summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-07-23Remove the 'accoc_group_id' check in the RPC server.Andrew Bartlett1-0/+11
This check breaks more than it fixes, and while technically not correct, is the best solution we have at this time. Otherwise, SCHANNEL binds from WinXP fail. Andrew Bartlett (This used to be commit f8628fa330abcd50923d995d5bda1f4811582ea9)
2008-07-23Explain where some other OIDs are allocated.Andrew Bartlett1-0/+6
This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett (This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5)
2008-07-21Fix winbindd not to sit in a busy loop...Andrew Bartlett1-1/+2
Clearly winbindd in Samba4 has not ever been run against windows, as when we fixed the Samba4 server not to cause XP to loop like this, Samba4's own client starts looping... Andrew Bartlett (This used to be commit 9741772190a85c7c42c17ff24a4aa3f53fbc9f3a)
2008-07-21Rename structures to better match the names in the WSPP IDL.Andrew Bartlett6-68/+68
The 'comment' element in a number of domain structures is called oem_information. This was picked up actually because with OpenLDAP doing the schema checking, it noticed that 'comment' was not a valid attribute. The rename tries to keep this consistant in both the LDB mappings and IDL, so we don't make the same mistake in future. This has no real schema impact, as this value isn't actually used for anything, as 'comment' was not used in the provision. Andrew Bartlett (This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a)
2008-07-21Remove bogus test in 'enum trusted domains' LSA server.Andrew Bartlett2-6/+40
The change to the RPC-LSA test proves that when the remote server has 0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not NT_STATUS_OK. Andrew Bartlett (This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b)
2008-07-21Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett1-0/+1
(This used to be commit 55bde3c9daeafdac04574365c23d181345639f34)
2008-07-21Sleep longer in the hope that the OpenLDAP backend might catch upAndrew Bartlett1-2/+2
(This used to be commit 63c80c885dc3fb2228f082be8db752bb29e3962e)
2008-07-21Fix ldb_map to add/remove the same 'extra' objectclassAndrew Bartlett1-2/+3
The code previously added data->add_objectClass, but only removed the fixed objectclass of extensibleObject. Found by the ldap.py test. Andrew Bartlett (This used to be commit 4fa15c3173a997fa0b9041161d81e742e1fdb41c)
2008-07-21Make invalid 'member' detection work again.Andrew Bartlett1-0/+4
This defines a rootdn globally, and due to OpenLDAP bugs, gives it manage access to the whole database. This makes the memberOf module able to validate the links again, now we have database ACLs. Andrew Bartlett (This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
2008-07-19Fix RAW-OPEN against Samba3Volker Lendecke1-0/+1
This test assumed that fnums are recycled immediately after a close. This is not true on Samba 3. Andrew B., I assume this is just a bug in the test. Assuming recycled fnums might be true on Windows and Samba 4, but I don't think we should assume this everywhere. Volker (This used to be commit a4c3a59d47b2b1c794eda556d252c61907be1b3c)
2008-07-18Make a seperate template for the refint configuration tooAndrew Bartlett3-3/+9
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)
2008-07-18Put the memberof template into a seperate setup/ file.Andrew Bartlett3-33/+39
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm having with OpenLDAP Andrew Bartlett (This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)
2008-07-18More 'must be ignored' options from the MS-SMB doc.Andrew Bartlett3-59/+66
Also in particular the 'sync' flags (which Samba has traditionally ignored). Thanks to Olivier Salamin <olivier.salamin@gmail.com> for pointing out more flags that needed to be handled. Andrew Bartlett (This used to be commit 370bb39cd79fe49efd36a1ceb3e896d386e6d3ce)
2008-07-16Add the interface ID to the rpc_pipe_register_commands call in s3 srv codeVolker Lendecke1-1/+1
