summaryrefslogtreecommitdiffstats
path: root/source4/dsdb
Commit message (Collapse)AuthorAgeFilesLines
* s4:dsdb: cached results of samdb_rodc()Stefan Metzmacher2010-05-111-1/+29
| | | | metze
* Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in ↵Anatoliy Atanasov2010-05-111-23/+0
| | | | | | | provision" This reverts commit c3cbb846d0bfbaa11fd255bada7fa5fe502d4d96. The fix is not correct, we should cache a bool to answer amIRODC
* Revert "s4:password_hash LDB module - don't break the provision"Stefan Metzmacher2010-05-111-3/+0
| | | | | | | | This reverts commit 6276343ce1b7dd7d217e5a419c09f209f5f87379. This is not needed anymore. metze
* Revert "s4:password hash LDB module - check that password hashes are != NULL ↵Stefan Metzmacher2010-05-111-10/+6
| | | | | | | | | | before copying them" This reverts commit fa87027592f71179c22f132e375038217bc9d36a. This check is done one level above now. metze
* s4:dsdb/password_hash: only try to handle a hash in the unicodePwd field if ↵Stefan Metzmacher2010-05-111-2/+2
| | | | | | | | it's given Sorry, I removed this logic while cleaning up indentation levels... metze
* s4:password_hash LDB module - we might not have a cleartext password at allMatthias Dieter Wallnöfer2010-05-101-26/+29
| | | | | When we don't have the cleartext of the new password then don't check it using "samdb_check_password".
* s4:password_hash LDB module - quiet a warningMatthias Dieter Wallnöfer2010-05-101-1/+1
|
* s4:password hash LDB module - check that password hashes are != NULL before ↵Matthias Dieter Wallnöfer2010-05-101-6/+10
| | | | copying them
* s4:password_hash LDB module - don't break the provisionMatthias Dieter Wallnöfer2010-05-101-0/+3
| | | | | This is to don't break the provision process at the moment. We need to find a better solution.
* s4:samdb_set_password - adapt it for the user password change handlingMatthias Dieter Wallnöfer2010-05-101-0/+12
| | | | Make use of the new "change old password checked" control.
* s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer2010-05-101-256/+134
| | | | | | | | Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
* s4:password_hash - Implement password restrictionsStefan Metzmacher2010-05-101-0/+195
| | | | | | Based on the Patch from Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze
* s4:password_hash - Rework to handle password changesMatthias Dieter Wallnöfer2010-05-101-138/+450
| | | | | | | | - Implement the password restrictions as specified in "samdb_set_password" (complexity, minimum password length, minimum password age...). - We support only (administrative) password reset operations at the moment - Support password (administrative) reset and change operations (consider MS-ADTS 3.1.1.3.1.5)
* s4:password_hash - Rework unique value checksMatthias Dieter Wallnöfer2010-05-101-49/+71
| | | | | Windows Server performs the constraint checks in a different way than we do. All testing has been done using "passwords.py".
* s4:password_hash - Various (mostly cosmetic) preworkMatthias Dieter Wallnöfer2010-05-101-176/+240
| | | | | | | | - Enhance comments - Get some more attributes from the domain and user object (needed later) - Check for right objectclass on change/set operations (instances of "user" and/or "inetOrgPerson") - otherwise forward the request - (Cosmetic) cleanup in asynchronous results regarding return values
* s4:dsdb: add new controlsMatthias Dieter Wallnöfer2010-05-101-0/+21
| | | | | | | - Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password
* s4-rodc: Fix provision warnings by creating ntds objectGUID in provisionAnatoliy Atanasov2010-05-101-0/+23
|
* s4:acl ldb module - fix typosMatthias Dieter Wallnöfer2010-05-101-3/+3
|
* s4:dsdb/util.c - Add a new function for retrieving password change attributesMatthias Dieter Wallnöfer2010-05-101-0/+41
| | | | | | | | | This is needed since we have not only reset operations on password fields (attributes marked with REPLACE flag) but also change operations which can be performed by users itself. They have one attribute with the old value marked with the REMOVE flag and one with the new one marked with the ADD flag. This function helps to retrieve them (argument "new" is used for the new password on both reset and change).
