Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
By random I don't mean 'nice stream of ASCII chars, but pure random
passwords containing invalid UTF16 sequences etc.
Andrew Bartlett
|
|
Guenther
|
|
|
|
The 'comment' element in a number of domain structures is called
oem_information. This was picked up actually because with OpenLDAP
doing the schema checking, it noticed that 'comment' was not a valid
attribute.
The rename tries to keep this consistant in both the LDB mappings and
IDL, so we don't make the same mistake in future.
This has no real schema impact, as this value isn't actually used for
anything, as 'comment' was not used in the provision.
Andrew Bartlett
(This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a)
|
|
Now that we don't create users/domain groups/aliases in the builtin
domain, we hit some bugs in the server-side implementation of the
enumeration functions.
In essence, it turns out to be: don't treat 0 as a special case.
Also, fix up the PDC name to always be returned. I'm sure nothing
actually uses it, particularly for BUILTIN...
Andrew Bartlett
(This used to be commit 353bb79f568f20c8469cb9458f7b14c24612ad23)
|
|
More correctly handle expired passwords, and do not expire machine accounts.
Test that the behaviour is consistant with windows, using the RPC-SAMR test.
Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.
Andrew Bartlett
(This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
|
|
Fix up callers to free the memory returned, as that is needed if we use the
original readline function as well.
(This used to be commit c81ead1c38f417d442157b21d0d389f6a540c6f9)
|
|
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
|
|
(This used to be commit 2c6b755309fdf685cd0b0564272bf83038574a43)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
format checks.
Andrew Bartlett
(This used to be commit 33deecbfc339c571cc043085f8aa87053dbd4c72)
|
|
Andrew Bartlett
(This used to be commit 8844f4796c76c103ce4eaff477c615e74c655e68)
|
|
to prove it is correct.
This should fix bug #4824: User Manager for Domains - Account Expires.
Thanks!
Andrew Bartlett
(This used to be commit e5f0744d627ccfcc2e301fc38d139742f0ea5934)
|
|
machine accounts are not subject to password policy in Win2k3 R2 (at
least in terms of password quality).
In testing this, I found that Win2k3 R2 has changed the way the old
ChangePassword RPC call is handled - the 'cross-checks' between new LM
and NT passwords are not required.
Andrew Bartlett
(This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
|
|
metze
(This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
|
|
create the user in the first place.
Andrew Bartlett
(This used to be commit db0f81734d39b228dbfcf53b911edf83a2a2fd8c)
|
|
Andrew Bartlett
(This used to be commit 3e332ff77120003da2a23df8e0d30a330847f0f1)
|
|
SAMR. This can't be done in the ldb templates code, as it doesn't
happen over direct LDAP.
As noted in bug #4829.
Andrew Bartlett
(This used to be commit 3bfa6dbf7ded06df78310f7bd39d8a8d4edbb4ef)
|
|
Any SAMR client (usrmgr.exe in this case) that attempted to set a
property to a zero length string found instead the the old value was
kept.
In fixing this, rework the macros to be cleaner (add the
always-present .string) to every macro, and remove the use of the
samdb_modify() and samdb_replace() wrappers where possible.
Andrew Bartlett
(This used to be commit b05fe693047c09b85c7fc0e1ea8d931c99910375)
|
|
Should fix another part (list of domains in usrmgr incorrectly
including accounts) of bug #4815 by mwallnoefer@yahoo.de.
Andrew Bartlett
(This used to be commit 7f7e4fe2989ef4cb7ec0f855b25e558f3bbd18c5)
|
|
- The icons in usermgr were incorrect, because the acct_flags were
not filled in (due to missing attribute in ldb query)
- The Full name was missing, and the description used as the full
name (due to missing attributes in ldb query and incorrect IDL)
To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.
This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...
Getting this right is important, because Samba3's RPC winbind methods
uses these queries.
Andrew Bartlett
(This used to be commit 9475d94a61e36b3507e5fd2e6bb6f0667db4a607)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
wants to check for an existing domain join account, and fails. This
test shows that we need to return NT_STATUS_NONE_MAPPED when nothing
matches. (not yet tested if this helps vista).
