summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-07-14s4: Added acl search tests for anonymous connection.Nadezhda Ivanova1-83/+68
The tests make sure that we comply with dsHeuristics setting and restrict anonymous access to rootDSE. They will be enabled when the implementation is pushed. tests are verified against win2k8.
2010-07-13s4: Reorganized dsHeuristics reset so the code can be reusedNadezhda Ivanova1-53/+38
Moved the setting of dsHeuristics to a method as soon we will have to set other values as well in different tests
2010-07-09s4:drepl_notify: hide some bugs from the make test outputStefan Metzmacher1-1/+12
It's useless to get messages like this every few seconds: dreplsrv_notify: Failed to send DsReplicaSync to edbf4745-2966-49a7-8653-99200f1c9430._msdcs.samba2003.example.com for CN=Configuration,DC=samba2003,DC=example,DC=com - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE We have a non bug regarding non-linked DN attributes and changes of the target DN. metze
2010-07-09s4:dsdb/repl: expose drsuapi_DsExtendedError to the caller (e.g. the ↵Stefan Metzmacher4-6/+13
ridalloc client) metze
2010-07-09s4:drepl_out_helpers: don't return NT_STATUS_OK, if an extended operation ↵Stefan Metzmacher1-1/+14
doesn't return success metze
2010-07-09s4:drepl_ridalloc: only ask the rid master for a new rid pool if we need to.Stefan Metzmacher1-9/+38
if we are at least half-exhausted then ask for a new pool. This fixes a bug where we're sending unintialized alloc_pool variable as exop->fsmo_info to the rid master and get back DRSUAPI_EXOP_ERR_PARAM_ERROR. metze
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-74/+56
ridalloc_allocate_rid_pool_fsmo() metze
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-80/+102
ridalloc_allocate_rid() metze
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-19/+14
ridalloc_create_rid_set_ntds() metze
2010-07-09s4:dsdb:ridalloc: add ridalloc_ridset_values infrastructureStefan Metzmacher1-0/+83
metze
2010-07-09s4:dsdb:ridalloc: use dsdb_module_constrainted_update_uint64() to update ↵Stefan Metzmacher1-2/+2
rIDAvailablePool metze
2010-07-09s4:dsdb:ridalloc.c: fix C++ warningStefan Metzmacher1-1/+2
metze
2010-07-09s4:dsdb: add dsdb_module_constrainted_update_uint32/64() wrapper functionsStefan Metzmacher1-0/+22
metze
2010-07-09s4:dsdb: add dsdb_msg_constrainted_update_uint32/64() wrapper functionsStefan Metzmacher1-0/+22
metze
2010-07-09s4:dsdb: add dsdb_module_constrainted_update_int32/64() functionsStefan Metzmacher1-0/+58
metze
2010-07-09s4:dsdb: add dsdb_msg_constrainted_update_int32/64() functionsStefan Metzmacher1-0/+96
metze
2010-07-08s4:acl LDB module - password attributes - check also the "dBCSPwd" attributeMatthias Dieter Wallnöfer1-2/+2
It's also a possible password change/set attribute candidate.
2010-07-08s4:acl LDB module - move a "mem_ctx" creation to the place where it is ↵Matthias Dieter Wallnöfer1-1/+2
actually checked Memory allocations and their result checks should be as tight as possible.
2010-07-08Added a test to prove by default users can change each other's pass if the ↵Nadezhda Ivanova1-0/+25
old is known
2010-07-08s4-dsdb/util: Reorder DSDB_FLAG_* checksKamen Mazdrashki1-30/+30
On good thing about having more clear function interfaces (and forcing callers to specify clearly what they want) is that now I can execute following search: git grep DSDB_FLAG_NEXT_MODULE | wc -l This showed that DSDB_FLAG_NEXT_MODULE flag is about 6 times more frequently used than DSDB_FLAG_OWN_MODULE. So this should reduce branch prediction by six times in this part of the code, right :)
2010-07-08s4-dsdb: Implement module switching in dsdb_module_search_dn()Kamen Mazdrashki1-1/+10
This allows caller to choose from where to start DN search
2010-07-08s4-source4/dsdb/samdb/ldb_modules/acl.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-5/+12
2010-07-08s4-source4/dsdb/samdb/ldb_modules/linked_attributes.c Use ↵Kamen Mazdrashki1-1/+4
DSDB_FLAG_NEXT_MODULE flag
2010-07-08s4-source4/dsdb/samdb/ldb_modules/naming_fsmo.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-1/+2
2010-07-08s4-source4/dsdb/samdb/ldb_modules/operational.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-3/+7
2010-07-08s4-source4/dsdb/samdb/ldb_modules/partition_init.c Use DSDB_FLAG_NEXT_MODULE ↵Kamen Mazdrashki1-3/+6
flag
2010-07-08s4-source4/dsdb/samdb/ldb_modules/pdc_fsmo.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-1/+2
2010-07-08s4-source4/dsdb/samdb/ldb_modules/repl_meta_data.c Use DSDB_FLAG_NEXT_MODULE ↵Kamen Mazdrashki1-3/+7
flag
2010-07-08s4-source4/dsdb/samdb/ldb_modules/ridalloc.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-3/+6
2010-07-08s4-source4/dsdb/samdb/ldb_modules/samba_dsdb.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-2/+4
2010-07-08s4-source4/dsdb/samdb/ldb_modules/schema_load.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-1/+2
2010-07-08s4-source4/dsdb/samdb/ldb_modules/util.c Use DSDB_FLAG_NEXT_MODULE flagKamen Mazdrashki1-2/+4
2010-07-07s4-dsdb: use ldb_operr() in the dsdb codeAndrew Tridgell43-625/+455
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)" in places in the dsdb code where we don't already explicitly set an error string. This should make is much easier to track down dsdb module bugs that result in an operations error.
