summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-11-15s4:objectclass LDB module - improve the default name context checking on ↵Matthias Dieter Wallnöfer1-16/+12
modifications Pointed out by abartlet
2010-11-15s4:objectclass LDB module - implement the "objectClass" change restrictions ↵Matthias Dieter Wallnöfer1-0/+25
on Windows 2000 forest function level Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
2010-11-13s4:password_hash LDB module - return "ERR_CONSTRAINT_VIOLATION" on password ↵Matthias Dieter Wallnöfer1-6/+9
conversion errors This errors can happen also on a regular basis - then we shouldn't return ERR_OPERATIONS_ERROR (this error code is reserved for very serious failures). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 13 12:37:36 UTC 2010 on sn-devel-104
2010-11-13s4:objectclass LDB module - multiple "objectClass" change elements are ↵Matthias Dieter Wallnöfer1-161/+169
unfortunately still allowed The test message has been compressed - therefore I've now used "modify_ldif".
2010-11-12samldb: relax groupType modification checksMatthieu Patou1-27/+32
Allow programs with the PROVISION control to bypass groupType checks. This is needed by upgradeprovision for older alpha (11, 10 ...)
2010-11-12s4:objectclass LDB module - we should not simply ignore additional ↵Matthias Dieter Wallnöfer1-2/+16
"objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
2010-11-12s4:repl_meta_data LDB module - convert two debug messages into error messagesMatthias Dieter Wallnöfer1-4/+4
These regarding "objectGUID".
2010-11-12s4:samldb/objectclass_attrs LDB modules - move "description" logic from ↵Matthias Dieter Wallnöfer2-43/+81
"objectclass_attrs" into "samldb" This according to an answer from dochelp is SAM specific behaviour.
2010-11-11s4-dsdb Remove incorrectly declared ** variable used as *.Andrew Bartlett1-6/+3
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett
2010-11-11s4-dsdb Convert new krbtgt_xxx password into UTF16Andrew Bartlett1-1/+12
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett
2010-11-11s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8Andrew Bartlett1-1/+5
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer3-2/+23
This should prevent crashes as pointed out on the mailing list.
2010-11-11s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer1-11/+39
Detected by a testcase written by Zahari Zahariev.
2010-11-11s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵Matthias Dieter Wallnöfer4-12/+59
according to the "dSHeuristics"
2010-11-11s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵Matthias Dieter Wallnöfer1-16/+77
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't).
2010-11-11s4:local_password LDB module - remove schema checking code and fix some typosMatthias Dieter Wallnöfer1-12/+6
This is now done by the "objectclass_attrs" LDB module.
2010-11-11s4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics"Matthias Dieter Wallnöfer1-2/+2
2010-11-09s4:dsdb/operational.c: use DSDB_SECRET_ATTRIBUTES_EX()Stefan Metzmacher1-5/+2
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 9 22:43:44 UTC 2010 on sn-devel-104
2010-11-09s4:dsdb/local_password: use DSDB_SECRET_ATTRIBUTESStefan Metzmacher1-7/+3
metze
2010-11-08s4:password_hash LDB module - introduce a "userPassword" flag which ↵Matthias Dieter Wallnöfer1-15/+37
enables/disables the two "userPassword" behaviours - Enabled: "userPassword" password change behaviour (will later be linked to the "dSHeuristics") - Disabled: "userPassword" plain attribute behaviour (default) Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 8 15:28:06 UTC 2010 on sn-devel-104
2010-11-08s4:password_hash LDB module - deleting password attributes is a little more ↵Matthias Dieter Wallnöfer1-6/+6
complicated
2010-11-08s4:samdb_msg_find_old_and_new_ldb_val - reworkMatthias Dieter Wallnöfer1-4/+11
- don't crash when no values where specified - return ERR_CONSTRAINT_VIOLATION on malformed messages - only check for flags when we are involved in a LDB modify operation
2010-11-08s4:password_hash LDB module - clear the fact that a delete of password ↵Matthias Dieter Wallnöfer1-1/+1
attributes isn't possible
2010-11-08s4:acl LDB module - define the delete passwords special case a bit betterMatthias Dieter Wallnöfer1-3/+4
2010-11-08s4:objectguid/repl_meta_data LDB module - deny "objectGUID" updatesMatthias Dieter Wallnöfer2-0/+17
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 8 10:36:50 UTC 2010 on sn-devel-104
2010-11-08s4:objectclass LDB module - no idea why we'd need the "objectGUID" hereMatthias Dieter Wallnöfer1-1/+1
2010-11-08s4:objectguid LDB module - make use of "dsdb_next_callback"Matthias Dieter Wallnöfer2-30/+6
2010-11-07s4:objectguid LDB module - fix typo in output messageMatthias Dieter Wallnöfer1-1/+1
2010-11-07s4:objectguid LDB module - objectGUIDs cannot be specified on add operationsMatthias Dieter Wallnöfer1-2/+6
2010-11-07s4:descriptor LDB module - make the "nTSecurityDescriptor" attribute fully ↵Matthias Dieter Wallnöfer1-47/+61
behave as in AD - fix crash when provided "nTSecurityDescriptor" attribute is empty - print out the correct error codes if it's provided multi-valued - simplify the "recalculate_sd" control handling
2010-11-07s4:ldb_modules/util.c - "dsdb_get_single_valued_attr" - support the ↵Matthias Dieter Wallnöfer2-10/+20
attribute fetch also on LDB add operations We've to completely ignore the flags in that case. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
2010-11-07s4:descriptor LDB module - save a pointer to the request message on the ↵Matthias Dieter Wallnöfer1-33/+33
temporary "ac" context This prevents two calls of "ldb_msg_copy_shallow".
