| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Both the session_info and the ldb can have references.
Andrew Bartlett
|
|
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
|
|
|
|
|
|
This isn't needed any more, and just introduces complexity.
|
|
There isn't a good reason why this code is duplicated.
Andrew Bartlett
|
|
This makes the structure more like Samba3's NT_USER_TOKEN
|
|
This simply askes IDMAP about all the user SIDs, rather than the user
and group sid, followed by all but the first two sids from the token.
Andrew Bartlett
|
|
This will allow us to stop duplicating the user and primary group SID in the
struct security_token, and therefore make it more like the NT_USER_TOKEN
in Samba3.
Andrew Bartlett
|
|
here the new password change syntax
|
|
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
NOTICE: I had to extract the old password from the SAMDB since I was unable to
find it somewhere else (authinfo for example).
|
|
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
|
|
password sets
|
|
|
|
the password change control
And introduce parameters to pass the old password hashes.
|
|
password change control
|
|
DSDB_CONTROL_PASSWORD_CHANGE_OID control
This control is used from the SAMR and "kpasswd" password changes. It is
strictly private and means "this is a password change and not a password set".
|
|
control
This contains the NT and/or LM hash of the password specified by the user.
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
Otherwise just fill the disks of the build-farm hosts.
metze
|
|
metze
|
|
|
|
the distinguishedName element was getting an uninitialised flags value
|
|
A DRS DsBind handle can be re-used in a later connection. This implies
reuse of the session_info for the connection. If the first connection
is shutdown then the session_info in the sam context on the 2nd
connection must remain valid.
|
|
This was added as we are occasionally getting an encrypted unknown
netlogon call, and I'm having trouble looking at it in wireshark
|
|
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
|
|
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we saw a crash with a bad pointer here, and this may help track it
down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we need the domain_sid to determine if the account is a RODC for our
domain
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
check more than the user_sid, and also check for the right rid value
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is used by w2k8r2 when doing a RODC dcpromo
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the
range allowed by the schema (the schema has
rangeLower==rangeUpper==65536). We need to mark this element as being
internally generated to avoid the range checks
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control disables the system only check for nTDSDSA add operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
|
|
we need to pass the controls down to the add and rename ldb operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
many controls are simple present/not-present flags, and don't need
their own parsers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
the problem was the inconsistency between the key form of DNs between
the itdb used for indexing and the on disk form
Thanks to Matthieu Patou for finding this bug!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this function copes with alignment sensitive CPUs
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add more possible result NTSTATUS codes
|
