Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-29 | s4-dsdb Add ldb_reset_err_string() when we set error codes. | Andrew Bartlett | 1 | -0/+1 | |
If we don't we could show an old, incrorrect error | |||||
2010-09-29 | s4-dsdb Fix segfault in error case in rootdse module | Andrew Bartlett | 1 | -1/+4 | |
2010-09-27 | s4-ldb: removed an unused variable | Andrew Tridgell | 1 | -1/+0 | |
2010-09-27 | s4-ldb: Added ldb_request_replace_control | Nadezhda Ivanova | 1 | -1/+1 | |
It is the same as ldb_request_add_control, except it will replace an existing control. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-ldbmodules: Added new module aclread to handle access checks on LDAP search | Nadezhda Ivanova | 4 | -0/+327 | |
It is currently enabled only if the request comes from the LDAP server, and is disabled by default. Use acl:search=true in smb.conf to enable it. It filters out all objects the user is not allowed to see, and all attributes the user does not have RP on. Extended access not supported yet. | |||||
2010-09-26 | s4-tests: Removed search tests with anonymous credentials as they fail ↵ | Nadezhda Ivanova | 1 | -1/+1 | |
againts Windows These tests will fail in make test as well if the acl_read module is enabled. | |||||
2010-09-26 | s4-dsdb: Added a function to check access on a particular object by its guid | Nadezhda Ivanova | 1 | -0/+37 | |
Similar to dsdb_check_access_on_dn, only it searches by guid. | |||||
2010-09-26 | s4-dsdb: Moved some helper functions to a separate file | Nadezhda Ivanova | 5 | -222/+260 | |
We need these to be accessible to the aclread module as well. | |||||
2010-09-26 | s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -1/+7 | |
connections | |||||
2010-09-25 | ldb: mark the location of a lot more ldb requests | Andrew Tridgell | 28 | -15/+109 | |
2010-09-25 | s4-dsdb: added tagging of requests in dsdb modules | Andrew Tridgell | 8 | -0/+30 | |
this allows you to call dsdb_req_chain_debug() in gdb or when writing debug code to see the request chain | |||||
2010-09-25 | s4-repl: don't store repsFrom on DNs other than NC heads | Andrew Tridgell | 1 | -0/+9 | |
we don't want a refsFrom on the Rid Manage$ DN Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-25 | s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn. | Nadezhda Ivanova | 1 | -1/+1 | |
2010-09-24 | s4-kerberos Rework keytab handling to export servicePrincipalName entries | Andrew Bartlett | 1 | -2/+6 | |
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett | |||||
2010-09-24 | s4-kerberos Move 'set key into keytab' code out of credentials. | Andrew Bartlett | 1 | -31/+23 | |
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett | |||||
2010-09-24 | s4:repl_meta_data - also on delete operations the new RDN attribute has to ↵ | Matthias Dieter Wallnöfer | 1 | -1/+10 | |
be casefolded correctly Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:lazy_commit LDB module - the "show_deleted" control is initialised by the ↵ | Matthias Dieter Wallnöfer | 1 | -17/+0 | |
"show_deleted" LDB module Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - make use of "dsdb_forest_functional_level" | Matthias Dieter Wallnöfer | 1 | -3/+2 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - introduce dynamic "ldapServiceName" | Matthias Dieter Wallnöfer | 1 | -0/+25 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - introduce dynamic "dnsHostName" attribute | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - make "serverName" dynamic | Matthias Dieter Wallnöfer | 1 | -0/+7 | |
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a simple way since it's already needed on LDB initialisation time. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - remove "priv" checks where not needed | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - better that the "edn" control handling is done last | Matthias Dieter Wallnöfer | 1 | -20/+20 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:samldb LDB module - it isn't allowed to create user/computer accounts ↵ | Matthias Dieter Wallnöfer | 1 | -0/+4 | |
with a primary group specified It can only be changed afterwards. We allow a "relax"ed exception for the provision state since we need this for the guest account. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:samldb LDB module - support the "userAccountControl" -> "primaryGroupID" ↵ | Matthias Dieter Wallnöfer | 1 | -16/+11 | |
