summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules
AgeCommit message (Collapse)AuthorFilesLines
2010-12-01s4-ranged_result.c: Fix memory context for ranged attributes handlingKamen Mazdrashki1-4/+15
Pair-Programmed-With: Zahari Zahariev <zahari.zahariev@postpath.com> Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Dec 1 11:45:48 CET 2010 on sn-devel-104
2010-11-29s4-dsdb: give full error message for operational failuresAndrew Tridgell1-2/+2
2010-11-27s4:role transfer - use always type "enum drepl_role_master" for role ↵Matthias Dieter Wallnöfer1-1/+1
specifications Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 27 16:03:43 CET 2010 on sn-devel-104
2010-11-27s4:samba3sam LDB module - correctly print out an unsigned valueMatthias Dieter Wallnöfer1-1/+2
Here we can print it out as unsigned since we are generating a string attribute.
2010-11-27s4:samba3sam LDB module - make the "pw_uid"/"pw_gid" conversion a bit clearerMatthias Dieter Wallnöfer1-2/+6
And remove the "long" specifier since at least on the major platforms (Linux, BSD and Solaris) these types are defined as "uint32_t".
2010-11-26s4:rootdse LDB module - remove unused variableMatthias Dieter Wallnöfer1-1/+0
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 26 13:58:27 CET 2010 on sn-devel-104
2010-11-26s4:objectclass LDB module - simply use "msg" when requesting the messageMatthias Dieter Wallnöfer1-2/+2
2010-11-26s4:objectclass LDB module - move the "mem_ctx" allocation to a better placeMatthias Dieter Wallnöfer1-7/+6
It's only needed if we've a schema around.
2010-11-26s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)Andrew Bartlett1-15/+28
This arranged the check to avoid talloc_strdup() (the schema pointers are constant, and can be relied upon), and checks the untrusted bit first (it is faster), before the ldb_attr_cmp(). The strcmp() here was valid, if unusual, because the ldapDisplayName values are already in the correct case, but strcasecmp() is more correct, as for the small extra cost, we avoid a difficult to diagnose bug later. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-26s4-objectclass Use a specific local variable name, not 'value'Andrew Bartlett1-4/+5
This makes it clearer what the local variable in use here does. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-26s4-dsdb Remove rootDSE and anonymous checks from acl_readAndrew Bartlett1-15/+0
The rootdse module handles rootDSE requests, and blocks anonymous access, so we on't need to do it again here. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Nov 26 00:36:19 CET 2010 on sn-devel-104
2010-11-26s4-dsdb Add 'block anonymous' checks to the rootdse moduleAndrew Bartlett1-0/+100
This ensures that one single point checks for and blocks anonymous read access to the database over LDAP. Andrew Bartlett
2010-11-26s4-dsdb Remove mem_ctx argument from dsdb_module_find_dsheuristics().Andrew Bartlett2-4/+3
A function that does not return memory should not take a memory context. Andrew Bartlett
2010-11-25s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer1-7/+1
domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer1-3/+7
is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - move one checks into the "objectclass derivation ↵Matthias Dieter Wallnöfer1-11/+17
loop" This denies objects created from possible derivated classes from the prohibited ones. Also small cosmetic improvements for another check.
2010-11-24s4:objectclass LDB module - some more or less cosmetic return value macro ↵Matthias Dieter Wallnöfer1-14/+22
changes Sometimes "ldb_module_oom" fits better than "ldb_operr" or "ldb_oom".
