summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-08-10s4:dsdb/common/util.c - use LDB constants whenever possibleMatthias Dieter Wallnöfer1-8/+8
2010-08-07s4:kcc_connection.c - fix typo in error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-07s4:ldap.py - comment a test part which fails with another error code on WindowsMatthias Dieter Wallnöfer1-5/+6
2010-08-07s4:ldap.py - test the new "systemFlags" constraintMatthias Dieter Wallnöfer1-1/+11
2010-08-07s4:objectclass LDB module - "add operation" - enhance and clean the ↵Matthias Dieter Wallnöfer1-8/+20
"systemFlags" section Also here we have to test for single-valueness.
2010-08-07s4:ldap.py - test for an invalid "objectCategory" attributeMatthias Dieter Wallnöfer1-0/+10
2010-08-07s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵Matthias Dieter Wallnöfer1-5/+34
validation
2010-08-07s4:ldap.py - proof for the impossibility to add a LSA-specific object over LDAPMatthias Dieter Wallnöfer1-0/+11
2010-08-07s4:urgent_replication.py - relax also here the add of a secrets objectMatthias Dieter Wallnöfer1-2/+1
2010-08-07s4:dsdb/common/util.c - add a function "dsdb_add"Matthias Dieter Wallnöfer1-0/+30
2010-08-07s4:objectclass LDB module - "add operation" - reject creation of LSA ↵Matthias Dieter Wallnöfer1-0/+8
specific objects (only using the RELAX flag allowed)
2010-08-07s4:objectclass LDB module - "add operation" - move two checksMatthias Dieter Wallnöfer1-17/+12
To be more consistent with the MS-ADTS doc.
2010-08-07s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵Matthias Dieter Wallnöfer1-5/+14
message elements Requested by MS-ADTS 3.1.1.5.2.2
2010-08-07s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possibleMatthias Dieter Wallnöfer1-4/+2
We don't need to have it around until the end of the function.
2010-08-04s4:LDB modules - remove the "kludge_acl" module codeMatthias Dieter Wallnöfer1-516/+0
Obviously this has been forgotten by Nadya.
2010-08-04s4-dsdb: Removed kludge_acl as it is no longer necessaryNadezhda Ivanova5-23/+47
Moved the access check on extended operations to acl module and removed kludge_acl
2010-08-03s4-schema: More verbose error log when subClassOf is not found in schemaKamen Mazdrashki1-1/+3
Error message show failing classSchema object but not the specific value for the failure, which makes diagnostics by log files really hard.
2010-08-03s4: fix comment typosKamen Mazdrashki1-3/+3
2010-08-01s4:ldap.py - remove superflous spacesMatthias Dieter Wallnöfer1-2/+0
Sorry, forgot to delete them in the last commit
2010-08-01s4:ldap.py - additional "instanceType" checksMatthias Dieter Wallnöfer1-0/+23
2010-08-01s4:instancetype LDB module - add checks requested by MS-ADTS 3.1.1.5.2.2Matthias Dieter Wallnöfer1-6/+20
We've to test for the WRITE flag if we are performing an NC add. And if it isn't an NC add then only the WRITE or no flag is allowed.
2010-08-01s4:objectclass LDB module - consider the "instanceType" when adding NCsMatthias Dieter Wallnöfer1-10/+18
This is requested by MS-ADTS 3.1.1.5.2.2 (NC add operation).
2010-08-01s4:descriptor LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-4/+3
Also here we have to work with the default base DN. After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-08-01s4:acl LDB module - remove the "forest DN" checkMatthias Dieter Wallnöfer1-6/+3
After some reading I've discovered that this isn't really true. The forest partition does exist on one or more DCs and is there the same as the default base DN (which is already checked by the module). And if we have other DCs which contain child domains then they never contain data of the forest domain beside the schema and the configuration partition (which are checked anyway) since a DC can always contain only one domain! Link: http://www.informit.com/articles/article.aspx?p=26896&seqNum=5
2010-08-01s4:acl LDB module - remove unused call "is_root_base_dn"Matthias Dieter Wallnöfer1-8/+0
2010-08-01s4:urgent_replication.py test - adapt the test for the harder delete ↵Matthias Dieter Wallnöfer1-1/+1
restrictions Otherwise we are not able to delete the "test crossRef" object which points to the default NC anymore.
