Age | Commit message (Collapse) | Author | Files | Lines |
|
operations
We perform always only one shallow copy operation of the message on the "req"
context. This allows to free the "ac" context when we've prepared all our
changes.
|
|
that it is only in use by the delete operation
add and modify helpers will stay on the top of the add and modify operation
since they will likely be shared as much as possible.
|
|
operation handler
|
|
be again synchronous
Also to make it easier to comprehend
|
|
This looks more straight-forward now.
|
|
Since we get more and more rid of async stuff we don't need this in the context
anymore.
|
|
"sAMAccountName"
Purely cosmetic - but nicer to read
|
|
And a small cosmetic change.
I like to have the real attribute names in the function denominations
|
|
To make it more understandable
|
|
|
|
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
|
|
the IRPC API has changed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
GetNCChanges with the corresponding extended operation is initiated and added to
the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster,
becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in
rootDSE.
|
|
We should make the 'common' error not show up, but the unusal case fatal.
Andrew Bartlett
|
|
|
|
|
|
The problem here is that these attributes are not mapped in the
simple_ldap_map, and they were changed a while back.
Andrew Bartlett
|
|
This helps us ensure that the backend knows about and respects the
dereference control if our caller has asked that the extended DN control
be considered critical.
Andrew Bartlett
|
|
The schema should be considered read-only when we are using the OL
backend, as we can't update the backend schema in real time anyway.
Andrew Bartlett
|
|
|
|
|
|
|
|
stack
Also a function to check dsHeuristics value to determine of anonymous access should be blocked
|
|
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
|
|
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
|
|
This makes the structure more like Samba3's NT_USER_TOKEN
|
|
password change control
|
|
DSDB_CONTROL_PASSWORD_CHANGE_OID control
This control is used from the SAMR and "kpasswd" password changes. It is
strictly private and means "this is a password change and not a password set".
|
|
control
This contains the NT and/or LM hash of the password specified by the user.
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
we saw a crash with a bad pointer here, and this may help track it
down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is used by w2k8r2 when doing a RODC dcpromo
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control disables the system only check for nTDSDSA add operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
important failure cases
|
|
|
|
on password change operations
This is to match the SAMR password change behaviour.
|
|
(Needed by upgradeprovision for example)
|
|
|
|
passwords
Sooner or later this module should take over all password change actions.
|