summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/samdb
Commit message (Collapse)AuthorAgeFilesLines
* s4-dsdb/samldb: Don't allow rename requests on Deleted objectKamen Mazdrashki2015-02-031-0/+11
| | | | | | | | | | | | | | | Windows behavior in case of renaming Deleted object is: * return ERR_NO_SUCH_OBJECT in case client is not providing SHOW_DELETED control * ERR_UNWILLING_TO_PERFORM otherwise Renaming of Deleted objects is allowed only through special Tombstone reanimation modify request Change-Id: I1eb33fc294a5de44917f6037988ea6362e6e21fc Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/samldb: Relax a bit restrictions in Config partition while restoring ↵Kamen Mazdrashki2015-02-031-1/+2
| | | | | | | | | deleted object Change-Id: Iead460d24058b160b46cf3ddedaf4d84b844da4d Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/samdb: Don't relax contraint checking during rename for Deleted objectsKamen Mazdrashki2015-02-031-3/+0
| | | | | | | | | | Now we have a module to handle to handle Tombstone reanimation and it is better we do all the check here as usual Change-Id: Ia5d28d64e99f7a961cfe8b9aa7cc96e4ca56192e Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/objectclass: remove duplicated declaration for objectclass_do_addKamen Mazdrashki2015-02-031-2/+0
| | | | | | | Change-Id: Ib88a45cea64fb661a41ca3b4a3df9dabf509fc6c Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/reanimate: Group objects reanimation implementationKamen Mazdrashki2015-02-031-0/+36
| | | | | | | Change-Id: Iea92924ff6b33fa3723b104d5dfff1ce5a7a09b0 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/reanimate: Swap rename->modify operations to modify->rename sequenceKamen Mazdrashki2015-02-031-16/+22
| | | | | | | | | | | | | This way it is more visible that we work on 'deleted object' during modify and also will help us to handle 'stop rename for deletec objects' propertly in future [MS-ADTS]: 3.1.1.5.3.7.3 Undelete Processing Specifics Change-Id: I9bb644e099a4a2afcb261ad22515c9c4ce4875bb Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/reanimate: Use 'show deleted' control in modify operations tooKamen Mazdrashki2015-02-031-0/+7
| | | | | | | | | Before committing changes, object is still deleted - isDeleted = true Change-Id: Ie1ab53dc594d1bfaf5b9e06316e7a1fc0dd4b8cb Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone ↵Kamen Mazdrashki2015-02-031-11/+23
| | | | | | | | | | | | reanimate tombstone_reanimate.c module is going to restore those attributes and it needs a way to propagate them to DB Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/samldb: Fix type "omputer" -> "computer"Kamen Mazdrashki2015-02-031-1/+1
| | | | | | | Change-Id: Ic56c6945528b7f60becc4f0b318429f4c22c3d2e Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb/reanimate: Implement attribute_restore functionKamen Mazdrashki2015-02-031-0/+90
| | | | | | | | | | At the moment it works for objects with objectClass user + a common case of removing isRecycled attribute Change-Id: I70b0ef0ef65c13d3def82ca53ace52a85a078a37 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Some minor fixes in tombstone_reanimate, to make it work with aclNadezhda Ivanova2015-02-031-4/+4
| | | | | | | Change-Id: Idad221c7ecf778fd24f6017bb4c6eacac541086a Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Implementation of access checks on a undelete operationNadezhda Ivanova2015-02-031-18/+79
| | | | | | | | | | Special Reanimate-Tombstone access right is required, as well as most of the checks on a standard rename. Change-Id: Idae5101a5df4cd0d54fe4ab2f7e5ad7fc1c23648 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Mark request during Tombstone reanimation with custom LDAP controlKamen Mazdrashki2015-02-031-0/+14
| | | | | | | | | | We are going to need this so that underlying modules (acl.c) can treat those requests properly Change-Id: I6c12069aa6e7e01197dddda6c610d930d3fd9cb0 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Implement rename/modify requests as local for the moduleKamen Mazdrashki2015-02-031-2/+96
| | | | | | | | | | | The aim is for us to be able to fine tune the implementation and also add custom LDAP controls to mark all requests as being part of Reanimation procedure Change-Id: I9f1c04cd21bf032146eb2626d6495711fcadf10c Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Add documentation link for Tombstone ReanimationKamen Mazdrashki2015-02-031-1/+1
| | | | | | | Change-Id: Ib779c8b0839889371f25ad5751c9cda1a510eb54 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requestsKamen Mazdrashki2015-02-031-0/+8
