summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-07-15s4:testprogs Show that we no longer delete the old keytab entriesAndrew Bartlett1-3/+5
By using a CCACHE obtained while the old password was still valid, we can tell if the server still accepts incoming Kerberos connections with the old password. Andrew Bartlett
2010-07-15s4:provision Handle machine account password changes while keeping keytabAndrew Bartlett1-15/+23
The challenge here is to update the existing record if it already exists, rather than deleting the old record. This ensures that the secrets.keytab handling code keeps the previous password in the keytab. Andrew Bartlett
2010-07-15s4:pyldb whitespace fixAndrew Bartlett1-1/+1
2010-07-15s4:pyldb Fix memory handling for ldb_message_elementAndrew Bartlett1-5/+10
The problem here is that we need to use the array, not the individual message element as the memory context. Andrew Bartlett
2010-07-15s4:testprogs Prove kerberos still works after a password changeAndrew Bartlett1-0/+25
Changing the machine account password should not prevent connections with a current, valid CCACHE. This is because when the password is changed, the server-side keytab keeps one old password around. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 upgradeprovision: Adapt the list of attribute modifiedMatthieu Patou1-4/+25
* isMemberOfPartialAttributeSet is now allowed to be deleted (on schema objects) * attributeDisplayNames is now allowed to be added and modified (used on display specifiers) * spnMapping is now allowed to be altered on Directory Service objects * minPwdAge is now modified if the previous value was 0 We issue a clear information about the userControl attribute for administrator to invite the user to modify himself the value. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 ldb modules: relax some tests about attributes that should not be hereMatthieu Patou1-0/+9
For attributes that we know that are harmless and that used to be stored in the ldb we relax the tests on the existance in a given objectclass. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 upgradeprovision: Synchronize the calculated keyversionnumber with the ↵Matthieu Patou1-1/+22
one previously stored Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 upgradeprovision: do not copy RID Set it's automaticaly created by the ↵Matthieu Patou1-24/+34
RID manager Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 upgradeprovision: add function to backup the provision before updatingMatthieu Patou1-152/+268
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 upgradeprovision: fix whitespacesMatthieu Patou1-13/+13
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4: Add unit test for increment_calculated_keyversion_numberMatthieu Patou1-1/+25
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 upgradeprovision: introduce a new function to update the field use for ↵Matthieu Patou1-3/+37
calculating msds-keyversionnumber This function change the version field of the unicodePwd in the replPropertyMetaData so that the version is equal or superior to the reference value passed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 python: Add functions to samdb to manipulate version of ↵Matthieu Patou2-1/+128
replPropertyMetaData attribute This change contains also helpers for attribute id to attribute oid conversion and from attribute id to attribute name. It brings also unit tests Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 dsdb: Use the changereplmetadata controlMatthieu Patou2-72/+222
This control allow to specify the replPropertyMetaData attribute to be specified on modify request. It can be used for very specific needs to tweak the content of the replication data. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 dsdb: create a new control: changereplmetadataMatthieu Patou2-0/+7
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15ldb: allow ldb_sequence_number to be called in pythonMatthieu Patou1-0/+26
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4: Unit test update_machine_account_password through kinitMatthieu Patou2-0/+40
This patch is for testing the chgdcpass script which is mostly a call to update_machine_account_password. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4: Add a simple script to change dc passwordMatthieu Patou1-0/+63
This script will mostly be used by unit test (blackbox type) to test the change of the dc password Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s4 provision: move update_machine_account_password to helpersMatthieu Patou2-49/+51
This is to allow reuse of this function and also unit tests Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15s3: Fix crashes in the printing codeVolker Lendecke1-0/+3
create_conn_struct did not create the conn->sconn!=NULL assumption we now depend on. Thanks to Andreas Schneider for testing!
2010-07-14s3-dcerpc: Break memory hierarchy for shared structureSimo Sorce1-1/+1
Handles are shared among multiple pipes_struct. We cannot allocate them on any specific pipes_struct or it will vanish for all others as soon as that pipes_struct is freed, leaving back dangling pointers. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-07-14s4: Added acl search tests for anonymous connection.Nadezhda Ivanova1-83/+68
The tests make sure that we comply with dsHeuristics setting and restrict anonymous access to rootDSE. They will be enabled when the implementation is pushed. tests are verified against win2k8.
