summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-06-07s4:objectclass LDB module - rework the code which handles the objectclasses ↵Matthias Dieter Wallnöfer1-149/+191
modification Before it has been very incomplete. We try now to match the Windows Server behaviour as close as possible.
2010-06-07s4:acl LDB module - LDB attribute names should be compared using ↵Matthias Dieter Wallnöfer1-2/+2
"ldb_attr_cmp" or "strcasecmp"
2010-06-07s4:acl LDB module - adaption for "objectclass_attrs" moduleMatthias Dieter Wallnöfer1-5/+15
Since the attribute schema checking code moved back we need to give here the "LDB_ERR_NO_SUCH_ATTRIBUTE" error.
2010-06-07s4:objectclass LDB module - remove "fix_check_attributes"Matthias Dieter Wallnöfer1-62/+0
Also this task is now performed by the "objectclass_attrs" LDB module.
2010-06-07s4:samldb LDB module - adjust the module to set always a ↵Matthias Dieter Wallnöfer1-35/+45
"defaultObjectCategory" on objectclass add operations This is needed to make the "objectclass_attrs" LDB module happy. The search check and case adjustment are done as it was using a second modify operation.
2010-06-07s4:remove the "validate_update" LDB module - the task is now handled by the ↵Matthias Dieter Wallnöfer3-128/+0
far more complete "objectclass_attrs" LDB module
2010-06-07s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the ↵Matthias Dieter Wallnöfer3-0/+401
objectclass attributes checking Until now we had no real consistent mechanism which allowed us to check if attributes belong to the specified objectclasses.
2010-06-07s4:objectclass LDB module - instanciate the schema variable centrally on the ↵Matthias Dieter Wallnöfer1-28/+28
"ac" context creation This unifies the position when the schema is read and prevents multiple instanciations (eg on a modification operation).
2010-06-07s4:samldb LDB module - finally we can remove the RDN checkMatthias Dieter Wallnöfer1-53/+0
This is now dynamically always done by the objectclass LDB module
2010-06-07s4:objectclass LDB module - finally implement the correct entry rename ↵Matthias Dieter Wallnöfer1-25/+130
protections Only the "systemFlags" check is still missing.
2010-06-07s4:objectclass LDB module - cosmetic changeMatthias Dieter Wallnöfer1-2/+3
2010-06-07s4:objectclass LDB module - remove duplicated codeMatthias Dieter Wallnöfer1-13/+4
2010-06-07s4:objectclass LDB module - fix counter variable typesMatthias Dieter Wallnöfer1-1/+1
2010-06-07s4:objectclass LDB module - explain why the search can return with an empty ↵Matthias Dieter Wallnöfer1-1/+2
return
2010-06-07s4:objectclass LDB module - this "talloc_steal" is not necessaryMatthias Dieter Wallnöfer1-1/+0
The "parent_dn" was created on the "ac" context which lives anyway longer than this child request.
2010-06-07s4:objectclass LDB module - fix error result if an entry doesn't contain a ↵Matthias Dieter Wallnöfer1-3/+3
structural objectclass We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
2010-06-07s4:objectclass LDB module - use "ldb_oom" for expressing out of memoryMatthias Dieter Wallnöfer1-2/+1
2010-06-07s4:objectclass LDB module - fix header and add my copyrightMatthias Dieter Wallnöfer1-4/+6
2010-06-06s4:password_hash LDB module - adapt the module to the new ↵Matthias Dieter Wallnöfer1-17/+6
"ldb_msg_remove_attr" behaviour
2010-06-06s4:samldb LDB module - this codepart isn't needed due to the objectclass LDB ↵Matthias Dieter Wallnöfer1-13/+0
module When a "computer" entry will be added, also the inherited "user" objectclass is going to be specified.
