Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-04 | s4-dsdb: Removed kludge_acl as it is no longer necessary | Nadezhda Ivanova | 5 | -23/+47 | |
Moved the access check on extended operations to acl module and removed kludge_acl | |||||
2010-08-01 | s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2 | Matthias Dieter Wallnöfer | 1 | -6/+20 | |
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed. | |||||
2010-08-01 | s4:objectclass LDB module - consider the "instanceType" when adding NCs | Matthias Dieter Wallnöfer | 1 | -10/+18 | |
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation). | |||||
2010-08-01 | s4:descriptor LDB module - remove the "forest DN" check | Matthias Dieter Wallnöfer | 1 | -4/+3 | |
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5 | |||||
2010-08-01 | s4:acl LDB module - remove the "forest DN" check | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5 | |||||
2010-08-01 | s4:acl LDB module - remove unused call "is_root_base_dn" | Matthias Dieter Wallnöfer | 1 | -8/+0 | |
2010-08-01 | s4:objectclass LDB module - implement additional delete constraint checks | Matthias Dieter Wallnöfer | 1 | -3/+47 | |
MS-ADTS 3.1.1.5.5.3 | |||||
2010-08-01 | s4:subtree_rename LDB module - rename "check_system_flags" into ↵ | Matthias Dieter Wallnöfer | 1 | -9/+43 | |
"check_constraints" and perform more checks Always considering MS-ADTS 3.1.1.5.4.1.2. | |||||
2010-08-01 | s4:subtree_rename LDB module - introduce out of memory checks | Matthias Dieter Wallnöfer | 1 | -0/+4 | |
2010-08-01 | s4:dsdb/samdb/ldb_modules/util.c - remove unused variables | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-08-01 | s4:subtree_rename LDB module - introduce the "systemFlags" protection rules | Matthias Dieter Wallnöfer | 1 | -2/+122 | |
This is done in a dedicated call "check_system_flags". | |||||
2010-07-31 | s4:subtree_rename LDB module - "subren_ctx_init" - fix the "out of memory" ↵ | Matthias Dieter Wallnöfer | 1 | -3/+2 | |
return | |||||
2010-07-16 | s4-loadparm: 2nd half of lp_ to lpcfg_ conversion | Andrew Tridgell | 10 | -18/+18 | |
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-15 | s4 ldb modules: relax some tests about attributes that should not be here | Matthieu Patou | 1 | -0/+9 | |
For attributes that we know that are harmless and that used to be stored in the ldb we relax the tests on the existance in a given objectclass. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-15 | s4 dsdb: Use the changereplmetadata control | Matthieu Patou | 1 | -61/+144 | |
This control allow to specify the replPropertyMetaData attribute to be specified on modify request. It can be used for very specific needs to tweak the content of the replication data. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-15 | s4 dsdb: create a new control: changereplmetadata | Matthieu Patou | 1 | -0/+6 | |
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-09 | s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵ | Stefan Metzmacher | 1 | -74/+56 | |
ridalloc_allocate_rid_pool_fsmo() metze | |||||
2010-07-09 | s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵ | Stefan Metzmacher | 1 | -80/+102 | |
ridalloc_allocate_rid() metze | |||||
2010-07-09 | s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵ | Stefan Metzmacher | 1 | -19/+14 | |
ridalloc_create_rid_set_ntds() metze | |||||
2010-07-09 | s4:dsdb:ridalloc: add ridalloc_ridset_values infrastructure | Stefan Metzmacher | 1 | -0/+83 | |
metze | |||||
2010-07-09 | s4:dsdb:ridalloc: use dsdb_module_constrainted_update_uint64() to update ↵ | Stefan Metzmacher | 1 | -2/+2 | |
rIDAvailablePool metze | |||||
2010-07-09 | s4:dsdb:ridalloc.c: fix C++ warning | Stefan Metzmacher | 1 | -1/+2 | |
metze | |||||
2010-07-09 | s4:dsdb: add dsdb_module_constrainted_update_uint32/64() wrapper functions | Stefan Metzmacher | 1 | -0/+22 | |
metze | |||||
2010-07-09 | s4:dsdb: add dsdb_msg_constrainted_update_uint32/64() wrapper functions | Stefan Metzmacher | 1 | -0/+22 | |
metze | |||||
2010-07-09 | s4:dsdb: add dsdb_module_constrainted_update_int32/64() functions | Stefan Metzmacher | 1 | -0/+58 | |
metze | |||||
2010-07-09 | s4:dsdb: add dsdb_msg_constrainted_update_int32/64() functions | Stefan Metzmacher | 1 | -0/+96 | |
metze | |||||
2010-07-08 | s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
It's also a possible password change/set attribute candidate. | |||||
