Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-07-06 | s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flag | Matthias Dieter Wallnöfer | 1 | -3/+22 | |
It has to consider the "password_expires" flag to known if the "pwdLastSet" has to be updated or to be resetted. | |||||
2010-07-06 | s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag ↵ | Matthias Dieter Wallnöfer | 1 | -1/+6 | |
on level 21 Taken from the s3 server code | |||||
2010-07-05 | s4:samr RPC server - "SetUserInfo" - allow some more informations to be set | Matthias Dieter Wallnöfer | 1 | -0/+25 | |
Taken from the s3 implementation. | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour | Matthias Dieter Wallnöfer | 1 | -1/+72 | |
Behaviour as the torture SAMR passwords tests show. | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0 | Matthias Dieter Wallnöfer | 1 | -0/+9 | |
Taken from s3 | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵ | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
from s3 to s4 | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement password set level 21 | Matthias Dieter Wallnöfer | 1 | -0/+33 | |
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵ | Matthias Dieter Wallnöfer | 1 | -0/+10 | |
user password | |||||
2010-06-28 | s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
haven't activated the the lanman auth This is what s3 does. | |||||
2010-06-28 | s4:samr_password.c - add a function which sets the password through ↵ | Matthias Dieter Wallnöfer | 1 | -0/+48 | |
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21. | |||||
2010-06-22 | s4:samr RPC server - make use of LDB constants in macros | Matthias Dieter Wallnöfer | 1 | -7/+7 | |
2010-06-20 | s4:samr RPC server - fix Solaris build warning | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-06-14 | s4:SAMR server - cosmetic fix | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-06-14 | s4:SAMR server - on alias search operations do never use the domain DN as ↵ | Matthias Dieter Wallnöfer | 1 | -10/+7 | |
base dn Aliases (especially in the "builtin" domain) are often domain-independant. | |||||
2010-06-12 | s4:dcesrv_samr_GetGroupsForUser - return error code if a SID wasn't found | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
This shouldn't happen since SIDs are mandatory for security objects | |||||
2010-06-12 | s4:dcesrv_samr_QueryGroupMember/GetMembersInAlias - unify the structure | Matthias Dieter Wallnöfer | 1 | -30/+32 | |
Mostly cosmetic fixes | |||||
2010-06-12 | s4:dcesrv_samr_GetAliasMembership - provide a correct implementation | Matthias Dieter Wallnöfer | 1 | -31/+31 | |
We could also have no valid SID specified at all and also then we have to return an empty array with "NT_STATUS_OK". This shows the torture testsuite. | |||||
2010-06-12 | s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the ↵ | Matthias Dieter Wallnöfer | 1 | -4/+6 | |
database is corrupted Group/User/Alias entries do always have a SID (it's a mandatory attribute in the SAM directory)! | |||||
2010-06-12 | s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it ↵ | Matthias Dieter Wallnöfer | 1 | -1/+4 | |
wasn't found | |||||
2010-06-12 | s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo" | Matthias Dieter Wallnöfer | 1 | -14/+7 | |
2010-06-12 | s4:dcesrv_samr_QueryUserInfo - minor fixes | Matthias Dieter Wallnöfer | 1 | -1/+4 | |
Return "NT_STATUS_NO_SUCH_USER" when user account doesn't exist. | |||||
2010-06-12 | s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when ↵ | Matthias Dieter Wallnöfer | 1 | -7/+9 | |
really needed That means the allocation should move after the lookup (as it is on "QueryUserInfo"). Return "NT_STATUS_NO_SUCH_DOMAIN" on an invalid domain. | |||||
2010-06-12 | s4:dcesrv_samr_EnumDomainGroups - mostly small fixes | Matthias Dieter Wallnöfer | 1 | -3/+7 | |
2010-06-12 | s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry ↵ | Matthias Dieter Wallnöfer | 1 | -3/+0 | |
was returned | |||||
2010-06-12 | s4:dcesrv_samr_EnumDomainAliases - mostly small fixes | Matthias Dieter Wallnöfer | 1 | -7/+10 | |
The biggest change consists in the implementation of the Windows Server return size formula MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER). | |||||
2010-06-12 | s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to ↵ | Matthias Dieter Wallnöfer | 1 | -23/+28 | |
