summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-11-17s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERYAndrew Tridgell1-1/+5
this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-17s4-gensec: zero the gssapi_stateAndrew Tridgell1-1/+1
this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-17s4-provision: use the command line lp in provisionAndrew Tridgell1-1/+1
this ensures that provision options are stored in the generated smb.conf
2010-11-17s4-provision: add log messages about IP lookupAndrew Tridgell1-0/+2
the IPv6 lookup can be very slow if a DNS server in the search list is unavailable. It's good to let the user know what its doing.
2010-11-17s4-dns: catch more expections in samba_dnsupdateAndrew Tridgell1-1/+5
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-13/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txtVolker Lendecke1-28/+29
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_afs_tokenVolker Lendecke1-8/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndrVolker Lendecke1-4/+5
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_unix_usernameVolker Lendecke1-6/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-11/+11
2010-11-17"bool ? true : false" is a bit pointlessVolker Lendecke1-2/+1
2010-11-17s3: Move parse_sidlist to the only calling fileVolker Lendecke3-44/+42
2010-11-17s3: Remove some unused codeVolker Lendecke2-23/+0
2010-11-17ldb:ldb_dn.c - ldb_dn_explode - free also the extended components on error casesMatthias Dieter Wallnöfer1-1/+4
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 17 08:45:53 UTC 2010 on sn-devel-104
2010-11-17tevent: Fix docstring, tevent_req_is_in_progress does not destroy private dataKai Blin1-2/+0
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Wed Nov 17 07:23:51 UTC 2010 on sn-devel-104
2010-11-17s4-test: added testing of w2k3 DC join to test-howto.pyAndrew Tridgell2-19/+105
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Nov 17 01:16:19 UTC 2010 on sn-devel-104
2010-11-17s4-join: fixed join to w2k3Andrew Tridgell1-1/+1
w2k3 does need msDS-Behavior-Version
2010-11-17s4-join: show a reasonable error on DsAddEntry() failingAndrew Tridgell1-1/+6
DsAddEntry() gives errors in a reply container
2010-11-17s4-join: enable NDR printing at debug levels >= 5Andrew Tridgell1-2/+9
this is handy for debugging joins
2010-11-17s4-loadparm: set debuglevel and logfile in tablesAndrew Tridgell1-0/+5
this allows the debug level and logfile to be queried from python using lp.get(). Otheriwse they are set only in the globals, and not in the tables.
2010-11-17s4-loadparm: fixed a memory leak in handle_realm()Andrew Tridgell1-0/+3
we need to free the lowercase and uppercase varients
2010-11-16s4-kdc Rework supported encryption type logic to match MicrosoftAndrew Bartlett1-37/+16
Thanks to Hongwei Sun for the clear description of the algorithim involved. Importantly, it isn't possible to remove encryption types from the list, only to add them over the defaults (DES and arcfour-hmac-md5, and additional AES for DCs and RODCs). This changes the behaviour for entries with msDS-supportedEncryptionTypes: 0, which Angelos Oikonomopoulos reported finding set by ADUC when attempting to store cleartext passwords. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 16 21:24:43 UTC 2010 on sn-devel-104
2010-11-16s4:acl LDB module - use also here "dsdb_find_nc_root" to implement the ↵Matthias Dieter Wallnöfer1-28/+57
NC-specific checks Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 16 15:12:13 UTC 2010 on sn-devel-104
2010-11-16s4:descriptor LDB module - also "get_default_ag" should make use of ↵Matthias Dieter Wallnöfer1-12/+12
"dsdb_find_nc_root"
2010-11-16s4:descriptor LDB module - handle the NCs in a more generic way by using ↵Matthias Dieter Wallnöfer1-10/+22
"dsdb_find_nc_root"
2010-11-16s4:"dsdb_find_nc_root" - let it work also when the "namingContexts" ↵Matthias Dieter Wallnöfer1-8/+34
attribute isn't available yet This is needed on provisioning when the modules aren't set up yet.
