summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-09-16s3-netlogon: support validation level 6 in netr_SamLogon calls.Günther Deschner3-0/+65
Guenther
2009-09-16s3-netlogon: match all logon levels in netr_SamLogon calls.Günther Deschner1-0/+9
Guenther
2009-09-16s3-rpcclient: fix netr_LogonGetCapabilities command.Günther Deschner1-6/+5
Guenther
2009-09-16security:idl Generated filesNadezhda Ivanova3-0/+66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16Owner and group defaulting.Nadezhda Ivanova9-59/+636
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16Tests for descriptor inheritanceZahari Zahariev3-1/+1613
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16s4:kdc In the kpasswd server, don't use the client address in mk_privAndrew Bartlett1-0/+8
This code eventually calls into mk_priv in the Heimdal code, and if the client is behind NAT, or somehow has an odd idea about it's own network addresses, it will fail to accept this packet if we set an address. It seems easiser not to. (Found by testing with NetAPP at plugfest) Andrew Bartlett
2009-09-16s4:rpc_server netgotiate max xmit size with RPC clientAndrew Bartlett1-2/+2
Testing against NetAPP showed that clients can object to being told a larger max xmit fragment size than they negotiated. Choose the minimum of the server and client values. Andrew Bartlett
2009-09-16s3: Don't overwrite password in pam_winbind, subsequent pam modulesBo Yang1-4/+0
might use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org>
2009-09-16s4-repl: raise a debug levelAndrew Tridgell1-1/+1
2009-09-16s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't existAndrew Tridgell1-0/+8
When a partition is first created it still needs a uSNHighest value
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher5-229/+263
This prepares support for HMAC-SHA256/AES. metze
2009-09-16lib/crypto: include aes.h into crypto.hStefan Metzmacher1-1/+1
metze
2009-09-13Ignore source4/dsdb/kcc/kcc_service_proto.h.Matt Kraai1-0/+1
2009-09-16s3-netapi: Fix Coverity #668: FORWARD_NULL.Günther Deschner1-1/+1
Guenther
2009-09-16s3-netapi: Fix Coverity #669 FORWARD_NULL.Günther Deschner1-1/+1
Guenthe
2009-09-16s3-netapi: Fix Coverity #670: FORWARD_NULL.Günther Deschner1-1/+1
Guenther
2009-09-16s3-eventlogadm: Fix Coverity #938: UNINIT.Günther Deschner1-1/+1
Guenther
2009-09-16s3-rpcclient: Fix Coverity #935: UNINIT.Günther Deschner1-1/+1
Guenther
2009-09-16s3-ntlmssp: add missing prototype.Günther Deschner2-2/+3
Guenther
2009-09-16s3-dcerpc: remove more obsolete or duplicate headers.Günther Deschner6-111/+69
Guenther
2009-09-16s3-schannel: add dump_NL_AUTH_SIGNATURE.Günther Deschner4-44/+44
Guenther
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell2-26/+7
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-rpc: added a module for forwarding RPC requestsAndrew Tridgell3-9/+116
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC request to another task in Samba4, with the return being handled asynchronously. This is useful for forwarding DRS requests to the repl or kcc tasks
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell4-22/+54
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15s4-ldb: ldap attribute names can contain a '.'Andrew Tridgell1-1/+2
When they are of the form of OIDs
2009-09-15s4-ldb: expose ldb_transaction_prepare_commit() in ldbAndrew Tridgell3-21/+64
It is useful to be able to control the 2 phase commit from application code (s4 replication uses it)
2009-09-15s4-repl: don't do double replicationAndrew Tridgell4-6/+44
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15tdb: allow reads after prepare commitAndrew Tridgell1-8/+0
We previously only allowed a commit to happen after a prepare commit. It is in fact safe to allow reads between a prepare and a commit, and the s4 replication code can make use of that, so allow it.
2009-09-15s4-drs: filter based on local_usnAndrew Tridgell1-1/+1
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-15s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()Andrew Tridgell2-4/+4
Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better.
2009-09-15s4-ldb: cope better with corruption of tdb recordsAndrew Tridgell4-5/+30
When doing an indexed search if we hit a corrupt record we abandoned the indexed search and did a full search. The problem was that we might have sent some records to the caller already, which means the caller ended up with duplicate records. Fix this by returning a search error if indexing returns an error and we have given any records to the caller.
2009-09-15talloc: when we enable NULL tracking, reparent the autofree contextAndrew Tridgell1-0/+3
If NULL tracking is enabled after the autofree context is initialised then autofree ends up separate from the null_context. This means that talloc_report_full() doesn't report the autofree context. Fix this by reparenting the autofree context when we create the null_context.
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5
2009-09-16s3: Fix reading beyond the end of a named stream in xattr_streamsVolker Lendecke1-2/+1
This was found thanks to a test by Sivani from Microsoft against Samba at the SDC plugfest
2009-09-16s3: Add some debugs to streams_xattrVolker Lendecke1-0/+6
2009-09-16schannel: remove last traces of gensec.Günther Deschner1-2/+0
Guenther
2009-09-16lib/crypto: link in AES crypto for s4 as well.Günther Deschner1-1/+2
Guenther
2009-09-16s3-schannel: remove unused schannel_decode/schannel_encode.Günther Deschner2-293/+0
Guenther
2009-09-16schannel: fully share schannel sign/seal between s3 and 4.Günther Deschner9-83/+144
Guenther
2009-09-16schannel: move schannel_sign to main directory.Günther Deschner6-9/+52
Guenther
2009-09-16s4-schannel: try to fix the build.Günther Deschner1-1/+1
Guenther
2009-09-16s4-schannel: first step of decoupling schannel from gensec.Günther Deschner2-20/+51
Guenther
2009-09-16s4-schannel: strip trailing whitespace.Günther Deschner1-36/+36
Guenther
2009-09-16s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE inGünther Deschner1-1/+1
cli_pipe_verify_schannel(). Guenther
2009-09-16lib/crypto: add aes encryption routines to main cryto lib.Günther Deschner5-1/+1464
Guenther
2009-09-15libreplace: white space cleanupsBjörn Jacke2-12/+12
2009-09-15s3: ignore cups-config to tidy up library dependenciesBjörn Jacke1-1/+1
contrary to krb5-config for example, which outputs useful things, cups-config --libs does not output libs we have to link against. It outputs libs that cups linked against. We just have to link against cups.