Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-13 | s4:provision.ldif - add IP security objects as they exist on Windows Server | Matthias Dieter Wallnöfer | 1 | -0/+282 | |
2010-05-13 | s4:provision.ldif - add more Windows 2008 domain operations | Matthias Dieter Wallnöfer | 1 | -0/+72 | |
2010-05-13 | s4:provision_users.ldif - On Windows Server >= 2008 security principal ↵ | Matthias Dieter Wallnöfer | 1 | -6/+0 | |
S-1-5-20 doesn't exist anymore | |||||
2010-05-13 | s4:provision.ldif - "passwordSettingsContainer" add "showInAdvancedViewOnly" | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
2010-05-13 | s4:provision.ldif - fix up "NTDS Quotas" "systemFlags" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-13 | s4:provision_users.ldif - fix up Administrator's "userAccountControl" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-13 | s4:provision_basedn_modify.ldif - fix up "maxPwdAge" | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-05-13 | s4:provision_users.ldif - Fix typos in user/group objects | Matthias Dieter Wallnöfer | 1 | -13/+13 | |
2010-05-12 | Install util/tevent_* public headers. Required by OpenChange for compiling IDL | Julien Kerihuel | 1 | -0/+3 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-05-12 | s4:librpc: remove explicit ../librpc/gen_ndr/ndr_drsblobs.o from python_drsblobs | Stefan Metzmacher | 1 | -1/+1 | |
It already comes via RPC_NDR_DRSBLOBS. metze | |||||
2010-05-12 | s4:heimdal_build: undefine __APPLE__ as we don't need that magic | Stefan Metzmacher | 1 | -0/+5 | |
This hopefully fixes the build on Mac OS 10. metze | |||||
2010-05-12 | s4:heimdal_build: remove heimdal/lib/hcrypto/evp-cc.c from autoconf build | Stefan Metzmacher | 1 | -1/+0 | |
metze | |||||
2010-05-12 | work around AIX6.1 name space pollution rename mod_name to module_name | Olaf Flebbe | 1 | -3/+3 | |
2010-05-12 | s4-smbtorture: create/delete testusers via SAMR in RAP-SAM. | Günther Deschner | 1 | -10/+83 | |
Unless we spent time researching the RAP useradd calls (and implement them in s3) it is far more easy to use existing SAMR calls to create and delete test users that are used for RAP change password operations. Guenther | |||||
2010-05-12 | s4-smbtorture: add test_oemchangepassword to RAP-SAM. | Günther Deschner | 1 | -0/+29 | |
Guenther | |||||
2010-05-12 | s4-selftest: skip RAP-SAM tests against Samba 4. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-12 | s4-smbtorture: add RAP-SAM testsuite with a rap_NetUserPasswordSet2 test. | Günther Deschner | 4 | -2/+63 | |
Guenther | |||||
2010-05-12 | s4-smbtorture: getting serious about checking rap status return codes. | Günther Deschner | 1 | -0/+18 | |
Guenther | |||||
2010-05-12 | s4-smbtorture: add torture_create_testuser_max_pwlen() that allows to set ↵ | Günther Deschner | 1 | -6/+16 | |
maxpwlen. required for upcoming rap pwd tests. Guenther | |||||
2010-05-12 | s4-smbtorture: autolookup domain in torture_create_testuser() if none was given. | Günther Deschner | 1 | -15/+70 | |
Guenther | |||||
2010-05-11 | s4-smbtorture: test netservergetinfo level 1 also against s3. | Günther Deschner | 2 | -8/+4 | |
Guenther | |||||
2010-05-11 | s4:dsdb: cached results of samdb_rodc() | Stefan Metzmacher | 1 | -1/+29 | |
metze | |||||
2010-05-11 | s4:heimdal: remove unused heimdal/lib/hcrypto/evp-cc.c | Stefan Metzmacher | 1 | -659/+0 | |
metze | |||||
2010-05-11 | s4:heimdal_build: remove heimdal/lib/hcrypto/evp-cc.c from the build | Stefan Metzmacher | 1 | -1/+1 | |
This is not needed and contains one big #ifdef __APPLE__ and breaks the build on Mac OS 10. metze | |||||
2010-05-11 | s4:torture/rpc/netlogon.c - don't use constant "AF_LOCAL" but do use ↵ | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
"AF_UNIX" instead "AF_LOCAL" isn't portable but has the same value as "AF_UNIX". | |||||
2010-05-11 | Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in ↵ | Anatoliy Atanasov | 3 | -32/+1 | |
provision" This reverts commit c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96. The fix is not correct, we should cache a bool to answer amIRODC | |||||
2010-05-11 | Revert "s4:password_hash LDB module - don't break the provision" | Stefan Metzmacher | 1 | -3/+0 | |
This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze | |||||
