summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2012-12-12s4-rpc_server: limit allowed transports for samr_ValidatePassword().Günther Deschner1-0/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam1-47/+65
This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett1-4/+4
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2011-08-25s4-samr: fixed subtree searchAndrew Tridgell1-1/+1
this needs to be on the domain NC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13s4-dsdb Add ability to force a particular SID in the upgrade caseAndrew Bartlett1-1/+2
2011-06-09s4:rpc_server/dcesrv_samr.c - quiet enum warningsMatthias Dieter Wallnöfer1-0/+6
When we are acting in the role of a PDC then please return it as status information. Reviewed-by: Tridge Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jun 9 12:06:36 CEST 2011 on sn-devel-104
2011-05-08s4-samr Remove incorrect transaction_cancel() in error pathAndrew Bartlett1-1/+0
The transactions are now handled entirely within dsdb_add_user() Andrew Bartlett
2011-04-04s4-rpc: improved error mapping for several RPC server callsAndrew Tridgell1-22/+19
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29Ensure convert_string_XXX is always called with a valid converted_size pointer.Jeremy Allison1-2/+5
Preparation for cleaning up this API. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
2011-03-25lib/util/charset rename iconv_convenience to iconv_handleAndrew Bartlett1-3/+3
This better reflects what this structure is Andrew Bartlett
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell1-3/+3
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-19source4/rpc_server: Fix prototypes for all functions.Jelmer Vernooij1-0/+1
2011-02-24build: moved libds/common/flag_mapping.c into a common subsystemAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-15s4:samr RPC server - QueryDisplayInfo returns always all domains users, ↵Matthias Dieter Wallnöfer1-34/+40
aliases and groups That means when calling "QueryDisplayInfo" on the BUILTIN handle we still get all related domain objects - for example all domain (global + universal) groups. This is contrary to the "EnumDomain..." calls which do really only return the objects in the specified domain policy handle. This has been observed against Windows Server 2008 and confirmed by dochelp. In the same occasion I've converted from a "gendb*"-oriented search call to "dsdb_search". Patch-reviewed-by: Andrew Tridgell <tridge@samba.org>
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-2/+2
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-15s4:samr RPC server - always interpret filter integer values as signedMatthias Dieter Wallnöfer1-4/+4
To prevent platform-dependant problems. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
2010-12-04s4:samr RPC server - dcesrv_samr_GetBootKeyInformation - return NOT_SUPPORTEDMatthias Dieter Wallnöfer1-1/+2
Windows Server 2008 does this Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Dec 4 12:11:47 CET 2010 on sn-devel-104
2010-11-06s4:samr RPC server - "dcesrv_samr_RemoveMemberFromForeignDomain"Matthias Dieter Wallnöfer1-12/+6
- Remove TODO comment: MS-SAMR 3.1.5.8.7 explicitly states: "The SamrRemoveMemberFromForeignDomain method removes a member from all aliases." - Remove the search attributes since they aren't strictly needed. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Nov 6 18:07:57 UTC 2010 on sn-devel-104
2010-10-30s4:samr RPC server - the LDB error codes for adding or deleting a group ↵Matthias Dieter Wallnöfer1-4/+2
member have changed
2010-10-29s4:samr RPC server - fix trailing whitespacesMatthias Dieter Wallnöfer3-268/+268
2010-10-29s4:samr RPC server - fix indentation of function parametersMatthias Dieter Wallnöfer1-29/+30
2010-10-29s4:samr RPC server - DomainGeneralInformation - never return NULL on the oem ↵Matthias Dieter Wallnöfer1-2/+6
name As far as I can tell Windows SAMR never returns NULL on unknown values in this call.
2010-10-29s4:samr RPC server - provide the right "ReplicaSourceNodeName"Matthias Dieter Wallnöfer1-12/+16
It's the content of the "domainReplica" attribute if it exists and has only a meaning on interim/mixed domain function levels (with NT4 dcs).
2010-10-29s4:samr RPC server - remove wrong implementation of ReplicaSourceNodeNameMatthias Dieter Wallnöfer1-20/+7
This should represent a replication partner - never the DC iself
2010-10-25s4:samr RPC server - "dcesrv_samr_info_DomGeneralInformation" - count always ↵Matthias Dieter Wallnöfer1-4/+6
all type of groups One pair are universal an global groups (on the SAMR pipe called "groups") and the other one are the domain and builtin local groups (on the SAMR pipe called "aliases"). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 19:37:27 UTC 2010 on sn-devel-104
2010-10-25s4:samr RPC server - remove a somewhat pointless commentMatthias Dieter Wallnöfer1-1/+0
Regardless if groups and users do exist in the builtin domain or not we do count always all users, groups and aliases.
2010-10-25s4:"samdb_search_count" - introduce a "mem_ctx" parameterMatthias Dieter Wallnöfer1-3/+6
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't? Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer2-0/+2
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer2-2/+0
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer1-27/+27
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij2-8/+8
2010-10-07samr: for correctness, rename samr_RidTypeArray to samr_RidAttrArray.Günther Deschner1-7/+7
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Oct 7 12:04:32 UTC 2010 on sn-devel-104
2010-10-07s4-samr: Fix dcesrv_samr_QueryGroupMember.Günther Deschner1-1/+3
Guenther
2010-09-11s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are ↵Matthias Dieter Wallnöfer1-2/+3
returned here Tested using User Manager for Domains against Windows Server 2008. MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
2010-08-17s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer1-50/+74
Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
2010-08-17s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer1-3/+3
password sets
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2-12/+12
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-06s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flagMatthias Dieter Wallnöfer1-3/+22
It has to consider the "password_expires" flag to known if the "pwdLastSet" has to be updated or to be resetted.
2010-07-06s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag ↵Matthias Dieter Wallnöfer1-1/+6
on level 21 Taken from the s3 server code
2010-07-05s4:samr RPC server - "SetUserInfo" - allow some more informations to be setMatthias Dieter Wallnöfer1-0/+25
Taken from the s3 implementation.
2010-06-28s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviourMatthias Dieter Wallnöfer1-1/+72
Behaviour as the torture SAMR passwords tests show.
2010-06-28s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0Matthias Dieter Wallnöfer1-0/+9
Taken from s3
2010-06-28s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵Matthias Dieter Wallnöfer1-0/+8
from s3 to s4
2010-06-28s4:dcesrv_samr_SetUserInfo - implement password set level 21Matthias Dieter Wallnöfer1-0/+33
2010-06-28s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵Matthias Dieter Wallnöfer1-0/+10
user password
2010-06-28s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵Matthias Dieter Wallnöfer1-1/+1
haven't activated the the lanman auth This is what s3 does.
2010-06-28s4:samr_password.c - add a function which sets the password through ↵Matthias Dieter Wallnöfer1-0/+48
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21.
2010-06-22s4:samr RPC server - make use of LDB constants in macrosMatthias Dieter Wallnöfer1-7/+7
2010-06-20s4:samr RPC server - fix Solaris build warningMatthias Dieter Wallnöfer1-3/+3
2010-06-14s4:SAMR server - cosmetic fixMatthias Dieter Wallnöfer1-1/+2