detection also on modify operations Also requested by MS-SAMR 3.1.1.8.1. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - make more use of LDB result constants | Matthias Dieter Wallnöfer | 1 | -17/+17 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - fix comment typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:password_hash LDB module - don't assign "lp_ctx" twice | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - fix counter types | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:extended_dn_in LDB module - fix a counter type | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-22 | s4-selftest: Move samba3sam test to standard python directory. | Jelmer Vernooij | 1 | -1092/+0 | |
2010-09-22 | dsdb: Use short path for ldb_handlers.h, in case ldb is installed in the | Jelmer Vernooij | 1 | -1/+1 | |
system. | |||||
2010-09-21 | s4-ldap: Fixed a problem with NC's having a parentGUID attribute | Nadezhda Ivanova | 1 | -13/+27 | |
NC's other than default NC had a parentGUID, due to an incorrect check of whether the object has a parent. Fixed by checking object's instanceType instead. | |||||
2010-09-20 | s4-rodc: fixed repsFrom store on RODC | Andrew Tridgell | 1 | -14/+11 | |
We were disallowing repsFrom store as a RODC on the basis that it is a write to the directory. It should be allowed, as its is a non-replicated attribute. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-19 | s4-rootdse: mark registered controls as non-critical | Andrew Tridgell | 1 | -0/+37 | |
this is needed for clients that may include unnecessary controls in requests and mark them as non-critical | |||||
2010-09-15 | s4: fixed some printf format errors | Andrew Tridgell | 1 | -1/+1 | |
2010-09-15 | s4-dsdb: check for invalid backend type | Andrew Tridgell | 1 | -0/+2 | |
2010-09-15 | s4-rootdse: setup length after NULL check | Andrew Tridgell | 1 | -2/+2 | |
2010-09-15 | s4-dsdb: fixed use after free for RODC | Andrew Tridgell | 1 | -2/+1 | |
2010-09-15 | s4-dsdb: free right context on failure | Andrew Tridgell | 1 | -1/+1 | |
down_req is not initialised yet | |||||
2010-09-15 | s4-dsdb: defer ac->msg after check for NULL ac | Andrew Tridgell | 1 | -1/+3 | |
2010-09-15 | s4-anr: check for allocation failure before use | Andrew Tridgell | 1 | -1/+1 | |
2010-09-13 | s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵ | Matthias Dieter Wallnöfer | 1 | -8/+8 | |
LDAP filters This makes also lookups through special backends as "samba3sam" work. | |||||
2010-09-13 | s4:cosmetic - the SID attribute is called objectSid - not objectSID | Matthias Dieter Wallnöfer | 3 | -11/+11 | |
2010-09-13 | Revert "s4:samldb LDB module - simplify the message handling on add and ↵ | Matthias Dieter Wallnöfer | 1 | -26/+33 | |
modify operations" This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d. This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this. I will rework this further. | |||||
2010-09-12 | s4:samldb LDB module - remove a disastrous "talloc_free" | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
This completely destroys the program logic (async callbacks). Sorry for introducing this. | |||||
2010-09-12 | s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID ↵ | Matthias Dieter Wallnöfer | 1 | -1/+5 | |
derivation from "userAccountControl" Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441. | |||||
2010-09-12 | s4:samldb LDB module - free the "ac" context after the delete checks | Matthias Dieter Wallnöfer | 1 | -1/+4 | |
2010-09-12 | s4:samldb LDB module - simplify the message handling on add and modify ↵ | Matthias Dieter Wallnöfer | 1 | -33/+28 | |
operations We perform always only one shallow copy operation of the message on the "req" context. This allows to free the "ac" context when we've prepared all our changes. | |||||
2010-09-12 | s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see ↵ | Matthias Dieter Wallnöfer | 1 | -41/+41 | |
that it is only in use by the delete operation add and modify helpers will stay on the top of the add and modify operation since they will likely be shared as much as possible. |