summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-11-12s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell5-66/+782
when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
2010-11-12s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODCAndrew Bartlett1-1/+7
This means that when we are an RODC, and an account does not have the password attributes, we can now indicate to the kdc code that it should forward the request to a real DC. (The proxy code itself is not in this commit). Andrew Bartlett
2010-11-12heimdal Return HDB_ERR_NOT_FOUND_HERE to the callerAndrew Bartlett3-11/+34
This means that no reply packet should be generated, but that instead the user of the libkdc API should forward the packet to a real KDC, that has a full database. Andrew Bartlett
2010-11-12s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell3-53/+59
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-12s4-kdc: we don't need the special include handling nowAndrew Tridgell1-6/+0
the special handling was to cope with the conflict with the kdc.h header Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-12s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell6-5/+5
kdc.h conflicts with a heimdal header name
2010-11-11s4-tests: Make repl_schema.py test part of Samba4 test suiteKamen Mazdrashki1-0/+1
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Nov 11 19:38:18 UTC 2010 on sn-devel-104
2010-11-11s4-repl: Propagate remote prefixMap in DRSUAPI data conversion functionsKamen Mazdrashki3-4/+31
2010-11-11s4-dsdb_syntax: Warning message that we can't find requested ATTID in Schema ↵Kamen Mazdrashki1-0/+1
Cache
2010-11-11s4-prefixMap: dsdb_schema_pfm_oid_from_attid() to use const prefixMapKamen Mazdrashki1-1/+2
It is not supposed to change supplied prefixMap
2010-11-11s4-dsdb_syntax: Use remote prefixMap to handle generic cases in ↵Kamen Mazdrashki1-2/+7
drsuapi_to_ldb conversions
2010-11-11s4-dsdb_syntax: Add remote prefixMap member for dsdb_syntax conversionsKamen Mazdrashki2-0/+5
2010-11-11s4-repl: dsdb_extended_replicated_objects_convert -> ↵Kamen Mazdrashki4-54/+54
dsdb_replicated_objects_convert/ It is part of dsdb_replicated_* family of functions
2010-11-11s4-repl: dsdb_extended_replicated_objects_commit -> ↵Kamen Mazdrashki3-9/+8
dsdb_replicated_objects_commit It is part of dsdb_replicated_* family of functions
2010-11-11s4-repl: dsdb_convert_object -> dsdb_origin_object_convertKamen Mazdrashki1-7/+7
It is used in dsdb_origin_objects_commit() func, hence the dsdb_origin_ prefix
2010-11-11s4-test: repl_schema - Make sure LdbError and ERR_NO_SUCH_OBJECT are visibleKamen Mazdrashki1-0/+1
2010-11-11s3: Well... Fix a stupid errorVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Nov 11 18:54:00 UTC 2010 on sn-devel-104
2010-11-11s3: Make cli_set_ea_fnum return NTSTATUSVolker Lendecke3-8/+12
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Nov 11 16:59:27 UTC 2010 on sn-devel-104
2010-11-11s3: Make cli_set_ea_path return NTSTATUSVolker Lendecke4-13/+25
2010-11-11s3: Remove two pointless variablesVolker Lendecke1-5/+4
2010-11-11s3: Convert cli_set_ea() to cli_trans()Volker Lendecke1-40/+35
2010-11-11s3: Convert cli_dfs_get_referral to cli_transVolker Lendecke2-32/+31
2010-11-11s3: cli_dfs_check_error does not need to depend on cli->inbufVolker Lendecke1-10/+13
2010-11-11s3: Make split_dfs_path return boolVolker Lendecke1-11/+27
2010-11-11s3: Remove some dead codeVolker Lendecke1-3/+0
2010-11-11s3: Untangle an if-expressionVolker Lendecke1-1/+2
2010-11-11s4/test: Expand BindTestAnatoliy Atanasov1-20/+60
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104
2010-11-11s4/test: Add bind.py to make testAnatoliy Atanasov1-0/+1
bind.py is a place to have tests for ldb binding with different credentials. For starter we have a simple bind with machine account.
2010-11-11heimdal Don't dereference NULL in error verify_checksum error pathAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
2010-11-11s4-provision UTF16 encode the password in sam.ldb, not secrets.ldbAndrew Bartlett1-2/+2
The password in secrets.ldb is UTF8, while clearTextPassword in sam.ldb is UTF16. This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which had these the wrong way around. Andrew Bartlett
2010-11-11s4-dsdb Remove incorrectly declared ** variable used as *.Andrew Bartlett1-6/+3
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett
2010-11-11s4-dsdb Convert new krbtgt_xxx password into UTF16Andrew Bartlett1-1/+12
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett
2010-11-11s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8Andrew Bartlett1-1/+5
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett
2010-11-11s4:pytevent.c - fix a discard const warningMatthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 11 09:47:55 UTC 2010 on sn-devel-104
2010-11-11ldb:ldb_ldap.c rename operation - check for the RDN name and valueMatthias Dieter Wallnöfer1-3/+11
Make it more similar to "ldb_ildap.c" and also more save
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer5-5/+40
This should prevent crashes as pointed out on the mailing list.
2010-11-11Cannot create OU using custom Schema classZahari Zahariev1-0/+56
If we define our own child class 'subClassOf' system Schema class e.g. organizationalUnit then we cannot create OU in the Dafualt Naming Context that has this custom Schama class in the objectClass attribute.
2010-11-11s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer1-11/+39
Detected by a testcase written by Zahari Zahariev.
2010-11-11s4:passwords.py - add a test for the normal "userPassword" behaviourMatthias Dieter Wallnöfer1-1/+97
Just to make sure that this works now too
2010-11-11s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵Matthias Dieter Wallnöfer4-12/+59
according to the "dSHeuristics"
2010-11-11s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵Matthias Dieter Wallnöfer2-78/+77
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't).
2010-11-11s4:libnet/libnet_samsync_ldb.c - remove "userPassword" remove codeMatthias Dieter Wallnöfer1-6/+0
It could also be a normal attribute with a normal content, and if it's not like that then it's for sure empty.
2010-11-11s4:local_password LDB module - remove schema checking code and fix some typosMatthias Dieter Wallnöfer1-12/+6
This is now done by the "objectclass_attrs" LDB module.
2010-11-11s4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics"Matthias Dieter Wallnöfer1-2/+2
2010-11-11s4:selftest/tests.py - skip the "passwords.py" suite on Windows 2000 domain ↵Matthias Dieter Wallnöfer1-1/+5
function level The "userPassword" password change functionality isn't available and so it causes big parts of the testsuite to fail. On the other hand we've basic tests in "acl.py" and indirectly also over SAMR and kpasswd so I propose to simply skip it.
2010-11-11s4:acl.py - two password change tests are expected to fails on Windows 2000 ↵Matthias Dieter Wallnöfer1-3/+14
function level
2010-11-11s4:upgradehelpers.py - use "clearTextPassword" rather than "userPassword"Matthias Dieter Wallnöfer1-5/+8
It's the default internal s4 password change attribute
2010-11-11s4:speedtest.py - use "unicodePwd" for setting user's passwordMatthias Dieter Wallnöfer1-1/+2
It's available on all AD hosts (including Windows 2000) and on all configurations!
2010-11-11s4:speedtest.py - remove duplicated codeMatthias Dieter Wallnöfer1-2/+0
2010-11-11s4:speedtest.py - fix script name in the help textMatthias Dieter Wallnöfer1-2/+2