summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-06-11s4:rootdse LDB module - use LDB result constantsMatthias Dieter Wallnöfer1-4/+5
2010-06-10s4:samldb LDB module - fix up the case when the old and new "primaryGroupID" ↵Matthias Dieter Wallnöfer1-7/+7
are the same
2010-06-10s4:samldb LDB module - don't create multiple "ac" module contexts on modify ↵Matthias Dieter Wallnöfer1-12/+6
operations Since we do now run sequentially through all checks we don't need multiple "ac" contexts anymore.
2010-06-10s4:samba_dsdb LDB module - move the "objectclass_attrs" module backMatthias Dieter Wallnöfer1-1/+1
I think it should be lower in order to control also the "instanceType" module.
2010-06-10s4:instancetype LDB module - prevent all types of "instanceType" manipulationMatthias Dieter Wallnöfer1-0/+16
Also on Windows Server you aren't able to change it.
2010-06-07s4:objectclass_attrs LDB module - move the single-valued attribute check ↵Matthias Dieter Wallnöfer1-1/+13
into this module It seems to me more consistent (and also to keep the same behaviour on all backends). Also the DRS hack should therefore not be needed anymore since the "repl_meta_data" module launches requests behind "objectclass_attrs".
2010-06-07s4:samba_dsdb LDB module - fix typosMatthias Dieter Wallnöfer1-2/+2
2010-06-07s4:samba_dsdb LDB module - enhance/fix module rule commentsMatthias Dieter Wallnöfer1-3/+5
2010-06-07s4:objectclass LDB module - rework the code which handles the objectclasses ↵Matthias Dieter Wallnöfer1-149/+191
modification Before it has been very incomplete. We try now to match the Windows Server behaviour as close as possible.
2010-06-07s4:acl LDB module - LDB attribute names should be compared using ↵Matthias Dieter Wallnöfer1-2/+2
"ldb_attr_cmp" or "strcasecmp"
2010-06-07s4:acl LDB module - adaption for "objectclass_attrs" moduleMatthias Dieter Wallnöfer1-5/+15
Since the attribute schema checking code moved back we need to give here the "LDB_ERR_NO_SUCH_ATTRIBUTE" error.
2010-06-07s4:objectclass LDB module - remove "fix_check_attributes"Matthias Dieter Wallnöfer1-62/+0
Also this task is now performed by the "objectclass_attrs" LDB module.
2010-06-07s4:samldb LDB module - adjust the module to set always a ↵Matthias Dieter Wallnöfer1-35/+45
"defaultObjectCategory" on objectclass add operations This is needed to make the "objectclass_attrs" LDB module happy. The search check and case adjustment are done as it was using a second modify operation.
2010-06-07s4:remove the "validate_update" LDB module - the task is now handled by the ↵Matthias Dieter Wallnöfer4-141/+0
far more complete "objectclass_attrs" LDB module
2010-06-07s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the ↵Matthias Dieter Wallnöfer3-0/+401
objectclass attributes checking Until now we had no real consistent mechanism which allowed us to check if attributes belong to the specified objectclasses.
2010-06-07s4:objectclass LDB module - instanciate the schema variable centrally on the ↵Matthias Dieter Wallnöfer1-28/+28
"ac" context creation This unifies the position when the schema is read and prevents multiple instanciations (eg on a modification operation).
2010-06-07s4:samldb LDB module - finally we can remove the RDN checkMatthias Dieter Wallnöfer1-53/+0
This is now dynamically always done by the objectclass LDB module
2010-06-07s4:objectclass LDB module - finally implement the correct entry rename ↵Matthias Dieter Wallnöfer1-25/+130
protections Only the "systemFlags" check is still missing.
2010-06-07s4:objectclass LDB module - cosmetic changeMatthias Dieter Wallnöfer1-2/+3
2010-06-07s4:objectclass LDB module - remove duplicated codeMatthias Dieter Wallnöfer1-13/+4
2010-06-07s4:objectclass LDB module - fix counter variable typesMatthias Dieter Wallnöfer1-1/+1
2010-06-07s4:objectclass LDB module - explain why the search can return with an empty ↵Matthias Dieter Wallnöfer1-1/+2
return
2010-06-07s4:objectclass LDB module - this "talloc_steal" is not necessaryMatthias Dieter Wallnöfer1-1/+0
The "parent_dn" was created on the "ac" context which lives anyway longer than this child request.
