Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-10 | s4:dcesrv_samr_DeleteAliasMember - add more braces to fit better the coding ↵ | Matthias Dieter Wallnöfer | 1 | -4/+6 | |
styles | |||||
2010-06-10 | s4:dcesrv_samr_AddAliasMembership - Merge the two error blocks into one | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
2010-06-10 | s4:dcesrv_samr_Add/DelGroupMember - remove the account type check | Matthias Dieter Wallnöfer | 1 | -11/+10 | |
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users. | |||||
2010-06-10 | s4:dcesrv_samr_AddGroupMember - also the error code ↵ | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
"LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS" is allowed This is returned when the group is the primary group of the specified entry. | |||||
2010-05-24 | s4:dsdb_enum_group_mem - use "unsigned" counters | Matthias Dieter Wallnöfer | 1 | -5/+3 | |
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned". | |||||
2010-05-24 | s4:samr Push most of samr_LookupRids into a helper function | Andrew Bartlett | 1 | -52/+16 | |
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Push most of samr_QueryGroupMember into a helper function | Andrew Bartlett | 1 | -80/+53 | |
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Move most of samr_CreateDomAlias into a helper function | Andrew Bartlett | 1 | -52/+8 | |
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Split most of samr_CreateDomainGroup into a helper function | Andrew Bartlett | 1 | -60/+9 | |
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-24 | s4:samr Split the guts of samr_CreateUser2 into a helper function | Andrew Bartlett | 1 | -186/+8 | |
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett | |||||
2010-05-10 | s4:samdb_set_password/samdb_set_password_sid - Rework | Matthias Dieter Wallnöfer | 2 | -96/+21 | |
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file | |||||
2010-03-06 | s4:samr RPC - Change some counters to be "unsigned" where needed | Matthias Dieter Wallnöfer | 1 | -9/+14 | |
The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects. | |||||
2010-03-05 | s4:dcesrv_samr_AddAliasMember - wrap a long "DEBUG" statement | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-03-03 | s4:dcesrv_samr - Also "OpenGroup" needs to support universal groups | Matthias Dieter Wallnöfer | 1 | -2/+3 | |
2010-03-03 | s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" calls | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
We need to look for both global and universal group types when querying them. Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html). | |||||
2010-02-26 | s4:dcesrv_samr.c - Remove unused variable | Matthias Dieter Wallnöfer | 1 | -3/+1 | |
2010-02-16 | s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags | Andrew Tridgell | 2 | -5/+5 | |
This allows for controls to be added easily where they are needed. | |||||
2010-02-13 | s4-rpcserver: use TYPESAFE_QSORT() in rpc servers | Andrew Tridgell | 1 | -6/+4 | |
2010-01-21 | s4:rpc-server:samr: fix setting of lockout duration < lockout window | Michael Adam | 1 | -1/+22 | |
This should return NT_STATUS_INVALID_PARAMETER. This makes samba pass the first part of the samr-lockout test. This constraint is documented here for the samr server: http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates and here for the ldap backend: http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx MS-ADTS 3.1.1.5.3.2 Constraints So the check should actually be moved down into the backend, i.e. under dsdb/samdb/ldb_modules - TODO.. Michael | |||||
2010-01-14 | s4:SAMR RPC - Fix the criteria for group searches | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
This should match the MS-SAMR documentation (section 3.1.5.5.1.1) | |||||
2009-12-04 | s4-drsutil: fixed a memory leak in samdb_search_count | Andrew Tridgell | 1 | -3/+3 | |
In general functions that don't return any memory should not take a memory context. Otherwise it is too easy to have a bug like this where memory is leaked | |||||
2009-11-21 | s4:samr RPC - Use more LDB constants | Matthias Dieter Wallnöfer | 2 | -12/+12 | |
2009-11-10 | s4:dcesrv_samr - Add more checks for invalid levels | Matthias Dieter Wallnöfer | 1 | -3/+27 | |
Add more checks on valid levels, mark unimplemented ones as "UNSUPPORTED" and otherwise as "INVALID_INFO_CLASS" to be safe. | |||||
2009-11-06 | s4:dcesrv_samr_ValidatePassword - naturally this was only for debugging the ↵ | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