2010-07-06s4:new_partition LDB module - fix an uninitalised variable warningMatthias Dieter Wallnöfer1-2/+1
> [ 651/1946] Compiling dsdb/samdb/ldb_modules/new_partition.c > ../dsdb/samdb/ldb_modules/new_partition.c: In function 'new_partition_add': > ../dsdb/samdb/ldb_modules/new_partition.c:195: warning: 'down_req' may be used uninitialized in this function The "down_req" variable isn't used anymore.
2010-07-06s4:dsdb - samdb_result_force_password_change - also when "pwdLastSet" is ↵Matthias Dieter Wallnöfer1-3/+9
"-1" we shouldn't force a password change This value is set by the ADUC console.
2010-07-05s4:dsdb/password_hash: implement DSDB_CONTROL_BYPASS_PASSWORD_HASH_OIDStefan Metzmacher1-0/+20
metze
2010-07-05s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OIDStefan Metzmacher1-0/+5
When importing users from Samba3 we need to control all values. metze
2010-07-05s4:dsdb/password_hash: fix some c++ compiler warningsStefan Metzmacher1-9/+12
metze
2010-07-05Changed passwords.py to use the correct account as acl checks now pass.Nadezhda Ivanova1-14/+6
2010-07-05s4-dsdb: Implementation of User-Change-Password and User-Force-Password-ChangeNadezhda Ivanova2-85/+226
These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally.
2010-07-04s4:subtree_rename LDB module - Cosmetic fixesMatthias Dieter Wallnöfer1-3/+4
2010-07-04s4:subtree_delete LDB module - fix comments and add my copyrightMatthias Dieter Wallnöfer1-2/+3
(I've introduced the subtree delete mechanism)
2010-07-03s4:dsdb/tests/python/ldap_schema.py - remove a now useless "schemaUpdateNow" ↵Matthias Dieter Wallnöfer1-10/+0
request "schemaUpdateNow" on s4 is now a non-op and therefore not strictly needed anymore.
2010-07-03s4:urgent_replication.py test - remove unneeded "relax" control parametersMatthias Dieter Wallnöfer1-2/+2
2010-07-03s4:schema_load LDB module - fix a segfault condition on schema refreshMatthias Dieter Wallnöfer1-0/+5
The schema refresh operation itself starts requests from the top of the LDB modules stack (see call "dsdb_schema_set_attributes" - search operations). This doesn't work well when these do perform "dsdb_get_schema" calls. Since the new schema isn't marked as "refreshed" atm (but in fact it still is - we didn't terminate the reload/refresh yet) we could perform other calls to "dsdb_schema_refresh" and run into serious trouble (segfault).
2010-07-03s4:schema_set.c - Fix a commentMatthias Dieter Wallnöfer1-1/+2
2010-07-03s4:dsdb_schema_set_attributes - remove unneeded filter criteriasMatthias Dieter Wallnöfer1-2/+4
We already choose the right entry by specifying the right basedn with scope "LDB_SCOPE_BASE".
2010-07-03s4:dsdb_module_load_partition_usn - check for "res->count" equal/unequal to 1Matthias Dieter Wallnöfer1-1/+1
2010-07-03s4:schema_set.c - fix typoMatthias Dieter Wallnöfer1-1/+3
2010-07-03s4:schema_load.c - jump to "failed" on an error conditionMatthias Dieter Wallnöfer1-3/+2