Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-09-21 | s4:samdb/tools - That should fix now the last failures | Matthias Dieter Wallnöfer | 3 | -3/+5 | |
2009-09-21 | s4:libnet_become_dc - bump down the level requested by abartlet | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-09-21 | s4:scripts - Reintroduce "-H" parameter | Matthias Dieter Wallnöfer | 6 | -12/+46 | |
I removed it since on some scripts it was present, on others not - so I thought it wouldn't be really needed. This was a bad decision (pointed out by abartlet). So I reintroduce it on all scripts (to have consistent parameters). | |||||
2009-09-21 | Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
This reverts commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b. This revert changed the behaviour which I didn't expect. Thanks abartlet to point this out! | |||||
2009-09-20 | s4:provision Make us Windows 2008 level by defualt again | Andrew Bartlett | 1 | -4/+5 | |
Also add a note to clarify that this should not be changed without discussion and consensus. We don't want this bouncing around. Paramater support to allow optional selection of Win2003 mode welcomed. Andrew Bartlett | |||||
2009-09-21 | s3:secrets_schannel: revert to using version 1 | Stefan Metzmacher | 1 | -3/+9 | |
It doesn't really matter if the entries have invalid context in it. Older versions of samba refuse to open the file if the version doesn't match. If we can't parse individual records, we'll fail schannel binds, but the clients are supposed to reestablish the netlogon secure channel by doing ServerReqChallenge/ServerAuthenticate* again. This will just overwrite the old record. metze | |||||
2009-09-21 | s3:winbindd: avoid writing to a closed connection and generate SIGPIPE | Stefan Metzmacher | 1 | -12/+13 | |
metze | |||||
2009-09-21 | async_sock: return -1/EPIPE if we're getting an end of file on read. | Stefan Metzmacher | 1 | -0/+4 | |
This makes the error handling in the callers easier. metze | |||||
2009-09-21 | s3:lib/select: don't overwrite errno in the signal handler | Stefan Metzmacher | 1 | -0/+4 | |
metze | |||||
2009-09-21 | tevent: make sure we don't set errno within the signal handler function. | Stefan Metzmacher | 1 | -0/+3 | |
metze | |||||
2009-09-21 | s4:dsdb/resolve_oids: add fast pathes for the common operations without oids | Stefan Metzmacher | 1 | -0/+217 | |
metze | |||||
2009-09-21 | s4:dsdb/resolve_oids: check return values in recursion | Stefan Metzmacher | 1 | -3/+6 | |
metze | |||||
2009-09-20 | s4:py_security Add missing header | Andrew Bartlett | 1 | -0/+23 | |
2009-09-20 | s4:provision Use code to store domain join in 'net join' as well | Andrew Bartlett | 7 | -309/+283 | |
This ensures we only have one codepath to store the secret, and therefore that we have a single choke point for setting the saltPrincipal, which we were previously skipping. Andrew Bartlett | |||||
2009-09-20 | s4:ldb print out which LDB the transaction is still active on. | Andrew Bartlett | 1 | -2/+2 | |
2009-09-20 | s4:provision split provision of DNS zone and self join keytab | Andrew Bartlett | 4 | -28/+34 | |
2009-09-20 | s4-selftest: disable RAP-SCAN test | Andrew Tridgell | 1 | -0/+1 | |
also pointless now we have docs | |||||
2009-09-20 | s4-selftest: disable RPC-COUNTCALLS | Andrew Tridgell | 1 | -0/+1 | |
The RPC-COUNTCALLS was useful when we were working out IDL by hand | |||||
2009-09-21 | Merge branch 'master' of git://git.samba.org/samba | Matthias Dieter Wallnöfer | 4 | -1/+59 | |
2009-09-20 | s4:python tools - try to fix some test problems | Matthias Dieter Wallnöfer | 3 | -14/+16 | |
2009-09-20 | s4:samba3sam.py test - remove the primary group ID attribute here | Matthias Dieter Wallnöfer | 1 | -7/+2 | |
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm). | |||||
2009-09-20 | s4:sec_descriptor - fix constant | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
2009-09-20 | blackbox:test_kinit - Remove the "-H" (hive) parameter | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
The "enableaccount" script works only on local LDB anymore - therefore remove this parameter. | |||||
2009-09-20 | Disable descriptor module unless enabled in smb.conf | Nadezhda Ivanova | 1 | -0/+29 | |
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf | |||||
2009-09-20 | s4:dsdb/common/util - Check for the right forest/domain function level | Matthias Dieter Wallnöfer | 1 | -0/+57 | |