| | | | | | | | | | | | | | | | Tombstone reanimation requries some special handling which is going to affect several modules. Most notably: - a bit different access checks in acl.c - restore certain attributes during modify requests in samldb.c Control added also to schema_samba4.ldif by Andrew Bartlett hence the "pair programmed with" tag. Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Make use dsdb_make_object_category() for objectCategoryKamen Mazdrashki2015-02-031-52/+1
| | | | | | | Change-Id: If65c54a653ad7078ca7a535b5c247db2746b5be7 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Make most specific objectCategory for an objectKamen Mazdrashki2015-02-031-0/+67
| | | | | | | | | | | | This is lightweight implementation and should be used on objects with already verified objectClass attribute value - eg. valid classes, sorted properly, etc. Checkout objectclass.c module for heavy weight implementation. Change-Id: Ifa7880d26246f67e2f982496fcc6c77e6648d56f Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Initialize module context only we are to handle Tombstone requestKamen Mazdrashki2015-02-031-5/+5
| | | | | | | Change-Id: I73bd2043e96907e3d1a669bdbd943ddee1df8c0a Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Return error codes as windows does for Tombstone reanimationKamen Mazdrashki2015-02-031-0/+4
| | | | | | | | | | | | Tested against Windows Server 2008 R2 In case we try to restore to already existing object, windows returns: LDB_ERR_ENTRY_ALREADY_EXISTS Otherwise it is: LDB_ERR_OPERATIONS_ERROR Change-Id: I6b5fea1e327416ccf5069d97a4a378a527a25f80 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Insert tombstone_reanimate module in ldb modules chain after ↵Kamen Mazdrashki2015-02-031-0/+1
| | | | | | | | | objectclass Change-Id: Id9748f36f0aefe40b1894ecd2e5071e3b9c8a6d6 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4-dsdb: Initial implementation for Tombstone reanimation moduleKamen Mazdrashki2015-02-032-1/+266
| | | | | | | | | | | | | | | | | | At the moment it works for basic scenario: - add user - delete user - restore deleted user TODO: - security checks - flags verification - cross-NC checks - asynchronous implementation (may not be needed, but anyway) Change-Id: If396a6dfc766c224acfeb7e93ca75703e08c26e6 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb-samldb: Clarify userAccountControl manipulation code by always using ↵Andrew Bartlett2015-01-221-8/+6
| | | | | | | | | | | | UF_ flags The use of ACB_ flags was required before msDS-User-Account-Control-Computed was implemented Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-samldb: Clarify that accounts really do fall back to UF_NORMAL_ACCOUNT ↵Andrew Bartlett2015-01-221-3/+8
| | | | | | | | | | if no account set Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-samldb: Only allow known and settable userAccountControl bits to be setAndrew Bartlett2015-01-221-4/+9
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/samldb: let samldb_prim_group_change() protect ↵Stefan Metzmacher2015-01-221-2/+26
| | | | | | | | | | | | DOMAIN_RID_{READONLY_,}DCS Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Improve userAccountControl handlingAndrew Bartlett2015-01-221-24/+142
| | | | | | | | | | | | | | | | We now always check the ACL and invarient rules using the same function The change to libds is because UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type This list should only be of the account exclusive account type bits. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Default to UF_NORMAL_ACCOUNT when no account type is specifiedAndrew Bartlett2015-01-221-3/+3
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account typeAndrew Bartlett2015-01-221-10/+9
| | | | | | | | | | | | | | | | This list should only be of the account exclusive account type bits. Note, this corrects the behaviour in samldb modifies of userAccountControl. This reverts 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵Andrew Bartlett2015-01-152-1/+195
| | | | | | | | | | | | | | | | changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
* dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptableGarming Sam2014-12-221-6/+60
| | | | | | | | | | | | | | | | This includes additional tests based directly on the docs, rather than simply testing our internal implementation in client and server contexts, that create a user and groups. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming-Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104
* dsdb: Ignore errors from search in dns_notify moduleAndrew Bartlett2014-12-221-14/+12
| | | | | | | | This ensures the error messages are unchanged Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Use a fixed set of attributes in search in dns_notify moduleAndrew Bartlett2014-12-221-2/+4
