summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-09-22s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner3-5/+63
Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther
2009-09-22s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner3-0/+63
Guenther
2009-09-22lib/tevent: a cleaner fix for be4ac227842530d484659f2db683453366326d8b segvRusty Russell1-7/+1
Revert 23abcd2318c69753aa2a144e1dc0f9cf9efdb705 and fix logic bug. The current code loops through the event contexts, when it sees a different one, it notifies the current one (ev) and updates ev to point to the new one. This is dumb, because: (1) ev starts as NULL, so this code crashes, and (2) The final context will not be notified. The correct fix for this is to update ev to the new one, then notify it. Volker's fix works because we currently always have one event context. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2009-09-21s4:dsdb Fix of double addition of SD-sNadezhda Ivanova2-11/+25
Also add error strings in descriptor module
2009-09-21s4:ldb Add 'single-value' support to LDB.Andrew Bartlett3-2/+56
This is currently only triggered via Samba4's schema code.
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova14-25/+358
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova9-1/+1441
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-21Add support in the ldb_dn.c code for MS-ADTS:3.1.1.5.1.2 Naming ConstraintsAnatoliy Atanasov1-0/+13
2009-09-21Add tests for MS-ADTS:3.1.1.5.1.2 Naming ConstraintsAnatoliy Atanasov1-0/+29
2009-09-21s4:dsdb Run the new 'descriptor' module by default.Andrew Bartlett1-6/+0
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett
2009-09-21s4-ldb: bit prettier outputAndrew Tridgell1-7/+15
2009-09-21s4-ldb: fixed O(n^2) string handling in ldif debug printAndrew Tridgell1-3/+3
2009-09-21s4-samdb: enable ldb tracing when log level >= 10Andrew Tridgell1-0/+4
2009-09-21s4-schema: don't trace the schema load (too verbose)Andrew Tridgell1-12/+24
2009-09-21s4-ldb: add --trace command line option to ldb toolsAndrew Tridgell2-0/+6
This enabled LDB_FLG_ENABLE_TRACING
2009-09-21s4-ldb: add a LDB_FLG_ENABLE_TRACING for full ldb tracingAndrew Tridgell4-1/+135
When LDB_FLG_ENABLE_TRACING is set ldb will send full traces of all operations and results
2009-09-21s4-ldap: default edn type is 0Andrew Tridgell1-1/+1
2009-09-21s4-ldb: add support for extended DNs in the rootDSEAndrew Tridgell1-2/+135
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs
2009-09-21s4-dsdb: fixed a printf format warningAndrew Tridgell1-1/+1
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova29-541/+839
2009-09-21s4:kerberos Fix the salt to match Windows 2008.Andrew Bartlett2-2/+2
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett
2009-09-21s4:provision Make our default salt match our server behaviourAndrew Bartlett1-1/+1
We need to look into salting algorithms further. Andrew Bartlett
2009-09-21tdb:tdbtool: fix indentation.Michael Adam1-178/+177
Michael
2009-09-21tdb:tdbtool: add transaction_start/_commit/_cancel commands.Michael Adam1-0/+21
So one can perform tdbtool operations protected by transactions. Michael
2009-09-21tdb:tdbtool: add the "speed" command to the help text.Michael Adam1-0/+1
Michael
2009-09-21s4:provision - Fix up ProvisioningError class as suggested by JelmerMatthias Dieter Wallnöfer1-5/+5
2009-09-21s4:samdb/tools - That should fix now the last failuresMatthias Dieter Wallnöfer3-3/+5
2009-09-21s4:libnet_become_dc - bump down the level requested by abartletMatthias Dieter Wallnöfer1-1/+1
2009-09-21s4:scripts - Reintroduce "-H" parameterMatthias Dieter Wallnöfer6-12/+46
I removed it since on some scripts it was present, on others not - so I thought it wouldn't be really needed. This was a bad decision (pointed out by abartlet). So I reintroduce it on all scripts (to have consistent parameters).
2009-09-21Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter"Matthias Dieter Wallnöfer1-1/+1
This reverts commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b. This revert changed the behaviour which I didn't expect. Thanks abartlet to point this out!
2009-09-20s4:provision Make us Windows 2008 level by defualt againAndrew Bartlett1-4/+5
Also add a note to clarify that this should not be changed without discussion and consensus. We don't want this bouncing around. Paramater support to allow optional selection of Win2003 mode welcomed. Andrew Bartlett
2009-09-21s3:secrets_schannel: revert to using version 1Stefan Metzmacher1-3/+9
It doesn't really matter if the entries have invalid context in it. Older versions of samba refuse to open the file if the version doesn't match. If we can't parse individual records, we'll fail schannel binds, but the clients are supposed to reestablish the netlogon secure channel by doing ServerReqChallenge/ServerAuthenticate* again. This will just overwrite the old record. metze
2009-09-21s3:winbindd: avoid writing to a closed connection and generate SIGPIPEStefan Metzmacher1-12/+13
metze
2009-09-21async_sock: return -1/EPIPE if we're getting an end of file on read.Stefan Metzmacher1-0/+4
This makes the error handling in the callers easier. metze
2009-09-21s3:lib/select: don't overwrite errno in the signal handlerStefan Metzmacher1-0/+4
metze
2009-09-21tevent: make sure we don't set errno within the signal handler function.Stefan Metzmacher1-0/+3
metze
2009-09-21s4:dsdb/resolve_oids: add fast pathes for the common operations without oidsStefan Metzmacher1-0/+217
metze
2009-09-21s4:dsdb/resolve_oids: check return values in recursionStefan Metzmacher1-3/+6
metze
2009-09-20s4:py_security Add missing headerAndrew Bartlett1-0/+23
2009-09-20Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova10-53/+93
2009-09-20s4:provision Use code to store domain join in 'net join' as wellAndrew Bartlett7-309/+283
This ensures we only have one codepath to store the secret, and therefore that we have a single choke point for setting the saltPrincipal, which we were previously skipping. Andrew Bartlett
2009-09-20s4:ldb print out which LDB the transaction is still active on.Andrew Bartlett1-2/+2
2009-09-20s4:provision split provision of DNS zone and self join keytabAndrew Bartlett4-28/+34
2009-09-20s4-selftest: disable RAP-SCAN testAndrew Tridgell1-0/+1
also pointless now we have docs
2009-09-20s4-selftest: disable RPC-COUNTCALLS Andrew Tridgell1-0/+1
The RPC-COUNTCALLS was useful when we were working out IDL by hand
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova8-14/+459
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-21Merge branch 'master' of git://git.samba.org/sambaMatthias Dieter Wallnöfer4-1/+59
2009-09-20s4:python tools - try to fix some test problemsMatthias Dieter Wallnöfer3-14/+16
2009-09-20s4:samba3sam.py test - remove the primary group ID attribute hereMatthias Dieter Wallnöfer1-7/+2
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm).
2009-09-20s4:sec_descriptor - fix constantMatthias Dieter Wallnöfer1-4/+4