summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-09-29s4-drepl: fixed the checking of replica_flags in the drepl serverAndrew Tridgell1-7/+0
we were incorrectly avoiding a getncchanges when WRIT_REP was not set Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-kcc: fixed the replica_flags in repsFrom in the kccAndrew Tridgell1-31/+72
if our calculated replica_flags doesn't match the ones in our repsFrom then update it Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29idl-drsuapi: fixed another replica_flags that should use the bitmapAndrew Tridgell1-1/+1
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-30s4-dns: send A record updates via TKEYAndrew Tridgell1-1/+6
2010-09-30s3-spoolss: make sure to exit early and with the appropriate error code inGünther Deschner1-0/+4
_spoolss_GetPrinterDriver2. Guenther
2010-09-30spoolss: use the correct flags for spoolss_PrinterInfo1 struct.Günther Deschner1-1/+1
Guenther
2010-09-30s3-spoolss: Fix servername/printername handling which turns out to be very ↵Günther Deschner6-141/+189
important to get right. Guenther
2010-09-30s4-smbtorture: add new EnumPrinters test to test printername/servernameGünther Deschner1-13/+207
behaviour in EnumPrinter and GetPrinter calls. Guenther
2010-09-29s4-samldb: also set a password on the krbtgt_NNNN accountAndrew Tridgell1-0/+11
when we setup the krbtgt_NNNN account using the DCPROMO_OID control, we also need to set an initial password for this account Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-devel: added new options to getncchanges scriptAndrew Tridgell1-9/+65
added --pas, --dest-dsa and --replica-flags options Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell1-26/+130
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2-12/+63
this checks securiity on the NC root of the specified naming context
2010-09-29util: added BINARY_ARRAY_SEARCH_V()Andrew Tridgell1-0/+16
this is used to search an array of values
2010-09-29s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29libds: added more UF_ -> ACB_ flags mappingsAndrew Tridgell2-2/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2010-09-29midltests: add midltests-pipe-sync-ndr32-downgrade-02.idlStefan Metzmacher2-0/+3566
metze
2010-09-29midltests: support for fragmented RPC trafficStefan Metzmacher1-5/+57
metze
2010-09-29midltests: print out the alloc_hint for requests and responsesStefan Metzmacher1-4/+4
metze
2010-09-29midltests: improve NDR64 downgradeStefan Metzmacher1-4/+21
metze
2010-09-29midltests: revert to a simple default midltests.idlStefan Metzmacher1-248/+3
metze
2010-09-29s3-waf: add basic make test infrastructure, not able to test yet.Günther Deschner3-0/+158
Guenther
2010-09-29s3-waf: clean up socket-wrapper and nss-wrapper a little.Günther Deschner1-15/+5
Guenther
2010-09-29s3-waf: add vlp binary.Günther Deschner1-0/+5
Guenther
2010-09-29s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS callAndrew Tridgell1-10/+57
we can't do SPN updates via sam writes and replication, as the sam is read-only
2010-09-29s4-drsutils: expose DsBind() call in drs_utils.pyAndrew Tridgell1-37/+38
this will be used by samba_spnupdate
2010-09-29s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpersAndrew Tridgell2-0/+12
Our helper scripts can fail on Fedora with the PDT timezone (Western USA). This is the same issue we found with Heimdal earlier today, the 24 second difference between GMT and UTC, but this time in MIT Kerberos as linked into bind9. By forcing TZ=GMT in these scripts we avoid the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-rodc: RODC should not accept requests for role transferNadezhda Ivanova1-0/+12
A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
2010-09-28s4-provision: simplify our generated krb5.confAndrew Tridgell1-14/+1
we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-kdc: RODC DCs should be able to produce forwardable ticketsAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28heimdal: fixed timegm UTC/GMT bugAndrew Tridgell1-15/+6
This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell1-4/+4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28ldb-dn: don't crash on NULL in ldb_binary_encode_string()Andrew Tridgell1-0/+3
Thanks to Nadya for finding this one!
2010-09-28s4-kdc Ensure that an RODC may act as a server (needed to fillAndrew Bartlett1-5/+24
the krbtgt role). Andrew Bartlett
2010-09-28heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett3-1/+35
If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
2010-09-29midltests/todo: add some random idl files I had tested month agoStefan Metzmacher8-0/+1014
metze
2010-09-29midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl exampleStefan Metzmacher3-3/+682
metze
2010-09-29midltests: add some usefull defines to midltests.idlStefan Metzmacher1-0/+24
metze
2010-09-29midltests: make it possible to allow downgrades to NDR32Stefan Metzmacher1-4/+8
metze
2010-09-29midltests: add a midltests_tcp.exe toolStefan Metzmacher5-5/+611
This uses a man in the middle approach in order to dump the request and response pdus. It also tests NDR32 and NDR64. metze
2010-09-29midltests: move the current implementation to midltests_simple.exeStefan Metzmacher3-22/+34
metze
2010-09-29testprogs/win32: add vs2010-metze.cmdStefan Metzmacher1-0/+24
metze
2010-09-29s3-printing: skip metadata entry when traversing printerlist.Günther Deschner1-0/+5
We were creating a new printer (with a very broken name) out of the lasttimestamp entry all the time. Simo, please check. Guenther
2010-09-28pidl: add support for pointers in typedefsStefan Metzmacher4-249/+270
metze
2010-09-28pidl:NDR/Parser: remove unused code for array element indexStefan Metzmacher1-6/+0
metze
2010-09-28pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags()Stefan Metzmacher1-6/+4
metze
2010-09-28pidl:NDR/Client: make the generated code look a bit nicerStefan Metzmacher1-1/+1
metze
2010-09-28librpc/ndr: remove 'async' from ndr_interface_callStefan Metzmacher1-1/+0
metze
2010-09-28pidl: remove unused async property handlingStefan Metzmacher2-7/+1
metze
2010-09-28pidl/Python: use has_property($d, "noopnum") helper functionStefan Metzmacher1-1/+1
metze
2010-09-28pidl:NDR/Client.pm: remove unreached codeStefan Metzmacher1-3/+0
metze