summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/objectclass.c
Commit message (Collapse)AuthorAgeFilesLines
* dsdb: Relax the check for the RID set DNAndrew Bartlett2015-05-281-2/+6
| | | | | | | | | | This was preventing the correct generation of error messages and referrals on an RODC. An RODC does not have a RID set. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb/objectclass: remove duplicated declaration for objectclass_do_addKamen Mazdrashki2015-02-031-2/+0
| | | | | | | Change-Id: Ib88a45cea64fb661a41ca3b4a3df9dabf509fc6c Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Use dsdb_next_callback() rather than a no-op per-module callbackAndrew Bartlett2013-09-161-38/+16
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: make the name of non related class more obviousMatthieu Patou2013-05-141-2/+3
| | | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/objectclass: do not pass the callers controls on helper searchesStefan Metzmacher2012-11-301-1/+1
| | | | | | | | | | We add AS_SYSTEM and SHOW_RECYCLED to the helper search, don't let the caller specify additional controls. This also fixes a problem when the caller also specified AS_SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher2012-11-301-3/+31
| | | | | | | Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb_sort_objectClass_attr - simplify memory context handlingMatthias Dieter Wallnöfer2012-08-221-26/+3
| | | | | | | Do only require the out memory context and build the temporary one in the body of the function. This greatly simplifies the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett2012-08-141-1/+1
| | | | | | | | | | | | | | As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
* s4:dsdb/samdb/ldb_modules/schema.c - move "get_last_structural_class()" into ↵Matthias Dieter Wallnöfer2012-04-111-5/+6
| | | | | | | | | "util.c" And remove this helper module - it does not have much sense keeping it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
* s4:dsdb - introduce a only constant-time "get_last_structural_class()" callMatthias Dieter Wallnöfer2012-04-111-6/+3
| | | | With the redesign of the previous patches this has become possible.
* s4:dsdb - move "objectclass_sort()" out from the objectclass LDB module into ↵Matthias Dieter Wallnöfer2012-04-111-217/+36
| | | | | | | | | | the schema code This allows it to be useful for the dbchecker utility in respect to object class problems. Fix up the API to only work with standardised LDB "ldb_message_element" structures which do allow much easier interoperations. As a consequence this leads to some changes in the objectclass module as well.
* s4:dsdb - enhance "get_last_structural_class()" for optimisationsMatthias Dieter Wallnöfer2012-03-261-3/+5
| | | | | | | | If the objectclass entry has been sorted before we are able to determine the (last) structural or 88 object class in constant time. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:objectclass LDB module - fix up the sorting in respect to structural or ↵Matthias Dieter Wallnöfer2012-03-261-4/+18
| | | | | | | | | 88 objectclasses Please have a look at MS-ADTS 3.1.1.1.4. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:objectclass LDB module - clean up "objectclass_sort()"Matthias Dieter Wallnöfer2012-03-261-24/+13
| | | | | | | Make it easier to comprehend Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: Relax the conditions where we can't do a subtree deleteMatthieu Patou2011-12-191-1/+19
| | | | | | | | | If the parent object is a SAM object (as defined in 3.1.1.5.2.3 Special Classes and Attributes of MS-ADTS) then we can use the subtree delete control even if the object is a critical one. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
* s4:objectclass LDB module - objectclass modify op. - remove superflous ↵Matthias Dieter Wallnöfer2011-10-271-8/+4
| | | | | | | | | "talloc_strdup" We are adding strings embedded in the schema structure which is basically global and lives longer than the request - hence no duplication needed. Reviewed-by: abartlet
* s4:objectclass LDB module - objectclass modify operationsMatthias Dieter Wallnöfer2011-10-271-95/+32
| | | | | | | According to bug #8486 the modification to direct related structural object classes is possible (equal, child, parent). Reviewed-by: abartlet
* s4:objectclass LDB module - forbid to add unrelated objectclassesMatthias Dieter Wallnöfer2011-10-271-0/+61
| | | | | | | E.g. unsatisfied abstract objectclasses, additional top-most structural classes Reviewed-by: abartlet
* s4:objectclass LDB module - "objectclass_add" - small optimisationMatthias Dieter Wallnöfer2011-10-271-4/+2
| | | | | | This saves us from doing one "ldb_msg_find_element". Reviewed-by: abartlet
* s4:objectclass LDB module - "check_rodc_ntdsdsa_add"Matthias Dieter Wallnöfer2011-10-271-1/+1
| | | | | | For convention use "ldb_attr_cmp()". Reviewed-by: abartlet
* s4:objectclass LDB module - update copyrightMatthias Dieter Wallnöfer2011-10-271-1/+1
| | | | Reviewed-by: abartlet
* build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett2011-09-231-1/+1
|
* s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou2011-07-261-2/+3
|
* s4-dsdb: Use controls provided during the request while searching for object ↵Matthieu Patou2011-07-211-1/+13
| | | | | | | | | | to delete If the parent request specify the show_deleted control we must use it in order to be able to see the deleted objects. Also we just allow to trusted connections with the system account to remove deleted objects, others receive an unwilling to perform.
