| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
secrets.ldb
Andrew Bartlett
(This used to be commit 17a61bd5690f60d762b9c7171f1269fe1a311bab)
|
|
Andrew Bartlett
(This used to be commit 9aae9b1d243c23b96c0d8d28603b7e0ba25ac1c9)
|
|
to prove it is correct.
This should fix bug #4824: User Manager for Domains - Account Expires.
Thanks!
Andrew Bartlett
(This used to be commit e5f0744d627ccfcc2e301fc38d139742f0ea5934)
|
|
(This used to be commit 9b256a0ca232ea6e89771bf73a1adf877273a752)
|
|
and improve error strings returned from samdb.c
Andrew Bartlett
(This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
|
|
Andrew Kroeger <andrew@sprocks.gotdns.com>
(This used to be commit ff81ea3f5aa8a93cf96914f03c26f8c86ec1e912)
|
|
(This used to be commit 9647f860bdd5c0a74583e886182bd041a45e7655)
|
|
(This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190)
|
|
(This used to be commit 925fcc336621250a8e45adf3ce8d2ff42307c066)
|
|
the moment)
(This used to be commit ecdfaf56c09e75dc3ca37a3599c89661ad3485ff)
|
|
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
|
|
have
been working on for at least half a year now. Contains the following
improvements:
* proper layering (finally!) for the registry library. Distinction is
now made between 'real' backends (local, remote, wine, etc) and
the low-level hive backends (regf, creg, ldb, ...) that are only used
by the local registry backend
* tests for all important hive and registry operations
* re-enable RPC-WINREG tests (still needs more work though, as
some return values aren't checked yet)
* write support for REGF files
* dir backend now supports setting/reading values, creating keys
* support for storing security descriptors
* remove CREG backend as it was incomplete, didn't match the data model
and wasn't used at all anyway
* support for parsing ADM files as used by the policy editor (see lib/policy)
* support for parsing PREG files (format used by .POL files)
* new streaming interface for registry diffs (improves speed and memory usage
for regdiff/regpatch significantly)
... and fixes a large number of bugs in the registry code
(This used to be commit 7a1eec6358bc863dfc671c542b7185d3e39d7b5a)
|
|
work, but to an odd bind failure I noticed in a trace. I need to
commit this with changes to the torture suite.
Andrew Bartlett
(This used to be commit 3ab90ad312b85b5a887090418e9cb7594f519b2f)
|
|
machine accounts are not subject to password policy in Win2k3 R2 (at
least in terms of password quality).
In testing this, I found that Win2k3 R2 has changed the way the old
ChangePassword RPC call is handled - the 'cross-checks' between new LM
and NT passwords are not required.
Andrew Bartlett
(This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
|
|
and rename the containing functions to have a ndr_
prefix
metze
(This used to be commit cb234d43ae693af5d8a921a15c9bcac3c6f0359a)
|
|
metze
(This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
|
|
rename dcerpc_interface_list -> ndr_interface_list
and move them to libndr.h
metze
(This used to be commit 4adbebef5df2f833d2d4bfcdda72a34179d52f5c)
|
|
and move it to librpc/ndr/libndr.h
metze
(This used to be commit abd5551aabae1820baaa52a963e8c7aa9605914e)
|
|
and move it into misc.idl
The goal is to get rid a all dcerpc specific stuff in the
generated ndr layer.
metze
(This used to be commit 2ed014cfb894cccab1654e3f7d5876393e2b52d7)
|
|
Note that the correct return for a failed alter_context is a fault,
not a bind_nak.
Andrew Bartlett
(This used to be commit 52cce94532edf1dd7f26e39bf3377f0077ea6792)
|
|
some issues in the NBT server (this was a false positive, but easily
worked around) and DRSUAPI server.
We should take care not to use the ldb_context as a talloc pool, and
to always ensure that any results from ldb_search() are moved off that
pool with talloc_steal or talloc_free().
To work around the issue in provision, for which I can find no fault
(other than a lot of work being done in provision), I've moved the
detector trigger to 400 additional blocks.
This fixes Bug #4810 by <mwallnoefer@yahoo.de>
Andrew Bartlett
(This used to be commit 42bcf856203ae3cf43130519904828a143ac8d18)
|
|
allow the server side to enumerate all domain controllers and domain
members...
Andrew Bartlett
(This used to be commit d42150ff0a05e891d36d1d3f1ec93952e6d4affd)
|
|
SAMR. This can't be done in the ldb templates code, as it doesn't
happen over direct LDAP.
As noted in bug #4829.
