summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-08-17s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA addAndrew Tridgell1-1/+24
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-1/+1
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-0/+69
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-16s4:samdb_set_password_sid - fix commentMatthias Dieter Wallnöfer1-1/+2
Add more possible result NTSTATUS codes
2010-08-15s4:samdb_set_password - fix formattingMatthias Dieter Wallnöfer1-1/+2
(Sorry, I've overseen this)
2010-08-15s4:passwords.py - proof the most important extended error codesMatthias Dieter Wallnöfer1-8/+17
2010-08-15s4:samdb_set_password - implement the extended LDAP error code detectionMatthias Dieter Wallnöfer1-9/+17
2010-08-15s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵Matthias Dieter Wallnöfer1-43/+72
important failure cases
2010-08-15s4:password_hash LDB module - support this new password set syntaxMatthias Dieter Wallnöfer1-2/+10
2010-08-15s4:passwords.py - another special password testMatthias Dieter Wallnöfer1-3/+23
This looks like a password change but it's rather a password set operation.
2010-08-15s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵Matthias Dieter Wallnöfer1-10/+1
on password change operations This is to match the SAMR password change behaviour.
2010-08-15s4:subtree_rename.c - relax the checks when requestedMatthias Dieter Wallnöfer1-0/+5
(Needed by upgradeprovision for example)
2010-08-14s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵Matthias Dieter Wallnöfer1-0/+2
account doesn't exist This is for the (SAMR) account detection protection mechanism.
2010-08-14s4:password_hash LDB module - improve an error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-14s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵Matthias Dieter Wallnöfer1-5/+16
passwords Sooner or later this module should take over all password change actions.
2010-08-14s4:password_hash LDB module - fix wrong error codesMatthias Dieter Wallnöfer1-4/+4
To match the passwords.py test
2010-08-14s4:passwords.py - test the error code when there doesn't exist any password yetMatthias Dieter Wallnöfer1-4/+24
After the creation of a user object we don't have any password yet.
2010-08-14s4:passwords.py - perform testing of wrong old passwords on change operationsMatthias Dieter Wallnöfer1-0/+44
2010-08-11s4-dsdb: fix attributes_by_msDS_IntId index sortingKamen Mazdrashki1-1/+5
2010-08-10s4:objectclass LDB module - weak the check for the "rIDSet" delete constraintMatthias Dieter Wallnöfer1-8/+10
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision".
2010-08-10s4:dsdb/common/util.c - provide a call which returns the forest function levelMatthias Dieter Wallnöfer1-2/+15
Sooner or later we'll need this too since not all operations depend only on the current's domain function level (see the MS-ADTS docs).
2010-08-10s4:dsdb/common/util.c - use LDB constants whenever possibleMatthias Dieter Wallnöfer1-8/+8
2010-08-07s4:kcc_connection.c - fix typo in error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-07s4:ldap.py - comment a test part which fails with another error code on WindowsMatthias Dieter Wallnöfer1-5/+6
2010-08-07s4:ldap.py - test the new "systemFlags" constraintMatthias Dieter Wallnöfer1-1/+11
2010-08-07s4:objectclass LDB module - "add operation" - enhance and clean the ↵Matthias Dieter Wallnöfer1-8/+20
"systemFlags" section Also here we have to test for single-valueness.
2010-08-07s4:ldap.py - test for an invalid "objectCategory" attributeMatthias Dieter Wallnöfer1-0/+10
2010-08-07s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵Matthias Dieter Wallnöfer1-5/+34
validation
2010-08-07s4:ldap.py - proof for the impossibility to add a LSA-specific object over LDAPMatthias Dieter Wallnöfer1-0/+11
2010-08-07s4:urgent_replication.py - relax also here the add of a secrets objectMatthias Dieter Wallnöfer1-2/+1
2010-08-07s4:dsdb/common/util.c - add a function "dsdb_add"Matthias Dieter Wallnöfer1-0/+30
2010-08-07s4:objectclass LDB module - "add operation" - reject creation of LSA ↵Matthias Dieter Wallnöfer1-0/+8
specific objects (only using the RELAX flag allowed)
2010-08-07s4:objectclass LDB module - "add operation" - move two checksMatthias Dieter Wallnöfer1-17/+12
To be more consistent with the MS-ADTS doc.
2010-08-07s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵Matthias Dieter Wallnöfer1-5/+14
message elements Requested by MS-ADTS 3.1.1.5.2.2
2010-08-07s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possibleMatthias Dieter Wallnöfer1-4/+2
We don't need to have it around until the end of the function.
2010-08-04s4:LDB modules - remove the "kludge_acl" module codeMatthias Dieter Wallnöfer1-516/+0
Obviously this has been forgotten by Nadya.
2010-08-04s4-dsdb: Removed kludge_acl as it is no longer necessaryNadezhda Ivanova5-23/+47
Moved the access check on extended operations to acl module and removed kludge_acl
2010-08-03s4-schema: More verbose error log when subClassOf is not found in schemaKamen Mazdrashki1-1/+3
Error message show failing classSchema object but not the specific value for the failure, which makes diagnostics by log files really hard.
2010-08-03s4: fix comment typosKamen Mazdrashki1-3/+3
2010-08-01s4:ldap.py - remove superflous spacesMatthias Dieter Wallnöfer1-2/+0
Sorry, forgot to delete them in the last commit
2010-08-01s4:ldap.py - additional "instanceType" checksMatthias Dieter Wallnöfer1-0/+23
2010-08-01s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2Matthias Dieter Wallnöfer1-6/+20
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed.
2010-08-01s4:objectclass LDB module - consider the "instanceType" when adding NCsMatthias Dieter Wallnöfer1-10/+18
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation).
2010-08-01s4:descriptor LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-4/+3
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-08-01s4:acl LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-6/+3
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-08-01s4:acl LDB module - remove unused call "is_root_base_dn"Matthias Dieter Wallnöfer1-8/+0
2010-08-01s4:urgent_replication.py test - adapt the test for the harder delete ↵Matthias Dieter Wallnöfer1-1/+1
restrictions Otherwise we are not able to delete the "test crossRef" object which points to the default NC anymore.
2010-08-01s4:ldap.py - perform tests on the additional delete constraint checksMatthias Dieter Wallnöfer1-4/+38
2010-08-01s4:objectclass LDB module - implement additional delete constraint checksMatthias Dieter Wallnöfer1-3/+47
MS-ADTS 3.1.1.5.5.3
2010-08-01s4:ldap.py - add a test for "CN=System" object rename behaviourMatthias Dieter Wallnöfer1-0/+8