summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/kludge_acl.c
AgeCommit message (Collapse)AuthorFilesLines
2010-02-13s4-dsdb: use TYPESAFE_QSORT() in dsdb codeAndrew Tridgell1-4/+2
2009-12-10Implementation of sDRightsEffective, allowedAttributesEffective and ↵Nadezhda Ivanova1-3/+2
allowedChildClassesEffective. Behavior as documented in WSPP and tested. Needs optimisation though.
2009-11-21Implemented LDAP_SERVER_SD_FLAGS_OID on search requests.Nadezhda Ivanova1-20/+0
2009-11-05Version 1.0 of the directory service acls module.Nadezhda Ivanova1-2/+2
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing.
2009-10-06s4:various LDB modules - "build_request" functions - propagate result codes backMatthias Dieter Wallnöfer1-1/+1
It's very useful to know the exact result code when something fails and not only a generic (by the module) created one. Sure, there are some exception cases with specific results (special message constellations, attributes, values...) which shouldn't be changed at all (examples of them are in the "ldap.py" test). Therefore I looked very carefully to not change them.
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova1-0/+13
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-08-05s4:dsdb Don't cast an ldb_val into a const char * for schema lookupsAndrew Bartlett1-15/+3
This removes a number of cases where we did a cast into a const char * of an ldb_val. While convention is to alway have an extra \0 at data[length] in the ldb_val, this is not required, and does not occour at least on build farm host 'svart'. Andrew Bartlett
2009-05-26s4:ldb_modules: Correct typos.Andrew Kroeger1-1/+1
2009-02-02s4:kludge_acl: s/class/sclassStefan Metzmacher1-5/+5
metze
2009-01-30Fix all other modules to use ldb_module.h instead of ldb_private.hSimo Sorce1-24/+34
The only 2 modules escaping the rule so far are rootdse and partitions
2008-12-23Fix more compiler warnings in various places.Jelmer Vernooij1-4/+4
2008-12-17s4:ldb: make it possible to return per entry controlsAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-04s4:kludge_acl: allow everybody to read the sequence numberStefan Metzmacher1-1/+27
metze
2008-10-14The ldb async merge broke all MMC management utiltiesMatthias Dieter Wallnöfer1-4/+4
Commit 51baa8deec00244cc0a6e3d29c53932427800610 included a copy-and-paste bug which caused all MMC mangement utilities to break. Because of the typo Samba4 would no longer include the magic 'you may write to these attributes/create these classes' attributes, these tools would display all fields greyed out or 'read only', and not allow the creation of child objects. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-13Cosmetic corrections for the DSDB moduleMatthias Dieter Wallnöfer1-2/+2
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
2008-10-02s4:kludge_acl: just fake support for the SD_FLAGS controlStefan Metzmacher1-0/+20
metze
2008-09-29LDB ASYNC: samba4 modulesSimo Sorce1-93/+113
2008-09-25Revert LDB return code patches from Matthias.Jelmer Vernooij1-2/+2
2008-09-24Cosmetic corrections for the DSDB moduleMatthias Dieter Wallnöfer1-2/+2
This commit applies some cosmetic corrections for the DSDB (Directory Server Database).
