summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
AgeCommit message (Collapse)AuthorFilesLines
2010-10-13s4:samldb LDB module - cosmetic fixupsMatthias Dieter Wallnöfer1-9/+9
- Update the module description - Fix indentation Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
2010-10-13s4:samldb LDB module - deny creation of temporary duplicate accountsMatthias Dieter Wallnöfer1-0/+12
2010-10-13s4:samldb LDB module - proof the account type also on LDB modify operationsMatthias Dieter Wallnöfer1-0/+8
2010-10-13s4:samldb LDB module - support the group type changing properlyMatthias Dieter Wallnöfer1-1/+53
This is exactly that what Windows allows. It was proven by a blackbox test. And we also need to deny add operations of builtin groups.
2010-10-13s4:samldb LDB module - deny also the direct modification of ↵Matthias Dieter Wallnöfer1-3/+14
"isCriticalSystemObject" on modify operations
2010-10-13s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" ↵Matthias Dieter Wallnöfer1-0/+9
entries They're only allowed to be created with the RELAX control specified.
2010-10-13s4:samldb LDB module - first implementation of the samldb primary group triggerMatthias Dieter Wallnöfer1-48/+61
This was done according to MS-SAMR 3.1.1.8.2 But do use it only for add operations at the moment.
2010-10-13s4:samldb LDB module - use the new "objectclass_trigger" for add operationsMatthias Dieter Wallnöfer1-142/+33
Additionally clean up "samldb_fill_object" which is now much easier to comprehend.
2010-10-13s4:samldb LDB module - first implementation of the samldb objectclass triggerMatthias Dieter Wallnöfer1-0/+176
This was done according to MS-SAMR 3.1.1.8.1 I need to perform some RELAX checks since otherwise the provision wouldn't work anymore.
2010-10-13dsdb/schema_data: Build as shared object.Jelmer Vernooij1-1/+1
2010-10-13dsdb/schema_load: Build as shared object.Jelmer Vernooij1-1/+1
2010-10-13s4-schema: don't name variables after standard libc functionsAndrew Tridgell1-3/+3
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+0
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12libcli/security Use common security.hAndrew Bartlett3-4/+3
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett4-3/+6
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-1/+1
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-12dsdb: Build more modules as shared objects.Jelmer Vernooij1-14/+14
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Oct 12 02:12:29 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as shared objects.Jelmer Vernooij1-7/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 23:22:33 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as shared object files.Jelmer Vernooij1-10/+10
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 21:13:25 UTC 2010 on sn-devel-104
2010-10-11dsdb: Build some more modules as .so files.Jelmer Vernooij1-9/+9
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 19:14:58 UTC 2010 on sn-devel-104
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett1-4/+3
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij1-1/+1
2010-10-10dsdb/modules: Split up helpers a bit to prevent recursive dependencies.Jelmer Vernooij7-93/+134
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
2010-10-11dsdb modules: Split ridalloc out of common helpers, because of dependency loops.Jelmer Vernooij3-5/+12
2010-10-10ldb-samba: Rename samdb_relative_path to ldb_relative_path, as it's not ↵Jelmer Vernooij2-28/+2
samdb-specific.
2010-10-10dsdb: Move attr_in_list to SAMDB_COMMON to avoid circular dependency between ↵Jelmer Vernooij1-12/+0
SAMDB_COMMON and DSDB_MODULE_HELPERS.
2010-10-10ldb-samba: Add ldb_wrap_add, remove last schema reference from ldb_wrap.Jelmer Vernooij1-5/+25
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij2-3/+4
2010-10-10samdb: Handle schema setup in samdb, not in more generic ldbsamba.Jelmer Vernooij1-0/+9
2010-10-06s4:samldb LDB module - remove "type" parameter of "samldb_fill_object"Matthias Dieter Wallnöfer1-6/+9
It's a bit redundant given that we have the "type" variable on "ac". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 6 10:20:45 UTC 2010 on sn-devel-104
2010-10-05s4:subtree_delete LDB module - remove the DN from an error messageMatthias Dieter Wallnöfer1-3/+6
It may looks funny but the DN output prevents older ADUC versions (tested with release 2000) to perform subtree deletes properly. Version 2008 has this fixed. Additionally some smaller changes ("%u" for printing unsigned integers, module name prefix, nicer line-wrap). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Oct 5 16:48:19 UTC 2010 on sn-devel-104
2010-10-05s4:samldb LDB module - simplify/unify the message handling on add and modify ↵Matthias Dieter Wallnöfer1-28/+54
operations - Perform only shallow copies (should be enough) - Perform only one copy per operation (also on modifications) - Build a new request on modify operations if needed ("modified" flag) - this makes it look cleaner - Fix an important bug: the "el" pointers could have changed after modifications. Therefore we have to refresh them on the FLAG_DELETE checks Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Oct 5 09:24:57 UTC 2010 on sn-devel-104
2010-10-05s4:samldb LDB module - assign better memory contexts on two placesMatthias Dieter Wallnöfer1-2/+2
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij1-2/+2
2010-10-05heimdal: Fix name of hx509 library.Jelmer Vernooij1-1/+1
2010-10-03s4:objectclass LDB module - introduce allowed system flags restrictionMatthias Dieter Wallnöfer1-6/+11
Let us do the distinction by real use and provision by the RELAX flag Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer9-20/+23
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:subtree_rename LDB module - also already deleted objects have to be renamedMatthias Dieter Wallnöfer1-2/+13
This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified and the parent is renamed. To be able to do this we also need to relax the constraint checks (using the "isDeleted" proof). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:show_deleted LDB module - also support the "show_recycled" controlMatthias Dieter Wallnöfer1-11/+62
MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:repl_meta_data LDB module - consider the ↵Matthias Dieter Wallnöfer1-10/+25
SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:subtree_delete LDB module - it is only responsible for non-deleted objectsMatthias Dieter Wallnöfer1-2/+1
The deleted objects (tombstones, recycled & deleted objects) are handled by "repl_meta_data". Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:objectclass LDB module - fix the "crossRef" delete protectionMatthias Dieter Wallnöfer1-3/+9
This is what Windows does Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:objectclass LDB module - fix the delete behaviour of server containersMatthias Dieter Wallnöfer1-2/+2
A typo prevented the right behaviour. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:acl_read LDB module - fix counter typeMatthias Dieter Wallnöfer1-1/+2
2010-10-02s4-drs: fixed comparison login in replicated renamesAndrew Tridgell1-45/+72
we need to ensure we only ever compare USNs from the same originating invocation ID. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Oct 2 01:45:19 UTC 2010 on sn-devel-104
2010-10-01s4-rpmd: fixed a use after realloc bugAndrew Tridgell1-2/+8
we could use old_el after the base message had been re allocated, due to adding timestamps. We need to re-find the element before using it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01s4-dsdb: fail the transaction instead of asserting on errorAndrew Tridgell1-2/+10
It is more useful to fail the transaction and give the user an error message than to assert when we have an error in the repl_meta_data module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-samldb: also set a password on the krbtgt_NNNN accountAndrew Tridgell1-0/+11
when we setup the krbtgt_NNNN account using the DCPROMO_OID control, we also need to set an initial password for this account Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-rodc: RODC should not accept requests for role transferNadezhda Ivanova1-0/+12
A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
2010-09-29s4-dsdb Add ldb_reset_err_string() when we set error codes.Andrew Bartlett1-0/+1
If we don't we could show an old, incrorrect error