summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-12-02s4:password_hash LDB module - allow empty ("") passwordsMatthias Dieter Wallnöfer2-22/+50
This seems to have been broken some time ago - till someone on the mailing list noticed it. I've also added a testsuite (and some additional SamDB python helpers) which should prove this.
2010-12-01s4:dsdb/repl/replicated_objects.c - proof if "talloc_reference" doesn't ↵Matthias Dieter Wallnöfer1-1/+2
return NULL Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Dec 1 17:14:01 CET 2010 on sn-devel-104
2010-12-01s4:dsdb/common/util.c - "samdb_msg_add_add/delval" - introduce also here the ↵Matthias Dieter Wallnöfer1-2/+2
better memory context "msg->elements" fits better than "msg".
2010-12-01s4:ranged results LDB module - cosmetic - fix some indentationMatthias Dieter Wallnöfer1-1/+3
2010-12-01s4:ranged results LDB module - "rr_search_callback" - change some memory contextMatthias Dieter Wallnöfer1-1/+3
"el->values" could under some circumstances be NULL (see "if" above).
2010-12-01s4-dsdb/syntax: Map remote ATTIDs for Attribute OID syntaxKamen Mazdrashki1-0/+6
2010-12-01s4-dsdb/syntax: Implement Remote-ATTID to Local-ATTID mapping functionKamen Mazdrashki1-0/+35
2010-12-01s4-dreplsrv: Use working_schema when replicating from Schema NCKamen Mazdrashki1-2/+22
Schema is changed and it is quite possible we won't be able to decode replicated objects using current Schema cache we have. Thus, when replicating Schema, we will make a temporary Schema cache, working_schema, so that we can fully decode objects we recieve.
2010-12-01s4-dsdb/schema: Implement multi-pass working schema creation functionKamen Mazdrashki1-0/+132
It is heavily based on implementation in libnet_vampire_cb_apply_schema() function, except that it actually creates a new copy of the supplied initial_schema + resolving all incoming objects and add them to supplied initial_schema. We are going to need this 'working_schema' later so we are able to fully resolve all objects we receive on wire during DRS replication. Working schema created is to be used only as an index to search in. It is not supposed to be set to an ldb_context as it doesn't contain all information for classSchema and attributeSchema objects.
2010-12-01s4-dsdb/schema: Add Schema shallow copy functionKamen Mazdrashki1-0/+57
2010-12-01s4-dsdb/prefixMap: Add prefixMap shallow copy functionKamen Mazdrashki1-0/+17
2010-12-01s4-repl: Let dsdb_replicated_objects_convert() to accept schema from callerKamen Mazdrashki2-7/+16
This allows us to use schema that is different than the one set to 'ldb' to decode objects.
2010-12-01s4-ranged_result.c: Fix memory context for ranged attributes handlingKamen Mazdrashki1-4/+15
Pair-Programmed-With: Zahari Zahariev <zahari.zahariev@postpath.com> Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Dec 1 11:45:48 CET 2010 on sn-devel-104
2010-11-29samdb: Build as public library.Jelmer Vernooij2-1/+12
2010-11-29s4-dsdb: give full error message for operational failuresAndrew Tridgell1-2/+2
2010-11-29s4-pydsdb: two more GPO related flagsAndrew Tridgell1-0/+2
2010-11-29s4-pydsdb: added GPO policy flagsAndrew Tridgell1-0/+7
2010-11-28s4:dsdb/repl/drepl* - move "lib/messaging/irpc.h" include into "drepl_service.h"Matthias Dieter Wallnöfer8-9/+1
This is needed to fix a Tru64 "cc" warning regarding "enum drepl_role_master". Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Nov 28 12:46:19 CET 2010 on sn-devel-104
2010-11-27s4:dsdb/repl/drepl_service.c - return the correct WERR resultMatthias Dieter Wallnöfer1-1/+1
2010-11-27s4:drepl_service.c - fix error macro (use "_werr" and not "werr")Matthias Dieter Wallnöfer1-1/+1
Detected by Tru64 "cc".
2010-11-27s4:dsdb/repl/drepl_out_helpers.c - print out the correct error message (werr)Matthias Dieter Wallnöfer1-1/+1
Also detected by Tru64 "cc".
