Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This seems to have been broken some time ago - till someone on the
mailing list noticed it.
I've also added a testsuite (and some additional SamDB python helpers) which
should prove this.
|
|
|
|
"el->values" could under some circumstances be NULL (see "if" above).
|
|
Pair-Programmed-With: Zahari Zahariev <zahari.zahariev@postpath.com>
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Dec 1 11:45:48 CET 2010 on sn-devel-104
|
|
|
|
specifications
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 27 16:03:43 CET 2010 on sn-devel-104
|
|
Here we can print it out as unsigned since we are generating a string
attribute.
|
|
And remove the "long" specifier since at least on the major platforms
(Linux, BSD and Solaris) these types are defined as "uint32_t".
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 26 13:58:27 CET 2010 on sn-devel-104
|
|
|
|
It's only needed if we've a schema around.
|
|
This arranged the check to avoid talloc_strdup() (the schema pointers
are constant, and can be relied upon), and checks the untrusted bit
first (it is faster), before the ldb_attr_cmp().
The strcmp() here was valid, if unusual, because the ldapDisplayName
values are already in the correct case, but strcasecmp() is more
correct, as for the small extra cost, we avoid a difficult to diagnose
bug later.
Andrew Bartlett
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
This makes it clearer what the local variable in use here does.
Andrew Bartlett
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
The rootdse module handles rootDSE requests, and blocks anonymous
access, so we on't need to do it again here.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Nov 26 00:36:19 CET 2010 on sn-devel-104
|
|
This ensures that one single point checks for and blocks anonymous
read access to the database over LDAP.
Andrew Bartlett
|
|
A function that does not return memory should not take a memory context.
Andrew Bartlett
|
|
domain objects
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
|
|
is specified
This fits better than the RELAX one.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
|
|
loop"
This denies objects created from possible derivated classes from the prohibited
ones.
Also small cosmetic improvements for another check.
|
|
changes
Sometimes "ldb_module_oom" fits better than "ldb_operr" or "ldb_oom".
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 20 22:32:06 CET 2010 on sn-devel-104
|
|
- they don't need the allocated "ac" context
- some small code cleanups
|
|
And enhance the testsuite
|
|
|
|
"unsigned int"
Since these are derived from a LDB result.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 20 11:29:07 CET 2010 on sn-devel-104
|
|
Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Autobuild-Date: Thu Nov 18 17:02:07 UTC 2010 on sn-devel-104
|
|
|
|
Do always escape RDN values - this fixes bug #7794
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 18 10:43:40 UTC 2010 on sn-devel-104
|
|
when a replication fails, we should add the failure to repsFrom
when a notify fails, we need to save it to repsTo
this ensures showrepl always shows the latest status
|
|
NC-specific checks
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 16 15:12:13 UTC 2010 on sn-devel-104
|
|
"dsdb_find_nc_root"
|
|
"dsdb_find_nc_root"
|
|
never should be handled by modules
|
|
|
|
finished
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Nov 16 11:00:35 UTC 2010 on sn-devel-104
|
|
This is exactly what's needed there.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 16 08:42:07 UTC 2010 on sn-devel-104
|
|
|
|
modifications
Pointed out by abartlet
|
|
on Windows 2000 forest function level
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
|
|
conversion errors
This errors can happen also on a regular basis - then we shouldn't return
ERR_OPERATIONS_ERROR (this error code is reserved for very serious failures).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 13 12:37:36 UTC 2010 on sn-devel-104
|
|
unfortunately still allowed
The test message has been compressed - therefore I've now used "modify_ldif".
|
|
Allow programs with the PROVISION control to bypass groupType checks.
This is needed by upgradeprovision for older alpha (11, 10 ...)
|
|
"objectClass" attribute changes
There first one we perform all other tentatives are terminated with
ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
|
|
These regarding "objectGUID".
|
|
"objectclass_attrs" into "samldb"
This according to an answer from dochelp is SAM specific behaviour.
|
|
The cleartext_utf16_str variable was declared char **, but due to the
cast on convert_string_talloc() and the lack of type checking here and
on data_blob_const (due to void *) it was able to be used as if it was
a char *.
The simple solution seems to be to fill in cleartext_utf16 blob directly.
Andrew Bartlett
|
|
The new stricter test on clearTextPassword values caught out that
we did not provide a utf16 password here.
Andrew Bartlett
|
|
The UTF16MUNGED helper will map all invalid sequences (except odd
input length) to valid input sequences, per the rules. Therefore if
it fails, we need to bail out, somehing serious is wrong.
Andrew Bartlett
|