Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-09-16 | s3-netlogon: support validation level 6 in netr_SamLogon calls. | Günther Deschner | 3 | -0/+65 | |
Guenther | |||||
2009-09-16 | s3-netlogon: match all logon levels in netr_SamLogon calls. | Günther Deschner | 1 | -0/+9 | |
Guenther | |||||
2009-09-16 | s3-rpcclient: fix netr_LogonGetCapabilities command. | Günther Deschner | 1 | -6/+5 | |
Guenther | |||||
2009-09-16 | security:idl Generated files | Nadezhda Ivanova | 3 | -0/+66 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 9 | -59/+636 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-16 | Tests for descriptor inheritance | Zahari Zahariev | 3 | -1/+1613 | |
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-16 | s4:kdc In the kpasswd server, don't use the client address in mk_priv | Andrew Bartlett | 1 | -0/+8 | |
This code eventually calls into mk_priv in the Heimdal code, and if the client is behind NAT, or somehow has an odd idea about it's own network addresses, it will fail to accept this packet if we set an address. It seems easiser not to. (Found by testing with NetAPP at plugfest) Andrew Bartlett | |||||
2009-09-16 | s4:rpc_server netgotiate max xmit size with RPC client | Andrew Bartlett | 1 | -2/+2 | |
Testing against NetAPP showed that clients can object to being told a larger max xmit fragment size than they negotiated. Choose the minimum of the server and client values. Andrew Bartlett | |||||
2009-09-16 | s3: Don't overwrite password in pam_winbind, subsequent pam modules | Bo Yang | 1 | -4/+0 | |
might use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2009-09-16 | s4-repl: raise a debug level | Andrew Tridgell | 1 | -1/+1 | |
2009-09-16 | s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist | Andrew Tridgell | 1 | -0/+8 | |
When a partition is first created it still needs a uSNHighest value | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 5 | -229/+263 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | lib/crypto: include aes.h into crypto.h | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-09-13 | Ignore source4/dsdb/kcc/kcc_service_proto.h. | Matt Kraai | 1 | -0/+1 | |
2009-09-16 | s3-netapi: Fix Coverity #668: FORWARD_NULL. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s3-netapi: Fix Coverity #669 FORWARD_NULL. | Günther Deschner | 1 | -1/+1 | |
Guenthe | |||||
2009-09-16 | s3-netapi: Fix Coverity #670: FORWARD_NULL. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s3-eventlogadm: Fix Coverity #938: UNINIT. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s3-rpcclient: Fix Coverity #935: UNINIT. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s3-ntlmssp: add missing prototype. | Günther Deschner | 2 | -2/+3 | |
Guenther | |||||
2009-09-16 | s3-dcerpc: remove more obsolete or duplicate headers. | Günther Deschner | 6 | -111/+69 | |
Guenther | |||||
2009-09-16 | s3-schannel: add dump_NL_AUTH_SIGNATURE. | Günther Deschner | 4 | -44/+44 | |
Guenther | |||||
2009-09-15 | s4-repl: take advantage of async RPC forwarding | Andrew Tridgell | 2 | -26/+7 | |
This uses async RPC forwarding for the DsReplicaSync call | |||||
2009-09-15 | s4-rpc: added a module for forwarding RPC requests | Andrew Tridgell | 3 | -9/+116 | |
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC request to another task in Samba4, with the return being handled asynchronously. This is useful for forwarding DRS requests to the repl or kcc tasks | |||||
2009-09-15 | s4-drs: lock down key DRS calls | Andrew Tridgell | 4 | -22/+54 | |
The key DRS calls should only be allowed by administrators or domain controllers | |||||
2009-09-15 | s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER | Andrew Tridgell | 2 | -0/+10 | |
This will be used as a simple way to lock down DRS replication to administrators and domain controllers | |||||
2009-09-15 | s4-ldb: ldap attribute names can contain a '.' | Andrew Tridgell | 1 | -1/+2 | |
When they are of the form of OIDs | |||||
