| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
uptodatevector
This matches a Windows 2008R2 and 2012 server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
We should use the global highestCommittedUSN, not the per partition value.
This matches a Windows 2008R2 and 2012 server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This should give the password_hash module a chance to detect if the called
was the cleartext password or not.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
DSDB_SECRET_ATTRIBUTES_EX
See [MS-ADTS] 3.1.1.4.4 Extended Access Checks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Newer versions of heimdal include a macro that is unfortunately named
'_res'. This change prevents the clash.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
|
|
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
|
|
This uses a GUID based comparison, and avoids re-fetching the
samdb_ntds_settings_dn each time.
Andrew Bartlett
|
|
This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference.
Andrew Bartlett
|
|
|
|
We often want to know if we own an FSMO role (for example). This tries to be more
efficient by comparing the GUID, rather than the string DN, as this does not need
to be re-fetched each time.
Andrew Bartlett
|
|
As the normal case (outside provision) uses a copy, this avoids a case
where a caller might modify a global variable accidentily.
As suggested by metze.
Andrew Bartlett
|
|
|
|
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
|
|
|
|
non-critical
|
|
attribute has not been set
|
|
|
|
Found by callcatcher.
Ricky Nance
|
|
Found by callcatcher.
Ricky Nance
|
|
Found by callcatcher
Ricky Nance
|
|
|
|
doing
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
|
|
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if
pwdLastSet = null, or
pwdLastSet = 0, or
(maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
|
|
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Nov 2 07:03:40 CET 2011 on sn-devel-104
|
|
if we repeat the join of a subdomain then we try to re-create the NC
for the subdomain during a DsAddEntry(). This allows that re-creation
to succeed if the NC already exists
|
|
we already have a function for returning the NTDS options
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
|
|
we may not have replicated the partition yet, so this should be
considered the same as having no repsFrom/repsTo
|
|
sid can be const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
specified on add
|
|
This string is reported to the caller, which makes debugging much easier.
Andrew Bartlett
|
|
this gets the DNS name for a NTDS GUID, based on the forest DNS name
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this converts a DC into the equivalent DNS domain. It is used when
forming t_msdcs NTDS DNS names
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this will catch future programmer errors with incorrect base DNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
this DN can change due to a server rename, so we cannot cache it. It
is set by provision, but not anywhere else.
This seems to not have a large performance impact
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
struct ldb_dn is never const
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
this gives us a delete function that takes the standard set of dsdb
flags
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
A helper function for retrieving the ntds site settings
via standalone function call. Used within KCC
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
upgraded links can be missing the RMD_ADDTIME field
|
|
|
|
this prevents a symbol collision with s3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is not perfect, but its better than always giving
NT_STATUS_UNSUCCESSFUL in our RPC servers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).
Reviewed by: Tridge
|