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Use ldb_attr_cmp() for comparing objectclass namesAndrew Bartlett2014-12-221-3/+3
| | | | | | | | This is the same as strcasecmp, but it is best to remain consistent. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dns: Reload DNS zones from dsdb when zones are modified through RPC or DRSSamuel Cabrero2014-12-223-1/+459
| | | | | | | | | | | | | Setup a RPC management call on the internal DNS server triggered a new LDB module which sniffs dnsZone object add, delete and modify operations. This way the notification is triggered when zones are modified either from RPC or replicated by inbound DRS. Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> (shadowed variable error corrected by abartlet) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Only parse SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL as a DNAndrew Bartlett2014-12-221-1/+3
| | | | | | | | This avoids trying to parse some other rule, like bitwise and, that may be applied to this attribute Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Improve code clarity for ldb_extended_dn_in_openldap modeAndrew Bartlett2014-12-221-3/+7
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/extended_dn_in: Fix DNs and filter expressions in extended match opsSamuel Cabrero2014-12-221-13/+35
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM controlStefan Metzmacher2014-12-121-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we can't find the GUID of the 'serverName' attribute as ANONYMOUS. This results in root@ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <> While it works as system: root@ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName # record 1 dn: serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base # returned 1 records # 1 entries # 0 referrals Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* dsdb: Remove a self-assignmentVolker Lendecke2014-11-241-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Fix a crash in an error returnVolker Lendecke2014-10-111-1/+1
| | | | | | | | | | | | | | In an error return we have /* Back it out, if it fails on one */ for (i--; i >= 0; i--) { ldb_next_del_trans(data->partitions[i]->module); } With unsigned int i this will spin and del_trans somewhere far off :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* acl: Fix typo: structrual -> structuralJelmer Vernooij2014-09-271-1/+1
| | | | | | Change-Id: I859f62042e16d146ab4cb1490ab725d2bfa06db1 Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: improve debugging in DsCrackNameOneFilterAndrew Bartlett2014-09-011-1/+3
| | | | | | | | Change-Id: I64d8e1eb94d833dc8ebf18fecdf32a83470a087e Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> 1
* dsdb: Permit creation of partitions of type INSTANCE_TYPE_UNINSTANTAndrew Bartlett2014-09-011-4/+15
| | | | | | | | | | | This is only allowed when we are creating the objects from a DsAddEntry call, not over LDAP. Change-Id: Ieec6b07556d58741ec04fede8bf9940811f12a62 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* dsdb: Change acl module to look for instanceType flag rather than list of NCsAndrew Bartlett2014-09-012-15/+87
| | | | | | | | | | This avoids any DNs being a free pass beyond the ACL code, instead it is based on the CN=Partitions ACL. Andrew Bartlett Change-Id: Ib2f4abe0165e47fa4a71925d126c2eeec68df119 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-dsdb/cracknames: free realm from smb_krb5_principal_get_realm().Günther Deschner2014-08-081-3/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb/samdb: use smb_krb5_principal_get_comp_string in ldb ACL module.Günther Deschner2014-08-082-6/+9
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb/samdb: use smb_krb5_make_principal for compatibility reasons with MIT.Günther Deschner2014-08-081-4/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* messaging4: Change irpc_servers_by_name to NTSTATUSVolker Lendecke2014-07-211-5/+7
| | | | | | | | | | | | For me, counted arrays are easier to deal with than NULL-terminated ones. Here we also had a "server_id_is_disconnection" convention, which was not really obvious. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jul 21 20:28:53 CEST 2014 on sn-devel-104
* s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for nowStefan Metzmacher2014-07-091-0/+18
| | | | | | | | | | | | | | | | | For now it's safer to reject setting 'userParameters' via LDAP, as we'll not provide the same behavior as a Windows Server. If someone requires that feature please report this in the following bug reports! Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 9 11:07:51 CEST 2014 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-04-18 17:00:20 +0000