Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-01 | s4: check the sacl and dacl pointers on the old sd | Anatoliy Atanasov | 1 | -2/+2 | |
2010-06-01 | s4-cracknames: Fix typo in debug message. | Karolin Seeger | 1 | -1/+1 | |
Karolin | |||||
2010-05-31 | s4:samldb LDB module - start on a sequential trigger implementation | Matthias Dieter Wallnöfer | 1 | -10/+26 | |
This is a start to allow the triggers to be called sequentially. | |||||
2010-05-30 | s4:samldb LDB module - deny delete operations on some important attributes | Matthias Dieter Wallnöfer | 1 | -3/+12 | |
Add operations are denied since these are single-valued - only replace is allowed. This is only provisorily at the moment - we need to implement the triggers specified in MS-ADTS. | |||||
2010-05-30 | s4:samldb LDB module - rework the group change code to be again synchronous | Matthias Dieter Wallnöfer | 1 | -309/+71 | |
2010-05-30 | s4:dsdb/samdb/ldb_modules/util.c - make sure to always free temporary data | Matthias Dieter Wallnöfer | 1 | -1/+6 | |
2010-05-30 | s4:dsdb_module_search_dn - add code to handle NULL format string | Matthias Dieter Wallnöfer | 1 | -3/+13 | |
2010-05-21 | s4:libcli/ldap Rename ldap.h to libcli_ldap.h | Andrew Bartlett | 1 | -1/+0 | |
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett | |||||
2010-05-20 | s4:operational LDB module - fix warnings (missing parameters, unused variable) | Matthias Dieter Wallnöfer | 1 | -3/+5 | |
2010-05-20 | s4:auth Change auth_generate_session_info to take flags | Andrew Bartlett | 2 | -25/+56 | |
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett | |||||
2010-05-20 | s4:auth Add dependency from the operational module onto auth | Andrew Bartlett | 2 | -2/+5 | |
We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett | |||||
2010-05-20 | s4:auth Allow the operational module to get a user's tokenGroups from auth | Andrew Bartlett | 3 | -82/+68 | |
This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett | |||||
2010-05-20 | s4:auth Move BUILTIN group addition into session.c | Andrew Bartlett | 1 | -2/+9 | |
The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett | |||||
2010-05-20 | s4:dsdb disable tokenGroups until end of rewrite | Andrew Bartlett | 1 | -1/+2 | |
I need to change the functions this calls Andrew Bartlett | |||||
2010-05-19 | s4/metadata: fix whitespaces | Kamen Mazdrashki | 1 | -71/+71 | |
2010-05-18 | s3: Fix some more iconv convenience usages. | Jelmer Vernooij | 1 | -1/+1 | |
2010-05-18 | Remove more usages of iconv_convenience in files which were apparently not ↵ | Jelmer Vernooij | 1 | -3/+1 | |
recompiled by waf. | |||||
2010-05-18 | Finish removal of iconv_convenience in public API's. | Jelmer Vernooij | 8 | -47/+18 | |
2010-05-14 | s4:repl_meta_data LDB module - fix counter types | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-14 | s4:dsdb_cache LDB module - fix a typo | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-14 | s4:samldb LDB module - remove unused variables | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-05-11 | Revert "s4:password_hash LDB module - don't break the provision" | Stefan Metzmacher | 1 | -3/+0 | |
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze | |||||
2010-05-11 | Revert "s4:password hash LDB module - check that password hashes are != NULL ↵ | Stefan Metzmacher | 1 | -10/+6 | |
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze | |||||
2010-05-11 | s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵ | Stefan Metzmacher | 1 | -2/+2 | |
it's given Sorry, I removed this logic while cleaning up indentation levels... metze | |||||
2010-05-10 | s4:password_hash LDB module - we might not have a cleartext password at all | Matthias Dieter Wallnöfer | 1 | -26/+29 | |
When we don't have the cleartext of the new password then don't check it using "samdb_check_password". | |||||
2010-05-10 | s4:password_hash LDB module - quiet a warning | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-10 | s4:password hash LDB module - check that password hashes are != NULL before ↵ | Matthias Dieter Wallnöfer | 1 | -6/+10 | |
copying them | |||||
2010-05-10 | s4:password_hash LDB module - don't break the provision | Matthias Dieter Wallnöfer | 1 | -0/+3 | |
This is to don't break the provision process at the moment. We need to find a better solution. | |||||
2010-05-10 | s4:password_hash - Implement password restrictions | Stefan Metzmacher | 1 | -0/+195 | |
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze | |||||
2010-05-10 | s4:password_hash - Rework to handle password changes | Matthias Dieter Wallnöfer | 1 | -138/+450 | |
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5) | |||||
2010-05-10 | s4:password_hash - Rework unique value checks | Matthias Dieter Wallnöfer | 1 | -49/+71 | |
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py". | |||||
2010-05-10 | s4:password_hash - Various (mostly cosmetic) prework | Matthias Dieter Wallnöfer | 1 | -176/+240 | |
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values | |||||
2010-05-10 | s4:dsdb: add new controls | Matthias Dieter Wallnöfer | 1 | -0/+21 | |
- Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password | |||||
2010-05-10 | s4:acl ldb module - fix typos | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-05-09 | s4:samldb LDB module - make "samldb_member_check" synchronous again | Matthias Dieter Wallnöfer | 1 | -64/+33 | |
2010-05-09 | s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous again | Matthias Dieter Wallnöfer | 1 | -235/+24 | |
2010-05-09 | s4:samldb LDB module - update the copyright notice | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-09 | dsdb/password_hash: remove usage of msDs-KeyVersionNumber | Stefan Metzmacher | 1 | -37/+1 | |
metze | |||||
2010-05-09 | s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumber | Andrew Bartlett | 1 | -10/+76 | |
This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett | |||||
2010-05-04 | s4/rodc: Support read-only database | Anatoliy Atanasov | 4 | -13/+75 | |
Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client. | |||||
2010-05-04 | s4/rodc: Fix the callbacks up the stack to handle referrals on modify requests | Anatoliy Atanasov | 6 | -0/+48 | |
2010-05-03 | s4/rodc: Implement msDS-isRODC constructed attr | Anatoliy Atanasov | 1 | -1/+152 | |
2010-05-01 | s4:dsdb Fix use of memory after free in repl_meta_data | Andrew Bartlett | 1 | -7/+9 | |
The upgraded link values are were allocated on tmp_ctx, and need to be kept until they are written to the DB. If we don't give the correct context, they will be gone after the talloc_free(tmp_ctx). Found by Matthieu Patou <mat+Informatique.Samba@matws.net> Andrew Bartlett | |||||
2010-04-29 | s4/rodc: RODC FAS initial implementation | Anatoliy Atanasov | 2 | -12/+13 | |
2010-04-27 | s4-repl: these messages are common, and don't deserve debug level 1 | Andrew Tridgell | 1 | -2/+2 | |
getting older attributes is quite common | |||||
2010-04-26 | s4-ddb: don't create partitions with the UNINSTANT flag set | Andrew Tridgell | 1 | -1/+14 | |
these partitions and not on the server we are replicating from. Also check for deleted partitions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-04-26 | s4-drs: make links to foreign partitions non-fatal | Andrew Tridgell | 1 | -8/+6 | |
DN links outside the set of partitions we are replication should be allowed. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-04-22 | s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level | Andrew Tridgell | 4 | -4/+4 | |
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org> | |||||
2010-04-22 | s4-dsdb: removed an unused variable | Andrew Tridgell | 1 | -1/+0 | |
2010-04-22 | s4-dsdb: moved rodc schema validation to samldb.c | Andrew Tridgell | 2 | -33/+37 | |
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> |