"EnumDomainGroups" and "EnumDomainAliases" That means that the lookup is now also done by "samdb_search_domain" to be more consistent. | |||||
2010-06-10 | s4:dcesrv_samr_Add/DeleteAliasMember - provide better NTSTATUS return codes ↵ | Matthias Dieter Wallnöfer | 1 | -6/+19 | |
when something didn't work | |||||
2010-06-10 | s4:dcesrv_samr_GetAliasMembership - fix type of counter variables | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-06-10 | s4:dcesrv_samr_DeleteAliasMember - add more braces to fit better the coding ↵ | Matthias Dieter Wallnöfer | 1 | -4/+6 | |
styles | |||||
2010-06-10 | s4:dcesrv_samr_AddAliasMembership - Merge the two error blocks into one | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
2010-06-10 | s4:dcesrv_samr_Add/DelGroupMember - remove the account type check | Matthias Dieter Wallnöfer | 1 | -11/+10 | |
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users. | |||||
2010-06-10 | s4:dcesrv_samr_AddGroupMember - also the error code ↵ | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
"LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS" is allowed This is returned when the group is the primary group of the specified entry. | |||||
2010-05-24 | s4:dsdb_enum_group_mem - use "unsigned" counters | Matthias Dieter Wallnöfer | 1 | -5/+3 | |
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned". | |||||
2010-05-24 | s4:samr Push most of samr_LookupRids into a helper function | Andrew Bartlett | 1 | -52/+16 | |
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Push most of samr_QueryGroupMember into a helper function | Andrew Bartlett | 1 | -80/+53 | |
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Move most of samr_CreateDomAlias into a helper function | Andrew Bartlett | 1 | -52/+8 | |
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Split most of samr_CreateDomainGroup into a helper function | Andrew Bartlett | 1 | -60/+9 | |
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Split the guts of samr_CreateUser2 into a helper function | Andrew Bartlett | 1 | -186/+8 | |
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-10 | s4:samdb_set_password/samdb_set_password_sid - Rework | Matthias Dieter Wallnöfer | 2 | -96/+21 | |
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file | |||||
2010-03-06 | s4:samr RPC - Change some counters to be "unsigned" where needed | Matthias Dieter Wallnöfer | 1 | -9/+14 | |
The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects. | |||||
2010-03-05 | s4:dcesrv_samr_AddAliasMember - wrap a long "DEBUG" statement | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-03-03 | s4:dcesrv_samr - Also "OpenGroup" needs to support universal groups | Matthias Dieter Wallnöfer | 1 | -2/+3 | |
2010-03-03 | s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" calls | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
We need to look for both global and universal group types when querying them. Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html). | |||||
2010-02-26 | s4:dcesrv_samr.c - Remove unused variable | Matthias Dieter Wallnöfer | 1 | -3/+1 | |
2010-02-16 | s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags | Andrew Tridgell | 2 | -5/+5 | |
This allows for controls to be added easily where they are needed. | |||||
2010-02-13 | s4-rpcserver: use TYPESAFE_QSORT() in rpc servers | Andrew Tridgell | 1 | -6/+4 | |
2010-01-21 | s4:rpc-server:samr: fix setting of lockout duration < lockout window | Michael Adam | 1 | -1/+22 | |
This should return NT_STATUS_INVALID_PARAMETER. This makes samba pass the first part of the samr-lockout test. This constraint is documented here for the samr server: http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates and here for the ldap backend: http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx MS-ADTS 3.1.1.5.3.2 Constraints So the check should actually be moved down into the backend, i.e. under dsdb/samdb/ldb_modules - TODO.. Michael | |||||
2010-01-14 | s4:SAMR RPC - Fix the criteria for group searches | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
This should match the MS-SAMR documentation (section 3.1.5.5.1.1) | |||||
2009-12-04 | s4-drsutil: fixed a memory leak in samdb_search_count | Andrew Tridgell | 1 | -3/+3 | |
In general functions that don't return any memory should not take a memory context. Otherwise it is too easy to have a bug like this where memory is leaked | |||||
2009-11-21 | s4:samr RPC - Use more LDB constants | Matthias Dieter Wallnöfer | 2 | -12/+12 | |