(This used to be commit efe249928312f730ee580e72b9c640ef88b0ed5b)
2008-07-16drsuapi: print out the number of linked attribute values we gotStefan Metzmacher2-32/+54
metze (This used to be commit 34f8b2abdd546f6b60ddae2ad839119f211c995c)
2008-07-16drsuapi: make use of the 'more_data' field in DsGetNCChangesCtr[1|6]Stefan Metzmacher6-15/+14
metze (This used to be commit 35c7fa470a7433d081403b2b57a331c7dc287aef)
2008-07-16drsuapi: check ctr6->drs_errorStefan Metzmacher2-0/+13
metze (This used to be commit 511847f5f5015bcdef69e80b91cb08ffb1690e59)
2008-07-16drsuapi: get ctr6 out of xpress compressed levelStefan Metzmacher3-0/+15
metze (This used to be commit 4e0708148a121bd41a12abf6122d5d6f3f09667a)
2008-07-16drsuapi: total_object_count was the wrong guessStefan Metzmacher2-26/+20
The total_object_count member of DsGetNCChangesCtr[1|6] was wrong it's the error code of an extended operation. DsGetNCChangesCtr6 has a nc_object_count value which contains the estimated amount of objects in the naming_context. W2k seems to have a bug and sends this number of objects in the extended_ret field. Maybe it's just a bug and not a feature:-) metze (This used to be commit 67931092128ce89aadf689a54e20d6e4a9d7fe2c)
2008-07-16drsuapi.idl: fix unknowns in drsuapi_DsGetNCChangesCtr*Stefan Metzmacher1-7/+27
metze (This used to be commit 9e99e59ca7e56bf74417ec85339e09e86f50d17e)
2008-07-16libnet/become_dc: an unknown field in drsuapi.idl changed to object_flagsStefan Metzmacher1-1/+1
metze (This used to be commit a6198ab6cb829969b12068324d870966a6cfc029)
2008-07-16drsuapi.idl: fix unknowns in drsuapi_DsReplicaObject*Stefan Metzmacher2-3/+9
metze (This used to be commit de2aed042d09ae7a31ddc4cd920c8fcf193ba06a)
2008-07-16drsuapi.idl: fix unknowns in drsuapi_DsReplicaCursor[2]Stefan Metzmacher1-6/+6
metze (This used to be commit a681e55067a83f06e465b81afb2b0b870b674dca)
2008-07-16drsuapi.idl: correctly handle xpress compressed payloadStefan Metzmacher1-4/+4
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (This used to be commit d9d19eef4f67da89e7d818d23a2372bee6f86dba)
2008-07-16become_dc: we need to replicate using krb5 auth to work against w2kStefan Metzmacher1-2/+2
With NTLMSSP we just get strange responses with a random object count and a NULL object list. On the domain partition where we try to replicate the password fields. metze (This used to be commit ce12a9105113ad7cff96b7d553a8d69901c56de7)
2008-07-16NET-API-BECOME-DC: fix crash bugs because of unintialized variablesStefan Metzmacher1-1/+4
metze (This used to be commit 6acf42c2e41bb1d44c1fcaaaa58fc3f148491836)
2008-07-16Another kludge to let the OpenLDAP backend catch up.Andrew Bartlett1-0/+2
This will go away when this is handled in an internal transation. Andrew Bartlett (This used to be commit f567e17758cfe937249beafae0a9087b67b27755)
2008-07-16Fix the build - this element was renamed.Andrew Bartlett1-1/+1
(This used to be commit 60161954ad5c99ce9934a968c5d41f41fafd780f)
2008-07-16Reorder whitespace in generated slapd.confAndrew Bartlett1-4/+4
This helps us see the real groupings in the generated memberOf handling. Andrew Bartlett (This used to be commit ec70ebb8310e563324233662f8e779c55fb87514)
2008-07-16Ignore and handle more NT Create & X options.Andrew Bartlett3-4/+76
The MS-SMB document explains that some of these options should be ignored. The test proves it. /* Must be ignored by the server, per MS-SMB 2.2.8 */ /* Must be ignored by the server, per MS-SMB 2.2.8 */ If we implement HSM in samba4 (likely) we should honour this bit. /* Don't pull this file off tape in a HSM system */ Andrew Bartlett (This used to be commit 502739ff90d56d2c9aabe8e224317f6ceb175c17)
2008-07-16Don't keep an extra ldb around forever.Andrew Bartlett1-1/+5
We just open it to figure out if we need to be a Global Catalog server. Andrew Bartlett (This used to be commit f13572d9e9f1962b637cbd573588184d1459d252)
2008-07-15Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett1-1/+1
