| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
entries without objectclasses
|
|
root basedn
This isn't quitted with a normal "NO_SUCH_OBJECT" (parent not found) but with a
very special referral: one with the DN itself and the hostname is the last
component value of the DN.
|
|
Saves us some "talloc_free"s on error cases
|
|
|
|
modification
Before it has been very incomplete. We try now to match the Windows Server
behaviour as close as possible.
|
|
Also this task is now performed by the "objectclass_attrs" LDB module.
|
|
"ac" context creation
This unifies the position when the schema is read and prevents multiple
instanciations (eg on a modification operation).
|
|
protections
Only the "systemFlags" check is still missing.
|
|
|
|
|
|
|
|
return
|
|
The "parent_dn" was created on the "ac" context which lives anyway longer
than this child request.
|
|
structural objectclass
We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
|
|
|
|
|
|
|
|
This means we are only doing the checks for schema changes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
|
|
appropriate
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This is done by sorting the classes by subClass_order, which will
check if the last structural class is valid to add (in
objectclass_do_add instead checking the last class in the list).
They were being sorted by building a class tree, and adding the
classes to the list in that order. However, AUX classes usually don't
fit into that tree, so LDB_ERR_OBJECT_CLASS_VIOLATION was returned. I
have changed the behavior to sort the classes by subClass_order
instead.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
parentGUID is now created on demand in operational.c
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.
The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.
Andrew Bartlett
|
|
This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.
|
|
w2k8 imposes a limit of 64 characters on the rDN
|
|
I think the check for empty messages fits best here.
|
|
|
|
This also uses systemPossibleInferiors when the 'relax' control is
specified, which is done by the provision.
Andrew Bartlett
|
|
These additional constraints are applied, found by the Microsoft testsuite.
- When the parent is not present, we now return 'NO_SUCH_OBJECT'.
- Restrict the choice of RDN to the correct one per the schema
- Honour the allowedChildClasses attribute from the parent's objectClass.
Andrew Bartlett
|
|
(except as part of the provision, which specifies the 'relax' control)
Andrew Bartlett
|
|
This error per the Microsoft testsuite
|
|
|
|
The relative DN must be the one that the most specific structural
objectclass specifies.
Andrew Bartlett
|
|
Also add error strings in descriptor module
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4
to use ldb_request_add_control() instead of a manual construction.
Andrew Bartlett
|
|
The objectclass module checks that the target parent exists, and
refuses renames if it doesn't exist. For this to work for deleted
objects we have to do the search in the objectclass module with the
"show deleted" control enabled.
|
|
This removes a number of cases where we did a cast into a const char *
of an ldb_val. While convention is to alway have an extra \0 at
data[length] in the ldb_val, this is not required, and does not occour
at least on build farm host 'svart'.
Andrew Bartlett
|
|
This is made up of 4 parts:
1) change our schema to include the parentGUID attribute type
2) in the add hook in the objectclass module, get the objectGUID of
the parent and add it to the message as parentGUID
3) in the rename hook in the objectclass module, get the objectGUID
of the new parent, and insert an async modify request after the
renmam is done
4) added a simple test suite
|
|
do not reference it from ldb.h
|
|
The only 2 modules escaping the rule so far are rootdse and partitions
|
|
We're using @ROOTDSE instead of CN=ROOTDSE.
metze
|
|
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
|
