sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-06-21 03:17:08 +03:00
Code
96,413 Commits 62 Branches 1,161 Tags
Commit Graph

152 Commits

Author SHA1 Message Date
Andrew Tridgell
640fbf833b s4-dsdb: register the DCPROMO_OID control with the rootdse 
this is needed to allow it over ldap

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
 2010-10-19 04:44:23 +00:00
Matthias Dieter Wallnöfer
d7ca757b31 s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree delete protection 
MS-ADTS 3.1.1.5.5.7.2

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
 2010-10-16 11:24:09 +00:00
Matthias Dieter Wallnöfer
4638bd11b5 s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" entries 
They're only allowed to be created with the RELAX control specified.
 2010-10-13 13:35:21 +00:00
Jelmer Vernooij
2bff55f5de dsdb/modules: Split up helpers a bit to prevent recursive dependencies. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
 2010-10-10 23:47:54 +00:00
Matthias Dieter Wallnöfer
ca08cde150 s4:objectclass LDB module - introduce allowed system flags restriction 
Let us do the distinction by real use and provision by the RELAX flag

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
e3081b92c1 s4:dsdb - substitute the "show_deleted" with the "show_recycled" control 
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.

As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
4768280614 s4:objectclass LDB module - fix the "crossRef" delete protection 
This is what Windows does

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
6c9b25ea5c s4:objectclass LDB module - fix the delete behaviour of server containers 
A typo prevented the right behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Andrew Tridgell
85ba79063f ldb: mark the location of a lot more ldb requests 2010-09-25 10:38:45 -07:00
Matthieu Patou
42dfa71ef5 dsdb: make the ATTRIBUTE NOT FOUND more clear 2010-09-05 12:29:20 +04:00
Andrew Tridgell
527042f78b s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add 
this control disables the system only check for nTDSDSA add operations

