Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-17 | s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add | Andrew Tridgell | 1 | -1/+24 | |
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OID | Andrew Tridgell | 1 | -1/+1 | |
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success | |||||
2010-08-17 | s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OID | Andrew Tridgell | 1 | -0/+69 | |
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-16 | s4:samdb_set_password_sid - fix comment | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
Add more possible result NTSTATUS codes | |||||
2010-08-15 | s4:samdb_set_password - fix formatting | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
(Sorry, I've overseen this) | |||||
2010-08-15 | s4:passwords.py - proof the most important extended error codes | Matthias Dieter Wallnöfer | 1 | -8/+17 | |
2010-08-15 | s4:samdb_set_password - implement the extended LDAP error code detection | Matthias Dieter Wallnöfer | 1 | -9/+17 | |
2010-08-15 | s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵ | Matthias Dieter Wallnöfer | 1 | -43/+72 | |
important failure cases | |||||
2010-08-15 | s4:password_hash LDB module - support this new password set syntax | Matthias Dieter Wallnöfer | 1 | -2/+10 | |
2010-08-15 | s4:passwords.py - another special password test | Matthias Dieter Wallnöfer | 1 | -3/+23 | |
This looks like a password change but it's rather a password set operation. | |||||
2010-08-15 | s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵ | Matthias Dieter Wallnöfer | 1 | -10/+1 | |
on password change operations This is to match the SAMR password change behaviour. | |||||
2010-08-15 | s4:subtree_rename.c - relax the checks when requested | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
(Needed by upgradeprovision for example) | |||||
2010-08-14 | s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵ | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
account doesn't exist This is for the (SAMR) account detection protection mechanism. | |||||
2010-08-14 | s4:password_hash LDB module - improve an error message | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-08-14 | s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵ | Matthias Dieter Wallnöfer | 1 | -5/+16 | |
passwords Sooner or later this module should take over all password change actions. | |||||
2010-08-14 | s4:password_hash LDB module - fix wrong error codes | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
To match the passwords.py test | |||||
2010-08-14 | s4:passwords.py - test the error code when there doesn't exist any password yet | Matthias Dieter Wallnöfer | 1 | -4/+24 | |
After the creation of a user object we don't have any password yet. | |||||
2010-08-14 | s4:passwords.py - perform testing of wrong old passwords on change operations | Matthias Dieter Wallnöfer | 1 | -0/+44 | |
2010-08-11 | s4-dsdb: fix attributes_by_msDS_IntId index sorting | Kamen Mazdrashki | 1 | -1/+5 | |
2010-08-10 | s4:objectclass LDB module - weak the check for the "rIDSet" delete constraint | Matthias Dieter Wallnöfer | 1 | -8/+10 | |
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision". | |||||
2010-08-10 | s4:dsdb/common/util.c - provide a call which returns the forest function level | Matthias Dieter Wallnöfer | 1 | -2/+15 | |
Sooner or later we'll need this too since not all operations depend only on the current's domain function level (see the MS-ADTS docs). | |||||
2010-08-10 | s4:dsdb/common/util.c - use LDB constants whenever possible | Matthias Dieter Wallnöfer | 1 | -8/+8 | |
2010-08-07 | s4:kcc_connection.c - fix typo in error message | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-08-07 | s4:ldap.py - comment a test part which fails with another error code on Windows | Matthias Dieter Wallnöfer | 1 | -5/+6 | |
2010-08-07 | s4:ldap.py - test the new "systemFlags" constraint | Matthias Dieter Wallnöfer | 1 | -1/+11 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - enhance and clean the ↵ | Matthias Dieter Wallnöfer | 1 | -8/+20 | |
"systemFlags" section Also here we have to test for single-valueness. | |||||
2010-08-07 | s4:ldap.py - test for an invalid "objectCategory" attribute | Matthias Dieter Wallnöfer | 1 | -0/+10 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+34 | |
validation | |||||
2010-08-07 | s4:ldap.py - proof for the impossibility to add a LSA-specific object over LDAP | Matthias Dieter Wallnöfer | 1 | -0/+11 | |
2010-08-07 | s4:urgent_replication.py - relax also here the add of a secrets object | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-08-07 | s4:dsdb/common/util.c - add a function "dsdb_add" | Matthias Dieter Wallnöfer | 1 | -0/+30 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - reject creation of LSA ↵ | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
specific objects (only using the RELAX flag allowed) | |||||
2010-08-07 | s4:objectclass LDB module - "add operation" - move two checks | Matthias Dieter Wallnöfer | 1 | -17/+12 | |
To be more consistent with the MS-ADTS doc. | |||||
2010-08-07 | s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+14 | |
message elements Requested by MS-ADTS 3.1.1.5.2.2 | |||||
2010-08-07 | s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possible | Matthias Dieter Wallnöfer | 1 | -4/+2 | |
We don't need to have it around until the end of the function. | |||||
2010-08-04 | s4:LDB modules - remove the "kludge_acl" module code | Matthias Dieter Wallnöfer | 1 | -516/+0 | |
Obviously this has been forgotten by Nadya. | |||||
2010-08-04 | s4-dsdb: Removed kludge_acl as it is no longer necessary | Nadezhda Ivanova | 5 | -23/+47 | |
Moved the access check on extended operations to acl module and removed kludge_acl | |||||
2010-08-03 | s4-schema: More verbose error log when subClassOf is not found in schema | Kamen Mazdrashki | 1 | -1/+3 | |
Error message show failing classSchema object but not the specific value for the failure, which makes diagnostics by log files really hard. | |||||
2010-08-03 | s4: fix comment typos | Kamen Mazdrashki | 1 | -3/+3 | |
2010-08-01 | s4:ldap.py - remove superflous spaces | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
Sorry, forgot to delete them in the last commit | |||||
2010-08-01 | s4:ldap.py - additional "instanceType" checks | Matthias Dieter Wallnöfer | 1 | -0/+23 | |
2010-08-01 | s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2 | Matthias Dieter Wallnöfer | 1 | -6/+20 | |
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed. | |||||
2010-08-01 | s4:objectclass LDB module - consider the "instanceType" when adding NCs | Matthias Dieter Wallnöfer | 1 | -10/+18 | |
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation). | |||||
2010-08-01 | s4:descriptor LDB module - remove the "forest DN" check | Matthias Dieter Wallnöfer | 1 | -4/+3 | |
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5 | |||||
2010-08-01 | s4:acl LDB module - remove the "forest DN" check | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5 | |||||
2010-08-01 | s4:acl LDB module - remove unused call "is_root_base_dn" | Matthias Dieter Wallnöfer | 1 | -8/+0 | |
2010-08-01 | s4:urgent_replication.py test - adapt the test for the harder delete ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
restrictions Otherwise we are not able to delete the "test crossRef" object which points to the default NC anymore. | |||||
2010-08-01 | s4:ldap.py - perform tests on the additional delete constraint checks | Matthias Dieter Wallnöfer | 1 | -4/+38 | |
2010-08-01 | s4:objectclass LDB module - implement additional delete constraint checks | Matthias Dieter Wallnöfer | 1 | -3/+47 | |
MS-ADTS 3.1.1.5.5.3 | |||||
2010-08-01 | s4:ldap.py - add a test for "CN=System" object rename behaviour | Matthias Dieter Wallnöfer | 1 | -0/+8 | |