IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In particular, allow for the server DN to be in a different site
(possible outcome of a DRS replication).
Andrew Bartlett
(This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1)
This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.
Andrew Bartlett
(This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
These small changes seem to fix some of the early issues in 'make
valgrindtest'
Previously, the subtree_delete code didn't pass on the timeout,
leaving it uninitialised.
The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a
bit.
Andrew Bartlett
(This used to be commit 95314f29a9cf83db71d37e68728bfb5009fce60d)
Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.
Andrew Bartlett
(This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.
Andrew Bartlett
(This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
If the objectClass found does not include a defaultSecurityDescriptor,
then we should not segfault in the SDDL parser.
Andrew Bartlett
(This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8)
Windows uses 2 different values to indicate an account doesn't expire: 0 and
9223372036854775807 (0x7FFFFFFFFFFFFFFFULL).
This function looks up the value of the accountExpires attribute and if the
value is either value indicating the account doesn't expire,
0x7FFFFFFFFFFFFFFFULL is returned.
This simplifies the tests for account expiration. There is no need to check
elsewhere in the code for both values, therefore a simple greater-than
expression can be used.
(This used to be commit 7ce5575a3a40cca4a45ec179a153f7e909065a87)
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
This avoids going via the canonicalise_fn(), which will upper case the DN
Andrew Bartlett
(This used to be commit cdff1b0802437d713652b89f4522d3cce97c30ec)
Never install generated prototype files. It's easier to break the
API when using them and they're not easily readable for 3rd party users.
Conflicts:
source/auth/config.mk
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/config_mk.pm
source/build/smb_build/main.pl
source/build/smb_build/makefile.pm
source/dsdb/config.mk
source/lib/charset/config.mk
source/lib/tdr/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/torture/config.mk
(This used to be commit 6c659689ed4081f1d7a6253c538c7f01784197ba)
This takes the previous patches further, so we catch all the cases
(the KDC looked at the time directly).
Andrew Bartlett
(This used to be commit cda4642a937d249399e25eaa6e5e20a0d440bcbf)
More correctly handle expired passwords, and do not expire machine accounts.
Test that the behaviour is consistant with windows, using the RPC-SAMR test.
Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.
Andrew Bartlett
(This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system. samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.
Andrew Bartlett
(This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
task_service_init() manually. Now this is called from service.c for
all services.
Andrew Bartlett
(This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
needed to change prefork behaviour based on what service is being
started.
Andrew Bartlett and David Disseldorp
(This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
This means that, except when we back onto LDAP, when it will be
replaced with the mapping backend, we will keep this codepath tested.
Andrew Bartlett
(This used to be commit e8fb5da5a18c1c3bd788b1ab3f814ffb847b00fd)
The main change here is to work with the current module stack,
replacing only the objectGUID module, rather than a number of modules.
However, two changes were key:
- Fixing a typo search_req->handle -> change_req->handle
- Allowing an error of NO_SUCH_OBJECT - it is quite valid
for the object not to exist when being replicated in.
Other small changes were required to the ejs provision to match
changes in that code.
Andrew Bartlett
(This used to be commit 7b87a58502a052de391f4e1c56ac78a8d35b4e34)
