summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-07-17s3-lsa: add (not yet activate) level specific access checks for ↵Günther Deschner1-0/+42
_lsa_QueryInfoPolicy. Guenther
2009-07-17s3-lsa: also implement level 13 in lsa_QueryInfoPolicy.Günther Deschner1-19/+24
Guenther
2009-07-17s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject().Günther Deschner1-4/+14
Guenther
2009-07-17s3-rpcclient: add LSA storeprivatedata command.Günther Deschner1-0/+56
Guenther
2009-07-17s3-rpcclient: add LSA retrieveprivatedata command.Günther Deschner1-0/+60
Guenther
2009-07-17s3-rpcclient: add LSA setsecret command.Günther Deschner1-0/+71
Guenther
2009-07-17s3-rpcclient: add LSA querysecret command.Günther Deschner1-0/+86
Guenther
2009-07-17s3-rpcclient: add LSA deletesecret command.Günther Deschner1-0/+50
Guenther
2009-07-17s3-rpcclient: add LSA createsecret command.Günther Deschner1-0/+43
Guenther
2009-07-17lsa: fill in lsa_StorePrivateData and lsa_RetrievePrivateData and rerun make ↵Günther Deschner6-7/+214
samba3-idl. Guenther
2009-07-18s3: compile warning and upn handlingBo Yang3-14/+31
Signed-off-by: Bo Yang <boyang@samba.org>
2009-07-18s3: don't do this, upper callbacks will check itBo Yang1-4/+0
Signed-off-by: Bo Yang <boyang@samba.org>
2009-07-18s3: Fix crsh in net usershare listBo Yang1-0/+1
Signed-off-by: Bo Yang <boyang@samba.org>
2009-07-16More conversions of NULL -> talloc_autofree_context()Jeremy Allison3-19/+24
so we at least know when we're using a long-lived context. Jeremy.
2009-07-16Replace more long-lived contexts with talloc_autofree_context().Jeremy Allison2-2/+2
Jeremy.
2009-07-16Replace short-lived NULL talloc contexts with talloc_tos().Jeremy Allison3-22/+22
Jeremy.
2009-07-16Remove an unused talloc context.Jeremy Allison1-8/+2
Jeremy.
2009-07-17Revert "s4:heimdal_build: predefine GSSAPI_DEPRECATED depending on the ↵Andrew Bartlett1-8/+0
compiler version" This is now handled correctly in the newly imported Heimdal This reverts commit 4a754d029b0eb229b23980aa4a80dae2b485a302.
2009-07-17s4:heimdal: import lorikeet-heimdal-200907162216 (commit ↵Andrew Bartlett6-23/+60
d09910d6803aad96b52ee626327ee55b14ea0de8) This includes in particular changes to the KDC to resolve bug 6272, originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We need to sort the AuthorizationData elements to put the PAC first, or else WinXP breaks when browsed from Win2k8. Andrew Bartlett
2009-07-17s4:kdc Rework KDC to pull in less attributes for krbtgt lookupsAndrew Bartlett3-31/+62
Each attribute we request from LDB comes with a small cost, so don't lookup any more than we must for the (very) frequent krbtgt lookup case. Similarly, we don't need to build a PAC for a server (as a target), so don't ask for the PAC attributes here either. Andrew Bartlett
2009-07-17s4:kdc rename functions from LDB_ to hdb_samba4Andrew Bartlett1-71/+71
The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-17Revert "fix LSA-PRIVILEGES"Günther Deschner1-3/+2
This reverts commit 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4.
2009-07-17Revert "fix LSA-TRUSTED-DOMAINS"Günther Deschner1-3/+2
This reverts commit 3c9b26276083002124674678ac757e859fb6b20e.
