Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-21 | s4-ldap: Fixed a problem with NC's having a parentGUID attribute | Nadezhda Ivanova | 1 | -13/+27 | |
NC's other than default NC had a parentGUID, due to an incorrect check of whether the object has a parent. Fixed by checking object's instanceType instead. | |||||
2010-09-20 | s4-rodc: fixed repsFrom store on RODC | Andrew Tridgell | 1 | -14/+11 | |
We were disallowing repsFrom store as a RODC on the basis that it is a write to the directory. It should be allowed, as its is a non-replicated attribute. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-20 | s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test | Anatoliy Atanasov | 1 | -0/+73 | |
2010-09-20 | s4/drs: use type enum drsuapi_DsNameFormat in DsCrackNames code | Anatoliy Atanasov | 1 | -9/+20 | |
2010-09-19 | s4-rootdse: mark registered controls as non-critical | Andrew Tridgell | 1 | -0/+37 | |
this is needed for clients that may include unnecessary controls in requests and mark them as non-critical | |||||
2010-09-15 | s4: fixed some printf format errors | Andrew Tridgell | 1 | -1/+1 | |
2010-09-15 | s4-dsdb: check for invalid backend type | Andrew Tridgell | 1 | -0/+2 | |
2010-09-15 | s4-rootdse: setup length after NULL check | Andrew Tridgell | 1 | -2/+2 | |
2010-09-15 | s4-dsdb: fixed use after free for RODC | Andrew Tridgell | 1 | -2/+1 | |
2010-09-15 | s4-dsdb: free right context on failure | Andrew Tridgell | 1 | -1/+1 | |
down_req is not initialised yet | |||||
2010-09-15 | s4-dsdb: defer ac->msg after check for NULL ac | Andrew Tridgell | 1 | -1/+3 | |
2010-09-15 | s4-anr: check for allocation failure before use | Andrew Tridgell | 1 | -1/+1 | |
2010-09-13 | s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵ | Matthias Dieter Wallnöfer | 1 | -8/+8 | |
LDAP filters This makes also lookups through special backends as "samba3sam" work. | |||||
2010-09-13 | s4:cosmetic - the SID attribute is called objectSid - not objectSID | Matthias Dieter Wallnöfer | 3 | -11/+11 | |
2010-09-13 | Revert "s4:samldb LDB module - simplify the message handling on add and ↵ | Matthias Dieter Wallnöfer | 1 | -26/+33 | |
modify operations" This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d. This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this. I will rework this further. | |||||
2010-09-12 | s4:samldb LDB module - remove a disastrous "talloc_free" | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
This completely destroys the program logic (async callbacks). Sorry for introducing this. | |||||
2010-09-12 | s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID ↵ | Matthias Dieter Wallnöfer | 1 | -1/+5 | |
derivation from "userAccountControl" Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441. | |||||
2010-09-12 | s4:samldb LDB module - free the "ac" context after the delete checks | Matthias Dieter Wallnöfer | 1 | -1/+4 | |
2010-09-12 | s4:samldb LDB module - simplify the message handling on add and modify ↵ | Matthias Dieter Wallnöfer | 1 | -33/+28 | |
operations We perform always only one shallow copy operation of the message on the "req" context. This allows to free the "ac" context when we've prepared all our changes. | |||||
2010-09-12 | s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see ↵ | Matthias Dieter Wallnöfer | 1 | -41/+41 | |
that it is only in use by the delete operation add and modify helpers will stay on the top of the add and modify operation since they will likely be shared as much as possible. | |||||
2010-09-12 | s4:samldb LDB module - add a comment to mark the beginning of the extended ↵ | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
operation handler | |||||
2010-09-12 | s4:samldb LDB module - refactor "samldb_find_for_defaultObjectCategory" to ↵ | Matthias Dieter Wallnöfer | 1 | -94/+22 | |
be again synchronous Also to make it easier to comprehend | |||||
2010-09-12 | s4:samldb LDB module - refactor the "primaryGroupID" check on user creation | Matthias Dieter Wallnöfer | 1 | -137/+39 | |
This looks more straight-forward now. | |||||
2010-09-12 | s4:samldb LDB module - get rid of the SID context variable | Matthias Dieter Wallnöfer | 1 | -20/+17 | |
Since we get more and more rid of async stuff we don't need this in the context anymore. | |||||
