Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-25 | s4-repl: load RODC partitions using msDS-hasFullReplicaNCs | Andrew Tridgell | 2 | -4/+28 | |
we mark these as incoming_only Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-25 | s4-dsdb: make more of the UF_* flags available on pydsdb | Andrew Tridgell | 1 | -0/+28 | |
this really should be moved to IDL | |||||
2010-08-25 | s4-dsdb: add more DS flags to the dsdb module | Andrew Tridgell | 1 | -0/+15 | |
These are from libds/common/flags.h Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-25 | s4-dsdb: added get_attid_from_lDAPDisplayName() on samdb | Andrew Tridgell | 1 | -0/+46 | |
This can be used to form the partial_attribute_set list for GetNCChanges Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 5 | -29/+26 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-20 | s4-dsdb: the RODC_JOIN control also changes samAccountName | Andrew Tridgell | 1 | -9/+13 | |
when adding a user with the RODC_JOIN control, the samAccountName is automatically set to the krbtgt_NNNNN form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-20 | s4-dsdb: fixed dsdb_get_extended_dn_sid() | Andrew Tridgell | 1 | -1/+1 | |
it should honor the component_name Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-20 | s4-drs: implement RODC attribute filtering override | Andrew Tridgell | 1 | -15/+29 | |
When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-19 | s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if ↵ | Kamen Mazdrashki | 1 | -2/+2 | |
it exists | |||||
2010-08-19 | s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be public | Kamen Mazdrashki | 1 | -3/+3 | |
It is intended to be used in schema_syntax.c module | |||||
2010-08-19 | s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema object | Kamen Mazdrashki | 2 | -14/+55 | |
in case object replicated is not in Schema NC and attributeSchema object has msDs-IntId attribute value set | |||||
2010-08-19 | s4: fix few comment typos | Kamen Mazdrashki | 2 | -3/+3 | |
2010-08-19 | s4-schema_syntax.c: Fix white spaces and alignment | Kamen Mazdrashki | 1 | -55/+56 | |
2010-08-19 | s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functions | Kamen Mazdrashki | 4 | -57/+45 | |
2010-08-19 | s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functions | Kamen Mazdrashki | 4 | -55/+47 | |
2010-08-19 | s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functions | Kamen Mazdrashki | 3 | -62/+41 | |
2010-08-19 | s4-dsdb: Add context structure for dsdb_syntax conversion functions | Kamen Mazdrashki | 2 | -0/+19 | |
This structure is intended to hold context-dependent data. Syntax-conversion and object-conversion functions need that data to convert objects and attributes from drs-to-ldb and ldb-to-drs correctly. For instance: ATTID value depends on whether we are converting object from partition different that Schema partition. | |||||
2010-08-18 | s4:auth Change {anonymous,system}_session to use common session_info generation | Andrew Bartlett | 1 | -2/+4 | |
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett | |||||
2010-08-18 | s4:auth Remove system_session_anon() from python bindings | Andrew Bartlett | 1 | -2/+1 | |
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 3 | -6/+6 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-17 | s4:samdb_set_password/samdb_set_password_sid - make more arguments "const" | Matthias Dieter Wallnöfer | 1 | -5/+5 | |
2010-08-17 | s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support ↵ | Matthias Dieter Wallnöfer | 1 | -13/+27 | |
the password change control And introduce parameters to pass the old password hashes. | |||||
2010-08-17 | s4:password_hash LDB module - perform the adaptions to understand the new ↵ | Matthias Dieter Wallnöfer | 1 | -8/+26 | |
password change control | |||||
2010-08-17 | s4:acl LDB module - support password changes over the ↵ | Matthias Dieter Wallnöfer | 1 | -1/+15 | |
DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set". | |||||
2010-08-17 | s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵ | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
control This contains the NT and/or LM hash of the password specified by the user. | |||||
2010-08-17 | s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" | Matthias Dieter Wallnöfer | 3 | -10/+9 | |
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash. | |||||
2010-08-17 | s4-tests: Added tests for acl checks on search requests | Nadezhda Ivanova | 1 | -0/+218 | |
2010-08-17 | s4-dsdb: check the type of session_info from the opaque | Andrew Tridgell | 1 | -2/+2 | |
we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNT | Andrew Tridgell | 1 | -2/+9 | |
when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: cope with cracknames of form dnsdomain\account | Andrew Tridgell | 1 | -2/+8 | |
this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumber | Andrew Tridgell | 1 | -1/+8 | |
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the range allowed by the schema (the schema has rangeLower==rangeUpper==65536). We need to mark this element as being internally generated to avoid the range checks Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATION | Andrew Tridgell | 1 | -7/+9 | |
When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages | Andrew Tridgell | 5 | -18/+18 | |
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add | Andrew Tridgell | 1 | -1/+24 | |
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OID | Andrew Tridgell | 1 | -1/+1 | |
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success | |||||
2010-08-17 | s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OID | Andrew Tridgell | 1 | -0/+69 | |
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-16 | s4:samdb_set_password_sid - fix comment | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
Add more possible result NTSTATUS codes | |||||
2010-08-15 | s4:samdb_set_password - fix formatting | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
(Sorry, I've overseen this) | |||||
2010-08-15 | s4:passwords.py - proof the most important extended error codes | Matthias Dieter Wallnöfer | 1 | -8/+17 | |
2010-08-15 | s4:samdb_set_password - implement the extended LDAP error code detection | Matthias Dieter Wallnöfer | 1 | -9/+17 | |
2010-08-15 | s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵ | Matthias Dieter Wallnöfer | 1 | -43/+72 | |
important failure cases | |||||
2010-08-15 | s4:password_hash LDB module - support this new password set syntax | Matthias Dieter Wallnöfer | 1 | -2/+10 | |
2010-08-15 | s4:passwords.py - another special password test | Matthias Dieter Wallnöfer | 1 | -3/+23 | |
This looks like a password change but it's rather a password set operation. | |||||
2010-08-15 | s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵ | Matthias Dieter Wallnöfer | 1 | -10/+1 | |
on password change operations This is to match the SAMR password change behaviour. | |||||
2010-08-15 | s4:subtree_rename.c - relax the checks when requested | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
(Needed by upgradeprovision for example) | |||||
2010-08-14 | s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵ | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
account doesn't exist This is for the (SAMR) account detection protection mechanism. | |||||
2010-08-14 | s4:password_hash LDB module - improve an error message | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-08-14 | s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵ | Matthias Dieter Wallnöfer | 1 | -5/+16 | |
passwords Sooner or later this module should take over all password change actions. | |||||
2010-08-14 | s4:password_hash LDB module - fix wrong error codes | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
To match the passwords.py test | |||||
2010-08-14 | s4:passwords.py - test the error code when there doesn't exist any password yet | Matthias Dieter Wallnöfer | 1 | -4/+24 | |
After the creation of a user object we don't have any password yet. |