summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-08-17s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer4-11/+10
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-08-17s4:selftest: recreate $SELFTEST_PREFIX/s4client with each make test runStefan Metzmacher1-3/+3
Otherwise just fill the disks of the build-farm hosts. metze
2010-08-17s4:selftest: run ldapi tests in 'dc:local' environmentStefan Metzmacher1-1/+1
metze
2010-08-17s4-tests: Added tests for acl checks on search requestsNadezhda Ivanova1-0/+218
2010-08-17s4-ldb: ensure element flags are zero in ldb search returnAndrew Tridgell1-0/+2
the distinguishedName element was getting an uninitialised flags value
2010-08-17s4-ldbwrap: ensure session_info in ldb opaque remains validAndrew Tridgell1-0/+15
A DRS DsBind handle can be re-used in a later connection. This implies reuse of the session_info for the connection. If the first connection is shutdown then the session_info in the sam context on the 2nd connection must remain valid.
2010-08-17s4-rpcserver: log unknown RPC calls at debug level 3Andrew Tridgell1-0/+6
This was added as we are occasionally getting an encrypted unknown netlogon call, and I'm having trouble looking at it in wireshark
2010-08-17s4-netlogon: added SEC_CHAN_RODCAndrew Tridgell1-0/+5
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
2010-08-17s4-net: use an encrypted ldap session when setting passwordsAndrew Tridgell1-0/+3
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME" to set a password remotely on a windows DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: check the type of session_info from the opaqueAndrew Tridgell1-2/+2
we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: allow getncchanges from RODC with WRIT_REP setAndrew Tridgell1-2/+2
w2k8r2 is setting this bit as a RODC. Instead of refusing the replication, we now remove the bit from req8, which means other places in the code that check this bit can stay the same Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: added domain_sid to DRS security checksAndrew Tridgell6-10/+14
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLERAndrew Tridgell1-6/+6
check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNTAndrew Tridgell1-2/+9
when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: cope with cracknames of form dnsdomain\accountAndrew Tridgell1-2/+8
this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumberAndrew Tridgell1-1/+8
msDS-SecondaryKrbTgtNumber is setup with a value that is outside the range allowed by the schema (the schema has rangeLower==rangeUpper==65536). We need to mark this element as being internally generated to avoid the range checks Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATIONAndrew Tridgell2-7/+15
When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: added LDB_FLAG_INTERNAL_MASKAndrew Tridgell2-0/+31
This ensures that internal bits for the element flags in add/modify requests are not set via the ldb API Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell8-23/+28
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA addAndrew Tridgell1-1/+24
this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-1/+1
the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
2010-08-17s4-ldapserver: support controls on ldap add and renameAndrew Tridgell1-10/+12
we need to pass the controls down to the add and rename ldb operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell3-0/+76
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell1-163/+11
many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17build fixBrad Hards1-1/+5
2010-08-17s4-ldb: test the 'displayName=a,b' bugAndrew Tridgell1-0/+6
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s3-provision: cope with the policy directory already existingAndrew Tridgell1-3/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: fixed the ldb 'displayName=a,b' indexing bugAndrew Tridgell1-2/+4
the problem was the inconsistency between the key form of DNs between the itdb used for indexing and the on disk form Thanks to Matthieu Patou for finding this bug! Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: add some comments explaining the ltdb_index_idxptr() functionAndrew Tridgell1-0/+8
this function copes with alignment sensitive CPUs Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-08-16s4:samdb_set_password_sid - fix commentMatthias Dieter Wallnöfer1-1/+2
Add more possible result NTSTATUS codes
2010-08-16s3-auth: Remove docs about obsolete 'update encrypted' option.Andreas Schneider1-1/+0
2010-08-16Revert "s4:RPC-SPOOLSS-NOTIFY: skip test_RFFPCNEx() for now, as the test is ↵Günther Deschner1-9/+0
broken" This reverts commit 8ca8250443319e0f19f05aab2014118fd03eaa8a.
2010-08-15s4:samdb_set_password - fix formattingMatthias Dieter Wallnöfer1-1/+2
(Sorry, I've overseen this)
2010-08-15s4:passwords.py - proof the most important extended error codesMatthias Dieter Wallnöfer1-8/+17
2010-08-15s4:samdb_set_password - implement the extended LDAP error code detectionMatthias Dieter Wallnöfer1-9/+17
2010-08-15s4:password_hash LDB module - introduce the extended LDAP error codes on the ↵Matthias Dieter Wallnöfer1-43/+72
important failure cases
2010-08-15s4:password_hash LDB module - support this new password set syntaxMatthias Dieter Wallnöfer1-2/+10
2010-08-15s4:passwords.py - another special password testMatthias Dieter Wallnöfer1-3/+23
This looks like a password change but it's rather a password set operation.
2010-08-15s4:password_hash LDB module - allow to compare against both NT and LM hashes ↵Matthias Dieter Wallnöfer1-10/+1
on password change operations This is to match the SAMR password change behaviour.
2010-08-15s4:ldap_backend.c - Windows returns WERROR codes in majuscule HEX formatMatthias Dieter Wallnöfer1-1/+1
2010-08-15s4:ldap_backend.c - map error codes - add a change which allows custom ↵Matthias Dieter Wallnöfer1-0/+13
WERROR codes This is strictly needed by my recent passwords work, since I want to remove most of the password change stuff in "samr_password.c". Since AD gives us CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR level which the real cause was about. Therefore I need the extended WERROR codes here.
2010-08-15s4:subtree_rename.c - relax the checks when requestedMatthias Dieter Wallnöfer1-0/+5
(Needed by upgradeprovision for example)
2010-08-15s4-test: Add drs.rpc.msDSIntId test to knownfail testsKamen Mazdrashki1-0/+1
2010-08-15s4-test: Run all DRS-RPC.* tests in ncacn_ip_tcp_tests tests groupKamen Mazdrashki1-3/+3
Andrew, please check.
2010-08-15s4-drs-test: Make the two DRS test suite a top-level test suitesKamen Mazdrashki1-16/+21
so that test cases gets visible with "smbtorture --list"
2010-08-14s4:ldap_backend.c - fix a DS error code after WERROR changeMatthias Dieter Wallnöfer1-1/+1
2010-08-14s4:libnet - free the "c" context also on error conditionsMatthias Dieter Wallnöfer2-1/+3
(and if it's NULL then "talloc_free" does ignore it)
2010-08-14s4:samdb_set_password - return "NT_STATUS_WRONG_PASSWORD" when a user ↵Matthias Dieter Wallnöfer1-0/+2
account doesn't exist This is for the (SAMR) account detection protection mechanism.
2010-08-14s4:password_hash LDB module - improve an error messageMatthias Dieter Wallnöfer1-2/+2
2010-08-14s4:password_hash LDB module - implement the SAMR behaviour when checking old ↵Matthias Dieter Wallnöfer1-5/+16
passwords Sooner or later this module should take over all password change actions.