Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-14 | s4:password_hash LDB module - fix wrong error codes | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
To match the passwords.py test | |||||
2010-08-14 | s4:passwords.py - test the error code when there doesn't exist any password yet | Matthias Dieter Wallnöfer | 1 | -4/+24 | |
After the creation of a user object we don't have any password yet. | |||||
2010-08-14 | s4:passwords.py - perform testing of wrong old passwords on change operations | Matthias Dieter Wallnöfer | 1 | -0/+44 | |
2010-08-11 | s4-dsdb: fix attributes_by_msDS_IntId index sorting | Kamen Mazdrashki | 1 | -1/+5 | |
2010-08-10 | s4:objectclass LDB module - weak the check for the "rIDSet" delete constraint | Matthias Dieter Wallnöfer | 1 | -8/+10 | |
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision". | |||||
2010-08-10 | s4:dsdb/common/util.c - provide a call which returns the forest function level | Matthias Dieter Wallnöfer | 1 | -2/+15 | |
Sooner or later we'll need this too since not all operations depend only on the current's domain function level (see the MS-ADTS docs). | |||||
2010-08-10 | s4:dsdb/common/util.c - use LDB constants whenever possible | Matthias Dieter Wallnöfer | 1 | -8/+8 | |
2010-08-07 | s4:kcc_connection.c - fix typo in error message | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-08-07 | s4:ldap.py - comment a test part which fails with another error code on Windows | Matthias Dieter Wallnöfer | 1 | -5/+6 | |
2010-08-07 | s4:ldap.py - test the new "systemFlags" constraint | Matthias Dieter Wallnöfer | 1 | -1/+11 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - enhance and clean the ↵ | Matthias Dieter Wallnöfer | 1 | -8/+20 | |
"systemFlags" section Also here we have to test for single-valueness. | |||||
2010-08-07 | s4:ldap.py - test for an invalid "objectCategory" attribute | Matthias Dieter Wallnöfer | 1 | -0/+10 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+34 | |
validation | |||||
2010-08-07 | s4:ldap.py - proof for the impossibility to add a LSA-specific object over LDAP | Matthias Dieter Wallnöfer | 1 | -0/+11 | |
2010-08-07 | s4:urgent_replication.py - relax also here the add of a secrets object | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-08-07 | s4:dsdb/common/util.c - add a function "dsdb_add" | Matthias Dieter Wallnöfer | 1 | -0/+30 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - reject creation of LSA ↵ | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
specific objects (only using the RELAX flag allowed) | |||||
2010-08-07 | s4:objectclass LDB module - "add operation" - move two checks | Matthias Dieter Wallnöfer | 1 | -17/+12 | |
To be more consistent with the MS-ADTS doc. | |||||
2010-08-07 | s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+14 | |
message elements Requested by MS-ADTS 3.1.1.5.2.2 | |||||
2010-08-07 | s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possible | Matthias Dieter Wallnöfer | 1 | -4/+2 | |
We don't need to have it around until the end of the function. | |||||
2010-08-04 | s4:LDB modules - remove the "kludge_acl" module code | Matthias Dieter Wallnöfer | 1 | -516/+0 | |
Obviously this has been forgotten by Nadya. | |||||
2010-08-04 | s4-dsdb: Removed kludge_acl as it is no longer necessary | Nadezhda Ivanova | 5 | -23/+47 | |
Moved the access check on extended operations to acl module and removed kludge_acl | |||||
2010-08-03 | s4-schema: More verbose error log when subClassOf is not found in schema | Kamen Mazdrashki | 1 | -1/+3 | |
Error message show failing classSchema object but not the specific value for the failure, which makes diagnostics by log files really hard. | |||||
2010-08-03 | s4: fix comment typos | Kamen Mazdrashki | 1 | -3/+3 | |
2010-08-01 | s4:ldap.py - remove superflous spaces | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
Sorry, forgot to delete them in the last commit | |||||
2010-08-01 | s4:ldap.py - additional "instanceType" checks | Matthias Dieter Wallnöfer | 1 | -0/+23 | |
2010-08-01 | s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2 | Matthias Dieter Wallnöfer | 1 | -6/+20 | |
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed. | |||||