* s4:objectclass LDB module - "ldb_msg_sanity_check" call not really neededMatthias Dieter Wallnöfer2011-04-071-5/+0
| | | | | | | | | | | This call should only be performed at the beginning of a request. "ldb_msg_sanity_check" checks for DN validity (which should already have been done at the beginning of the request) and empty attributes (which should be done by the "objectclass_attrs" LDB module). Hence it is superflous here. Reviewed-by: abartlet
* s4:objectclass LDB module - fix a comment - add a ")"Matthias Dieter Wallnöfer2011-04-071-1/+1
| | | | Reviewed-by: abartlet
* Revert "s4:objectclass LDB module - if we cannot find DN's parent then the ↵Matthias Dieter Wallnöfer2011-03-041-3/+1
| | | | | | | | | | DN itself is invalid" This is not needed anymore with the new DN checking. This reverts commit 5896b7299331aedd065397d2078c62d85bcf68f6. Reviewed by: Tridge
* s4:objectclass LDB module - fix a commentMatthias Dieter Wallnöfer2011-03-041-1/+1
| | | | Reviewed by: Tridge
* s4:objectclass LDB module - if we cannot find DN's parent then the DN itself ↵Matthias Dieter Wallnöfer2011-03-041-1/+3
| | | | | | | | | is invalid ERR_INVALID_DN_SYNTAX fits better than ERR_OPERATION_ERROR in this case. This one gets triggered if we perform "add" requests without the LDAP server. Reviewed by: Tridge
* Fix some typesJelmer Vernooij2011-02-281-4/+4
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
* s4:dsdb/samdb/ldb_modules/objectclass.c - move LSA specific object checks ↵Matthias Dieter Wallnöfer2011-01-251-31/+0
| | | | | | | | | | | | | | into "objectclass_attrs" LDB module LSA object classes are protected on both LDAP add and LDAP modify operations, so I've refactored the previous check in the objectclass LDB module only for LDAP adds in a new one in the objectclass_attrs LDB module for both adds and modifies. This is the result of the investigations done by Hongwei Sun and I in the last months. Interestingly these protection mechansim doesn't apply on LDAP deletes! Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell2011-01-171-4/+4
| | | | | | | this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:objectclass LDB module - simply use "msg" when requesting the messageMatthias Dieter Wallnöfer2010-11-261-2/+2
|
* s4:objectclass LDB module - move the "mem_ctx" allocation to a better placeMatthias Dieter Wallnöfer2010-11-261-7/+6
| | | | It's only needed if we've a schema around.
* s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)Andrew Bartlett2010-11-261-15/+28
| | | | | | | | | | | | | | | This arranged the check to avoid talloc_strdup() (the schema pointers are constant, and can be relied upon), and checks the untrusted bit first (it is faster), before the ldb_attr_cmp(). The strcmp() here was valid, if unusual, because the ldapDisplayName values are already in the correct case, but strcasecmp() is more correct, as for the small extra cost, we avoid a difficult to diagnose bug later. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4-objectclass Use a specific local variable name, not 'value'Andrew Bartlett2010-11-261-4/+5
| | | | | | | | This makes it clearer what the local variable in use here does. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer2010-11-251-7/+1
| | | | | | | | | | | domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
* s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer2010-11-241-3/+7
| | | | | | | | | is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
* s4:objectclass LDB module - move one checks into the "objectclass derivation ↵Matthias Dieter Wallnöfer2010-11-241-11/+17
| | | | | | | | | loop" This denies objects created from possible derivated classes from the prohibited ones. Also small cosmetic improvements for another check.
* s4:objectclass LDB module - some more or less cosmetic return value macro ↵Matthias Dieter Wallnöfer2010-11-241-14/+22
| | | | | | changes Sometimes "ldb_module_oom" fits better than "ldb_operr" or "ldb_oom".
* s4:objectclass LDB module - the "olddn" is the special DN for rename requestsMatthias Dieter Wallnöfer2010-11-161-1/+1
|
* s4:objectclass LDB module - free "nc_root" after name context comparisonsMatthias Dieter Wallnöfer2010-11-161-0/+2
|
* s4:objectclass LDB module - improve the default name context checking on ↵Matthias Dieter Wallnöfer2010-11-151-16/+12
| | | | | | modifications Pointed out by abartlet
* s4:objectclass LDB module - implement the "objectClass" change restrictions ↵Matthias Dieter Wallnöfer2010-11-151-0/+25
| | | | | | | on Windows 2000 forest function level Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
* s4:objectclass LDB module - multiple "objectClass" change elements are ↵Matthias Dieter Wallnöfer2010-11-131-161/+169
| | | | | | unfortunately still allowed The test message has been compressed - therefore I've now used "modify_ldif".
* s4:objectclass LDB module - we should not simply ignore additional ↵Matthias Dieter Wallnöfer2010-11-121-2/+16
| | | | | | | | | | "objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
* s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer2010-11-111-1/+3
| | | | This should prevent crashes as pointed out on the mailing list.
* s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer2010-11-111-11/+39
| | | | Detected by a testcase written by Zahari Zahariev.
* s4:objectclass LDB module - no idea why we'd need the "objectGUID" hereMatthias Dieter Wallnöfer2010-11-081-1/+1
|
* s4:objectclass LDB module - the structural objectclass has always to be ↵Matthias Dieter Wallnöfer2010-11-031-0/+6
| | | | | | | specified Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 3 16:20:55 UTC 2010 on sn-devel-104
View Lorry Controller Status