summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-08-17s4:kdc/kpasswdd.c - let the user change his own password with his own rightsMatthias Dieter Wallnöfer1-3/+44
Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example).
2010-08-17s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer1-50/+74
Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
2010-08-17s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer2-4/+4
password sets
2010-08-17s4:samdb_set_password/samdb_set_password_sid - make more arguments "const"Matthias Dieter Wallnöfer1-5/+5
2010-08-17s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support ↵Matthias Dieter Wallnöfer1-13/+27
the password change control And introduce parameters to pass the old password hashes.
2010-08-17s4:password_hash LDB module - perform the adaptions to understand the new ↵Matthias Dieter Wallnöfer1-8/+26
password change control
2010-08-17s4:acl LDB module - support password changes over the ↵Matthias Dieter Wallnöfer1-1/+15
DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set".
2010-08-17s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵Matthias Dieter Wallnöfer1-0/+5
control This contains the NT and/or LM hash of the password specified by the user.
2010-08-17s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer4-11/+10
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-08-17Revert "waf: enable gccdeps in developer mode"Stefan Metzmacher1-3/+2
This reverts commit 61930f50cbace4741500d8b53fc11a4ef3e0d4f8. This breaks the build with older gcc versions gcc --version gcc (SUSE Linux) 4.3.2 [gcc-4_3-branch revision 141291] (This is SLES 11) Please only enable it if thet compiler supports it. metze
2010-08-17s4:selftest: recreate $SELFTEST_PREFIX/s4client with each make test runStefan Metzmacher1-3/+3
Otherwise just fill the disks of the build-farm hosts. metze
2010-08-17s4:selftest: run ldapi tests in 'dc:local' environmentStefan Metzmacher1-1/+1
metze
2010-08-17s4-tests: Added tests for acl checks on search requestsNadezhda Ivanova1-0/+218
2010-08-17s3: Directly call write_data from print_job_write()Volker Lendecke1-1/+1
2010-08-17s3: Remove unused "pos" arg from print_job_writeVolker Lendecke3-6/+3
2010-08-17s3-samr: Correctly fix the transition from enum to uint32_t.Andreas Schneider1-1/+5
What type an enum is depends on the implementation, the compiler and probably the compiler options. sizeof(enum) is normally not sizeof(int)!
2010-08-17s4-ldb: ensure element flags are zero in ldb search returnAndrew Tridgell1-0/+2
the distinguishedName element was getting an uninitialised flags value
2010-08-17s4-ldbwrap: ensure session_info in ldb opaque remains validAndrew Tridgell1-0/+15
A DRS DsBind handle can be re-used in a later connection. This implies reuse of the session_info for the connection. If the first connection is shutdown then the session_info in the sam context on the 2nd connection must remain valid.
2010-08-17s4-rpcserver: log unknown RPC calls at debug level 3Andrew Tridgell1-0/+6
This was added as we are occasionally getting an encrypted unknown netlogon call, and I'm having trouble looking at it in wireshark
2010-08-17s4-netlogon: added SEC_CHAN_RODCAndrew Tridgell2-1/+7
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
2010-08-17s4-net: use an encrypted ldap session when setting passwordsAndrew Tridgell1-0/+3
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME" to set a password remotely on a windows DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: check the type of session_info from the opaqueAndrew Tridgell1-2/+2
we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: allow getncchanges from RODC with WRIT_REP setAndrew Tridgell1-2/+2
w2k8r2 is setting this bit as a RODC. Instead of refusing the replication, we now remove the bit from req8, which means other places in the code that check this bit can stay the same Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: added domain_sid to DRS security checksAndrew Tridgell6-10/+14
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLERAndrew Tridgell1-6/+6
check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNTAndrew Tridgell2-2/+10
when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: cope with cracknames of form dnsdomain\accountAndrew Tridgell1-2/+8
this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumberAndrew Tridgell1-1/+8
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the range allowed by the schema (the schema has rangeLower==rangeUpper==65536). We need to mark this element as being internally generated to avoid the range checks Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATIONAndrew Tridgell2-7/+15
When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_MASKAndrew Tridgell2-0/+31
This ensures that internal bits for the element flags in add/modify requests are not set via the ldb API Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell8-23/+28
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA addAndrew Tridgell1-1/+24
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-1/+1
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
2010-08-17s4-ldapserver: support controls on ldap add and renameAndrew Tridgell1-10/+12
we need to pass the controls down to the add and rename ldb operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell3-0/+76
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell1-163/+11
many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s3-dcerpc: try to fix the non gssapi build.Günther Deschner1-1/+2
Guenther
2010-08-17s3-dcerpc: fix c++ build warning.Günther Deschner1-1/+1
Guenther
2010-08-17s3-dcerpc: fix uninitialized variable in cli_get_session_key().Günther Deschner1-1/+1
Simo, please check. Guenther
2010-08-17s3-util: remove unused variable.Günther Deschner1-1/+0
Guenther
2010-08-17s3-ads: Remove unused function and fileSimo Sorce3-31/+1
2010-08-17s3:winbindd: don't ignore 'result' in wb_dsgetdcname_done()Stefan Metzmacher1-0/+4
Ignoring it could cause a segfault in winbindd_getdcname_recv() metze
2010-08-17s3: Remove smbd_server_fd() from write_data()Volker Lendecke3-25/+78
This completely removes the DEBUG(0, ..) error message from write_data(). I've gone through all callers of write_data() and made sure that they have their own equivalent error message printing.
2010-08-17s3-dcerpc: Use common send functions for ntlmssp tooSimo Sorce1-51/+12
Remove unused function.
2010-08-17s3-dcerpc: properly implement gse/spnego_get_session_keySimo Sorce5-16/+63
2010-08-17s3-dcerpc: Check data and return appropriate errorSimo Sorce1-2/+17
2010-08-17s3-dcerpc: Remove unused functionSimo Sorce1-18/+0
2010-08-17s3-dcerpc: make a few local functions as staticSimo Sorce2-8/+7
2010-08-17Change debug statements to use __location__Simo Sorce1-13/+11
2010-08-17s3-dcerpc: Pull packet in the caller, before validationSimo Sorce2-31/+38