summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges callsAndrew Tridgell2010-08-201-10/+8
| | | | | | | | when we deny a EXOP_REPL_SECRET call we should set the exop error code to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based on observing windows server behaviour) Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: bring us much closer to the docs for DRS secret replicationAndrew Tridgell2010-08-201-9/+241
| | | | | | | | | | | | | | | The rules for when a RODC can replicate secrets are: - it can always replicate its own acct - it can also replicate its krbtgt acct - it can't replicate other krbtgt accts - it can't replicate interdomain trust accounts - it can't replicate users in the denied group list - it can replicate users in the allowed group list otherwise it can't replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed dsdb_get_extended_dn_sid()Andrew Tridgell2010-08-201-1/+1
| | | | | | it should honor the component_name Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: implement RODC attribute filtering overrideAndrew Tridgell2010-08-202-39/+79
| | | | | | | | When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: added sam_ctx_system on DRS bind stateAndrew Tridgell2010-08-202-0/+20
| | | | | | | | The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4 provision: POLICY_ACL is already an FS acl no need to translate itMatthieu Patou2010-08-191-2/+1
|
* s4 provision: Add some documentation to GPO related functionsMatthieu Patou2010-08-192-15/+58
|
* unit tests: debug to ease locating pb, remove dir if exists to avoid errorMatthieu Patou2010-08-191-2/+8
|
* s4 upgradeprovision: exit with a non null return code so that it can be ↵Matthieu Patou2010-08-191-0/+1
| | | | trapped in blackbox tests
* s4 upgradeprovision: add more attrbutes the ignore listMatthieu Patou2010-08-192-5/+20
| | | | Also format in a pretty way the int64 ranges
* s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless ↵Matthieu Patou2010-08-191-13/+65
| | | | reindexing
* s4 upgradeprovision: Add a function for schema reloadingMatthieu Patou2010-08-191-1/+31
| | | | | | Full schema reloading is needed when we modify exisiting elements that have attributes that comes from not from the default schema (ie. openchange schema, user schema ..)
* s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTESMatthieu Patou2010-08-191-9/+14
| | | | | This is used by upgradeprovision to readd this delta just before loading a merged schema
* s4 upgradeprovision: Fixes for increment_keyversionMatthieu Patou2010-08-193-3/+22
| | | | fix
* s4 upgradeprovision: fix a typo and pass correct parameter to ↵Matthieu Patou2010-08-192-4/+5
| | | | increment_calculated_keyversion
* s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if ↵Kamen Mazdrashki2010-08-192-3/+4
| | | | it exists
* s4-test: make better error message for ATTID checksKamen Mazdrashki2010-08-191-4/+20
|
* s4-test: Change attribute syntax and value for readabilityKamen Mazdrashki2010-08-191-3/+3
| | | | | When it comes to read logs and dumping data received Octet String syntax comes in handy
* s4-test: Enable drs.rpc.msdsintid test case - it should be passing nowKamen Mazdrashki2010-08-191-1/+0
|
* s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be publicKamen Mazdrashki2010-08-191-3/+3
| | | | It is intended to be used in schema_syntax.c module
* s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDsKamen Mazdrashki2010-08-191-3/+16
| | | | | | | | | | Depending on which NC is being replicated, GetNCChanges() returns either ATTID based on local prefixMap or msDs-IntId value of the attributeSchema class for the attribute being replicated. If set, msDs-IntId value is always returned when replicating object form NC other than Schema NC. Objects in Schema NC replica always use prefixMap based ATTIDs.
* s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema objectKamen Mazdrashki2010-08-192-14/+55
| | | | | in case object replicated is not in Schema NC and attributeSchema object has msDs-IntId attribute value set
* s4: fix few comment typosKamen Mazdrashki2010-08-192-3/+3
|
* s4-schema_syntax.c: Fix white spaces and alignmentKamen Mazdrashki2010-08-191-55/+56
|
* s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functionsKamen Mazdrashki2010-08-194-57/+45
|
* s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functionsKamen Mazdrashki2010-08-194-55/+47
|
* s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functionsKamen Mazdrashki2010-08-193-62/+41
|
* s4-dsdb: Add context structure for dsdb_syntax conversion functionsKamen Mazdrashki2010-08-192-0/+19
| | | | | | | | | | | This structure is intended to hold context-dependent data. Syntax-conversion and object-conversion functions need that data to convert objects and attributes from drs-to-ldb and ldb-to-drs correctly. For instance: ATTID value depends on whether we are converting object from partition different that Schema partition.
* s4-test-dssync: remove unused variableKamen Mazdrashki2010-08-191-1/+0
|
* smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly.James Peach2010-08-171-4/+6
|
* smbtorture: Ensure that the RPC setup returns correct status.James Peach2010-08-171-4/+4
|
* s4:ldap_server use talloc_unlink() to avoid talloc_free() with referencesAndrew Bartlett2010-08-181-4/+4
| | | | | | Both the session_info and the ldb can have references. Andrew Bartlett
* s4:auth Change {anonymous,system}_session to use common session_info generationAndrew Bartlett2010-08-182-6/+8
| | | | | | | This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
* s4:auth Avoid doing database lookups for NT AUTHORITY usersAndrew Bartlett2010-08-182-108/+122
|
* s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett2010-08-185-58/+4
|
* s4:auth Remove the system:anonymous parameter used for the LDAP backendAndrew Bartlett2010-08-181-10/+4
| | | | This isn't needed any more, and just introduces complexity.
* s4:auth Remove special case constructor for admin_session()Andrew Bartlett2010-08-181-63/+13
| | | | | | There isn't a good reason why this code is duplicated. Andrew Bartlett
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-1812-35/+29
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4:ntvfs Don't treat the user SID and primary group SID special for idmapAndrew Bartlett2010-08-181-12/+4
| | | | | | | This simply askes IDMAP about all the user SIDs, rather than the user and group sid, followed by all but the first two sids from the token. Andrew Bartlett
* s4:security Bring in #defines for the user and primary group token locationAndrew Bartlett2010-08-181-0/+3
| | | | | | | | This will allow us to stop duplicating the user and primary group SID in the struct security_token, and therefore make it more like the NT_USER_TOKEN in Samba3. Andrew Bartlett
* s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵Matthias Dieter Wallnöfer2010-08-171-2/+43
| | | | here the new password change syntax
* s4:kdc/kpasswdd.c - let the user change his own password with his own rightsMatthias Dieter Wallnöfer2010-08-171-3/+44
| | | | | | | | Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example).
* s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer2010-08-171-50/+74
| | | | | Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
* s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer2010-08-172-4/+4
| | | | password sets
* s4:samdb_set_password/samdb_set_password_sid - make more arguments "const"Matthias Dieter Wallnöfer2010-08-171-5/+5
|
* s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support ↵Matthias Dieter Wallnöfer2010-08-171-13/+27
| | | | | | the password change control And introduce parameters to pass the old password hashes.
* s4:password_hash LDB module - perform the adaptions to understand the new ↵Matthias Dieter Wallnöfer2010-08-171-8/+26
| | | | password change control
* s4:acl LDB module - support password changes over the ↵Matthias Dieter Wallnöfer2010-08-171-1/+15
| | | | | | | DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set".
* s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵Matthias Dieter Wallnöfer2010-08-171-0/+5
| | | | | | control This contains the NT and/or LM hash of the password specified by the user.
* s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer2010-08-174-11/+10
| | | | | Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
generated by cgit (git 2.34.1) at 2025-09-26 23:21:49 +0000