Conflicts: source/dsdb/samdb/ldb_modules/simple_ldap_map.c (This used to be commit 5d539b7da46e38e7570fa5af4549b142f25e4585)
2008-07-15Simplify the contextCSN determination.Andrew Bartlett2-145/+68
We only ever have one backend partition per Samba partition. Andrew Bartlett (This used to be commit 316a9b312a2d4a4ea5a5c70946fb06b61fab1a7d)
2008-07-15Lock down the LDAP backend - only samba may read or writeAndrew Bartlett1-1/+1
(This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d)
2008-07-15Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett18-61/+216
(This used to be commit 7fb8179f214bbba95eb35d221cb9892b55afe121)
2008-07-15Revert Fedrora DS backend to use extensibleObject.Andrew Bartlett1-1/+1
Until I create a samba4openldaptop and samba4fedoratop... Andrew Bartlett (This used to be commit 6e232c4ae6dc4151599ab4e57add2ec232d4ac13)
2008-07-15Kill of some bogus debugs for the world who does not use the LDAP backendAndrew Bartlett1-3/+3
(This used to be commit 5bde586bdb4a1523a62a764b9ff292a4a8cee4fe)
2008-07-15Fix asking for credentials for non-LDAP provisions.Andrew Bartlett1-1/+1
(This used to be commit 78416f4840df4f8d1f9cc5e46a48b19c86888050)
2008-07-15Rework provision to handle both simple and SASL binds.Andrew Bartlett3-12/+15
Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
2008-07-15Connect to the LDAP backend with SASL credentials.Andrew Bartlett9-21/+111
This reworks our LDAP backend code to move from anonymous access to a shared-secret SASL-protected connection. (SASL selects NTLM or DIGEST-MD5 on my system). To get this working, we must pre-populate the LDAP backend with a DN to store ths SASL secret on, and we use back-ldif for this. This gives us a reasonable basis to deploy a replicated OpenLDAP backend solution. Andrew Bartlett (This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
2008-07-15Make up a full hostname for ldapi connections.Andrew Bartlett1-2/+7
The DIGEST-MD5 SASL method requires a hostname, so provide one. Andrew Bartlett (This used to be commit edfb2ed1f22bc735af5a0c3d3ae6ab6771d28f2c)
2008-07-15Add a standard filter for finding the LDAP secrets.Andrew Bartlett1-0/+1
(This used to be commit 28c784966809d634e8497e0716b30bad018467b4)
2008-07-15Cleanup ldap_bind_sasl.Andrew Bartlett1-4/+3
With these changes, we don't leak the LDAP socket, and don't reset all credentials feature flags, just the ones we are actually incompatible with. Andrew Bartlett (This used to be commit 72e52a301102941c41ab423e0212fe9a1aed0405)
2008-07-15Use secrets.ldb to store credentials to contact LDAP backend.Andrew Bartlett3-11/+35
This makes Samba4 behave much like Samba3 did, and use a single set of administrative credentials for it's connection to LDAP. Andrew Bartlett (This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
2008-07-15Allow ldap credentials to be (optionally) stored in secrets.ldbAndrew Bartlett1-11/+33
This includes a simple bind DN, or SASL credentials. The error messages are reworked as on systems without an LDAP backend, we will fail to find this record very often. Andrew Bartlett (This used to be commit 95825ae6d5e9d9846f3a7505a81ebe603826227e)
2008-07-15Try to make NTLMSSP less fussy for unimportant messages.Andrew Bartlett1-2/+13
We don't really care (because nobody uses them) what we send as the domain and workstation in the negotiate packet. Andrew Bartlett (This used to be commit 9ac07e14873df2c18d0e9501691c2d4c4047e218)
2008-07-15Fix 'make gdbtest-enb' and the GDB_PROVISION option.Andrew Bartlett2-2/+2
(This used to be commit 79c4d8e2fabc9c33d978c064b9c01ca45e463ced)
2008-07-14Remove C++ keywords from events.h header.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit 7ca421eb32bed3c400f863b654712d922c82bfb9)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett14-68/+49
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-11Use common code to fill in allowedAttributes in kludge_acl.Andrew Bartlett3-39/+41
This code is now in common with ad2oLschema. Andrew Bartlett (This used to be commit 0a797388ca442c3ad4809888897b1c63b65a7fdf)