summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-1813-37/+29
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4:ntvfs Don't treat the user SID and primary group SID special for idmapAndrew Bartlett2010-08-181-12/+4
| | | | | | | This simply askes IDMAP about all the user SIDs, rather than the user and group sid, followed by all but the first two sids from the token. Andrew Bartlett
* s4:security Bring in #defines for the user and primary group token locationAndrew Bartlett2010-08-181-0/+3
| | | | | | | | This will allow us to stop duplicating the user and primary group SID in the struct security_token, and therefore make it more like the NT_USER_TOKEN in Samba3. Andrew Bartlett
* s3: Remove smbd_server_fd() from session_claimVolker Lendecke2010-08-174-10/+9
|
* s3: Remove smbd_server_fd() from read_smb_length()Volker Lendecke2010-08-171-12/+7
|
* s3: Move read_smb_length() to smbd/reply.cVolker Lendecke2010-08-173-44/+42
|
* s3: Remove smbd_server_fd from receive_smb_rawVolker Lendecke2010-08-171-25/+4
| | | | This is only called from client code
* s3: Lift smbd_server_fd() from receive_smb_raw_tallocVolker Lendecke2010-08-171-5/+5
|
* s3: Lift smbd_server_fd() from read_smb_length_return_keepaliveVolker Lendecke2010-08-172-14/+29
|
* s3: Lift smbd_server_fd() from read_data()Volker Lendecke2010-08-172-22/+9
| | | | All callers have appropriate debug messages themselves
* s3: Lift smbd_server_fd() from read_fd_with_timeout()Volker Lendecke2010-08-173-44/+62
|
* s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵Matthias Dieter Wallnöfer2010-08-171-2/+43
| | | | here the new password change syntax
* s4:kdc/kpasswdd.c - let the user change his own password with his own rightsMatthias Dieter Wallnöfer2010-08-171-3/+44
| | | | | | | | Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example).
* s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer2010-08-171-50/+74
| | | | | Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
* s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer2010-08-172-4/+4
| | | | password sets
* s4:samdb_set_password/samdb_set_password_sid - make more arguments "const"Matthias Dieter Wallnöfer2010-08-171-5/+5
|
* s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support ↵Matthias Dieter Wallnöfer2010-08-171-13/+27
| | | | | | the password change control And introduce parameters to pass the old password hashes.
* s4:password_hash LDB module - perform the adaptions to understand the new ↵Matthias Dieter Wallnöfer2010-08-171-8/+26
| | | | password change control
* s4:acl LDB module - support password changes over the ↵Matthias Dieter Wallnöfer2010-08-171-1/+15
| | | | | | | DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set".
* s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵Matthias Dieter Wallnöfer2010-08-171-0/+5
| | | | | | control This contains the NT and/or LM hash of the password specified by the user.
* s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer2010-08-174-11/+10
| | | | | Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
* Revert "waf: enable gccdeps in developer mode"Stefan Metzmacher2010-08-171-3/+2
| | | | | | | | | | | | | This reverts commit 61930f50cbace4741500d8b53fc11a4ef3e0d4f8. This breaks the build with older gcc versions gcc --version gcc (SUSE Linux) 4.3.2 [gcc-4_3-branch revision 141291] (This is SLES 11) Please only enable it if thet compiler supports it. metze
* s4:selftest: recreate $SELFTEST_PREFIX/s4client with each make test runStefan Metzmacher2010-08-171-3/+3
| | | | | | Otherwise just fill the disks of the build-farm hosts. metze
* s4:selftest: run ldapi tests in 'dc:local' environmentStefan Metzmacher2010-08-171-1/+1
| | | | metze
* s4-tests: Added tests for acl checks on search requestsNadezhda Ivanova2010-08-171-0/+218
|
* s3: Directly call write_data from print_job_write()Volker Lendecke2010-08-171-1/+1
|
* s3: Remove unused "pos" arg from print_job_writeVolker Lendecke2010-08-173-6/+3
|
* s3-samr: Correctly fix the transition from enum to uint32_t.Andreas Schneider2010-08-171-1/+5
| | | | | What type an enum is depends on the implementation, the compiler and probably the compiler options. sizeof(enum) is normally not sizeof(int)!
* s4-ldb: ensure element flags are zero in ldb search returnAndrew Tridgell2010-08-171-0/+2
| | | | the distinguishedName element was getting an uninitialised flags value
* s4-ldbwrap: ensure session_info in ldb opaque remains validAndrew Tridgell2010-08-171-0/+15
| | | | | | | A DRS DsBind handle can be re-used in a later connection. This implies reuse of the session_info for the connection. If the first connection is shutdown then the session_info in the sam context on the 2nd connection must remain valid.
* s4-rpcserver: log unknown RPC calls at debug level 3Andrew Tridgell2010-08-171-0/+6
| | | | | This was added as we are occasionally getting an encrypted unknown netlogon call, and I'm having trouble looking at it in wireshark
* s4-netlogon: added SEC_CHAN_RODCAndrew Tridgell2010-08-172-1/+7
| | | | This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
* s4-net: use an encrypted ldap session when setting passwordsAndrew Tridgell2010-08-171-0/+3
| | | | | | | this allows for "net setpassword -H ldap://server -Uusername%password USERNAME" to set a password remotely on a windows DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: check the type of session_info from the opaqueAndrew Tridgell2010-08-171-2/+2
| | | | | | | we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: allow getncchanges from RODC with WRIT_REP setAndrew Tridgell2010-08-171-2/+2
| | | | | | | | w2k8r2 is setting this bit as a RODC. Instead of refusing the replication, we now remove the bit from req8, which means other places in the code that check this bit can stay the same Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: added domain_sid to DRS security checksAndrew Tridgell2010-08-176-10/+14
| | | | | | | we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLERAndrew Tridgell2010-08-171-6/+6
| | | | | | check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNTAndrew Tridgell2010-08-172-2/+10
| | | | | | | when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: cope with cracknames of form dnsdomain\accountAndrew Tridgell2010-08-171-2/+8
| | | | | | this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumberAndrew Tridgell2010-08-171-1/+8
| | | | | | | | | msDS-SecondaryKrbTgtNumber is setup with a value that is outside the range allowed by the schema (the schema has rangeLower==rangeUpper==65536). We need to mark this element as being internally generated to avoid the range checks Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldb: added LDB_FLAG_INTERNAL_DISABLE_VALIDATIONAndrew Tridgell2010-08-172-7/+15
| | | | | | | | When this flag is set on an element in an add/modify request then the normal validate_ldb() call that checks the element against schema constraints is disabled Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldb: added LDB_FLAG_INTERNAL_MASKAndrew Tridgell2010-08-172-0/+31
| | | | | | | This ensures that internal bits for the element flags in add/modify requests are not set via the ldb API Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell2010-08-178-23/+28
| | | | | | | | | | | | The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA addAndrew Tridgell2010-08-171-1/+24
| | | | | | this control disables the system only check for nTDSDSA add operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell2010-08-171-1/+1
| | | | the ldb_msg_add_fmt() call returns LDB_SUCCESS on success
* s4-ldapserver: support controls on ldap add and renameAndrew Tridgell2010-08-171-10/+12
| | | | | | we need to pass the controls down to the add and rename ldb operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell2010-08-173-0/+76
| | | | | | | | | | | | this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell2010-08-171-163/+11
| | | | | | | many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s3-dcerpc: try to fix the non gssapi build.Günther Deschner2010-08-171-1/+2
| | | | Guenther
* s3-dcerpc: fix c++ build warning.Günther Deschner2010-08-171-1/+1
| | | | Guenther
View Lorry Controller Status