Andrew Bartlett
(This used to be commit 7f3671bf11cab36a5c795d7db86f85081b73bc71)
|
|
Andrew
(This used to be commit c1ee06703ac09708a8ff10a641b593362f1bd309)
|
|
Don't just exit the test with 'return True', actually process the result.
Turn off password complexity checking for the password length test.
Andrew Bartlett
(This used to be commit 1a7635baa701c6268eebd84dd0dc187379c44e6e)
|
|
Andrew Bartlett
(This used to be commit 33cfe1ca221de9ef9dec264772fb299125c39447)
|
|
way to setup a Samba4 DC is to set 'server role = domain controller'.
We use the fSMORoleOwner attribute in the base DN to determine the PDC.
This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.
Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.
We also now use the ldb database to determine if we should run the
global catalog service.
In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.
Andrew Bartlett
(This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
|
|
(This used to be commit 38067c1adf0f9c3974302a8481e23b6a63eb6d42)
|
|
(This used to be commit b28860978fe29c5b10abfb8c59d7182864e21dd6)
|
|
rafal
(This used to be commit 732c22071e78f16fd0731635ca4b3e093d49078a)
|
|
rafal
(This used to be commit 4dfd1d50274bc1ff539782e9bfdb2b7b20275d06)
|
|
Thanks Herb for finding this:-)
This was my bug, I typed it in on gd's laptop and he just run 'svn ci'
metze
(This used to be commit 3c08e29f4fdde586084bdcf1b36eaf92ae944750)
|
|
interesting new password set tests), make sure to send valid characters.
Guenther
(This used to be commit f193c5347cf5ef019becbc98965b83c6b249483c)
|
|
Thanks metze.
Guenther
(This used to be commit ea313d55655626cd4c8058cf5e89c0baa1cdcd6d)
|
|
Guenther
(This used to be commit 8f9ab07e78a3c89085754c9f6447c2b56292980c)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
to be created as foreign, even if they are in a local domain.
Also we do need the user to exist for the life of the test, as we add
it to a group.
Andrew Bartlett
(This used to be commit ae470ff7014e52b55d88e9fe12e2322e069daf9d)
|
|
of this test.
Andrew Bartlett
(This used to be commit b4d75f01d9cb2d1c9d5facfd5eb39c8a062886d4)
|
|
I still need to figure out what causes the rest to fail...
Andrew Bartlett
(This used to be commit aa34bd46cb1446b9fb6fd8f1b8ffca5f81b3c052)
|
|
in RPC-SAMR test.
Andrew Bartlett
(This used to be commit 08ec74d620ffe613655f28d002e60ca8201fadd9)
|
|
still a couple of unimplemented functions, but this is far better than
not testing this at all. In particular, this exercises the
password_hash module.
Specific changes:
- Add support for SetDomainInfo
- Add many more info levels to QueryDomainInfo
- Set a domain comment in RPC-SAMR, and verify it is kept
- Refactor QueryUserInfo not to always serach for all attributes
- Add QueryDiplayInfo3 and QueryDomainInfo2 as aliased calls
- Make OemChangePassword2 search under the samdb_base_dn(), so it
finds the user when partitions are active.
- Skip SetSecurity, DisplayIndex, MemberAttributesOfGroup and
'Multiple' alias operations in RPC-SAMR for Samba4
- Add RPC-SAMR as a 'slow' RPC test (it is quite slow)
Andrew Bartlett
(This used to be commit 01d25c9d6ca8d036d40040e5ee87a330e5b84d55)
|
|
skipping some checks.
These should be removed, and the code fixed, but currently we are
loosing quality because the test isn't run by default.
Andrew Bartlett
(This used to be commit 1306f60c97562a71ae15f0ab257ddcd5e0af36d4)
|
|
test suite tree, looks a bit more like other unit testing API's,
fixes some memory responsibility issues, introduces testcases,
and removes the need for tests to call torture_ok().
(This used to be commit 0445b1a56a02552f895f400960b9ced39244a144)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
metze
(This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
|
|
(This used to be commit 3c7a5ce29108dd82210dc3e1f00414f545949e1d)
|