2009-07-17s4-smbtorture: use secinfo flags instead of numbers in lsa test.Günther Deschner1-1/+3
Guenther
2009-07-17s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity().Günther Deschner1-13/+3
Guenther
2009-07-17s3-lsa: implement _lsa_LookupPrivName().Günther Deschner1-6/+45
Guenther
2009-07-17s3-lsa: implement _lsa_EnumAccountsWithUserRight().Günther Deschner1-6/+57
Guenther
2009-07-16Tidyup prompted by #6554 - Wrong deallocation in sam_account_ok.Jeremy Allison1-2/+3
Jeremy.
2009-07-16s4:heimdal_build: predefine GSSAPI_DEPRECATED depending on the compiler versionStefan Metzmacher1-0/+8
Otherwise heimdal/lib/gssapi/gssapi/gssapi.h will just define it to __attribute__ ((deprecated)) which is not supported by all compilers we care about. This should fix the build on Tru64 metze
2009-07-16s4:heimdal_build: try to fix the build on systems without ifaddrs.hStefan Metzmacher2-0/+10
metze
2009-07-16tevent: try to fix the build on QNX qnx18 6.4.1 it doesn't have SA_RESTART ↵Stefan Metzmacher1-1/+11
defined metze
2009-07-16s4:heimdal_build: tell heimdal we have inet_aton()Stefan Metzmacher1-0/+4
This should fix problems on Solaris. metze
2009-07-16s4-smbtorture: use torture_comment in RPC-LSA tests.Günther Deschner1-204/+204
Guenther
2009-07-16fix LSA-PRIVILEGESGünther Deschner1-2/+3
2009-07-16fix LSA-TRUSTED-DOMAINSGünther Deschner1-2/+3
2009-07-16s4-smbtorture: move all privilege tests to RPC-LSA-PRIVILEGES.Günther Deschner2-12/+54
Guenther
2009-07-16s4-smbtorture: move all trusted domain tests to RPC-LSA-TRUSTED-DOMAINS.Günther Deschner2-7/+49
Guenther
2009-07-16s4:heimdal_build: try to fix the build on SolarisStefan Metzmacher1-0/+1
The problem seems to be #define flock rk_flock heimdal/../heimdal_build/replace.c: In function `rk_flock': heimdal/../heimdal_build/replace.c:64: error: storage size of 'lock' isn't known heimdal/../heimdal_build/replace.c:64: warning: unused variable `lock' metze
2009-07-16tsocket: rename sa_len => sa_socklen, because sa_len is a macro on some ↵Stefan Metzmacher1-21/+21
platforms metze
2009-07-16s4:kdc Initialise new hdb function pointers.Andrew Bartlett1-0/+3
Soon we will add implementations for these.
2009-07-16s4:heimdal: import lorikeet-heimdal-200907152325 (commit ↵Andrew Bartlett67-590/+1210
2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
2009-07-16lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL.Günther Deschner4-12/+12
Guenther
2009-07-16s3-ldapsam: bring Fedora DS LDAP schema in line with OpenLDAP schema.Günther Deschner1-0/+8
Guenther
2009-07-16s3-rpc_parse: remove more unused code.Günther Deschner2-334/+0
Guenther
2009-07-16s3-spoolss: make some of the command hooks static.Günther Deschner2-6/+3
Guenther
2009-07-16s4-smbtorture: some work on getprinterdriver and getprinterdriver2 tests.Günther Deschner1-23/+46
Guenther
2009-07-16s4:gensec Rework gensec_krb5 mutual authentication defaultsAndrew Bartlett1-24/+28
When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett
2009-07-16s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on AP_OPTS_MUTUAL_REQUIREDAndrew Bartlett1-1/+4
We had previously assumed it was unconditional. Samba3 didn't mind very much, but Samba4's samba3-like client did, and the behaviour differed to Win2008 behaviour. Andrew Bartlett
2009-07-16s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'Andrew Bartlett1-5/+15
This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett
2009-07-16s4:dsdb Handle dc/domain/forest functional levels properlyAndrew Bartlett9-21/+174
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett