summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-08-17s4:password_hash LDB module - perform the adaptions to understand the new ↵Matthias Dieter Wallnöfer1-8/+26
password change control
2010-08-17s4:acl LDB module - support password changes over the ↵Matthias Dieter Wallnöfer1-1/+15
DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set".
2010-08-17s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵Matthias Dieter Wallnöfer1-0/+5
control This contains the NT and/or LM hash of the password specified by the user.
2010-08-17s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer3-10/+9
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-08-17s4-tests: Added tests for acl checks on search requestsNadezhda Ivanova1-0/+218
2010-08-17s4-dsdb: check the type of session_info from the opaqueAndrew Tridgell1-2/+2
we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNTAndrew Tridgell1-2/+9
when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: cope with cracknames of form dnsdomain\accountAndrew Tridgell1-2/+8
this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumberAndrew Tridgell1-1/+8
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the range allowed by the schema (the schema has rangeLower==rangeUpper==65536). We need to mark this element as being internally generated to avoid the range checks Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATIONAndrew Tridgell1-7/+9
When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell5-18/+18
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA addAndrew Tridgell1-1/+24
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-1/+1
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-0/+69
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-16s4:samdb_set_password_sid - fix commentMatthias Dieter Wallnöfer1-1/+2
Add more possible result NTSTATUS codes
2010-08-15s4:samdb_set_password - fix formattingMatthias Dieter Wallnöfer1-1/+2
(Sorry, I've overseen this)
2010-08-15s4:passwords.py - proof the most important extended error codesMatthias Dieter Wallnöfer1-8/+17
2010-08-15s4:samdb_set_password - implement the extended LDAP error code detectionMatthias Dieter Wallnöfer1-9/+17
2010-08-15s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵Matthias Dieter Wallnöfer1-43/+72
important failure cases
2010-08-15s4:password_hash LDB module - support this new password set syntaxMatthias Dieter Wallnöfer1-2/+10
2010-08-15s4:passwords.py - another special password testMatthias Dieter Wallnöfer1-3/+23
This looks like a password change but it's rather a password set operation.
2010-08-15s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵Matthias Dieter Wallnöfer1-10/+1
on password change operations This is to match the SAMR password change behaviour.
2010-08-15s4:subtree_rename.c - relax the checks when requestedMatthias Dieter Wallnöfer1-0/+5
(Needed by upgradeprovision for example)
2010-08-14s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵Matthias Dieter Wallnöfer1-0/+2
account doesn't exist This is for the (SAMR) account detection protection mechanism.
2010-08-14s4:password_hash LDB module - improve an error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-14s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵Matthias Dieter Wallnöfer1-5/+16
passwords Sooner or later this module should take over all password change actions.
2010-08-14s4:password_hash LDB module - fix wrong error codesMatthias Dieter Wallnöfer1-4/+4
To match the passwords.py test
2010-08-14s4:passwords.py - test the error code when there doesn't exist any password yetMatthias Dieter Wallnöfer1-4/+24
After the creation of a user object we don't have any password yet.
2010-08-14s4:passwords.py - perform testing of wrong old passwords on change operationsMatthias Dieter Wallnöfer1-0/+44
2010-08-11s4-dsdb: fix attributes_by_msDS_IntId index sortingKamen Mazdrashki1-1/+5
2010-08-10s4:objectclass LDB module - weak the check for the "rIDSet" delete constraintMatthias Dieter Wallnöfer1-8/+10
Perform it only when a "rIDSet" does exist. Requested by ekacnet for "upgradeprovision".
2010-08-10s4:dsdb/common/util.c - provide a call which returns the forest function levelMatthias Dieter Wallnöfer1-2/+15
Sooner or later we'll need this too since not all operations depend only on the current's domain function level (see the MS-ADTS docs).
2010-08-10s4:dsdb/common/util.c - use LDB constants whenever possibleMatthias Dieter Wallnöfer1-8/+8
2010-08-07s4:kcc_connection.c - fix typo in error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-07s4:ldap.py - comment a test part which fails with another error code on WindowsMatthias Dieter Wallnöfer1-5/+6
2010-08-07s4:ldap.py - test the new "systemFlags" constraintMatthias Dieter Wallnöfer1-1/+11
2010-08-07s4:objectclass LDB module - "add operation" - enhance and clean the ↵Matthias Dieter Wallnöfer1-8/+20
"systemFlags" section Also here we have to test for single-valueness.
2010-08-07s4:ldap.py - test for an invalid "objectCategory" attributeMatthias Dieter Wallnöfer1-0/+10
2010-08-07s4:objectclass LDB module - "add operation" - implement "objectCategory" ↵Matthias Dieter Wallnöfer1-5/+34
validation
2010-08-07s4:ldap.py - proof for the impossibility to add a LSA-specific object over LDAPMatthias Dieter Wallnöfer1-0/+11
2010-08-07s4:urgent_replication.py - relax also here the add of a secrets objectMatthias Dieter Wallnöfer1-2/+1
2010-08-07s4:dsdb/common/util.c - add a function "dsdb_add"Matthias Dieter Wallnöfer1-0/+30
2010-08-07s4:objectclass LDB module - "add operation" - reject creation of LSA ↵Matthias Dieter Wallnöfer1-0/+8
specific objects (only using the RELAX flag allowed)
2010-08-07s4:objectclass LDB module - "add operation" - move two checksMatthias Dieter Wallnöfer1-17/+12
To be more consistent with the MS-ADTS doc.
2010-08-07s4:objectclass LDB module - "add operation" - deny multiple "objectclass" ↵Matthias Dieter Wallnöfer1-5/+14
message elements Requested by MS-ADTS 3.1.1.5.2.2
2010-08-07s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as possibleMatthias Dieter Wallnöfer1-4/+2
We don't need to have it around until the end of the function.
2010-08-04s4:LDB modules - remove the "kludge_acl" module codeMatthias Dieter Wallnöfer1-516/+0
Obviously this has been forgotten by Nadya.
2010-08-04s4-dsdb: Removed kludge_acl as it is no longer necessaryNadezhda Ivanova5-23/+47
Moved the access check on extended operations to acl module and removed kludge_acl
2010-08-03s4-schema: More verbose error log when subClassOf is not found in schemaKamen Mazdrashki1-1/+3
Error message show failing classSchema object but not the specific value for the failure, which makes diagnostics by log files really hard.
2010-08-03s4: fix comment typosKamen Mazdrashki1-3/+3