2009-09-15 | s4-ldb: expose ldb_transaction_prepare_commit() in ldb | Andrew Tridgell | 3 | -21/+64 | |
It is useful to be able to control the 2 phase commit from application code (s4 replication uses it) | |||||
2009-09-15 | s4-repl: don't do double replication | Andrew Tridgell | 4 | -6/+44 | |
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC | |||||
2009-09-15 | tdb: allow reads after prepare commit | Andrew Tridgell | 1 | -8/+0 | |
We previously only allowed a commit to happen after a prepare commit. It is in fact safe to allow reads between a prepare and a commit, and the s4 replication code can make use of that, so allow it. | |||||
2009-09-15 | s4-drs: filter based on local_usn | Andrew Tridgell | 1 | -1/+1 | |
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData | |||||
2009-09-15 | s4-repl: make sure we marshal the replPropertyMetaData after the last change | Andrew Tridgell | 1 | -10/+10 | |
we were setting local_usn after the marshall, so it wasn't going into the object | |||||
2009-09-15 | s4-dsdb: use DLIST_ADD() not DLIST_ADD_END() | Andrew Tridgell | 2 | -4/+4 | |
Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better. | |||||
2009-09-15 | s4-ldb: cope better with corruption of tdb records | Andrew Tridgell | 4 | -5/+30 | |
When doing an indexed search if we hit a corrupt record we abandoned the indexed search and did a full search. The problem was that we might have sent some records to the caller already, which means the caller ended up with duplicate records. Fix this by returning a search error if indexing returns an error and we have given any records to the caller. | |||||
2009-09-15 | talloc: when we enable NULL tracking, reparent the autofree context | Andrew Tridgell | 1 | -0/+3 | |
If NULL tracking is enabled after the autofree context is initialised then autofree ends up separate from the null_context. This means that talloc_report_full() doesn't report the autofree context. Fix this by reparenting the autofree context when we create the null_context. | |||||
2009-09-15 | s4-repl: add a debug to make it easier to monitor replication | Andrew Tridgell | 1 | -0/+5 | |
2009-09-16 | s3: Fix reading beyond the end of a named stream in xattr_streams | Volker Lendecke | 1 | -2/+1 | |
This was found thanks to a test by Sivani from Microsoft against Samba at the SDC plugfest | |||||
2009-09-16 | s3: Add some debugs to streams_xattr | Volker Lendecke | 1 | -0/+6 | |
2009-09-16 | schannel: remove last traces of gensec. | Günther Deschner | 1 | -2/+0 | |
Guenther | |||||
2009-09-16 | lib/crypto: link in AES crypto for s4 as well. | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-09-16 | s3-schannel: remove unused schannel_decode/schannel_encode. | Günther Deschner | 2 | -293/+0 | |
Guenther | |||||
2009-09-16 | schannel: fully share schannel sign/seal between s3 and 4. | Günther Deschner | 9 | -83/+144 | |
Guenther | |||||
2009-09-16 | schannel: move schannel_sign to main directory. | Günther Deschner | 6 | -9/+52 | |
Guenther | |||||
2009-09-16 | s4-schannel: try to fix the build. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s4-schannel: first step of decoupling schannel from gensec. | Günther Deschner | 2 | -20/+51 | |
Guenther | |||||
2009-09-16 | s4-schannel: strip trailing whitespace. | Günther Deschner | 1 | -36/+36 | |
Guenther | |||||
2009-09-16 | s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in | Günther Deschner | 1 | -1/+1 | |
cli_pipe_verify_schannel(). Guenther | |||||
2009-09-16 | lib/crypto: add aes encryption routines to main cryto lib. | Günther Deschner | 5 | -1/+1464 | |
Guenther | |||||
2009-09-15 | libreplace: white space cleanups | Björn Jacke | 2 | -12/+12 | |
2009-09-15 | s3: ignore cups-config to tidy up library dependencies | Björn Jacke | 1 | -1/+1 | |
contrary to krb5-config for example, which outputs useful things, cups-config --libs does not output libs we have to link against. It outputs libs that cups linked against. We just have to link against cups. |