2010-08-01s4:ldap.py - perform tests on the additional delete constraint checksMatthias Dieter Wallnöfer1-4/+38
2010-08-01s4:objectclass LDB module - implement additional delete constraint checksMatthias Dieter Wallnöfer1-3/+47
MS-ADTS 3.1.1.5.5.3
2010-08-01s4:ldap.py - add a test for "CN=System" object rename behaviourMatthias Dieter Wallnöfer1-0/+8
2010-08-01s4:subtree_rename LDB module - rename "check_system_flags" into ↵Matthias Dieter Wallnöfer1-9/+43
"check_constraints" and perform more checks Always considering MS-ADTS 3.1.1.5.4.1.2.
2010-08-01s4:subtree_rename LDB module - introduce out of memory checksMatthias Dieter Wallnöfer1-0/+4
2010-08-01s4:dsdb/samdb/ldb_modules/util.c - remove unused variablesMatthias Dieter Wallnöfer1-2/+0
2010-08-01s4:ldap.py - performs some "systemFlags" testingMatthias Dieter Wallnöfer1-0/+56
2010-08-01s4:subtree_rename LDB module - introduce the "systemFlags" protection rulesMatthias Dieter Wallnöfer1-2/+122
This is done in a dedicated call "check_system_flags".
2010-07-31s4:dsdb/pydsdb.c - import "systemFlags" into PythonMatthias Dieter Wallnöfer1-0/+26
Needed by ldap.py tests
2010-07-31s4:subtree_rename LDB module - "subren_ctx_init" - fix the "out of memory" ↵Matthias Dieter Wallnöfer1-3/+2
return
2010-07-19s4-dsdb: use ldb_msg_normalize() in source4/dsdb/schema/schema_set.cKamen Mazdrashki1-5/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s4-dsdb/schema/schema_set.c: fix trailing spaces and comments spellingKamen Mazdrashki1-30/+38
Few comments split on several lines also... (Sorry Metze, I know you hate reviewing "and this, and that" type of patches, but those are just cosmetics) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-19s4-dsdb: use ldb_msg_difference() in source4/dsdb/schema/schema_set.cKamen Mazdrashki1-2/+10
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell18-40/+40
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 ldb modules: relax some tests about attributes that should not be hereMatthieu Patou1-0/+9
For attributes that we know that are harmless and that used to be stored in the ldb we relax the tests on the existance in a given objectclass. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 dsdb: Use the changereplmetadata controlMatthieu Patou1-61/+144
This control allow to specify the replPropertyMetaData attribute to be specified on modify request. It can be used for very specific needs to tweak the content of the replication data. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 dsdb: create a new control: changereplmetadataMatthieu Patou1-0/+6
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-14s4: Added acl search tests for anonymous connection.Nadezhda Ivanova1-83/+68
The tests make sure that we comply with dsHeuristics setting and restrict anonymous access to rootDSE. They will be enabled when the implementation is pushed. tests are verified against win2k8.
2010-07-13s4: Reorganized dsHeuristics reset so the code can be reusedNadezhda Ivanova1-53/+38
Moved the setting of dsHeuristics to a method as soon we will have to set other values as well in different tests
2010-07-09s4:drepl_notify: hide some bugs from the make test outputStefan Metzmacher1-1/+12
It's useless to get messages like this every few seconds: dreplsrv_notify: Failed to send DsReplicaSync to edbf4745-2966-49a7-8653-99200f1c9430._msdcs.samba2003.example.com for CN=Configuration,DC=samba2003,DC=example,DC=com - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE We have a non bug regarding non-linked DN attributes and changes of the target DN. metze
2010-07-09s4:dsdb/repl: expose drsuapi_DsExtendedError to the caller (e.g. the ↵Stefan Metzmacher4-6/+13
ridalloc client) metze
2010-07-09s4:drepl_out_helpers: don't return NT_STATUS_OK, if an extended operation ↵Stefan Metzmacher1-1/+14
doesn't return success metze
2010-07-09s4:drepl_ridalloc: only ask the rid master for a new rid pool if we need to.Stefan Metzmacher1-9/+38
if we are at least half-exhausted then ask for a new pool. This fixes a bug where we're sending unintialized alloc_pool variable as exop->fsmo_info to the rid master and get back DRSUAPI_EXOP_ERR_PARAM_ERROR. metze
2010-07-09s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ↵Stefan Metzmacher1-74/+56
ridalloc_allocate_rid_pool_fsmo() metze