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-5/+3
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-08Don't expose passwords, even to the administrator.Andrew Bartlett1-1/+14
This ensures they don't leak over LDAP, but does not prevent access, as ldbsearch locally still bypasses these controls. Andrew Bartlett (This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett1-1/+1
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-11Use common code to fill in allowedAttributes in kludge_acl.Andrew Bartlett1-36/+28
This code is now in common with ad2oLschema. Andrew Bartlett (This used to be commit 0a797388ca442c3ad4809888897b1c63b65a7fdf)
2008-03-20More kludge ACLs!Andrew Bartlett1-36/+9
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2008-02-20Fix use of some modules (needed _PUBLIC_).Jelmer Vernooij1-1/+1
(This used to be commit ce332130ea77159832da23bab760fa26921719e2)
2008-02-20Use struct-based rather than function-based initialization for ldb modules ↵Jelmer Vernooij1-6/+1
everywhere. (This used to be commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b)
2008-01-26ldb: Add ldb_oom() calls in a couple of places.Jelmer Vernooij1-0/+5
(This used to be commit 1163c2ad54b122487fa25960b8989f0f6d0b8c64)
2007-12-21r26540: Revert my previous commit after concerns raised by Andrew.Jelmer Vernooij1-1/+1
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21r26539: Remove unnecessary statics.Jelmer Vernooij1-1/+1
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21r25748: Don't segfault if we don't have a schema yet.Andrew Bartlett1-0/+12
Andrew Bartlett (This used to be commit 388e15a4c1fab55d376be956c2a7168b946bc994)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-2/+2
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r24731: Remove unused code - if we hit these error conditions, then we areAndrew Bartlett1-9/+0
dead anyway, and a segfault would leave us with more infomation. Andrew Bartlett (This used to be commit 62320616ff8795ff18c8f49029d81f12558c10ed)
2007-10-10r24260: Ensure we always override any existing values for these generatedAndrew Bartlett1-0/+4
attributes. Anything else leads to madness. Andrew Bartlett (This used to be commit af092a361df6b98e1890cbd3e2d1fed168701364)
2007-10-10r24060: Fix bug #4806 by Matthias Wallnöfer <mwallnoefer@yahoo.de>: We need toAndrew Bartlett1-4/+76
include the attribute allowedChildClassesEffective for MMC to allow the creation of containers. This may need further refinement, but it seems to work for now. Andrew Bartlett (This used to be commit d053b8e218767cb12e20a00fb18995e30869db11)
2007-10-10r24010: Fix warning for the function paramter to qsort().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 51862c4c5299da02d3d781b3e9255823bc9b59af)
2007-10-10r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de.Andrew Bartlett1-1/+5
Should fix bug #4804. Andrew Bartlett (This used to be commit 848336dc617b72d189fe82e10c0b08a518d6d073)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23560: - Activate metze's schema modules (from metze's schema-loading-13 ↵Andrew Bartlett1-4/+97
patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000)
2007-10-10r21306: fix the RPC-LSA tests the admin couldn't no longer get the ↵Stefan Metzmacher1-0/+1
'currentValue' attribute... this needs more works, but make it work again for now metze (This used to be commit 608d24f0016ff090b7de7fbd0bed85153bcc703d)
2007-10-10r20923: only allow extended operations for SYSTEM or administrators for nowStefan Metzmacher1-0/+1
metze (This used to be commit f062f09fbf45dd6cd36d1bfd9abb301d850c19dc)
2007-10-10r20921: - only give password attributes to the SYSTEM accountStefan Metzmacher1-2/+0
- but SYSTEM and administrators can change them metze (This used to be commit fc5319e927d96b68d8bd90a01e10aa00a6ddf494)
2007-10-10r20760: also handle the case where no private data is attached to the moduleStefan Metzmacher1-1/+1
metze (This used to be commit c8f5aad40af0741984ded2047931a77161f69ece)
2007-10-10r20622: Add in a hack to avoid permitting searches on the value of protectedAndrew Bartlett1-1/+23
attributes. Andrew Bartlett (This used to be commit 5aa2195ec26d9ddf82e51f2b242cdf7c8ab52f52)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-1/+1
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r17514: Simplify the way to set ldb errors and add anotherSimo Sorce1-5/+6
helper function to set them. (This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce1-14/+14
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce1-2/+2
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r16109: Make this module simpiler, don't intercept operations we are not goingAndrew Bartlett1-21/+0
to implement. Andrew Bartlett (This used to be commit 3252e425b0e28656ac5fb19fa4edf7322ea72eab)
2007-10-10r16070: Fix kludge_aclsSimo Sorce1-1/+1
(This used to be commit 795f8ebe8eecf28f5729754dc248d2a8411effb9)
2007-10-10r16036: Add a couple of new functions to corretly deal with timeouts.Simo Sorce1-4/+3
Check timeouts are correctly verified. Some minor fixed and removal of unused code. (This used to be commit b52e5d6a0cb1a32e62759eaa49ce3e4cc804cc92)