2010-07-14s3-dcerpc: fix crash bug in error path of process_complete_pdu().Günther Deschner1-1/+1
Guenther
2010-07-14Fixed system_session_anon to actually make an anonymous sessionNadezhda Ivanova1-1/+1
It seems that because the flag is false, this always used the supplied credentials rhather than establish anonymous connection.
2010-07-14s3:auth Change auth_ntlmssp_server_info API to return NTSTATUSAndrew Bartlett5-13/+19
This fixes a bug where register_existing_vuid() could be called with a NULL server_info if the alloction failed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-14s3:smbd Give the kerberos session key a parentAndrew Bartlett1-0/+2
Nothing will free this, so this prevents a memory leak. Andrew Bartlett Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-14s3:smbd Fix segfault if register_existing_vuid() failsAndrew Bartlett1-4/+12
The register_existing_vuid() call will handle both the ntlmssp_end and vuid invalidation internally, so we don't want to do it again. Andrew Bartlett Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-14s3-selftest: enable RPC-BIND against s3.Günther Deschner1-1/+1
Guenther
2010-07-14s4-smbtorture: add very simple RPC-BIND testsuite.Günther Deschner4-2/+99
Guenther
2010-07-14s4-smbtorture: rename rpc/bind.c to rpc/multi_bind.c.Günther Deschner3-2/+2
Guenther
2010-07-13s3-libnet: add missing header file, sorry.Günther Deschner1-0/+13
Guenther
2010-07-13s3-libnet: better separate headers.Günther Deschner19-126/+61
Guenther
2010-07-13s3-winbind: Don't cache queries to builtin and own sam domain.Andreas Schneider1-3/+29
2010-07-13s3-winbind: Set status before we leave in some msrpc functions.Andreas Schneider1-0/+4
2010-07-13Revert "Remove the global char *LastDir."Jeremy Allison3-1/+22
Volker pointed out I'd missed the "last directory" cache part of this code. Return us to caching the directory we're in (reduces sys call load). Mea maxima culpa. Jeremy. This reverts commit 2f30aea3324f32f9b8555e961256fc1280da2871.
2010-07-13s3-waf: fix the build.Günther Deschner1-0/+1
Guenther
2010-07-13s3-ldb: fix build warning.Günther Deschner1-44/+1
Guenther
2010-07-13s4: Reorganized dsHeuristics reset so the code can be reusedNadezhda Ivanova1-53/+38
Moved the setting of dsHeuristics to a method as soon we will have to set other values as well in different tests
2010-07-13s3-dcerpc: Remove unused functions and headersSimo Sorce3-355/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: Use dcerpc_push_ncacn_packet() in api_pipe_alter_context()Simo Sorce1-104/+76
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: Use dcerpc_push_dcerpc_auth() for spnego auth continuations.Simo Sorce1-41/+32
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dceprc: Use dcerpc_push_ncacn_packet() in api_pipe_bind_req()Simo Sorce1-111/+89
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: Use a DATA_BLOB in bind processing and avoid one mem copySimo Sorce1-105/+52
Also move dcerpc_push_dcerpc_auth() invocation in api_pipe_bind_req() to simplify the workflow. Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: Rearrange api_pipe_bind_req() to do checks before allocating memorySimo Sorce1-30/+27
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: fix dcerpc_push_ncacn_packet, pass arg by addressSimo Sorce3-8/+8
There is no need to copy the whole structure twice by passing it in by value. Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: pass the packet to setup_bind_nack()Simo Sorce1-6/+6
Allows to not rely on p->call_id but use the value directly from the request packet header. Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dceprc: Add debug messagesSimo Sorce1-0/+10
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: Remove unused membersSimo Sorce1-3/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-13s3-dcerpc: Remove unused functionsSimo Sorce3-378/+0
Signed-off-by: Günther Deschner <gd@samba.org>