2010-06-06s4:get_last_structural_class - only real structural classes can be ↵Matthias Dieter Wallnöfer1-1/+1
candidates for fetching the last one Classes with objectCategory = 1 are always structural, these with objectCategory = 0 also (as we can see in our Windows 2008 R2 schema file where class "Person" has 0 but is structural). Abstract classes and auxiliary ones cannot be considered (objectCategory = 2, 3) http://msdn.microsoft.com/en-us/library/ms677964(VS.85).aspx
2010-06-06s4:ridalloc LDB module - add more "talloc_free"s where usefulMatthias Dieter Wallnöfer1-0/+3
Some were missing on failure return branches.
2010-06-06s4:acl LDB module - fix counter types where appropriateMatthias Dieter Wallnöfer1-2/+4
2010-06-06s4:descriptor LDB module - cosmetic fixupMatthias Dieter Wallnöfer1-4/+4
2010-06-01s4: check the sacl and dacl pointers on the old sdAnatoliy Atanasov1-2/+2
2010-06-01s4-cracknames: Fix typo in debug message.Karolin Seeger1-1/+1
Karolin
2010-05-31s4:samldb LDB module - start on a sequential trigger implementationMatthias Dieter Wallnöfer1-10/+26
This is a start to allow the triggers to be called sequentially.
2010-05-30s4:samldb LDB module - deny delete operations on some important attributesMatthias Dieter Wallnöfer1-3/+12
Add operations are denied since these are single-valued - only replace is allowed. This is only provisorily at the moment - we need to implement the triggers specified in MS-ADTS.
2010-05-30s4:samldb LDB module - rework the group change code to be again synchronousMatthias Dieter Wallnöfer1-309/+71
2010-05-30s4:dsdb/samdb/ldb_modules/util.c - make sure to always free temporary dataMatthias Dieter Wallnöfer1-1/+6
2010-05-30s4:dsdb_module_search_dn - add code to handle NULL format stringMatthias Dieter Wallnöfer1-3/+13
2010-05-21s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett1-1/+0
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
2010-05-20s4:operational LDB module - fix warnings (missing parameters, unused variable)Matthias Dieter Wallnöfer1-3/+5
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett2-25/+56
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-05-20s4:auth Add dependency from the operational module onto authAndrew Bartlett2-2/+5
We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett
2010-05-20s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett3-82/+68
This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
2010-05-20s4:auth Move BUILTIN group addition into session.cAndrew Bartlett1-2/+9
The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett
2010-05-20s4:dsdb disable tokenGroups until end of rewriteAndrew Bartlett1-1/+2
I need to change the functions this calls Andrew Bartlett
2010-05-19s4/metadata: fix whitespacesKamen Mazdrashki1-71/+71
2010-05-18s3: Fix some more iconv convenience usages.Jelmer Vernooij1-1/+1
2010-05-18Remove more usages of iconv_convenience in files which were apparently not ↵Jelmer Vernooij1-3/+1
recompiled by waf.
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij8-47/+18
2010-05-14s4:repl_meta_data LDB module - fix counter typesMatthias Dieter Wallnöfer1-1/+1
2010-05-14s4:dsdb_cache LDB module - fix a typoMatthias Dieter Wallnöfer1-1/+1
2010-05-14s4:samldb LDB module - remove unused variablesMatthias Dieter Wallnöfer1-2/+0
2010-05-11Revert "s4:password_hash LDB module - don't break the provision"Stefan Metzmacher1-3/+0
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze
2010-05-11Revert "s4:password hash LDB module - check that password hashes are != NULL ↵Stefan Metzmacher1-10/+6
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze
2010-05-11s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵Stefan Metzmacher1-2/+2
it's given Sorry, I removed this logic while cleaning up indentation levels... metze
2010-05-10s4:password_hash LDB module - we might not have a cleartext password at allMatthias Dieter Wallnöfer1-26/+29
When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
2010-05-10s4:password_hash LDB module - quiet a warningMatthias Dieter Wallnöfer1-1/+1