Age | Commit message (Collapse) | Author | Files | Lines |
|
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
|
|
"construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
|
|
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
|
|
metze
|
|
metze
|
|
metze
|
|
|
|
ldb_dn_extended_filter() removes all but the listed components,
I didn't noticed that when writting the code.
Doing a ldb_dn_remove_extended_components(dn2) is wrong.
This was hidden by some bugs in the ldb_dn code.
metze
|
|
This allows commands with multiple arguments and quoting to be used,
while still avoiding running a shell (and this having shell expansion
problems)
|
|
when the ntds objects were moved by a recent change it broke the
calculation of the server site
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is a first, very basic implementation of the referrals (more informations
at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12).
To have the full referral support (and to always point to the right host) the
full implementation using DNS will be needed (at the moment we always point to
the main DC which is referenceable through the DNS domainname).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The domain scope control is always removed, from the search one only the two
interesting flags (which are handled) and it is marked as non-critical.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
They don't cause any harm to our functionality - so ignore them were not needed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
|
|
msDS-IntId attribute should be replicated, so it must be
implemented in a module that is before repl_meta_data module
(thanks abartlet for pointing this out).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This periodically calls samba_dnsupdate to update our DNS entries if
needed
|
|
|
|
|
|
For add requests we need the add request messages, for modify requests we need
the modify request messages.
|
|
Always better to rely on the standards rather than on custom results.
|
|
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
|
|
Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl
The get_info_obj_metadata implementation is ported from implementation
i developed and tested at the samba io lab 2009
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
In a single record search, LDB_ERR_CONSTRAINT_VIOLATION is more useful
than the generic LDB_ERR_OPERATIONS_ERROR
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
greatly simplifies some of the cracknames code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Use dsdb_search() instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
dsdb_find_dn_by_guid() now takes a struct GUID instead of a
guid_string. All the callers in fact wanted a struct GUID, so we now
avoid the extra conversion.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
much simpler code by using dsdb_flags
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
dsdb_flags
Allows for arbitrary controls
|
|
This allows for controls to be added easily where they are needed.
|
|
|
|
This will be used to allow the flag based ldb functions to work on
both a ldb or a module, thus saving a lot of specialist functions.
|
|
|
|
Implements the DS_REPL_INFO_REPSTO infoType of DsReplGetInfo().
|
|
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
this patch contains the data structures declarations and the functions to
setup the graph.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
When updating replPropertyMetaData, check if the value being stored is
the same as the current value, and skip the update if it is.
This is based on a patch by Fernando J V da Silva <fernandojvsilva@yahoo.com.br>
|
|
It fixes the bug which causes an urgent replication to be enabled
incorrectly when an object is modified, but it should happen only
when it was created. This patch also fixes the bug that enable an
urgent replication when an object is deleted, but it should happen
only when it was modified and fixes the bug that does not enable
an urgent replication when an object is deleted and it should happen
only when it is deleted (not when it is modified).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will be used in the drsuapi server
|
|
I wonder why nobody noticed this since for sure this "tombstone" functionality
was broken till now.
|
|
|
|
|
|
If the dns update file doesn't need updating we need to delete the tmp
file
|