2010-11-27s4:param/secrets.h - fix "enum netr_SchannelType" include correctlyMatthias Dieter Wallnöfer1-1/+0
2010-11-27s4:dsdb/samdb/samdb.h - fix include ordering in order to prevent warnings on ↵Matthias Dieter Wallnöfer1-1/+1
Tru64
2010-11-27s4:role transfer - use always type "enum drepl_role_master" for role ↵Matthias Dieter Wallnöfer3-4/+5
specifications Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 27 16:03:43 CET 2010 on sn-devel-104
2010-11-27s4:samba3sam LDB module - correctly print out an unsigned valueMatthias Dieter Wallnöfer1-1/+2
Here we can print it out as unsigned since we are generating a string attribute.
2010-11-27s4:samba3sam LDB module - make the "pw_uid"/"pw_gid" conversion a bit clearerMatthias Dieter Wallnöfer1-2/+6
And remove the "long" specifier since at least on the major platforms (Linux, BSD and Solaris) these types are defined as "uint32_t".
2010-11-27s4:dsdb tests - make use of "ldb.get_domain_sid()"Matthias Dieter Wallnöfer4-22/+5
2010-11-27s4:dsdb/tests/python/sam.py - we don't need the domain SIDMatthias Dieter Wallnöfer1-5/+0
2010-11-28s4-pydsdb: use cpp macro to simplify flags definitionsAndrew Tridgell1-137/+110
also added some more from flags.h
2010-11-26s4:rootdse LDB module - remove unused variableMatthias Dieter Wallnöfer1-1/+0
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 26 13:58:27 CET 2010 on sn-devel-104
2010-11-26s4:objectclass LDB module - simply use "msg" when requesting the messageMatthias Dieter Wallnöfer1-2/+2
2010-11-26s4:objectclass LDB module - move the "mem_ctx" allocation to a better placeMatthias Dieter Wallnöfer1-7/+6
It's only needed if we've a schema around.
2010-11-26s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)Andrew Bartlett1-15/+28
This arranged the check to avoid talloc_strdup() (the schema pointers are constant, and can be relied upon), and checks the untrusted bit first (it is faster), before the ldb_attr_cmp(). The strcmp() here was valid, if unusual, because the ldapDisplayName values are already in the correct case, but strcasecmp() is more correct, as for the small extra cost, we avoid a difficult to diagnose bug later. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-26s4-objectclass Use a specific local variable name, not 'value'Andrew Bartlett1-4/+5
This makes it clearer what the local variable in use here does. Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-26s4-kcc: fixed valgrind errors in drs replicaInfo server sideAndrew Tridgell1-7/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 26 03:52:30 CET 2010 on sn-devel-104
2010-11-26s4-dsdb Remove rootDSE and anonymous checks from acl_readAndrew Bartlett1-15/+0
The rootdse module handles rootDSE requests, and blocks anonymous access, so we on't need to do it again here. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Nov 26 00:36:19 CET 2010 on sn-devel-104
2010-11-26s4-dsdb Add 'block anonymous' checks to the rootdse moduleAndrew Bartlett1-0/+100
This ensures that one single point checks for and blocks anonymous read access to the database over LDAP. Andrew Bartlett
2010-11-26s4-dsdb Remove mem_ctx argument from dsdb_module_find_dsheuristics().Andrew Bartlett2-4/+3
A function that does not return memory should not take a memory context. Andrew Bartlett
2010-11-25s4-tests: Made acl tests to reconnect if dSHeuristics is being manipulatedNadezhda Ivanova1-28/+25
Also made password tests set dSHeuristics only once rather that once per test. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 20:48:38 CET 2010 on sn-devel-104
2010-11-25s4-tests: Modified create_ou to only accept security.descriptor type for sd ↵Nadezhda Ivanova1-36/+28
to avoid confusion It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
2010-11-25s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer1-7/+1
domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-25s4-tests: Modified sec_descriptor.py to use samba.tests.delete_forceNadezhda Ivanova1-71/+66
2010-11-25s4-tests: Modified sam.py to use samba.tests.delete_forceNadezhda Ivanova1-72/+67
2010-11-25s4-tests: Modified passwords.py to use samba.tests.delete_forceNadezhda Ivanova1-12/+7
2010-11-25s4-tests: delete_force was unused, removed it.Nadezhda Ivanova1-5/+0
2010-11-25s4-tests: Modified ldap_schema.py to use samba.tests.delete_forceNadezhda Ivanova1-8/+3
2010-11-25s4-tests: Modified ldap.py to use samba.tests.delete_forceNadezhda Ivanova1-93/+88
2010-11-25s4-tests: Modified deletetest.py to use samba.tests.delete_forceNadezhda Ivanova1-18/+14
2010-11-25s4-tests: Modified acly.py to use common delete_force instead of defining ↵Nadezhda Ivanova1-60/+55
its own.
2010-11-24s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer1-3/+7
is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104