2010-09-12 | s4:samldb LDB module - use also here the real attribute denomination ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
"sAMAccountName" Purely cosmetic - but nicer to read | |||||
2010-09-12 | s4:samldb LDB module - rename "check_SamAccountType" into "check_sAMAccountType" | Matthias Dieter Wallnöfer | 1 | -5/+4 | |
And a small cosmetic change. I like to have the real attribute names in the function denominations | |||||
2010-09-12 | s4:samldb LDB module - make "samldb_check_sAMAccountName" synchronous again | Matthias Dieter Wallnöfer | 1 | -71/+19 | |
To make it more understandable | |||||
2010-09-11 | libcli/security Use talloc_zero when making a struct security_token | Andrew Bartlett | 1 | -2/+0 | |
2010-09-11 | s4-privs Seperate rights and privileges | Andrew Bartlett | 1 | -2/+6 | |
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett | |||||
2010-09-11 | libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-10 | s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole | Anatoliy Atanasov | 1 | -2/+3 | |
This removed an unnecessary conversion of the return type in drepl_take_FSMO_role. | |||||
2010-09-10 | s4-fsmo: update FSMO changes for recent IRPC work | Andrew Tridgell | 1 | -4/+10 | |
the IRPC API has changed Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-10 | s4-ldap: Added support for FSMO role transfer via LDAP by modify on rootDSE | Nadezhda Ivanova | 1 | -1/+46 | |
GetNCChanges with the corresponding extended operation is initiated and added to the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster, becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in rootDSE. | |||||
2010-09-09 | s4-dsdb Change debug levels for startup messages | Andrew Bartlett | 2 | -10/+10 | |
We should make the 'common' error not show up, but the unusal case fatal. Andrew Bartlett | |||||
2010-09-05 | dsdb: make the ATTRIBUTE NOT FOUND more clear | Matthieu Patou | 1 | -0/+3 | |
2010-09-04 | dsdb: Add missing dependencies for dsdb ldb modules. | Jelmer Vernooij | 1 | -2/+2 | |
2010-09-02 | s4:dsdb Fix attribute being searched for in dereference against Fedora DS | Andrew Bartlett | 1 | -1/+1 | |
The problem here is that these attributes are not mapped in the simple_ldap_map, and they were changed a while back. Andrew Bartlett | |||||
2010-09-02 | s4:dsdb Make the dereference control critical if input is critical | Andrew Bartlett | 1 | -1/+3 | |
This helps us ensure that the backend knows about and respects the dereference control if our caller has asked that the extended DN control be considered critical. Andrew Bartlett | |||||
2010-09-02 | s4:dsdb Don't reload the schema against OpenLDAP backend | Andrew Bartlett | 2 | -3/+13 | |
The schema should be considered read-only when we are using the OL backend, as we can't update the backend schema in real time anyway. Andrew Bartlett | |||||
2010-08-27 | s4-dsdb: Fixed a compiler warning. | Nadezhda Ivanova | 1 | -1/+0 | |
2010-08-26 | s4:dsdb_module_find_dsheuristics - free the "DN" also on other exit cases | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
2010-08-26 | s4-dsdb: Removed an unnecessary space in dsdb_module_find_dsheuristics() | Nadezhda Ivanova | 1 | -1/+1 | |
2010-08-26 | s4-dsdb: Added utility functions for retrieving dSHeuristics from the module ↵ | Nadezhda Ivanova | 1 | -0/+47 | |
stack Also a function to check dsHeuristics value to determine of anonymous access should be blocked | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 5 | -29/+26 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-20 | s4-dsdb: the RODC_JOIN control also changes samAccountName | Andrew Tridgell | 1 | -9/+13 | |
when adding a user with the RODC_JOIN control, the samAccountName is automatically set to the krbtgt_NNNNN form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-19 | s4: fix few comment typos | Kamen Mazdrashki | 1 | -2/+2 | |
2010-08-19 | s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functions | Kamen Mazdrashki | 1 | -1/+5 | |
2010-08-18 | s4:auth Change {anonymous,system}_session to use common session_info generation | Andrew Bartlett | 1 | -2/+4 | |
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 3 | -6/+6 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-17 | s4:password_hash LDB module - perform the adaptions to understand the new ↵ | Matthias Dieter Wallnöfer | 1 | -8/+26 | |
password change control |