This adds a function which performs the check for the supported forest and domain function levels. On an unsuccessful result a textual error message can be created (parameter "errmsg" != NULL) which gives hints for the user to help him fixing the issue. | |||||
2009-09-20 | s4:server.c - add linespace (only cosmetic) | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2009-09-20 | talloc: fixed talloc_disable_null_tracking() | Andrew Tridgell | 3 | -1/+30 | |
When we disable null tracking, we need to move any existing objects that are under the null_context to be parented by the true NULL context. We also need a new talloc_enable_null_tracking_no_autofree() function, as the talloc testsuite cannot cope with the moving of the autofree context under the null_context as it wants to check exact counts of objects under the null_context, and smbtorture has a large number of objects in the autofree_context from .init functions | |||||
2009-09-20 | s4:domainlevel - fixed another error | Matthias Dieter Wallnöfer | 1 | -26/+9 | |
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a copy of the one under the directory root object. Therefore there doesn't exist the "Windows 2000 Mixed" forest level. | |||||
2009-09-20 | Fixed a difference in domain sid type when SID is provided by user. | Nadezhda Ivanova | 1 | -1/+4 | |
2009-09-20 | s4:ldb_parse - Fix the type of an array entry | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
I found this through a compile warning. Hope that I got this right. | |||||
2009-09-20 | s4:provision_configuration - fix "sPNMappings" | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
I reread some docs about this attributes and it seems that this as mapping attribute isn't host specific but in common for the whole domain. To allow Windows DCs to join our s4 domain sooner or later we have to provide the full attribute. | |||||
2009-09-20 | s4:domainlevel - further improvements | Matthias Dieter Wallnöfer | 1 | -9/+50 | |
- The tool displays now also mixed/interim domain levels and warns about them (s4 isn't capable to run on them) - But it allows now also to raise/step-up from them - It displays now also levels higher than 2008 R2 (altough we don't support them yet) but to be able to get a correct output | |||||
2009-09-20 | blackbox/test_ldb.sh: test searching using OIDs instead of names for ↵ | Stefan Metzmacher | 1 | -0/+16 | |
attributes and classes metze | |||||
2009-09-20 | s4:provision: add the 'resolve_oids' on the top of the module stack | Stefan Metzmacher | 1 | -1/+2 | |
metze | |||||
2009-09-20 | dsdb/samdb: add resolve_oids module | Stefan Metzmacher | 2 | -0/+438 | |
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze | |||||
2009-09-20 | s4:build: require ldb 0.9.7 | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-09-20 | s4:ldb: add ldb_parse_tree_copy_shallow() and change version to 0.9.7 | Stefan Metzmacher | 3 | -1/+65 | |
metze | |||||
2009-09-20 | librpc: rerun 'make idl' | Stefan Metzmacher | 2 | -3/+3 | |
metze | |||||
2009-09-20 | drsblobs.idl: fix repsFromTo2 blob size calculation | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-09-20 | rerun: make idl | Stefan Metzmacher | 3 | -0/+324 | |
metze | |||||
2009-09-20 | drsblobs.idl: add decoding for repsFromTo2 | Stefan Metzmacher | 1 | -0/+30 | |
This is used in windows 2008. metze | |||||
2009-09-19 | s4-auth: add SID_NT_ENTERPRISE_DCS is a server trust account | Andrew Tridgell | 1 | -1/+13 | |
2009-09-19 | s4-drs: security checking on DRS needs to default to on | Andrew Tridgell | 1 | -1/+2 | |
2009-09-19 | s4-ldb: display an error if we can't decode a NDR blob | Andrew Tridgell | 1 | -1/+3 | |
2009-09-19 | s4-repl: need param.h for lp_parm_bool | Andrew Tridgell | 1 | -0/+1 | |
2009-09-19 | Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.c | Anatoliy Atanasov | 1 | -0/+8 | |
2009-09-19 | Move replmd_drsuapi_DsReplicaCursor2_compare to a common place. | Anatoliy Atanasov | 3 | -14/+8 | |
2009-09-19 | Add drs_security_level_check for dcesrv calls security checks | Anatoliy Atanasov | 6 | -20/+36 | |
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true | |||||
2009-09-20 | s4:provision_basedn_modify - fix the "auditPolicy" attribute | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
I had to think about how to encode the string 0x0001 (taken from Windows Server). The problem is due to the "0" byte at the beginning of it. BASE64 encoding seems a good method to do it. | |||||
2009-09-19 | s4:utils Remove typo... | Andrew Bartlett | 1 | -1/+0 | |