summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/objectclass.c
AgeCommit message (Collapse)AuthorFilesLines
2010-11-26s4:objectclass LDB module - simply use "msg" when requesting the messageMatthias Dieter Wallnöfer1-2/+2
2010-11-26s4:objectclass LDB module - move the "mem_ctx" allocation to a better placeMatthias Dieter Wallnöfer1-7/+6
It's only needed if we've a schema around.
2010-11-26s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)Andrew Bartlett1-15/+28
This arranged the check to avoid talloc_strdup() (the schema pointers are constant, and can be relied upon), and checks the untrusted bit first (it is faster), before the ldb_attr_cmp(). The strcmp() here was valid, if unusual, because the ldapDisplayName values are already in the correct case, but strcasecmp() is more correct, as for the small extra cost, we avoid a difficult to diagnose bug later. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-26s4-objectclass Use a specific local variable name, not 'value'Andrew Bartlett1-4/+5
This makes it clearer what the local variable in use here does. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-25s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer1-7/+1
domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer1-3/+7
is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - move one checks into the "objectclass derivation ↵Matthias Dieter Wallnöfer1-11/+17
loop" This denies objects created from possible derivated classes from the prohibited ones. Also small cosmetic improvements for another check.
2010-11-24s4:objectclass LDB module - some more or less cosmetic return value macro ↵Matthias Dieter Wallnöfer1-14/+22
changes Sometimes "ldb_module_oom" fits better than "ldb_operr" or "ldb_oom".
2010-11-16s4:objectclass LDB module - the "olddn" is the special DN for rename requestsMatthias Dieter Wallnöfer1-1/+1
2010-11-16s4:objectclass LDB module - free "nc_root" after name context comparisonsMatthias Dieter Wallnöfer1-0/+2
2010-11-15s4:objectclass LDB module - improve the default name context checking on ↵Matthias Dieter Wallnöfer1-16/+12
modifications Pointed out by abartlet
2010-11-15s4:objectclass LDB module - implement the "objectClass" change restrictions ↵Matthias Dieter Wallnöfer1-0/+25
on Windows 2000 forest function level Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
2010-11-13s4:objectclass LDB module - multiple "objectClass" change elements are ↵Matthias Dieter Wallnöfer1-161/+169
unfortunately still allowed The test message has been compressed - therefore I've now used "modify_ldif".
2010-11-12s4:objectclass LDB module - we should not simply ignore additional ↵Matthias Dieter Wallnöfer1-2/+16
"objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer1-1/+3
This should prevent crashes as pointed out on the mailing list.
2010-11-11s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer1-11/+39
Detected by a testcase written by Zahari Zahariev.
2010-11-08s4:objectclass LDB module - no idea why we'd need the "objectGUID" hereMatthias Dieter Wallnöfer1-1/+1
2010-11-03s4:objectclass LDB module - the structural objectclass has always to be ↵Matthias Dieter Wallnöfer1-0/+6
specified Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 3 16:20:55 UTC 2010 on sn-devel-104
2010-11-01s4-ldb: enable version checking in dsdb ldb modulesAndrew Tridgell1-0/+1
2010-11-01s4-dsdb: convert the rest of the ldb modules to the new module typeAndrew Tridgell1-1/+6
2010-10-19s4-dsdb: register the DCPROMO_OID control with the rootdseAndrew Tridgell1-0/+7
this is needed to allow it over ldap Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 19 04:44:23 UTC 2010 on sn-devel-104
2010-10-16s4:objectclass LDB module - implement the "isCriticalSystemObject" subtree ↵Matthias Dieter Wallnöfer1-1/+16
delete protection MS-ADTS 3.1.1.5.5.7.2 Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 11:24:09 UTC 2010 on sn-devel-104
2010-10-13s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" ↵Matthias Dieter Wallnöfer1-0/+9
entries They're only allowed to be created with the RELAX control specified.
