summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-08-15s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵Matthias Dieter Wallnöfer1-43/+72
important failure cases
2010-08-15s4:password_hash LDB module - support this new password set syntaxMatthias Dieter Wallnöfer1-2/+10
2010-08-15s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵Matthias Dieter Wallnöfer1-10/+1
on password change operations This is to match the SAMR password change behaviour.
2010-08-15s4:subtree_rename.c - relax the checks when requestedMatthias Dieter Wallnöfer1-0/+5
(Needed by upgradeprovision for example)
2010-08-14s4:password_hash LDB module - improve an error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-14s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵Matthias Dieter Wallnöfer1-5/+16
passwords Sooner or later this module should take over all password change actions.
2010-08-14s4:password_hash LDB module - fix wrong error codesMatthias Dieter Wallnöfer1-4/+4
To match the passwords.py test
2010-08-10s4:objectclass LDB module - weak the check for the "rIDSet" delete constraintMatthias Dieter Wallnöfer1-8/+10
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision".
2010-08-07s4:objectclass LDB module - "add operation" - enhance and clean the ↵Matthias Dieter Wallnöfer1-8/+20
"systemFlags" section Also here we have to test for single-valueness.
2010-08-07s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵Matthias Dieter Wallnöfer1-5/+34
validation
2010-08-07s4:objectclass LDB module - "add operation" - reject creation of LSA ↵Matthias Dieter Wallnöfer1-0/+8
specific objects (only using the RELAX flag allowed)
2010-08-07s4:objectclass LDB module - "add operation" - move two checksMatthias Dieter Wallnöfer1-17/+12
To be more consistent with the MS-ADTS doc.
2010-08-07s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵Matthias Dieter Wallnöfer1-5/+14
message elements Requested by MS-ADTS 3.1.1.5.2.2
2010-08-07s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possibleMatthias Dieter Wallnöfer1-4/+2
We don't need to have it around until the end of the function.
2010-08-04s4:LDB modules - remove the "kludge_acl" module codeMatthias Dieter Wallnöfer1-516/+0
Obviously this has been forgotten by Nadya.
2010-08-04s4-dsdb: Removed kludge_acl as it is no longer necessaryNadezhda Ivanova5-23/+47
Moved the access check on extended operations to acl module and removed kludge_acl
2010-08-01s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2Matthias Dieter Wallnöfer1-6/+20
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed.
2010-08-01s4:objectclass LDB module - consider the "instanceType" when adding NCsMatthias Dieter Wallnöfer1-10/+18
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation).
2010-08-01s4:descriptor LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-4/+3
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-08-01s4:acl LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-6/+3
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-08-01s4:acl LDB module - remove unused call "is_root_base_dn"Matthias Dieter Wallnöfer1-8/+0
2010-08-01s4:objectclass LDB module - implement additional delete constraint checksMatthias Dieter Wallnöfer1-3/+47
MS-ADTS 3.1.1.5.5.3
2010-08-01s4:subtree_rename LDB module - rename "check_system_flags" into ↵Matthias Dieter Wallnöfer1-9/+43
"check_constraints" and perform more checks Always considering MS-ADTS 3.1.1.5.4.1.2.
2010-08-01s4:subtree_rename LDB module - introduce out of memory checksMatthias Dieter Wallnöfer1-0/+4
2010-08-01s4:dsdb/samdb/ldb_modules/util.c - remove unused variablesMatthias Dieter Wallnöfer1-2/+0
2010-08-01s4:subtree_rename LDB module - introduce the "systemFlags" protection rulesMatthias Dieter Wallnöfer1-2/+122
This is done in a dedicated call "check_system_flags".
2010-07-31s4:subtree_rename LDB module - "subren_ctx_init" - fix the "out of memory" ↵Matthias Dieter Wallnöfer1-3/+2
return
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell10-18/+18
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 ldb modules: relax some tests about attributes that should not be hereMatthieu Patou1-0/+9
For attributes that we know that are harmless and that used to be stored in the ldb we relax the tests on the existance in a given objectclass. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 dsdb: Use the changereplmetadata controlMatthieu Patou1-61/+144
This control allow to specify the replPropertyMetaData attribute to be specified on modify request. It can be used for very specific needs to tweak the content of the replication data. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 dsdb: create a new control: changereplmetadataMatthieu Patou1-0/+6
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-74/+56
ridalloc_allocate_rid_pool_fsmo() metze
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-80/+102
ridalloc_allocate_rid() metze
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-19/+14
ridalloc_create_rid_set_ntds() metze
2010-07-09s4:dsdb:ridalloc: add ridalloc_ridset_values infrastructureStefan Metzmacher1-0/+83
metze
2010-07-09s4:dsdb:ridalloc: use dsdb_module_constrainted_update_uint64() to update ↵Stefan Metzmacher1-2/+2
rIDAvailablePool metze
2010-07-09s4:dsdb:ridalloc.c: fix C++ warningStefan Metzmacher1-1/+2
metze
2010-07-09s4:dsdb: add dsdb_module_constrainted_update_uint32/64() wrapper functionsStefan Metzmacher1-0/+22
metze
2010-07-09s4:dsdb: add dsdb_msg_constrainted_update_uint32/64() wrapper functionsStefan Metzmacher1-0/+22
metze
2010-07-09s4:dsdb: add dsdb_module_constrainted_update_int32/64() functionsStefan Metzmacher1-0/+58
metze
2010-07-09s4:dsdb: add dsdb_msg_constrainted_update_int32/64() functionsStefan Metzmacher1-0/+96
metze
2010-07-08s4:acl LDB module - password attributes - check also the "dBCSPwd" attributeMatthias Dieter Wallnöfer1-2/+2
It's also a possible password change/set attribute candidate.
2010-07-08s4:acl LDB module - move a "mem_ctx" creation to the place where it is ↵Matthias Dieter Wallnöfer1-1/+2
actually checked Memory allocations and their result checks should be as tight as possible.
2010-07-08s4-dsdb/util: Reorder DSDB_FLAG_* checksKamen Mazdrashki1-30/+30
On good thing about having more clear function interfaces (and forcing callers to specify clearly what they want) is that now I can execute following search: git grep DSDB_FLAG_NEXT_MODULE | wc -l This showed that DSDB_FLAG_NEXT_MODULE flag is about 6 times more frequently used than DSDB_FLAG_OWN_MODULE. So this should reduce branch prediction by six times in this part of the code, right :)
2010-07-08s4-dsdb: Implement module switching in dsdb_module_search_dn()Kamen Mazdrashki1-1/+10
This allows caller to choose from where to start DN search
2010-07-08s4-source4/dsdb/samdb/ldb_modules/acl.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-5/+12
2010-07-08s4-source4/dsdb/samdb/ldb_modules/linked_attributes.c Use ↵Kamen Mazdrashki1-1/+4
DSDB_FLAG_NEXT_MODULE flag
2010-07-08s4-source4/dsdb/samdb/ldb_modules/naming_fsmo.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-1/+2
2010-07-08s4-source4/dsdb/samdb/ldb_modules/operational.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-3/+7
2010-07-08s4-source4/dsdb/samdb/ldb_modules/partition_init.c Use DSDB_FLAG_NEXT_MODULE ↵Kamen Mazdrashki1-3/+6
flag