Age | Commit message (Collapse) | Author | Files | Lines |
|
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
|
|
|
|
samdb-specific.
|
|
SAMDB_COMMON and DSDB_MODULE_HELPERS.
|
|
|
|
|
|
|
|
It's a bit redundant given that we have the "type" variable on "ac".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 6 10:20:45 UTC 2010 on sn-devel-104
|
|
It may looks funny but the DN output prevents older ADUC versions (tested with
release 2000) to perform subtree deletes properly. Version 2008 has this fixed.
Additionally some smaller changes ("%u" for printing unsigned integers,
module name prefix, nicer line-wrap).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 5 16:48:19 UTC 2010 on sn-devel-104
|
|
operations
- Perform only shallow copies (should be enough)
- Perform only one copy per operation (also on modifications)
- Build a new request on modify operations if needed ("modified" flag) - this
makes it look cleaner
- Fix an important bug: the "el" pointers could have changed after
modifications. Therefore we have to refresh them on the FLAG_DELETE checks
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 5 09:24:57 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
Let us do the distinction by real use and provision by the RELAX flag
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified
and the parent is renamed.
To be able to do this we also need to relax the constraint checks (using the
"isDeleted" proof).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The deleted objects (tombstones, recycled & deleted objects) are handled by
"repl_meta_data".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is what Windows does
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
A typo prevented the right behaviour.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
we need to ensure we only ever compare USNs from the same originating
invocation ID.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Oct 2 01:45:19 UTC 2010 on sn-devel-104
|
|
we could use old_el after the base message had been re allocated, due
to adding timestamps. We need to re-find the element before using it
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It is more useful to fail the transaction and give the user an error
message than to assert when we have an error in the repl_meta_data
module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
|
|
If we don't we could show an old, incrorrect error
|
|
|
|
|
|
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
|
|
It is currently enabled only if the request comes from the LDAP server, and is
disabled by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
|
|
againts Windows
These tests will fail in make test as well if the acl_read module is enabled.
|
|
Similar to dsdb_check_access_on_dn, only it searches by guid.
|
|
We need these to be accessible to the aclread module as well.
|
|
|
|
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
|
|
connections
|
|
|
|
this allows you to call dsdb_req_chain_debug() in gdb or when writing
debug code to see the request chain
|
|
we don't want a refsFrom on the Rid Manage$ DN
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
|
|
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.
Andrew Bartlett
|
|
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.
Andrew Bartlett
|
|
be casefolded correctly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
"show_deleted" LDB module
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|