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:50 +10:00
Matthias Dieter Wallnöfer
067b5721c7 s4:objectclass LDB module - weak the check for the "rIDSet" delete constraint 
Perform it only when a "rIDSet" does exist. Requested by ekacnet for
"upgradeprovision".
 2010-08-10 21:01:11 +02:00
Matthias Dieter Wallnöfer
f99d672b13 s4:objectclass LDB module - "add operation" - enhance and clean the "systemFlags" section 
Also here we have to test for single-valueness.
 2010-08-07 14:22:42 +02:00
Matthias Dieter Wallnöfer
6e6af9c14c s4:objectclass LDB module - "add operation" - implement "objectCategory" validation 2010-08-07 14:22:42 +02:00
Matthias Dieter Wallnöfer
7d62128e2c s4:objectclass LDB module - "add operation" - reject creation of LSA specific objects 
(only using the RELAX flag allowed)
 2010-08-07 14:22:41 +02:00
Matthias Dieter Wallnöfer
a3c6d4c4d5 s4:objectclass LDB module - "add operation" - move two checks 
To be more consistent with the MS-ADTS doc.
 2010-08-07 14:22:41 +02:00
Matthias Dieter Wallnöfer
ace6f52d57 s4:objectclass LDB module - "add operation" - deny multiple "objectclass" message elements 
Requested by MS-ADTS 3.1.1.5.2.2
 2010-08-07 14:22:41 +02:00
Matthias Dieter Wallnöfer
9f0cbe1558 s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possible 
We don't need to have it around until the end of the function.
 2010-08-07 14:22:41 +02:00
Matthias Dieter Wallnöfer
ba4578f98b s4:objectclass LDB module - consider the "instanceType" when adding NCs 
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation).
 2010-08-01 21:30:29 +02:00
Matthias Dieter Wallnöfer
316eda1206 s4:objectclass LDB module - implement additional delete constraint checks 
MS-ADTS 3.1.1.5.5.3
 2010-08-01 18:50:57 +02:00
Andrew Tridgell
87df785a68 s4-dsdb: use ldb_operr() in the dsdb code 
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
 2010-07-07 20:14:55 +10:00
Matthias Dieter Wallnöfer
d16697df49 s4:objectclass LDB module - disable delete operations when "SYSTEM_FLAG_DISALLOW_DELETE" is specified 2010-06-19 17:53:19 +02:00
Matthias Dieter Wallnöfer
a4381239ba s4:objectclass LDB module - use the old DN when displaying error messages 2010-06-19 17:53:16 +02:00
Matthias Dieter Wallnöfer
ee2bb4474f s4:objectclass LDB module - add a better message when the parent DN is invalid 2010-06-19 17:53:15 +02:00
Matthias Dieter Wallnöfer
04890bb750 s4:objectclass LDB module - add an error message when someone tries to add entries without objectclasses 2010-06-19 17:53:15 +02:00
Matthias Dieter Wallnöfer
9da8b06112 s4:objectclass LDB module - handle the case when there is a retry to add the root basedn 
This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a
very special referral: one with the DN itself and the hostname is the last
component value of the DN.
 2010-06-19 17:53:14 +02:00
Matthias Dieter Wallnöfer
955e1835ef s4:objectclass LDB module - move "mem_ctx" initialisation lower 
Saves us some "talloc_free"s on error cases
 2010-06-18 10:03:09 +02:00
Jelmer Vernooij
7fe9e6cd69 dsdb: Fix includes when building against system ldb. 2010-06-15 13:15:50 +02:00
Matthias Dieter Wallnöfer
e3c686daec s4:objectclass LDB module - rework the code which handles the objectclasses modification 
Before it has been very incomplete. We try now to match the Windows Server
behaviour as close as possible.
 2010-06-07 14:47:25 +02:00
Matthias Dieter Wallnöfer
e7eef53fe5 s4:objectclass LDB module - remove "fix_check_attributes" 
Also this task is now performed by the "objectclass_attrs" LDB module.
 2010-06-07 14:47:23 +02:00
Matthias Dieter Wallnöfer
9e56b54414 s4:objectclass LDB module - instanciate the schema variable centrally on the "ac" context creation 
This unifies the position when the schema is read and prevents multiple
instanciations (eg on a modification operation).
 2010-06-07 14:47:22 +02:00
Matthias Dieter Wallnöfer
ec9b6f3c60 s4:objectclass LDB module - finally implement the correct entry rename protections 
Only the "systemFlags" check is still missing.
 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
0ca17eaa15 s4:objectclass LDB module - cosmetic change 2010-06-07 14:47:21 +02:00
Matthias Dieter Wallnöfer
c6020ccb87 s4:objectclass LDB module - remove duplicated code 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
95da724325 s4:objectclass LDB module - fix counter variable types 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
0408ec11a9 s4:objectclass LDB module - explain why the search can return with an empty return 2010-06-07 14:47:20 +02:00
Matthias Dieter Wallnöfer
6afa5a733c s4:objectclass LDB module - this "talloc_steal" is not necessary 
The "parent_dn" was created on the "ac" context which lives anyway longer
than this child request.
 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
2d3760c04c s4:objectclass LDB module - fix error result if an entry doesn't contain a structural objectclass 
We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
2a294d380f s4:objectclass LDB module - use "ldb_oom" for expressing out of memory 2010-06-07 14:47:19 +02:00
Matthias Dieter Wallnöfer
3c4336bf94 s4:objectclass LDB module - fix header and add my copyright 2010-06-07 14:47:19 +02:00
Anatoliy Atanasov
bcdaa23798 s4/rodc: Fix the callbacks up the stack to handle referrals on modify requests 2010-05-04 18:31:47 +02:00
Andrew Tridgell
70cc9fd5c6 s4-dsdb: moved rodc schema validation to samldb.c 
This means we are only doing the checks for schema changes

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-22 19:36:15 +10:00
Fernando J V da Silva
c023fc217e s4-drs: Do not allow system-critical attributes to be RODC filtered 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-22 19:36:14 +10:00
Matthias Dieter Wallnöfer
8e4c34880a s4:objectclass LDB module - remove a unneeded newline 2010-04-13 08:24:09 +02:00
Andrew Bartlett
2de07761e0 s4:dsdb Change dsdb_get_schema() callers to use new talloc argument 
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.

Andrew Bartlett
 2010-03-16 19:26:03 +11:00
Matthias Dieter Wallnöfer
cd43dd04af s4:objectclass LDB module - change counter variabls to "unsigned" where appropriate 2010-03-07 19:20:03 +01:00
Matthieu Patou
00aeca7d7f dsdb: Add a more explicit error message for constructed attributes 
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
 2010-02-24 14:50:30 +01:00
Brendan Powers
08060068bf s4-dsdb: fix handling of AUX classes in objectclass_sort 
This is done by sorting the classes by subClass_order, which will
check if the last structural class is valid to add (in
objectclass_do_add instead checking the last class in the list).

They were being sorted by building a class tree, and adding the
classes to the list in that order. However, AUX classes usually don't
fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I
have changed the behavior to sort the classes by subClass_order
instead.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2009-12-18 14:27:44 +11:00
Andrew Tridgell
a5e0f433de s4-dsdb: don't call ldb_next_init() twice in objectclass module 2009-11-30 16:49:36 +11:00
Matthias Dieter Wallnöfer
b6efbd5b4c s4:objectclass LDB module - Prevent write operations on constructed attributes 2009-11-26 11:21:01 +01:00