Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
NO_TRUST_SAM_ACCOUNT
If we can't find the account we should return NT_STATUS_NO_TRUST_SAM_ACCOUNT
instead of NT_STATUS_ACCESS_DENIED.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 23 10:05:35 UTC 2010 on sn-devel-104
|
|
sec_channel_types early
metze
|
|
after the account
metze
|
|
metze
|
|
netr_DsRGetDCNameEx2()
metze
|
|
Thanks to Tarun Chopra for the help of looking up all the bits in
the docs.
metze
|
|
invalid names
Only netbios domain names are allowed.
metze
|
|
this avoids a problem with -Wl,-no-undefined in the ntvfs layer
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
|
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
|
|
|
|
This can be substituted by "ldb_msg_add_value".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This should make the security_token_is_*() calls a little faster.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Oct 13 10:48:04 UTC 2010 on sn-devel-104
|
|
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
|
|
This will allow it to replace functions in source3 that use debug classes.
Andrew Bartlett
|
|
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.
Andrew Bartlett
|
|
we can't link).
|
|
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Oct 7 12:04:32 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
It doesn't change much but it's nicer to have it consistent.
|
|
|
|
Guenther
|
|
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Oct 3 09:41:51 UTC 2010 on sn-devel-104
|
|
directly
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 2 03:11:38 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
added a simple mapping from req8
|
|
This implements partial attribute set checking on getncchanges. If the
client sends a partial_attribute_set then we only return the specified
attributes.
This also implements access checking on the NC root for the access
right GUIDs for requests with and without reveal secrets
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
this checks securiity on the NC root of the specified naming context
|
|
this extended getncchanges operation replicates a single object
|
|
this allows for replication by GUID or SID
|
|
this will be used outside of the drs server.
This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
|
|
|
|
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
|
|
when we get a netlogon RODC DNS update, we send it to the dnsupdate
task
|
|
socket fd twice.
metze
|
|
quieten make test a little
|
|
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
|
|
this is needed for RODC clients calling updaterefs
|
|
this should reduce some of the clutter in make test
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The code is enough to let us run all dcdiag tests against samba4 server
|