2010-05-11 | Revert "s4:password hash LDB module - check that password hashes are != NULL ↵ | Stefan Metzmacher | 1 | -10/+6 | |
before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze | |||||
2010-05-11 | s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵ | Stefan Metzmacher | 1 | -2/+2 | |
it's given Sorry, I removed this logic while cleaning up indentation levels... metze | |||||
2010-05-11 | s4-smbtorture: fix smbcli_rap_netuserpasswordset2(). | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2010-05-11 | s4-smbtorture: fix smbcli_rap_netoemchangepassword. | Günther Deschner | 1 | -4/+3 | |
Guenther | |||||
2010-05-11 | s4-smbtorture: correctly fill in trans.in.data in rap_cli_do_call(). | Günther Deschner | 1 | -2/+14 | |
Guenther | |||||
2010-05-10 | s4:password_hash LDB module - we might not have a cleartext password at all | Matthias Dieter Wallnöfer | 1 | -26/+29 | |
When we don't have the cleartext of the new password then don't check it using "samdb_check_password". | |||||
2010-05-10 | s4/tort: Add test for comparing special DNs | Kamen Mazdrashki | 1 | -0/+18 | |
2010-05-10 | s4/dn: handle case 'base' dn has no components | Kamen Mazdrashki | 1 | -1/+1 | |
This could if the 'base' dn is special for example. | |||||
2010-05-10 | s4-smbtorture: add smbcli_rap_netoemchangepassword(). | Günther Deschner | 1 | -0/+49 | |
Guenther | |||||
2010-05-10 | s4:password_hash LDB module - quiet a warning | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-10 | s4:password hash LDB module - check that password hashes are != NULL before ↵ | Matthias Dieter Wallnöfer | 1 | -6/+10 | |
copying them | |||||
2010-05-10 | s4:password_hash LDB module - don't break the provision | Matthias Dieter Wallnöfer | 1 | -0/+3 | |
This is to don't break the provision process at the moment. We need to find a better solution. | |||||
2010-05-10 | s4:passwords.py - add a python unittest for additional testing of my ↵ | Matthias Dieter Wallnöfer | 2 | -0/+580 | |
passwords work This performs checks on direct password changes over LDB/LDAP. Indirect password changes over the RPCs are already tested by some torture suite (SAMR passwords). So no need to do this again here. | |||||
2010-05-10 | s4:samdb_set_password - adapt it for the user password change handling | Matthias Dieter Wallnöfer | 1 | -0/+12 | |
Make use of the new "change old password checked" control. | |||||
2010-05-10 | s4:samdb_set_password/samdb_set_password_sid - Rework | Matthias Dieter Wallnöfer | 4 | -383/+159 | |
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file | |||||
2010-05-10 | s4:password_hash - Implement password restrictions | Stefan Metzmacher | 1 | -0/+195 | |
Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze | |||||
2010-05-10 | s4:password_hash - Rework to handle password changes | Matthias Dieter Wallnöfer | 1 | -138/+450 | |
- Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5) | |||||
2010-05-10 | s4:password_hash - Rework unique value checks | Matthias Dieter Wallnöfer | 1 | -49/+71 | |
Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py". | |||||
2010-05-10 | s4:password_hash - Various (mostly cosmetic) prework | Matthias Dieter Wallnöfer | 1 | -176/+240 | |
- Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values | |||||
2010-05-10 | s4:dsdb: add new controls | Matthias Dieter Wallnöfer | 2 | -0/+24 | |
- Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password | |||||
2010-05-10 | s4:setup: mark DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4 as ↵ | Stefan Metzmacher | 1 | -2/+4 | |
allocated metze | |||||
2010-05-10 | v2 Latest enhancements in ldapcmp tool | Zahari Zahariev | 1 | -140/+262 | |
- Added support for replicating hosts versus hosts in different domains - Added switches for the following modes: = two - ignores additional attributes that cannot be the same in two different provisions (domains) = quiet - display nothing, only return code = verbose - display all dn objects through compare fase = default - display only objects with differences - Added more placeholders for nETBIOSDomainName and ServerName | |||||
2010-05-10 | s4-rodc: Fix provision warnings by creating ntds objectGUID in provision | Anatoliy Atanasov | 3 | -1/+32 | |