| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The problem here is that these attributes are not mapped in the
simple_ldap_map, and they were changed a while back.
Andrew Bartlett
|
|
This helps us ensure that the backend knows about and respects the
dereference control if our caller has asked that the extended DN control
be considered critical.
Andrew Bartlett
|
|
The schema should be considered read-only when we are using the OL
backend, as we can't update the backend schema in real time anyway.
Andrew Bartlett
|
|
|
|
internal cache
This IRPC calls is to be used whenever repsFrom/repsTo are
changed by administrative tool or KCC (i.e. Topology changes).
At present, only KCC may change topology.
|
|
replications
|
|
At present we only support v1 structures (Win2k3 and earlier),
so it is good to make it obvious.
In case we start supporting v2 we will be able to notice this
function should be refactored right away
|
|
|
|
|
|
|
|
stack
Also a function to check dsHeuristics value to determine of anonymous access should be blocked
|
|
we mark these as incoming_only
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this really should be moved to IDL
|
|
These are from libds/common/flags.h
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This can be used to form the partial_attribute_set list for
GetNCChanges
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
|
|
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
it should honor the component_name
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
it exists
|
|
It is intended to be used in schema_syntax.c module
|
|
in case object replicated is not in Schema NC and attributeSchema
object has msDs-IntId attribute value set
|
|
|
|
|
|
|
|
|
|
|
|
This structure is intended to hold context-dependent data.
Syntax-conversion and object-conversion functions need
that data to convert objects and attributes from drs-to-ldb
and ldb-to-drs correctly.
For instance: ATTID value depends on whether we are converting
object from partition different that Schema partition.
|
|
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
|
|
|
|
This makes the structure more like Samba3's NT_USER_TOKEN
|
|
|
|
the password change control
And introduce parameters to pass the old password hashes.
|
|
password change control
|
|
DSDB_CONTROL_PASSWORD_CHANGE_OID control
This control is used from the SAMR and "kpasswd" password changes. It is
strictly private and means "this is a password change and not a password set".
|
|
control
This contains the NT and/or LM hash of the password specified by the user.
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
|
|
we saw a crash with a bad pointer here, and this may help track it
down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is used by w2k8r2 when doing a RODC dcpromo
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control disables the system only check for nTDSDSA add operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Add more possible result NTSTATUS codes
|
|
(Sorry, I've overseen this)
|
|
|
