Age | Commit message (Collapse) | Author | Files | Lines |
|
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
|
|
password sets
|
|
|
|
the password change control
And introduce parameters to pass the old password hashes.
|
|
password change control
|
|
DSDB_CONTROL_PASSWORD_CHANGE_OID control
This control is used from the SAMR and "kpasswd" password changes. It is
strictly private and means "this is a password change and not a password set".
|
|
control
This contains the NT and/or LM hash of the password specified by the user.
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
Otherwise just fill the disks of the build-farm hosts.
metze
|
|
metze
|
|
|
|
the distinguishedName element was getting an uninitialised flags value
|
|
A DRS DsBind handle can be re-used in a later connection. This implies
reuse of the session_info for the connection. If the first connection
is shutdown then the session_info in the sam context on the 2nd
connection must remain valid.
|
|
This was added as we are occasionally getting an encrypted unknown
netlogon call, and I'm having trouble looking at it in wireshark
|
|
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
|
|
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we saw a crash with a bad pointer here, and this may help track it
down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we need the domain_sid to determine if the account is a RODC for our
domain
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
check more than the user_sid, and also check for the right rid value
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is used by w2k8r2 when doing a RODC dcpromo
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control disables the system only check for nTDSDSA add operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
|
|
we need to pass the controls down to the add and rename ldb operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
many controls are simple present/not-present flags, and don't need
their own parsers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
the problem was the inconsistency between the key form of DNs between
the itdb used for indexing and the on disk form
Thanks to Matthieu Patou for finding this bug!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this function copes with alignment sensitive CPUs
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add more possible result NTSTATUS codes
|
|
|
|
broken"
This reverts commit 8ca8250443319e0f19f05aab2014118fd03eaa8a.
|
|
(Sorry, I've overseen this)
|
|
|
|
|
|
important failure cases
|
|
|
|
This looks like a password change but it's rather a password set operation.
|
|
on password change operations
This is to match the SAMR password change behaviour.
|
|
|
|
WERROR codes
This is strictly needed by my recent passwords work, since I want to remove
most of the password change stuff in "samr_password.c". Since AD gives us
CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR
level which the real cause was about. Therefore I need the extended WERROR codes
here.
|
|
(Needed by upgradeprovision for example)
|
|
|