2010-06-07s4:objectclass LDB module - fix error result if an entry doesn't contain a ↵Matthias Dieter Wallnöfer1-3/+3
structural objectclass We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
2010-06-07s4:objectclass LDB module - use "ldb_oom" for expressing out of memoryMatthias Dieter Wallnöfer1-2/+1
2010-06-07s4:objectclass LDB module - fix header and add my copyrightMatthias Dieter Wallnöfer1-4/+6
2010-06-06s4:password_hash LDB module - adapt the module to the new ↵Matthias Dieter Wallnöfer1-17/+6
"ldb_msg_remove_attr" behaviour
2010-06-06s4:samldb LDB module - this codepart isn't needed due to the objectclass LDB ↵Matthias Dieter Wallnöfer1-13/+0
module When a "computer" entry will be added, also the inherited "user" objectclass is going to be specified.
2010-06-06s4:get_last_structural_class - only real structural classes can be ↵Matthias Dieter Wallnöfer1-1/+1
candidates for fetching the last one Classes with objectCategory = 1 are always structural, these with objectCategory = 0 also (as we can see in our Windows 2008 R2 schema file where class "Person" has 0 but is structural). Abstract classes and auxiliary ones cannot be considered (objectCategory = 2, 3) http://msdn.microsoft.com/en-us/library/ms677964(VS.85).aspx
2010-06-06s4:dsdb/common/util.c - provide a better implementation of the ↵Matthias Dieter Wallnöfer1-28/+90
"samdb_msg_add_(add/del)val" calls This supports now also coexisting add and delete message elements with the same attribute name.
2010-06-06s4:ridalloc LDB module - add more "talloc_free"s where usefulMatthias Dieter Wallnöfer1-0/+3
Some were missing on failure return branches.
2010-06-06s4:acl LDB module - fix counter types where appropriateMatthias Dieter Wallnöfer1-2/+4
2010-06-06s4:descriptor LDB module - cosmetic fixupMatthias Dieter Wallnöfer1-4/+4
2010-06-01s4: check the sacl and dacl pointers on the old sdAnatoliy Atanasov1-2/+2
2010-06-01s4-cracknames: Fix typo in debug message.Karolin Seeger1-1/+1
Karolin
2010-05-31s4:samldb LDB module - start on a sequential trigger implementationMatthias Dieter Wallnöfer1-10/+26
This is a start to allow the triggers to be called sequentially.
2010-05-31s4:dsdb_load_udv_v1 - "uint32_t" counter type fits better than "unsigned int"Matthias Dieter Wallnöfer1-1/+1
2010-05-31ldb: Fix dependencies when building with system ldb.Jelmer Vernooij1-1/+1
2010-05-30s4:samldb LDB module - deny delete operations on some important attributesMatthias Dieter Wallnöfer1-3/+12
Add operations are denied since these are single-valued - only replace is allowed. This is only provisorily at the moment - we need to implement the triggers specified in MS-ADTS.
2010-05-30s4:samldb LDB module - rework the group change code to be again synchronousMatthias Dieter Wallnöfer1-309/+71
2010-05-30s4:dsdb/samdb/ldb_modules/util.c - make sure to always free temporary dataMatthias Dieter Wallnöfer1-1/+6
2010-05-30s4:dsdb_module_search_dn - add code to handle NULL format stringMatthias Dieter Wallnöfer1-3/+13
2010-05-30s4:dsdb/common/util.c - fix a counter variableMatthias Dieter Wallnöfer1-1/+1
2010-05-24s4:dsdb_enum_group_mem - use "unsigned" countersMatthias Dieter Wallnöfer1-2/+3
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned".
2010-05-24s4:dsdb_lookup_rids - "unsigned" counters fit better than "signed" in this caseMatthias Dieter Wallnöfer1-2/+2
2010-05-24s4:dsdb_add_user - check the "cn"/"account_name" length (should be >= 1)Matthias Dieter Wallnöfer1-7/+12
This needed by the "cn_name_len"-1 accesses. And use a "size_t"-typed variable for storing it (length specificators should always be stored using "size_t" variables).
2010-05-24s4:samr Push most of samr_LookupRids into a helper functionAndrew Bartlett1-0/+66
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Push most of samr_QueryGroupMember into a helper functionAndrew Bartlett1-0/+67
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Move most of samr_CreateDomAlias into a helper functionAndrew Bartlett1-0/+73
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split most of samr_CreateDomainGroup into a helper functionAndrew Bartlett1-0/+79
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett