Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-29 | s4-drepl: fixed the checking of replica_flags in the drepl server | Andrew Tridgell | 1 | -7/+0 | |
we were incorrectly avoiding a getncchanges when WRIT_REP was not set Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-29 | s4-kcc: fixed the replica_flags in repsFrom in the kcc | Andrew Tridgell | 1 | -31/+72 | |
if our calculated replica_flags doesn't match the ones in our repsFrom then update it Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-29 | s4-samldb: also set a password on the krbtgt_NNNN account | Andrew Tridgell | 1 | -0/+11 | |
when we setup the krbtgt_NNNN account using the DCPROMO_OID control, we also need to set an initial password for this account Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-29 | s4-rodc: RODC should not accept requests for role transfer | Nadezhda Ivanova | 1 | -0/+12 | |
A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP | |||||
2010-09-28 | s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c | Andrew Tridgell | 1 | -0/+42 | |
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier | |||||
2010-09-28 | s4-dsdb: adapted check_access_on_dn for use in drs. | Nadezhda Ivanova | 1 | -9/+10 | |
2010-09-29 | s4-dsdb Add ldb_reset_err_string() when we set error codes. | Andrew Bartlett | 2 | -0/+4 | |
If we don't we could show an old, incrorrect error | |||||
2010-09-29 | s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY | Andrew Bartlett | 1 | -7/+8 | |
This simplifies the function. While doing so, also change the error string setting to set a really clear error string for the failure to find and failure to parse cases. Andrew Bartlett | |||||
2010-09-29 | s4-dsdb Fix segfault in error case in rootdse module | Andrew Bartlett | 1 | -1/+4 | |
2010-09-27 | s4-dns: implemented RODC DNS update in dns update task | Andrew Tridgell | 1 | -0/+199 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-27 | s4-ldb: removed an unused variable | Andrew Tridgell | 1 | -1/+0 | |
2010-09-27 | s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs | Andrew Tridgell | 1 | -1/+1 | |
2010-09-27 | s4-dsdb: added samdb_find_site_for_computer() and ↵ | Andrew Tridgell | 1 | -0/+57 | |
samdb_find_ntdsguid_for_computer() these will be used by the new RODC dns update code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-27 | s4-kcc: don't print "Testing kcctpl_create_intersite_connections" | Andrew Tridgell | 1 | -1/+1 | |
log level 0 is excessive for this! | |||||
2010-09-27 | s4-ldb: Added ldb_request_replace_control | Nadezhda Ivanova | 1 | -1/+1 | |
It is the same as ldb_request_add_control, except it will replace an existing control. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-ldbmodules: Added new module aclread to handle access checks on LDAP search | Nadezhda Ivanova | 4 | -0/+327 | |
It is currently enabled only if the request comes from the LDAP server, and is disabled by default. Use acl:search=true in smb.conf to enable it. It filters out all objects the user is not allowed to see, and all attributes the user does not have RP on. Extended access not supported yet. | |||||
2010-09-26 | s4-tests: Added tests for search checks on attributes | Nadezhda Ivanova | 1 | -5/+100 | |
The ACL reach tests are in the knowfail because aclread module is not enabled by default | |||||
2010-09-26 | s4-tests: Removed search tests with anonymous credentials as they fail ↵ | Nadezhda Ivanova | 1 | -1/+1 | |
againts Windows These tests will fail in make test as well if the acl_read module is enabled. | |||||
2010-09-26 | s4-dsdb: Added a function to check access on a particular object by its guid | Nadezhda Ivanova | 1 | -0/+37 | |
Similar to dsdb_check_access_on_dn, only it searches by guid. | |||||
2010-09-26 | s4-dsdb: A helper to determine if an attribute is part of the search filter | Nadezhda Ivanova | 1 | -0/+46 | |
2010-09-26 | s4-dsdb: Moved some helper functions to a separate file | Nadezhda Ivanova | 5 | -222/+260 | |
We need these to be accessible to the aclread module as well. | |||||
2010-09-26 | s4-ldap: Added a control to apply the access checks on read via LDAP | Nadezhda Ivanova | 1 | -0/+3 | |
2010-09-26 | s4-auth: fixed the SID list for DCs in the PAC | Andrew Tridgell | 1 | -10/+0 | |
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -1/+7 | |
connections | |||||
2010-09-26 | s4-sec_descriptor.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -1/+9 | |
connections | |||||
2010-09-26 | s4-ldap_schema.py: Remove unused LDB connection to GC port | Kamen Mazdrashki | 1 | -5/+0 | |
2010-09-26 | s4-dsdb_schema_info.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -6/+7 | |
connections | |||||
2010-09-25 | ldb: mark the location of a lot more ldb requests | Andrew Tridgell | 28 | -15/+109 | |
2010-09-25 | s4-dsdb: added tagging of requests in dsdb modules | Andrew Tridgell | 8 | -0/+30 | |
this allows you to call dsdb_req_chain_debug() in gdb or when writing debug code to see the request chain | |||||
2010-09-25 | s4-repl: don't store repsFrom on DNs other than NC heads | Andrew Tridgell | 1 | -0/+9 | |
we don't want a refsFrom on the Rid Manage$ DN Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-25 | s4-repl: use namingContexts from rootDSE to initialise partition list | Andrew Tridgell | 1 | -53/+36 | |
this is preferable to looking for the hasMasterNCs attribute on nTDSDSA objects. | |||||
2010-09-25 | s4-repl: force on WRIT_REP when we are a writable replica | Andrew Tridgell | 1 | -4/+3 | |
this ensures we always mark ourselves as writeable when we are not an RODC | |||||
2010-09-25 | s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsa | Andrew Tridgell | 1 | -5/+6 | |
this avoids a list walk in the calling code | |||||
2010-09-25 | s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn. | Nadezhda Ivanova | 1 | -1/+1 | |
2010-09-24 | s4-kerberos Rework keytab handling to export servicePrincipalName entries | Andrew Bartlett | 1 | -2/+6 | |
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett | |||||
2010-09-24 | s4-kerberos Move 'set key into keytab' code out of credentials. | Andrew Bartlett | 1 | -31/+23 | |
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett | |||||
2010-09-24 | s4:repl_meta_data - also on delete operations the new RDN attribute has to ↵ | Matthias Dieter Wallnöfer | 1 | -1/+10 | |
be casefolded correctly Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:lazy_commit LDB module - the "show_deleted" control is initialised by the ↵ | Matthias Dieter Wallnöfer | 1 | -17/+0 | |
"show_deleted" LDB module Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - make use of "dsdb_forest_functional_level" | Matthias Dieter Wallnöfer | 1 | -3/+2 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:ldap.py - add tests for the "dsServiceName", "serverName", "dnsHostName" ↵ | Matthias Dieter Wallnöfer | 1 | -0/+34 | |
and "ldapServiceName" rootDSE attributes Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - introduce dynamic "ldapServiceName" | Matthias Dieter Wallnöfer | 1 | -0/+25 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - introduce dynamic "dnsHostName" attribute | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - make "serverName" dynamic | Matthias Dieter Wallnöfer | 1 | -0/+7 | |
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a simple way since it's already needed on LDB initialisation time. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - remove "priv" checks where not needed | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:rootdse LDB module - better that the "edn" control handling is done last | Matthias Dieter Wallnöfer | 1 | -20/+20 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:samldb LDB module - it isn't allowed to create user/computer accounts ↵ | Matthias Dieter Wallnöfer | 2 | -10/+13 | |
with a primary group specified It can only be changed afterwards. We allow a "relax"ed exception for the provision state since we need this for the guest account. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:dsdb/common/util_samr.c - remove the primary group specifications | Matthias Dieter Wallnöfer | 1 | -4/+0 | |
Now also the primary group detection/change on modify operations does work Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:ldap.py - test default primary groups on modify operations | Matthias Dieter Wallnöfer | 1 | -0/+70 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:samldb LDB module - support the "userAccountControl" -> "primaryGroupID" ↵ | Matthias Dieter Wallnöfer | 1 | -16/+11 | |
detection also on modify operations Also requested by MS-SAMR 3.1.1.8.1. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:ldap.py - enhance SAM user/groups behaviour test regarding default ↵ | Matthias Dieter Wallnöfer | 1 | -5/+34 | |
primary groups Signed-off-by: Andrew Bartlett <abartlet@samba.org> |