Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-28 | s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvement | Matthias Dieter Wallnöfer | 1 | -3/+7 | |
We can save one search operation if "only_childs" is false and when we had no SID passed as extended DN component. | |||||
2010-06-28 | s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/comments | Matthias Dieter Wallnöfer | 1 | -9/+11 | |
2010-06-28 | s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where ↵ | Matthias Dieter Wallnöfer | 1 | -3/+11 | |
possible And always catch LDB errors | |||||
2010-06-28 | selftest: Remove accidentally committed dummy test. | Jelmer Vernooij | 1 | -1/+0 | |
2010-06-28 | s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB. | Endi S. Dewata | 1 | -3/+30 | |
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> | |||||
2010-06-28 | s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵ | Endi S. Dewata | 1 | -0/+4 | |
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> | |||||
2010-06-28 | s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend. | Endi S. Dewata | 1 | -6/+8 | |
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> | |||||
2010-06-28 | s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not ↵ | Endi S. Dewata | 1 | -1/+8 | |
available in the DN. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> | |||||
2010-06-28 | s4:repl_meta_data LDB module - fix counter type | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-06-28 | s4:acl LDB module - fix counter type | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-06-28 | s4:dcesrv_drsuapi.c - fix a counter variable | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-06-28 | s4:selftest - also "rpc.samr.users.privileges" does work now | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-06-28 | s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject" | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code | |||||
2010-06-28 | s4:knownfail - "pwdLastSet" test does work now | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-06-28 | s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also ↵ | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
for s4 | |||||
2010-06-28 | s4:torture - SAMR password tests - activate support for password sets on ↵ | Matthias Dieter Wallnöfer | 1 | -22/+17 | |
level "18" and "21" | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour | Matthias Dieter Wallnöfer | 1 | -1/+72 | |
Behaviour as the torture SAMR passwords tests show. | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0 | Matthias Dieter Wallnöfer | 1 | -0/+9 | |
Taken from s3 | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵ | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
from s3 to s4 | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement password set level 21 | Matthias Dieter Wallnöfer | 1 | -0/+33 | |
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵ | Matthias Dieter Wallnöfer | 1 | -0/+10 | |
user password | |||||
2010-06-28 | s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
haven't activated the the lanman auth This is what s3 does. | |||||
2010-06-28 | s4:samr_password.c - add a function which sets the password through ↵ | Matthias Dieter Wallnöfer | 1 | -0/+48 | |
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21. | |||||
2010-06-28 | s4-smbtorture: fix typo. | Günther Deschner | 1 | -1/+1 | |
Not my day... Guenther | |||||
2010-06-28 | s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" test | Matthias Dieter Wallnöfer | 1 | -33/+31 | |
- Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet" resets if "password_expired" > 0) - Fixed some bugs Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-06-28 | s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite. | Günther Deschner | 1 | -0/+64 | |
Our parsing of this struct is incorrect atm. and apparently also causes the s4 server to crash. Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved from a w2k3 domain.msc operation. Guenther | |||||
2010-06-28 | s4:ldap_server: don't start if we can't bind to port 389 | Stefan Metzmacher | 1 | -1/+4 | |
metze | |||||
2010-06-28 | Implementation of self membership validated right. | Nadezhda Ivanova | 3 | -6/+234 | |
When this right is granted, the user can add or remove themselves from a group even if they dont have write property right. | |||||
2010-06-28 | s4/test: Run DrsDeleteObjectTestCase as part of S4 testing | Kamen Mazdrashki | 1 | -0/+3 | |
I put this test in the end of the list of tests as it runs with 'vampire_dc' environment running. Currently there are tests that are failing when we have 2 DCs constantly replicating in the test environment (this, of course, should be fixed in the near future) | |||||
2010-06-28 | s4/drs: re-implement 'renaming' object replication | Kamen Mazdrashki | 1 | -18/+53 | |
We should rename objects only after we make sure, that changes on the partner DC are newer than what we have. This fixes a bug, when we have following situation with 2 DCs: - we have an object O on the two DCs - we rename (delete) object O on DC1 - DC1 replicates from DC2 In the above scenario, object O will be renamed back to its original name (i.e. it will be restored). Now, we check that DC2 state is older than what we have, so nothing happens with object's DN. | |||||
2010-06-28 | s4/drs-test: Add few comments in DrsDeleteObjectTestCase test | Kamen Mazdrashki | 1 | -3/+10 | |
Also remove unused code | |||||
2010-06-26 | s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -36/+0 | |
2010-06-26 | s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -4/+0 | |
2010-06-26 | s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-06-26 | s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs | Matthias Dieter Wallnöfer | 1 | -3/+4 | |
To suppress warnings on Solaris 10 | |||||
2010-06-26 | s4:rpc_server/drsuapi/drsutil.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-06-26 | s4:rpc_server/dcesrv_auth.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-06-26 | s4:winbind/wb_samba3_protocol.c - add cast to suppress warnings on Solaris 10 cc | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-06-26 | s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 cc | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-06-26 | s4:kdc/kpasswdd.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-06-26 | s4:provision.py - fix comment regarding DNS entries | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
I think this should mean partially Samba4 specified (all beside the "dns" account is standard) | |||||
2010-06-26 | s4:provision: add entries for root dns servers | Stefan Metzmacher | 1 | -0/+72 | |
metze | |||||
2010-06-26 | s4:provision: move Samba4 specific DNS stuff to its own file | Stefan Metzmacher | 4 | -21/+39 | |
metze | |||||
2010-06-26 | s4:provision: add --next-rid option | Stefan Metzmacher | 2 | -3/+16 | |
Make it possible to provision a domain with a given next rid counter. This will be useful for upgrades, where we want to import users with already given SIDs. metze | |||||
2010-06-26 | s4:dsdb/ridalloc: add comment about windows behavior regarding rIDUsedPool | Stefan Metzmacher | 1 | -1/+6 | |
metze | |||||
2010-06-26 | s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' | Stefan Metzmacher | 5 | -6/+24 | |
On Windows dcpromo imports nextRid from the local SAM, which means it's not hardcoded to 1000. The initlal rIDAvailablePool starts at nextRid + 100. I also found that the RID Set of the local dc should be created via provision and not at runtime, when the first rid is needed. (Tested with dcpromo on w2k8r2, while disabling the DNS check box). After provision we should have this (assuming nextRid=1000): rIDAllocationPool: 1100-1599 rIDPrevAllocationPool: 1100-1599 rIDUsedPool: 0 rIDNextRID: 1100 rIDAvailablePool: 1600-1073741823 Because provision sets rIDNextRid=1100, the first created account (typically DNS related accounts) will get 1101 as rid! metze | |||||
2010-06-26 | s4:provision: pass relax control also to modify_ldif | Stefan Metzmacher | 1 | -2/+2 | |
metze | |||||
2010-06-26 | s4/net-drs: Fix error messages typo and formatting | Kamen Mazdrashki | 1 | -7/+7 | |
2010-06-26 | s4/drs-test: Fix whitespaces and permissions for delete_object.py test | Kamen Mazdrashki | 1 | -5/+5 | |
Sorry I've missed to do this before | |||||
2010-06-25 | s4:schannel Open the schannel_store.tdb at startup | Andrew Bartlett | 1 | -0/+8 | |
This will allow TDB_CLEAR_IF_FIRST behaviour in future Signed-off-by: Jeremy Allison <jra@samba.org> |