 16:13:43 +13:00
#define SAMBA_FEATURES_SUPPORTED_FLAG "@SAMBA_FEATURES_SUPPORTED"
replmd: check for the sortedLinks feature flag If it is there, we assume linked attributes are stored in a sorted order. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-02-03 11:25:37 +13:00
#define SAMBA_SORTED_LINKS_FEATURE "sortedLinks"
r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 15:03:25 +00:00
#endif /* __SAMDB_H__ */
Copy Permalink