2010-11-16s4:descriptor LDB module - make more clear that special control entries ↵Matthias Dieter Wallnöfer1-0/+7
never should be handled by modules
2010-11-16s4:objectclass LDB module - the "olddn" is the special DN for rename requestsMatthias Dieter Wallnöfer1-1/+1
2010-11-16s4-schema_load: Don't clean in_transaction flag until transaction is really ↵Kamen Mazdrashki1-7/+6
finished Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Nov 16 11:00:35 UTC 2010 on sn-devel-104
2010-11-16s4:subtree_rename LDB module - make use of "dsdb_find_nc_root"Matthias Dieter Wallnöfer1-22/+27
This is exactly what's needed there. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 16 08:42:07 UTC 2010 on sn-devel-104
2010-11-16s4:objectclass LDB module - free "nc_root" after name context comparisonsMatthias Dieter Wallnöfer1-0/+2
2010-11-16s4-test: fixes for test-howto.pyAndrew Tridgell2-25/+36
this fixes some timing issues, plus ensures we test both with and without kerberos Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Nov 16 07:58:55 UTC 2010 on sn-devel-104
2010-11-16s4-spoolss: fixed warning in call to torture_warning()Andrew Tridgell1-2/+2
2010-11-16s4-eventlog: fixed dcerpc handle returnAndrew Tridgell1-4/+12
2010-11-16samba-tool Add test for --store-plaintextAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 16 06:29:04 UTC 2010 on sn-devel-104
2010-11-16Update dcerpc_server.pc library name to match reality.Brad Hards1-1/+1
2010-11-16samba-tool pwsettings Allow setting 'store cleartext'Andrew Bartlett1-2/+17
This allows the 'store cleartext' password policy flag to be (un)set. Andrew Bartlett
2010-11-16s4-ldif_handlers Add handler for printing supplementalCredentialsAndrew Bartlett2-1/+24
2010-11-16s4-test_kinit Add tests for lowercase realm combinationsAndrew Bartlett1-0/+4
This tests that the handling of lowercase realms works in our KDC and libraries. Andrew Bartlett
2010-11-16heimdal Build ticket with the canonical server nameAndrew Bartlett1-1/+1
We need to use the name that the HDB entry returned, otherwise we will not canonicalise the reply as requested. Andrew Bartlett
2010-11-16s4-kdc Fix the realm handling again, this time pay attention to the flagsAndrew Bartlett1-20/+20
The KDC sets different flags for the AS-REQ (this is client-depenent) and the TGS-REQ to determine if the realm should be forced to the canonical value. If we do this always, or do this never, we get into trouble, so it's much better to honour the flags we are given. Andrew Bartlett
2010-11-16s4-kdc use 'flags' to only create the 'admin data' elements when requestedAndrew Bartlett1-15/+19
This avoids setting these values when the caller simply does not care Andrew Bartlett
2010-11-16s4-kdc Add 'flags' parameter to db fetch callsAndrew Bartlett1-8/+35
This will allow these calls to honour the flags passed in from the KDC Andrew Bartlett
2010-11-16waf: added --git-local-changes configure optionAndrew Tridgell5-29/+38
if you use --git-local-changes then the version number that waf extracts from git will have a '+' on the end if you have local changes, as determined by running 'git diff'. This used to be the default, but unfortunately it is far too slow on some systems. On a NFS build system I was using the first line of configure took about 2 minutes. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Nov 16 01:51:54 UTC 2010 on sn-devel-104
2010-11-15s4-kdc Don't regenerate the PAC for cross-realm ticketsAndrew Bartlett1-0/+3
We should never get a cross-realm ticket that was not issued by a full DC, but if someone claims to have such a thing, reject it rather than segfaulting on the NULL client pointer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 23:59:34 UTC 2010 on sn-devel-104
2010-11-15s4-kdc Don't always regenerate the PACAndrew Bartlett1-2/+4
The PAC was being regenerated on all normal DCs, because they don't have a msDS-SecondaryKrbTgtNumber attribute. Instead we need to check if it's set and not equal to our RODC number, allowing RODCs to trust the full DCs and itself, but not other RODCs. Andrew Bartlett
2010-11-15heimdal Fetch the client before the PAC check, but after obtaining krbtgt_outAndrew Bartlett1-31/+30
By checking the client principal here, we compare the realm based on the normalised realm, but do so early enough to validate the PAC (and regenerate it if required). Andrew Bartlett
2010-11-15s4-gensec Indicate if GENSEC is in client or server mode in the debugAndrew Bartlett1-2/+4
2010-11-15s4:heimdal - fix the return code of a non-void functionMatthias Dieter Wallnöfer1-0/+2
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 23:14:57 UTC 2010 on sn-devel-104