summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/descriptor.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-16s4:dsdb Change dsdb_get_schema() callers to use new talloc argumentAndrew Bartlett1-2/+2
This choses an appropriate talloc context to attach the schema too, long enough lived to ensure it does not go away before the operation compleates. Andrew Bartlett
2010-01-02s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdbAndrew Tridgell1-0/+8
w2k8-r2 gives a "schema mismatch" error if the revision is not set to REVISION_ADS and you replicate the ntsecuritydescriptor using DRS. Nadya, please check this! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-18s4-dsdb: Move get_last_structural class from descriptor.c to util.cBrendan Powers1-16/+1
It can now also be used by objectclass.c get_last_structural_class now ignores AUX classes, because they are not structural Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-16s4-dsdb: don't actually remove the sd_flags control, just mark it non-criticalAndrew Tridgell1-14/+10
For controls that need to be seen by more than one module, it is best to just mark them non-critical when handled, instead of removing them. Otherwise lower modules can't see them. In this case we want the operational module to see the SD_FLAGS control
2009-12-09s4-dsdb: added dsdb_functional_level() helper functionAndrew Tridgell1-7/+1
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-4/+11
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-22Fixed incorrect indentation.Nadezhda Ivanova1-7/+6
2009-11-21Implemented LDAP_SERVER_SD_FLAGS_OID on search requests.Nadezhda Ivanova1-2/+165
2009-11-20Implementation of LDAP_SERVER_SD_FLAGS_OID on modify requests.Nadezhda Ivanova1-16/+133
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova1-77/+205
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-03Added some dn to the info in the log messages.Nadezhda Ivanova1-3/+3
2009-10-20s4-dsdb: fixed empty structure error on solaris8Andrew Tridgell1-0/+1
Nadya, I'm guessing you plan on adding some real elements to this structure later. For now I've added _dummy so the build can continue with the Solaris C compiler.
2009-09-21s4:dsdb Fix of double addition of SD-sNadezhda Ivanova1-11/+23
Also add error strings in descriptor module
2009-09-21s4:dsdb Run the new 'descriptor' module by default.Andrew Bartlett1-6/+0
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett
2009-09-20Disable descriptor module unless enabled in smb.confNadezhda Ivanova1-0/+29
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf
2009-09-17s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer1-7/+18
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
2009-09-17s4:descriptor - cosmeticMatthias Dieter Wallnöfer1-1/+1
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer1-9/+1
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-16Owner and group defaulting.Nadezhda Ivanova1-0/+459
Signed-off-by: Andrew Bartlett <abartlet@samba.org>