2010-11-20s4:repl_meta_data LDB module - fix a counter typeMatthias Dieter Wallnöfer1-2/+4
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 20 22:32:06 CET 2010 on sn-devel-104
2010-11-20s4:repl_meta_data LDB module - move the "objectGUID" checks a bit higherMatthias Dieter Wallnöfer1-29/+29
- they don't need the allocated "ac" context - some small code cleanups
2010-11-20s4:objectclass_attrs LDB module - add more delete protected attributesMatthias Dieter Wallnöfer1-1/+4
And enhance the testsuite
2010-11-20s4:samldb LDB module - objectclass trigger - reorder template attributesMatthias Dieter Wallnöfer1-9/+10
2010-11-20s4:acl LDB module - it's more correct to count the password attributes using ↵Matthias Dieter Wallnöfer1-3/+6
"unsigned int" Since these are derived from a LDB result. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 20 11:29:07 CET 2010 on sn-devel-104
2010-11-18s4/operational: Fix swapped parameters for ldb_msg_copy_attrAnatoliy Atanasov1-2/+2
Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 18 17:02:07 UTC 2010 on sn-devel-104
2010-11-18s4:password_hash LDB module - remove unused headersMatthias Dieter Wallnöfer1-3/+0
2010-11-18s4:repl_meta_data LDB module - allow also special DNs to be renamed correctlyMatthias Dieter Wallnöfer1-1/+1
Do always escape RDN values - this fixes bug #7794 Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 18 10:43:40 UTC 2010 on sn-devel-104
2010-11-17s4-repl: save the result of the last replication in repsFrom/repsToAndrew Tridgell1-5/+0
when a replication fails, we should add the failure to repsFrom when a notify fails, we need to save it to repsTo this ensures showrepl always shows the latest status
2010-11-16s4:acl LDB module - use also here "dsdb_find_nc_root" to implement the ↵Matthias Dieter Wallnöfer1-28/+57
NC-specific checks Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 16 15:12:13 UTC 2010 on sn-devel-104
2010-11-16s4:descriptor LDB module - also "get_default_ag" should make use of ↵Matthias Dieter Wallnöfer1-12/+12
"dsdb_find_nc_root"
2010-11-16s4:descriptor LDB module - handle the NCs in a more generic way by using ↵Matthias Dieter Wallnöfer1-10/+22
"dsdb_find_nc_root"
2010-11-16s4:descriptor LDB module - make more clear that special control entries ↵Matthias Dieter Wallnöfer1-0/+7
never should be handled by modules
2010-11-16s4:objectclass LDB module - the "olddn" is the special DN for rename requestsMatthias Dieter Wallnöfer1-1/+1
2010-11-16s4-schema_load: Don't clean in_transaction flag until transaction is really ↵Kamen Mazdrashki1-7/+6
finished Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Nov 16 11:00:35 UTC 2010 on sn-devel-104
2010-11-16s4:subtree_rename LDB module - make use of "dsdb_find_nc_root"Matthias Dieter Wallnöfer1-22/+27
This is exactly what's needed there. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 16 08:42:07 UTC 2010 on sn-devel-104
2010-11-16s4:objectclass LDB module - free "nc_root" after name context comparisonsMatthias Dieter Wallnöfer1-0/+2
2010-11-15s4:objectclass LDB module - improve the default name context checking on ↵Matthias Dieter Wallnöfer1-16/+12
modifications Pointed out by abartlet
2010-11-15s4:objectclass LDB module - implement the "objectClass" change restrictions ↵Matthias Dieter Wallnöfer1-0/+25
on Windows 2000 forest function level Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
2010-11-13s4:password_hash LDB module - return "ERR_CONSTRAINT_VIOLATION" on password ↵Matthias Dieter Wallnöfer1-6/+9
conversion errors This errors can happen also on a regular basis - then we shouldn't return ERR_OPERATIONS_ERROR (this error code is reserved for very serious failures). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 13 12:37:36 UTC 2010 on sn-devel-104
2010-11-13s4:objectclass LDB module - multiple "objectClass" change elements are ↵Matthias Dieter Wallnöfer1-161/+169
unfortunately still allowed The test message has been compressed - therefore I've now used "modify_ldif".
2010-11-12samldb: relax groupType modification checksMatthieu Patou1-27/+32
Allow programs with the PROVISION control to bypass groupType checks. This is needed by upgradeprovision for older alpha (11, 10 ...)
2010-11-12s4:objectclass LDB module - we should not simply ignore additional ↵Matthias Dieter Wallnöfer1-2/+16
"objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
2010-11-12s4:repl_meta_data LDB module - convert two debug messages into error messagesMatthias Dieter Wallnöfer1-4/+4
These regarding "objectGUID".
2010-11-12s4:samldb/objectclass_attrs LDB modules - move "description" logic from ↵Matthias Dieter Wallnöfer2-43/+81
"objectclass_attrs" into "samldb" This according to an answer from dochelp is SAM specific behaviour.
2010-11-11s4-dsdb Remove incorrectly declared ** variable used as *.Andrew Bartlett1-6/+3
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett
2010-11-11s4-dsdb Convert new krbtgt_xxx password into UTF16Andrew Bartlett1-1/+12
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett
2010-11-11s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8Andrew Bartlett1-1/+5
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer3-2/+23
This should prevent crashes as pointed out on the mailing list.
2010-11-11s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer1-11/+39
Detected by a testcase written by Zahari Zahariev.
2010-11-11s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵Matthias Dieter Wallnöfer4-12/+59
according to the "dSHeuristics"
2010-11-11s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵Matthias Dieter Wallnöfer1-16/+77
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't).
2010-11-11s4:local_password LDB module - remove schema checking code and fix some typosMatthias Dieter Wallnöfer1-12/+6
This is now done by the "objectclass_attrs" LDB module.