Age | Commit message (Collapse) | Author | Files | Lines |
|
By using a CCACHE obtained while the old password was still valid, we
can tell if the server still accepts incoming Kerberos connections
with the old password.
Andrew Bartlett
|
|
The challenge here is to update the existing record if it already
exists, rather than deleting the old record. This ensures that the
secrets.keytab handling code keeps the previous password in the
keytab.
Andrew Bartlett
|
|
|
|
The problem here is that we need to use the array, not the individual
message element as the memory context.
Andrew Bartlett
|
|
Changing the machine account password should not prevent connections
with a current, valid CCACHE. This is because when the password is
changed, the server-side keytab keeps one old password around.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
* isMemberOfPartialAttributeSet is now allowed to be deleted (on schema
objects)
* attributeDisplayNames is now allowed to be added and modified (used on
display specifiers)
* spnMapping is now allowed to be altered on Directory Service objects
* minPwdAge is now modified if the previous value was 0
We issue a clear information about the userControl attribute for
administrator to invite the user to modify himself the value.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
For attributes that we know that are harmless and that used to be stored
in the ldb we relax the tests on the existance in a given objectclass.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
one previously stored
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
RID manager
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
calculating msds-keyversionnumber
This function change the version field of the unicodePwd in the
replPropertyMetaData so that the version is equal or
superior to the reference value passed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
replPropertyMetaData attribute
This change contains also helpers for attribute id to attribute oid
conversion and from attribute id to attribute name.
It brings also unit tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This control allow to specify the replPropertyMetaData attribute to
be specified on modify request. It can be used for very specific needs
to tweak the content of the replication data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This control is designed to allow replmetadata to be specified
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This patch is for testing the chgdcpass script which is mostly a call to
update_machine_account_password.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This script will mostly be used by unit test (blackbox type) to test the
change of the dc password
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is to allow reuse of this function and also unit tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
create_conn_struct did not create the conn->sconn!=NULL assumption we now
depend on. Thanks to Andreas Schneider for testing!
|
|
Handles are shared among multiple pipes_struct. We cannot allocate
them on any specific pipes_struct or it will vanish for all others
as soon as that pipes_struct is freed, leaving back dangling
pointers.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
The tests make sure that we comply with dsHeuristics setting and
restrict anonymous access to rootDSE. They will be enabled when the
implementation is pushed. tests are verified against win2k8.
|
|
Guenther
|
|
It seems that because the flag is false, this always used the supplied credentials
rhather than establish anonymous connection.
|
|
This fixes a bug where register_existing_vuid() could be called with a
NULL server_info if the alloction failed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Nothing will free this, so this prevents a memory leak.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.
Andrew Bartlett
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
Volker pointed out I'd missed the "last directory" cache
part of this code. Return us to caching the directory we're
in (reduces sys call load).
Mea maxima culpa.
Jeremy.
This reverts commit 2f30aea3324f32f9b8555e961256fc1280da2871.
|
|
Guenther
|
|
Guenther
|
|
Moved the setting of dsHeuristics to a method as soon we will have to set other
values as well in different tests
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Also move dcerpc_push_dcerpc_auth() invocation in api_pipe_bind_req()
to simplify the workflow.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
There is no need to copy the whole structure twice by passing it in by value.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Allows to not rely on p->call_id but use the value directly from the request
packet header.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|