2010-07-08 | s4:acl LDB module - move a "mem_ctx" creation to the place where it is ↵ | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
actually checked Memory allocations and their result checks should be as tight as possible. | |||||
2010-07-08 | s4-dsdb/util: Reorder DSDB_FLAG_* checks | Kamen Mazdrashki | 1 | -30/+30 | |
On good thing about having more clear function interfaces (and forcing callers to specify clearly what they want) is that now I can execute following search: git grep DSDB_FLAG_NEXT_MODULE | wc -l This showed that DSDB_FLAG_NEXT_MODULE flag is about 6 times more frequently used than DSDB_FLAG_OWN_MODULE. So this should reduce branch prediction by six times in this part of the code, right :) | |||||
2010-07-08 | s4-dsdb: Implement module switching in dsdb_module_search_dn() | Kamen Mazdrashki | 1 | -1/+10 | |
This allows caller to choose from where to start DN search | |||||
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/acl.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -5/+12 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/linked_attributes.c Use ↵ | Kamen Mazdrashki | 1 | -1/+4 | |
DSDB_FLAG_NEXT_MODULE flag | |||||
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/naming_fsmo.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -1/+2 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/operational.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -3/+7 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/partition_init.c Use DSDB_FLAG_NEXT_MODULE ↵ | Kamen Mazdrashki | 1 | -3/+6 | |
flag | |||||
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/pdc_fsmo.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -1/+2 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/repl_meta_data.c Use DSDB_FLAG_NEXT_MODULE ↵ | Kamen Mazdrashki | 1 | -3/+7 | |
flag | |||||
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/ridalloc.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -3/+6 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/samba_dsdb.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -2/+4 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/schema_load.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -1/+2 | |
2010-07-08 | s4-source4/dsdb/samdb/ldb_modules/util.c Use DSDB_FLAG_NEXT_MODULE flag | Kamen Mazdrashki | 1 | -2/+4 | |
2010-07-07 | s4-dsdb: use ldb_operr() in the dsdb code | Andrew Tridgell | 38 | -565/+391 | |
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error. | |||||
2010-07-06 | s4:new_partition LDB module - fix an uninitalised variable warning | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
> [ 651/1946] Compiling dsdb/samdb/ldb_modules/new_partition.c > ../dsdb/samdb/ldb_modules/new_partition.c: In function 'new_partition_add': > ../dsdb/samdb/ldb_modules/new_partition.c:195: warning: 'down_req' may be used uninitialized in this function The "down_req" variable isn't used anymore. | |||||
2010-07-05 | s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID | Stefan Metzmacher | 1 | -0/+20 | |
metze | |||||
2010-07-05 | s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID | Stefan Metzmacher | 1 | -0/+5 | |
When importing users from Samba3 we need to control all values. metze | |||||
2010-07-05 | s4:dsdb/password_hash: fix some c++ compiler warnings | Stefan Metzmacher | 1 | -9/+12 | |
metze | |||||
2010-07-05 | s4-dsdb: Implementation of User-Change-Password and User-Force-Password-Change | Nadezhda Ivanova | 1 | -79/+162 | |
These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally. | |||||
2010-07-04 | s4:subtree_rename LDB module - Cosmetic fixes | Matthias Dieter Wallnöfer | 1 | -3/+4 | |
2010-07-04 | s4:subtree_delete LDB module - fix comments and add my copyright | Matthias Dieter Wallnöfer | 1 | -2/+3 | |
(I've introduced the subtree delete mechanism) | |||||
2010-07-03 | s4:schema_load LDB module - fix a segfault condition on schema refresh | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
The schema refresh operation itself starts requests from the top of the LDB modules stack (see call "dsdb_schema_set_attributes" - search operations). This doesn't work well when these do perform "dsdb_get_schema" calls. Since the new schema isn't marked as "refreshed" atm (but in fact it still is - we didn't terminate the reload/refresh yet) we could perform other calls to "dsdb_schema_refresh" and run into serious trouble (segfault). |