2010-10-10dsdb/modules: Split up helpers a bit to prevent recursive dependencies.Jelmer Vernooij1-0/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
2010-10-03s4:objectclass LDB module - introduce allowed system flags restrictionMatthias Dieter Wallnöfer1-6/+11
Let us do the distinction by real use and provision by the RELAX flag Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-2/+3
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:objectclass LDB module - fix the "crossRef" delete protectionMatthias Dieter Wallnöfer1-3/+9
This is what Windows does Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:objectclass LDB module - fix the delete behaviour of server containersMatthias Dieter Wallnöfer1-2/+2
A typo prevented the right behaviour. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-25ldb: mark the location of a lot more ldb requestsAndrew Tridgell1-0/+9
2010-09-05dsdb: make the ATTRIBUTE NOT FOUND more clearMatthieu Patou1-0/+3
2010-08-17s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA addAndrew Tridgell1-1/+24
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-10s4:objectclass LDB module - weak the check for the "rIDSet" delete constraintMatthias Dieter Wallnöfer1-8/+10
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision".
2010-08-07s4:objectclass LDB module - "add operation" - enhance and clean the ↵Matthias Dieter Wallnöfer1-8/+20
"systemFlags" section Also here we have to test for single-valueness.
2010-08-07s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵Matthias Dieter Wallnöfer1-5/+34
validation
2010-08-07s4:objectclass LDB module - "add operation" - reject creation of LSA ↵Matthias Dieter Wallnöfer1-0/+8
specific objects (only using the RELAX flag allowed)
2010-08-07s4:objectclass LDB module - "add operation" - move two checksMatthias Dieter Wallnöfer1-17/+12
To be more consistent with the MS-ADTS doc.
2010-08-07s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵Matthias Dieter Wallnöfer1-5/+14
message elements Requested by MS-ADTS 3.1.1.5.2.2
2010-08-07s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possibleMatthias Dieter Wallnöfer1-4/+2
We don't need to have it around until the end of the function.
2010-08-01s4:objectclass LDB module - consider the "instanceType" when adding NCsMatthias Dieter Wallnöfer1-10/+18
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation).
2010-08-01s4:objectclass LDB module - implement additional delete constraint checksMatthias Dieter Wallnöfer1-3/+47
MS-ADTS 3.1.1.5.5.3
2010-07-07s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell1-38/+30
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-06-19s4:objectclass LDB module - disable delete operations when ↵Matthias Dieter Wallnöfer1-5/+80
"SYSTEM_FLAG_DISALLOW_DELETE" is specified
2010-06-19s4:objectclass LDB module - use the old DN when displaying error messagesMatthias Dieter Wallnöfer1-2/+2
2010-06-19s4:objectclass LDB module - add a better message when the parent DN is invalidMatthias Dieter Wallnöfer1-2/+3
2010-06-19s4:objectclass LDB module - add an error message when someone tries to add ↵Matthias Dieter Wallnöfer1-3/+4
entries without objectclasses
2010-06-19s4:objectclass LDB module - handle the case when there is a retry to add the ↵Matthias Dieter Wallnöfer1-0/+26
root basedn This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a very special referral: one with the DN itself and the hostname is the last component value of the DN.
2010-06-18s4:objectclass LDB module - move "mem_ctx" initialisation lowerMatthias Dieter Wallnöfer1-16/+11
Saves us some "talloc_free"s on error cases
2010-06-15dsdb: Fix includes when building against system ldb.Jelmer Vernooij1-1/+1
2010-06-07s4:objectclass LDB module - rework the code which handles the objectclasses ↵Matthias Dieter Wallnöfer1-149/+191
modification Before it has been very incomplete. We try now to match the Windows Server behaviour as close as possible.
2010-06-07s4:objectclass LDB module - remove "fix_check_attributes"Matthias Dieter Wallnöfer1-62/+0
Also this task is now performed by the "objectclass_attrs" LDB module.
generated by cgit (git 2.34.1) at 2025-01-24 17:27:42 +0000