failure | |||||
2009-11-06 | s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password" | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
I've forgotten that PIDL converts UTF16 parameters automatically back to the UNIX charset (in most cases UTF16). So I don't have to do this here. | |||||
2009-11-06 | s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer | Matthias Dieter Wallnöfer | 1 | -4/+6 | |
2009-11-05 | s4:dcesrv_samr - Implement "dcesrv_samr_ValidatePassword" using my new check ↵ | Matthias Dieter Wallnöfer | 1 | -7/+49 | |
password call This implements a very basic method for password validation using my new "samdb_check_password" call. | |||||
2009-10-24 | s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state | Stefan Metzmacher | 1 | -7/+7 | |
We always steal the state to the policy handle on success, but untill then keep it on the short term context. metze | |||||
2009-10-23 | s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect() | Andrew Tridgell | 1 | -1/+1 | |
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context. | |||||
2009-10-23 | s4-dsdb: create a static system_session context | Andrew Tridgell | 1 | -3/+3 | |
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap | |||||
2009-10-21 | s4:rpc_server Ensure we talloc_free handles when we delete objects | Andrew Bartlett | 1 | -0/+3 | |
If we don't talloc_free the handle, we leak the memory onto the long-term context. Andrew Bartlett | |||||
2009-10-21 | s4:samr Don't leak the whole user onto the long-term handle | Andrew Bartlett | 1 | -2/+2 | |
The user entry is only required for this function, so use mem_ctx to hold it. Andrew Bartlett | |||||
2009-10-13 | s4:dcesrv_samr - add another constant | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-10-13 | s4:dcesrv_samr - prevent "ldb_modify" on a possibly empty message | Matthias Dieter Wallnöfer | 1 | -8/+10 | |
In this code part under certain circumstances we can end up with an empty message. Since our new behaviour denies them (like the real AD) we need to bypass them on LDB modify calls. | |||||
2009-10-13 | s4:dcesrv_samr - Add additional "talloc_free"s | Matthias Dieter Wallnöfer | 1 | -0/+4 | |
2009-10-13 | s4:dcesrv_samr - Cosmetics | Matthias Dieter Wallnöfer | 1 | -23/+31 | |
Make more use of constants and add some braces around "if" blocks | |||||
2009-10-08 | s3/s4 - Adapt the IDL changes on various locations | Matthias Dieter Wallnöfer | 1 | -19/+20 | |
2009-10-02 | s4-samr: fake up a samr_ValidatePassword response | Andrew Tridgell | 1 | -1/+5 | |
mdw is working on the correct call to check the password strength | |||||
2009-09-19 | more include minimisation | Andrew Tridgell | 1 | -5/+0 | |
2009-09-07 | s4:samr - Fix up the SAMR server to support the primary group of a user in ↵ | Matthias Dieter Wallnöfer | 1 | -128/+189 | |
the right way When doing some tests with the NT User Manager for Domains on s4 I noticed that the handling of the primary group for a user wasn't correct. So I fixed this. Also some cosmetic changes (tab indent corrections). | |||||
2009-07-13 | libds: merge the UF<->ACB flag mapping functions. | Günther Deschner | 1 | -3/+3 | |
Guenther | |||||
2009-07-13 | libds: share UF_ flags between samba3 and 4. | Günther Deschner | 2 | -2/+2 | |
Guenther | |||||
2009-05-30 | Move a comment where it belongs | Volker Lendecke | 1 | -3/+6 | |
2009-05-29 | Win2k3 don't allow creating of domain trust accounts over SAMR | Andrew Bartlett | 1 | -5/+5 | |
2009-05-26 | Don't use crossRef records to find our own domain | Andrew Bartlett | 1 | -94/+34 | |
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett | |||||
2009-05-25 | cope with lanman auth being disabled in old password change code | Andrew Tridgell | 1 | -8/+15 | |
When lanman auth is disabled and a user calls a password change method that requires it we should give NT_STATUS_NOT_SUPPORTED | |||||
2009-04-23 | s4:samr Use ldb_context * rather than void * | Andrew Bartlett | 1 | -1/+1 | |
2009-03-01 | s4: Use same function signature for convert_* as s3. | Jelmer Vernooij | 1 | -8/+7 | |
2009-03-01 | Add allow_badcharcnv argument to all conversion function, for | Jelmer Vernooij | 1 | -3/+3 | |
consistency with Samba 3. | |||||
2008-12-10 | s4-samr: Fix Bug #5946. userparameters handling in samr server. | Matthias Dieter Wallnöfer | 1 | -4/+6 | |
Signed-off-by: Günther Deschner <gd@samba.org> |