| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2010-04-16 | s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid() | Nadezhda Ivanova | 1 | -24/+5 | |
| 2010-04-13 | s4:acl/descriptor LDB module - distinguish between root and default basedn | Matthias Dieter Wallnöfer | 1 | -0/+6 | |
| The first is the forest base DN, the second the domain base DN. At the moment we assume that they are both the same but it hasn't to be so. Nadia, I would invite you to fix the outstanding parts regarding this (I added comments). | |||||
| 2010-03-16 | s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context | Andrew Bartlett | 1 | -24/+46 | |
| dsdb_get_schema() isn't a very cheap call, due to the use of LDB opaque pointers. We need to call it less, and instead pass it as a parameter where possible. This also changes to the new API with a talloc context. Andrew Bartlett | |||||
| 2010-03-12 | Split the dsdb_access_check_on_dn. | Nadezhda Ivanova | 1 | -5/+44 | |
| Split the dsdb_access_check_on_dn so it can be reused for checks from both within the module stack and outside it. | |||||
| 2010-03-12 | Fixed ACL module to use dsdb_module_* API. | Nadezhda Ivanova | 1 | -9/+9 | |
| 2010-03-12 | Moved access_check_on_dn from acl module as an utility. | Nadezhda Ivanova | 1 | -156/+19 | |
| Made this an utility function so it can be used for access checking outside of the acl ldb module, such as checking validated writes and control access rights in other protocols (e. g drs) | |||||
| 2010-03-09 | Added a check for permissions to modify the RDN attribute on rename. | Nadezhda Ivanova | 1 | -0/+12 | |
| Necessary because rdn module will be moved lower than acl in the stack. | |||||
| 2010-03-07 | s4:acl LDB module - change counter variable to "unsigned" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
| 2010-02-13 | s4-dsdb: use TYPESAFE_QSORT() in dsdb code | Andrew Tridgell | 1 | -9/+3 | |
| 2010-02-04 | s4:mark the SYSTEM control always as non-critical | Matthias Dieter Wallnöfer | 1 | -0/+29 | |
| It is needed to not break the various LDAP backends. For reference look at bug #7040. | |||||
| 2010-01-08 | s4-dsdb: fixed const misuse in acl module | Andrew Tridgell | 1 | -4/+4 | |
| 2010-01-08 | s4-dsdb: use dsdb_module_am_system() in acl module | Andrew Tridgell | 1 | -19/+11 | |
| 2009-12-21 | Adapted acl module to skip checks if as_system control is provided. | Nadezhda Ivanova | 1 | -7/+17 | |
| Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
| 2009-12-18 | s4-dsdb: Add a check to prevent acl_modify from debuging a NULL message | Brendan Powers | 1 | -1/+5 | |
| Check to see if there were any messages passed to acl_modify before debugging the first one. I think I caused this by some malformed LDIF. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
| 2009-12-17 | Fixed incorrect checking of PRINCIPAL_SELF permissions. | Nadezhda Ivanova | 1 | -11/+86 | |
| If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself. | |||||
| 2009-12-15 | Fixed a problem with duplicate values of allowedAttributesEffective. | Nadezhda Ivanova | 1 | -1/+3 | |
| 2009-12-10 | Implementation of sDRightsEffective, allowedAttributesEffective and ↵ | Nadezhda Ivanova | 1 | -40/+610 | |
| allowedChildClassesEffective. Behavior as documented in WSPP and tested. Needs optimisation though. | |||||
| 2009-11-15 | Fixed some major bugs in inheritance and access checks. | Nadezhda Ivanova | 1 | -28/+53 | |
| Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python | |||||
| 2009-11-05 | Version 1.0 of the directory service acls module. | Nadezhda Ivanova | 1 | -961/+344 | |
| At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing. | |||||
| 2009-10-06 | s4:acl module - intendation fix and comment enhancement | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
| 2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 1 | -0/+1151 | |
| Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
 |
index : samba | |
| Unnamed repository; edit this file 'description' to name the repository. | ben |
| summaryrefslogtreecommitdiff |