Andrew Bartlett
(This used to be commit 3bfa6dbf7ded06df78310f7bd39d8a8d4edbb4ef)
|
|
Any SAMR client (usrmgr.exe in this case) that attempted to set a
property to a zero length string found instead the the old value was
kept.
In fixing this, rework the macros to be cleaner (add the
always-present .string) to every macro, and remove the use of the
samdb_modify() and samdb_replace() wrappers where possible.
Andrew Bartlett
(This used to be commit b05fe693047c09b85c7fc0e1ea8d931c99910375)
|
|
Should fix another part (list of domains in usrmgr incorrectly
including accounts) of bug #4815 by mwallnoefer@yahoo.de.
Andrew Bartlett
(This used to be commit 7f7e4fe2989ef4cb7ec0f855b25e558f3bbd18c5)
|
|
- The icons in usermgr were incorrect, because the acct_flags were
not filled in (due to missing attribute in ldb query)
- The Full name was missing, and the description used as the full
name (due to missing attributes in ldb query and incorrect IDL)
To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.
This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...
Getting this right is important, because Samba3's RPC winbind methods
uses these queries.
Andrew Bartlett
(This used to be commit 9475d94a61e36b3507e5fd2e6bb6f0667db4a607)
|
|
that we had the wrong objectClass for OU=Domain
Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN})
This fixes both the SAMR server and the LDIF templates.
Andrew Bartlett
(This used to be commit 625a9e6c041bedc93925bdebb3a60af1dbdde317)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
will now control the auth methods, but an override is still available,
ex:
auth methods:domain controller = <methods>
Andrew Bartlett
(This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
|
|
qsort().
Andrew Bartlett
(This used to be commit 96ef5259c63ad6245c94c40d6059d736b1534183)
|
|
Guenther
(This used to be commit 82477b311e2a7a51906d0c00d8714f545b12b0bd)
|
|
Guenther
(This used to be commit 54fa6d453c628039e5ec9053b0693229efdbe011)
|
|
WERROR_DOMAIN_CONTROLLER_NOT_FOUND from
SAMBA_3_0.
Guenther
(This used to be commit 841ad140a34648ff52d5e44a6642f346ef9eee02)
|
|
wants to check for an existing domain join account, and fails. This
test shows that we need to return NT_STATUS_NONE_MAPPED when nothing
matches. (not yet tested if this helps vista).
Andrew Bartlett
(This used to be commit 7f3671bf11cab36a5c795d7db86f85081b73bc71)
|
|
Guenther
(This used to be commit 9c2b9642336ed954c8f9fc0ccce95547d7c18aa8)
|
|
Guenther
(This used to be commit cf953d04813d193da5e9714ceebb7826dc7e4d0b)
|
|
* netr_DsRGetDCName_flags, netr_DsRGetDCNameInfo_AddressType and netr_DsR_DcFlags
* the mask in netr_DsRGetDCNameEx2 turns out to be samr_AcctFlags
Guenther
(This used to be commit 9cdd6d9782a7a70f01d748228beb80c454d1468b)
|
|
if we return a zero assoc_group_id longhorn beta3 stops
after getting the bind_ack.
metze
(This used to be commit 09aea65960073cc8b50a4b39531490876f6d89ef)
|
|
LDB_ERR_NO_SUCH_OBJECT. Handle this (found against LDAP, ldb_tdb is
being updated).
Andrew Bartlett
(This used to be commit 93e2ff2e85c57a192aadac96ce09a678d464e8ad)
|
|
split MODULE::DCESRV from SUBSYSTEM::dcerpc_server
metze
(This used to be commit c7518d6140c54e0cc7c371bf4a4a5b06b7f63a9c)
|
|
(This used to be commit 150bb2238ea91ead3bdde0a34ff801b79bc83ec3)
|
|
(This used to be commit 52f32b7330ee1a2dd5850fd0e412279777edc00d)
|
|
linked list when moving it to another. This could cause a valgrind
error under the RPC-SCANNER test.
(This used to be commit 9ba8c008513e362fbb860af899006505cadb4a2f)
|
|
Andrew Bartlett
(This used to be commit ddf7354986a800455b6f55c2fdbeb8bb39381716)
|
|
Andrew Bartlett
(This used to be commit c9eb5bf19a702af32a4e4f109a27e4076303efdc)
|
|
TODO: we need to correctly implement assoc groups!
metze
(This used to be commit df7c6c6e0b961eda8daf182df8faed6b29639149)
|
|
(This used to be commit 623026f67aac56c45e298ce5d7af7dbf91ec5df7)
|
|
metze
(This used to be commit 3c786eb6bdb3289a237d231e75092a8b3ca56197)
|
|
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
|
