summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/kludge_acl.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24731: Remove unused code - if we hit these error conditions, then we areAndrew Bartlett1-9/+0
dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed)
2007-10-10r24260: Ensure we always override any existing values for these generatedAndrew Bartlett1-0/+4
attributes. Anything else leads to madness. Andrew Bartlett (This used to be commit af092a361df6b98e1890cbd3e2d1fed168701364)
2007-10-10r24060: Fix bug #4806 by Matthias Wallnöfer <mwallnoefer@yahoo.de>: We need toAndrew Bartlett1-4/+76
include the attribute allowedChildClassesEffective for MMC to allow the creation of containers. This may need further refinement, but it seems to work for now. Andrew Bartlett (This used to be commit d053b8e218767cb12e20a00fb18995e30869db11)
2007-10-10r24010: Fix warning for the function paramter to qsort().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 51862c4c5299da02d3d781b3e9255823bc9b59af)
2007-10-10r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de.Andrew Bartlett1-1/+5
Should fix bug #4804. Andrew Bartlett (This used to be commit 848336dc617b72d189fe82e10c0b08a518d6d073)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-4/+97
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r21306: fix the RPC-LSA tests the admin couldn't no longer get the ↵Stefan Metzmacher1-0/+1
'currentValue' attribute... this needs more works, but make it work again for now metze (This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d)
2007-10-10r20923: only allow extended operations for SYSTEM or administrators for nowStefan Metzmacher1-0/+1
metze (This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc)
2007-10-10r20921: - only give password attributes to the SYSTEM accountStefan Metzmacher1-2/+0
- but SYSTEM and administrators can change them metze (This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494)
2007-10-10r20760: also handle the case where no private data is attached to the moduleStefan Metzmacher1-1/+1
metze (This used to be commit c8f5aad40af0741984ded2047931a77161f69ece)
2007-10-10r20622: Add in a hack to avoid permitting searches on the value of protectedAndrew Bartlett1-1/+23
attributes. Andrew Bartlett (This used to be commit 5aa2195ec26d9ddf82e51f2b242cdf7c8ab52f52)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-1/+1
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r17514: Simplify the way to set ldb errors and add anotherSimo Sorce1-5/+6
helper function to set them. (This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce1-14/+14
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce1-2/+2
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r16109: Make this module simpiler, don't intercept operations we are not goingAndrew Bartlett1-21/+0
to implement. Andrew Bartlett (This used to be commit 3252e425b0e28656ac5fb19fa4edf7322ea72eab)
2007-10-10r16070: Fix kludge_aclsSimo Sorce1-1/+1
(This used to be commit 795f8ebe8eecf28f5729754dc248d2a8411effb9)
2007-10-10r16036: Add a couple of new functions to corretly deal with timeouts.Simo Sorce1-4/+3
Check timeouts are correctly verified. Some minor fixed and removal of unused code. (This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)
2007-10-10r15942: Remove the sync internal ldb calls altogether.Simo Sorce1-57/+0
This means that some modules have been disabled as well as they have not been ported to the async interface One of them is the ugly objectclass module. I hope that the change in samldb module will make the MMC happy without the need of this crappy module, we need proper handling in a decent schema module. proxy and ldb_map have also been disabled ldb_sqlite3 need to be ported as well (currenlty just broken). (This used to be commit 51083de795bdcbf649de926e86969adc20239b6d)
2007-10-10r15932: Remove per request credsSimo Sorce1-1/+0
They have never benn used and make little sense too imo (This used to be commit f0c1d08d50f8a3e25650ac85b178ec7a43e433d9)
2007-10-10r15927: Optimize ldb module traverse while keeping the API intact.Simo Sorce1-7/+5
I was sick of jumping inot each module for each request, even the ones not handle by that module. (This used to be commit 7d65105e885a28584e8555453b90232c43a92bf7)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14840: - rename some functionsStefan Metzmacher1-6/+9
- stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2007-10-10r14465: kludge_acl -> asyncSimo Sorce1-2/+114
(This used to be commit b91b19131814abb4291c0bf7b13149060d6e9e62)
2007-10-10r14373: remove unreached wrong code, found by sparseStefan Metzmacher1-1/+0
metze (This used to be commit dd485aa9600dd24c8b10c140974df9313f8ff2e8)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13786: [merge] Add registration functions for LDB modulesJelmer Vernooij1-26/+13
Applications that use LDB modules will now have to run ldb_global_init() before they can use LDB. The next step will be adding support for loading LDB modules from .so files. This will also allow us to use one LDB without difference between the standalone and the Samba-specific build (This used to be commit 52a235650514039bf8ffee99a784bbc1b6ae6b92)
2007-10-10r13615: Make ldb_set_errstring get ldb instead of module as parameter.Simo Sorce1-1/+1
The module was just used to get to the ldb so it was meningless. Also add LDB_WAIT_ONCE e relative code in ldb_ildap.c (This used to be commit d5b467b7c132b0bd4d23918ba7bf3370b1afcce8)
2007-10-10r13353: Fix a crash bug in rootdse when we do not pass in credentialsSimo Sorce1-8/+6
a plain ldbsearch would just crash Fix kludge_acl, not passing on the second stage registration phase to other modules Simo (This used to be commit bec99c5cb65d8c32fd4f636ed2f5383fb1b39830)
2007-10-10r13253: More work to ensure that we don't keep data on long-term contexts.Andrew Bartlett1-0/+5
Andrew Bartlett (This used to be commit 35517573ff807339f96573e58bdec29073be9594)
2007-10-10r12851: Fix some typosJelmer Vernooij1-1/+1
(This used to be commit 61ae77beecd573809d917dd86d1fac6cc40e967d)
2007-10-10r12818: When denying an operation, include what we think the username is inAndrew Bartlett1-1/+16
the error message. Andrew Bartlett (This used to be commit 36c1f67f12d5ac83a7a205c0ec152a79c4a8ba4b)
2007-10-10r12773: - remove unused variable, fix the build with some old compilersStefan Metzmacher1-3/+0
metze (This used to be commit 1253784c923b569593b5207c14567c637f3a7ae7)
2007-10-10r12769: Make ldb_next_request() evident, I was much confused on first sightSimo Sorce1-4/+6
Simo. (This used to be commit 2f0c7b896274e5e15e150c70d7ebe70355f6c4c0)
2007-10-10r12763: Oops. If you call ldb_search from within an ldb module's searchAndrew Bartlett1-1/+3
request handler, you really have to watch the recursion issues... Andrew Bartlett (This used to be commit 46628e86a2be6d334b2d0427e7052517c7ab1d4c)
2007-10-10r12762: Simo correctly asked that the policy logic (which attributes containAndrew Bartlett1-26/+62
passwords) be moved into the database, and not be hard-coded in the module source. Andrew Bartlett (This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04)
2007-10-10r12746: An initial version of the kludge_acls module.Andrew Bartlett1-0/+210
This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
generated by cgit (git 2.34.1) at 2024-07-12 20:56:55 +0000