Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-17 | s4:password_hash LDB module - perform the adaptions to understand the new ↵ | Matthias Dieter Wallnöfer | 1 | -8/+26 | |
password change control | |||||
2010-08-17 | s4:acl LDB module - support password changes over the ↵ | Matthias Dieter Wallnöfer | 1 | -1/+15 | |
DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set". | |||||
2010-08-17 | s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵ | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
control This contains the NT and/or LM hash of the password specified by the user. | |||||
2010-08-17 | s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" | Matthias Dieter Wallnöfer | 3 | -10/+9 | |
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash. | |||||
2010-08-17 | s4-tests: Added tests for acl checks on search requests | Nadezhda Ivanova | 1 | -0/+218 | |
2010-08-17 | s4-dsdb: check the type of session_info from the opaque | Andrew Tridgell | 1 | -2/+2 | |
we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNT | Andrew Tridgell | 1 | -2/+9 | |
when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: cope with cracknames of form dnsdomain\account | Andrew Tridgell | 1 | -2/+8 | |
this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumber | Andrew Tridgell | 1 | -1/+8 | |
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the range allowed by the schema (the schema has rangeLower==rangeUpper==65536). We need to mark this element as being internally generated to avoid the range checks Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATION | Andrew Tridgell | 1 | -7/+9 | |
When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages | Andrew Tridgell | 5 | -18/+18 | |
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add | Andrew Tridgell | 1 | -1/+24 | |
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OID | Andrew Tridgell | 1 | -1/+1 | |
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success | |||||
2010-08-17 | s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OID | Andrew Tridgell | 1 | -0/+69 | |
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-16 | s4:samdb_set_password_sid - fix comment | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
Add more possible result NTSTATUS codes | |||||
2010-08-15 | s4:samdb_set_password - fix formatting | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
(Sorry, I've overseen this) | |||||
2010-08-15 | s4:passwords.py - proof the most important extended error codes | Matthias Dieter Wallnöfer | 1 | -8/+17 | |
2010-08-15 | s4:samdb_set_password - implement the extended LDAP error code detection | Matthias Dieter Wallnöfer | 1 | -9/+17 | |
2010-08-15 | s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵ | Matthias Dieter Wallnöfer | 1 | -43/+72 | |
important failure cases | |||||
2010-08-15 | s4:password_hash LDB module - support this new password set syntax | Matthias Dieter Wallnöfer | 1 | -2/+10 | |
2010-08-15 | s4:passwords.py - another special password test | Matthias Dieter Wallnöfer | 1 | -3/+23 | |
This looks like a password change but it's rather a password set operation. | |||||
2010-08-15 | s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵ | Matthias Dieter Wallnöfer | 1 | -10/+1 | |
on password change operations This is to match the SAMR password change behaviour. | |||||
2010-08-15 | s4:subtree_rename.c - relax the checks when requested | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
(Needed by upgradeprovision for example) | |||||
2010-08-14 | s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵ | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
account doesn't exist This is for the (SAMR) account detection protection mechanism. | |||||
2010-08-14 | s4:password_hash LDB module - improve an error message | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-08-14 | s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵ | Matthias Dieter Wallnöfer | 1 | -5/+16 | |
passwords Sooner or later this module should take over all password change actions. | |||||
2010-08-14 | s4:password_hash LDB module - fix wrong error codes | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
To match the passwords.py test | |||||
2010-08-14 | s4:passwords.py - test the error code when there doesn't exist any password yet | Matthias Dieter Wallnöfer | 1 | -4/+24 | |
After the creation of a user object we don't have any password yet. | |||||
2010-08-14 | s4:passwords.py - perform testing of wrong old passwords on change operations | Matthias Dieter Wallnöfer | 1 | -0/+44 | |
2010-08-11 | s4-dsdb: fix attributes_by_msDS_IntId index sorting | Kamen Mazdrashki | 1 | -1/+5 | |
2010-08-10 | s4:objectclass LDB module - weak the check for the "rIDSet" delete constraint | Matthias Dieter Wallnöfer | 1 | -8/+10 | |
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision". | |||||
2010-08-10 | s4:dsdb/common/util.c - provide a call which returns the forest function level | Matthias Dieter Wallnöfer | 1 | -2/+15 | |
Sooner or later we'll need this too since not all operations depend only on the current's domain function level (see the MS-ADTS docs). | |||||
2010-08-10 | s4:dsdb/common/util.c - use LDB constants whenever possible | Matthias Dieter Wallnöfer | 1 | -8/+8 | |
2010-08-07 | s4:kcc_connection.c - fix typo in error message | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-08-07 | s4:ldap.py - comment a test part which fails with another error code on Windows | Matthias Dieter Wallnöfer | 1 | -5/+6 | |
2010-08-07 | s4:ldap.py - test the new "systemFlags" constraint | Matthias Dieter Wallnöfer | 1 | -1/+11 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - enhance and clean the ↵ | Matthias Dieter Wallnöfer | 1 | -8/+20 | |
"systemFlags" section Also here we have to test for single-valueness. | |||||
2010-08-07 | s4:ldap.py - test for an invalid "objectCategory" attribute | Matthias Dieter Wallnöfer | 1 | -0/+10 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+34 | |
validation | |||||
2010-08-07 | s4:ldap.py - proof for the impossibility to add a LSA-specific object over LDAP | Matthias Dieter Wallnöfer | 1 | -0/+11 | |
2010-08-07 | s4:urgent_replication.py - relax also here the add of a secrets object | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-08-07 | s4:dsdb/common/util.c - add a function "dsdb_add" | Matthias Dieter Wallnöfer | 1 | -0/+30 | |
2010-08-07 | s4:objectclass LDB module - "add operation" - reject creation of LSA ↵ | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
specific objects (only using the RELAX flag allowed) | |||||
2010-08-07 | s4:objectclass LDB module - "add operation" - move two checks | Matthias Dieter Wallnöfer | 1 | -17/+12 | |
To be more consistent with the MS-ADTS doc. | |||||
2010-08-07 | s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+14 | |
message elements Requested by MS-ADTS 3.1.1.5.2.2 | |||||
2010-08-07 | s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possible | Matthias Dieter Wallnöfer | 1 | -4/+2 | |
We don't need to have it around until the end of the function. | |||||
2010-08-04 | s4:LDB modules - remove the "kludge_acl" module code | Matthias Dieter Wallnöfer | 1 | -516/+0 | |
Obviously this has been forgotten by Nadya. | |||||
2010-08-04 | s4-dsdb: Removed kludge_acl as it is no longer necessary | Nadezhda Ivanova | 5 | -23/+47 | |
Moved the access check on extended operations to acl module and removed kludge_acl | |||||
2010-08-03 | s4-schema: More verbose error log when subClassOf is not found in schema | Kamen Mazdrashki | 1 | -1/+3 | |
Error message show failing classSchema object but not the specific value for the failure, which makes diagnostics by log files really hard. | |||||
2010-08-03 | s4: fix comment typos | Kamen Mazdrashki | 1 | -3/+3 | |