Age | Commit message (Collapse) | Author | Files | Lines |
|
Later we will need to make samdb_rodc() look in the database, but for
now we should at least have the function in a central place
|
|
This was a bad idea all along, as Simo said at the time. With the
full MS schema and enforcement of it, it is an even worse idea.
This fixes the provision of the member server in 'make test'
Andrew Bartlett
|
|
|
|
the minimum one)
|
|
|
|
As metze pointed out - this seems to be completely dead code. I too didn't find
any dependencies in other code parts. Therefore remove it.
|
|
I came up with a better solution which is invoked when we try to join a domain
as a DC (in file "libnet_become_dc.c"). Consider a following commit for this
patch.
|
|
|
|
|
|
The dsdb_find_dn_by_guid() and dsdb_find_sid_by_dn() are using by
the DRS server call getncchanges on objects that may be deleted.
|
|
|
|
|
|
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
|
|
|
|
When a partition is first created it still needs a uSNHighest value
|
|
These are used to load/save the per-partition uSN values managed by
the repl_meta_data module
|
|
If we already have a repsFrom for a particular DC and naming context
then we should not overwrite it, as it contains info on what
replication we've already done
|
|
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform
write operations on them (look below in the code) we could get SIGSEGVs!
|
|
|
|
|
|
This will be used by the linked_attribute module
|
|
This came from the linked_attributes module, but now the
repl_meta_data module needs the same functionality, so move it to a
common routine.
|
|
one-line wrapper)
|
|
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
|
|
|
|
consistency with Samba 3.
|
|
client code.
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
Guenther
|
|
Guenther
|
|
make them wrappers around convert_string{,talloc}_convenience().
|
|
remove some unused functions.
|
|
I'm very glad we have such a comprehensive testsuite for the SAMR
password change process, as it makes this a much easier task to get
right.
Andrew Bartlett
|
|
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
|
|
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
(This used to be commit 36f727c4a73ffc8634692b0c5645343cb414de93)
|
|
(This used to be commit 731d9e569a474da27014737e0805ae712366357d)
|
|
instead of version 2 (win2k3).
This makes the NET-API-BECOME-DC test work against windows 2003 and 2008.
Michael
(This used to be commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d)
|
|
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
|
|
Michael
(This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)
|
|
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|