IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.
Andrew Bartlett
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.
Andrew Bartlett
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
Windows uses 2 different values to indicate an account doesn't expire: 0 and
9223372036854775807 (0x7FFFFFFFFFFFFFFFULL).
This function looks up the value of the accountExpires attribute and if the
value is either value indicating the account doesn't expire,
0x7FFFFFFFFFFFFFFFULL is returned.
This simplifies the tests for account expiration. There is no need to check
elsewhere in the code for both values, therefore a simple greater-than
expression can be used.
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
Never install generated prototype files. It's easier to break the
API when using them and they're not easily readable for 3rd party users.
Conflicts:
source/auth/config.mk
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/config_mk.pm
source/build/smb_build/main.pl
source/build/smb_build/makefile.pm
source/dsdb/config.mk
source/lib/charset/config.mk
source/lib/tdr/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/torture/config.mk
More correctly handle expired passwords, and do not expire machine accounts.
Test that the behaviour is consistant with windows, using the RPC-SAMR test.
Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.
Andrew Bartlett
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system. samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.
Andrew Bartlett
The main change here is to work with the current module stack,
replacing only the objectGUID module, rather than a number of modules.
However, two changes were key:
- Fixing a typo search_req->handle -> change_req->handle
- Allowing an error of NO_SUCH_OBJECT - it is quite valid
for the object not to exist when being replicated in.
Other small changes were required to the ejs provision to match
changes in that code.
Andrew Bartlett
(I presume this has resulted from the global variable elimination)
Perhaps the iconv handle argument to ndr_push_struct needs to be
marked as 'not NULL' or similar?
Andrew Bartlett
This allows objectClass munging to be removed, or modified to not
include adding an objectClass, or for that objectClass to be something
different.
Andrew Bartlett
This moves to a smarter 'find the delta' based operation of the linked
attributes module, when the caller asks for a 'replace' of the link
source. Previously we would spray operations all over the database,
even if the net result was just to modify one record.
This also means we need the transaction safety less, which may be
useful for some LDAP backends that don't provide this functionality on
the LDAP server.
Andrew Bartlett
Also remove the search_options control earlier, before, rather than
after duplicating the request.
When we generate referalls in the partition module, the domain_scope
control with suppress them.
Andrew Bartlett