* s4:samldb LDB module - make "samldb_member_check" synchronous againMatthias Dieter Wallnöfer2010-05-091-64/+33
|
* s4:samldb LDB module - make "samldb_prim_group_users_check" synchronous againMatthias Dieter Wallnöfer2010-05-091-235/+24
|
* s4:samldb LDB module - update the copyright noticeMatthias Dieter Wallnöfer2010-05-091-1/+1
|
* s4:dsdb Provide an intelegent fallback if not CN=Subnets is foundAndrew Bartlett2010-05-091-3/+7
| | | | | | | We may as well fall back rather than return NULL (which callers don't do useful things with). Andrew Bartlett
* dsdb/password_hash: remove usage of msDs-KeyVersionNumberStefan Metzmacher2010-05-091-37/+1
| | | | metze
* s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumberAndrew Bartlett2010-05-091-10/+76
| | | | | | | | | | | | | This means that the existing kvno will no longer be valid, all unix-based domain members may need to be rejoined, and upgradeprovision run to update the local kvno in secrets.ldb/secrets.keytab. This is required to match the algorithm used by Windows DCs, which we may be replicating with. We also need to find a way to generate a reasonable kvno with the OpenLDAP backend. Andrew Bartlett
* s4/rodc: Support read-only databaseAnatoliy Atanasov2010-05-045-13/+76
| | | | | | Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
* s4/rodc: Fix the callbacks up the stack to handle referrals on modify requestsAnatoliy Atanasov2010-05-046-0/+48
|
* s4/rodc: Implement msDS-isRODC constructed attrAnatoliy Atanasov2010-05-032-7/+167
|
* Replaced DS_FLAG_ATTR_IS_CRITICAL with SCHEMA_FLAG_ATTR_IS_CRITICAL.Nadezhda Ivanova2010-05-031-1/+1
|
* Added a function to check if an attribute can belong to a filtered replica.Nadezhda Ivanova2010-05-033-2/+113
|
* s4:dsdb Fix use of memory after free in repl_meta_dataAndrew Bartlett2010-05-011-7/+9
| | | | | | | | | | The upgraded link values are were allocated on tmp_ctx, and need to be kept until they are written to the DB. If we don't give the correct context, they will be gone after the talloc_free(tmp_ctx). Found by Matthieu Patou <mat+Informatique.Samba@matws.net> Andrew Bartlett
* s4/rodc: RODC FAS initial implementationAnatoliy Atanasov2010-04-293-12/+41
|
* s4/dsdb: schemaInfo revision may be 0Kamen Mazdrashki2010-04-291-5/+1
| | | | | In case schemaInfo value is still not set, WinAD supplies schemaInfo blob with revision = 0 and GUID_ZERO
* s4/dsdb: remove unused dsdb_schema_info_create() functionKamen Mazdrashki2010-04-291-35/+0
|
* s4/dsdb: Update Schema cache with updated schemaInfo valueKamen Mazdrashki2010-04-291-4/+9
| | | | | | | | Error checking is simplified and my leave leeks. I did it this way to make code more readable, and if we get error in those lines, it will be WERR_NOMEM in which case we are in a much deeper troubles than delayed freeing of few bytes.
* s4/samldb: Create initial schemaInfo value if it doesn't exists yetKamen Mazdrashki2010-04-291-7/+30
|
* s4/dsdb: Use default schemaInfo value when no such value is givenKamen Mazdrashki2010-04-293-16/+25
| | | | | | Having no value for schemaInfo is totally OK as it turns out. In such cases, we should use a default value with all fields set to 0.
* Revert "s4/dsdb: Set schemaInfo attribute value during provisioning"Kamen Mazdrashki2010-04-291-49/+0
| | | | | | | | | | | This reverts commit 8149094eddebd9a0e8b7c123c2ed54d00164bb26. Windows implementation does not set schemaInfo attribute value until first Schema update request. This way, newly provisioned forest returns no schemaInfo value. I think it won't be bad for us to have this value preset, but I want to mimic Win AD behavior as close as possible.
* s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUIDKamen Mazdrashki2010-04-281-18/+18
| | | | | This function is used in DRSUpdateRefs() implementation where we get DSA's objectGUID rather than invocationId
* s4:dsdb/common: if we don't have the ip of the client return the server site ↵Stefan Metzmacher2010-04-271-0/+8
| | | | | | as client site metze
* s4-dns: call spn update command alongside dns updateAndrew Tridgell2010-04-271-0/+46
| | | | call samba_spnupdate at the same time as samba_spnupdate
* s4:kcc_periodic.c - fix counter typesMatthias Dieter Wallnöfer2010-04-271-1/+1
| | | | We are counting LDB objects here -> therefore "unsigned"
* s4:util - add a function which finds the matching client site using the ↵Matthias Dieter Wallnöfer2010-04-271-0/+90
| | | | | | | | | | | client address The lookup of the client site is done using the subnets in the configuration partition. If no one matches we use the Windows Server fallback mechansim. This means: if only one site is available just use it. If they're more set the output variable to "". Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errorsAndrew Tridgell2010-04-272-2/+19
| | | | | | | | | The 0xc0002104/WERR_DS_DRA_NO_REPLICA seems to be spurious, and can be avoided by setting DRSUAPI_DRS_SYNC_ALL in the DsReplicaSync request. We need to investigate this further, and find out from MS why this is sometimes being sent, even when the target DC has the right repsFrom entries
* s4-drs: add entries to repsTo based on calculated repsFromAndrew Tridgell2010-04-271-2/+30
| | | | | | This is based on the documentation: "the KCC will automatically create the Reps-To attributes on destination DSAs based on other DSAs Reps-From entries."
* s4-drepl: don't setup a repsFrom from a DC that isn't a master for a NCAndrew Tridgell2010-04-271-5/+50
| | | | use hasMasterNCs to see what NCs we should be pulling from each DC
* s4-repl: these messages are common, and don't deserve debug level 1Andrew Tridgell2010-04-271-2/+2
| | | | getting older attributes is quite common
* s4-repl: on a failed request, clear the current ptrAndrew Tridgell2010-04-271-0/+1
| | | | this prevents the queue being stuck on failure
* s4-repl: end repl request when not doing an UpdateRefsAndrew Tridgell2010-04-271-0/+2
| | | | otherwise the queue is stuck forever
* s4-repl: don't delete repsTo entry on DsReplicaSyncAndrew Tridgell2010-04-271-46/+12
| | | | | | we rely on the highestUSN counters instead. W2K8 does not resend DsUpdateRefs each time, and the WSPP docs do not indicate that repsTo should be deleted
generated by cgit (git 2.34.1) at 2025-09-26 04:55:46 +0000