2010-08-01 | s4:objectclass LDB module - consider the "instanceType" when adding NCs | Matthias Dieter Wallnöfer | 1 | -10/+18 | |
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation). | |||||
2010-08-01 | s4:descriptor LDB module - remove the "forest DN" check | Matthias Dieter Wallnöfer | 1 | -4/+3 | |
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5 | |||||
2010-08-01 | s4:acl LDB module - remove the "forest DN" check | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5 | |||||
2010-08-01 | s4:acl LDB module - remove unused call "is_root_base_dn" | Matthias Dieter Wallnöfer | 1 | -8/+0 | |
2010-08-01 | s4:urgent_replication.py test - adapt the test for the harder delete ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
restrictions Otherwise we are not able to delete the "test crossRef" object which points to the default NC anymore. | |||||
2010-08-01 | s4:ldap.py - perform tests on the additional delete constraint checks | Matthias Dieter Wallnöfer | 1 | -4/+38 | |
2010-08-01 | s4:objectclass LDB module - implement additional delete constraint checks | Matthias Dieter Wallnöfer | 1 | -3/+47 | |
MS-ADTS 3.1.1.5.5.3 | |||||
2010-08-01 | s4:ldap.py - add a test for "CN=System" object rename behaviour | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
2010-08-01 | s4:subtree_rename LDB module - rename "check_system_flags" into ↵ | Matthias Dieter Wallnöfer | 1 | -9/+43 | |
"check_constraints" and perform more checks Always considering MS-ADTS 3.1.1.5.4.1.2. | |||||
2010-08-01 | s4:subtree_rename LDB module - introduce out of memory checks | Matthias Dieter Wallnöfer | 1 | -0/+4 | |
2010-08-01 | s4:dsdb/samdb/ldb_modules/util.c - remove unused variables | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-08-01 | s4:ldap.py - performs some "systemFlags" testing | Matthias Dieter Wallnöfer | 1 | -0/+56 | |
2010-08-01 | s4:subtree_rename LDB module - introduce the "systemFlags" protection rules | Matthias Dieter Wallnöfer | 1 | -2/+122 | |
This is done in a dedicated call "check_system_flags". | |||||
2010-07-31 | s4:dsdb/pydsdb.c - import "systemFlags" into Python | Matthias Dieter Wallnöfer | 1 | -0/+26 | |
Needed by ldap.py tests | |||||
2010-07-31 | s4:subtree_rename LDB module - "subren_ctx_init" - fix the "out of memory" ↵ | Matthias Dieter Wallnöfer | 1 | -3/+2 | |
return | |||||
2010-07-19 | s4-dsdb: use ldb_msg_normalize() in source4/dsdb/schema/schema_set.c | Kamen Mazdrashki | 1 | -5/+4 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-19 | s4-dsdb/schema/schema_set.c: fix trailing spaces and comments spelling | Kamen Mazdrashki | 1 | -30/+38 | |
Few comments split on several lines also... (Sorry Metze, I know you hate reviewing "and this, and that" type of patches, but those are just cosmetics) Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-19 | s4-dsdb: use ldb_msg_difference() in source4/dsdb/schema/schema_set.c | Kamen Mazdrashki | 1 | -2/+10 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-16 | s4-loadparm: 2nd half of lp_ to lpcfg_ conversion | Andrew Tridgell | 18 | -40/+40 | |
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-15 | s4 ldb modules: relax some tests about attributes that should not be here | Matthieu Patou | 1 | -0/+9 | |
For attributes that we know that are harmless and that used to be stored in the ldb we relax the tests on the existance in a given objectclass. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-15 | s4 dsdb: Use the changereplmetadata control | Matthieu Patou | 1 | -61/+144 | |
This control allow to specify the replPropertyMetaData attribute to be specified on modify request. It can be used for very specific needs to tweak the content of the replication data. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-15 | s4 dsdb: create a new control: changereplmetadata | Matthieu Patou | 1 | -0/+6 | |
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-14 | s4: Added acl search tests for anonymous connection. | Nadezhda Ivanova | 1 | -83/+68 | |
The tests make sure that we comply with dsHeuristics setting and restrict anonymous access to rootDSE. They will be enabled when the implementation is pushed. tests are verified against win2k8. |