2010-11-07s4:descriptor LDB module - by "dsdb_next_callback" we don't need anymore the ↵Matthias Dieter Wallnöfer1-33/+2
default operation callback implementations Only customised ones still need to remain.
2010-11-07s4:descriptor LDB module - remove a bit pointless memory contextMatthias Dieter Wallnöfer1-9/+1
For only one operation we do not need an additional "mem_ctx". "ac" should be enough (see for example the samldb LDB module).
2010-11-07s4:descriptor LDB module - remove a "ldb_msg_sanity_check" callMatthias Dieter Wallnöfer1-7/+0
This check (the structural objectclass) is performed in the objectclass LDB module.
2010-11-07s4:descriptor LDB module - don't ignore referrals if we are executing an ↵Matthias Dieter Wallnöfer1-4/+2
ordinary external search operation Referrals are valid results.
2010-11-07credentials: Lowercase library name,Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-07ldbsamba: Lowercase library name.Jelmer Vernooij1-2/+2
2010-11-07samdb: Lowercase library name.Jelmer Vernooij1-75/+75
2010-11-06s4:update_keytab LDB module - we don't need to search for the ↵Matthias Dieter Wallnöfer1-2/+2
"distinguishedName" attribute Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 6 20:08:28 UTC 2010 on sn-devel-104
2010-11-06s4:operational LDB module - "canonicalName" doesn't make use of the ↵Matthias Dieter Wallnöfer1-2/+2
"distinguishedName" attribute It uses the DN from the returned message
2010-11-05s4:password_hash LDB module - fix indentationMatthias Dieter Wallnöfer1-10/+10
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 5 12:31:28 UTC 2010 on sn-devel-104
2010-11-04s4:dsdb/objectclass_attrs: not all objects have delete protected attributes ↵Stefan Metzmacher1-0/+14
as must contain Before we got the following error, while starting samba after a 'samba-tool vampire': Failed to store repsFrom - objectclass_attrs: delete protected attribute 'objectSid' on entry 'DC=ForestDnsZones,DC=alpha,DC=sz,DC=salzgitter-ag,DC=lab' missing! metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Nov 4 17:01:59 UTC 2010 on sn-devel-104
2010-11-04s4:dsdb/samdb: optimize samldb_prim_group_change()Stefan Metzmacher1-60/+60
We should only do searches when we have to. metze
2010-11-04s4-dsdb: use LDB_FLAG_MOD_REPLACE for isDeletedAndrew Tridgell1-1/+1
isDeleted could have been set to FALSE previously Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Nov 4 10:18:10 UTC 2010 on sn-devel-104
2010-11-04s4-dsdb: use LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK in dsdbAndrew Tridgell2-2/+8
when we are creating linked attributes with multiple values (some deleted), use LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK to disable that checking.
2010-11-04Move the checking of single valued attributes back into the tdb backend.Andrew Tridgell1-12/+0
The backend is the only place that can do this properly. It makes no sense to do it anywhere else. As a result of it moving out of the backend we ended up with some bugs causing multiple values in single valued attributes (eg. isDeleted), which can really damage the inregrity of the database. For the override of single valued values needed for deleted linked attributes we should use attribute flags. This reverts commit 1949864417f3d10fb8996df7db259649eb777271.
2010-11-03possibleinferiors: Report subunit.Jelmer Vernooij1-4/+8
2010-11-03possibleinferiors: Fix formatting.Jelmer Vernooij1-15/+14
2010-11-03s4:dsdb/samldb: avoid nested unindexed searches in samldb_member_check()Stefan Metzmacher1-14/+31
With 20000 objects in the database it's no fun to add members... metze