summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-01-10s4:provision_users.ldif - Add objects for IISMatthias Dieter Wallnöfer1-0/+21
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specificMatthias Dieter Wallnöfer1-0/+1
2010-01-10s4:provision_users.ldif - Fix memberships regarding the denied password RODC ↵Matthias Dieter Wallnöfer1-0/+8
replication group
2010-01-10s3: Remove some unused variablesVolker Lendecke1-7/+0
2010-01-10s3: Fix some nonempty blank linesVolker Lendecke3-42/+42
2010-01-10s3: Use sid_check_is_domain instead of a direct sid_equalVolker Lendecke1-3/+6
2010-01-10s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_ridVolker Lendecke1-4/+2
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke23-93/+64
2010-01-10s3: Remove unused samr_make_sam_obj_sdVolker Lendecke2-41/+0
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke17-51/+55
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke16-44/+44
2010-01-10s3: Trim libnss_wins.soVolker Lendecke1-2/+1
2010-01-10s3: Trim down some utilities a bitVolker Lendecke1-11/+11
2010-01-10s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for nowMatthias Dieter Wallnöfer1-5/+0
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10s4:provision_users.ldif - Import all essential groups for Windows Server ↵Matthias Dieter Wallnöfer1-85/+113
2008 mode Additionally I had to fix some bugs (especially wrong "groupTypes") and reordered the objects using the SID (this is easier when enhancing the file).
2010-01-10s4-ldb: display security descriptors with correct SDL for known SIDsAndrew Tridgell2-1/+7
This makes it much easier to compare SDs
2010-01-10s4-dsdb: added samdb_domain_sid_cache_only()Andrew Tridgell1-1/+8
2010-01-09s3: Remove a pointless "else" branch from add_ccache_to_list()Volker Lendecke1-4/+3
2010-01-09s3: Slightly simplify winbindd_store_credsVolker Lendecke1-4/+2
2010-01-09s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth()Volker Lendecke1-1/+1
ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob after the ntlmssp_end().
2010-01-09s4-drs: instanceType is always sent, regardless of UDV valuesAndrew Tridgell1-4/+6
2010-01-09s4-debug: lower the verbosity of a couple of common log messagesAndrew Tridgell2-2/+2
2010-01-09s4-samldb: fixed primaryGroupID when promoting a machine to a DCAndrew Tridgell1-17/+30
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done without changing the member attributes of its groups.
2010-01-09s4-schema: fixed the SDDL for the schema root security descriptorAndrew Tridgell1-10/+14
This was preventing a DCPROMO client from allowing outgoing replication
2010-01-09s4-drs: add a local UDV entry even when no replUpToDateVector present on NCAndrew Tridgell1-3/+3
This allows us to filter correctly for a NC that we have created but not pulled from anyone.
2010-01-09s4-drs: give DN of failed replication partitionAndrew Tridgell1-4/+5
2010-01-09s4-drs: base is_nc_prefix on instanceTypeAndrew Tridgell1-1/+3
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09s4-drs: having no SPNs to change is not an errorAndrew Tridgell1-0/+7
2010-01-09s4-drs: fixed writespn to ignore add/delete errorsAndrew Tridgell1-3/+40
When a SPN is added and already exists, it is ignored. Similarly, when a SPN is deleted and doesn't exist, it is ignored.
2010-01-09s4-dsdb: added samdb_ldb_val_case_cmp()Andrew Tridgell1-0/+16
2010-01-09s4-drs: moved the DsWriteAccountSpn call to its own fileAndrew Tridgell4-75/+104
2010-01-09s4-libnet: dsdb_wellknown_dn() in vampire codeAndrew Tridgell1-60/+17
2010-01-09s4-drs: need to set the getncchanges extended_ret on success tooAndrew Tridgell1-0/+3
2010-01-09s4-drs: calculate and send a uptodateness_vector with replication requestsAndrew Tridgell2-7/+82
This stops us getting objects changes twice if they came via an indirect path.
2010-01-09s4-drs: be less verbose when we filter objects by UDVAndrew Tridgell1-5/+5
2010-01-09s4-drs: added filtering by udv in getncchangesAndrew Tridgell2-9/+63
When a client supplied an uptodateness_vector, we can use it to filter what objects we return. This greatly reduces the amount of replication traffic between DCs.
2010-01-09s4-idl: give a enum for attribute cn and a 'NONE' attributeAndrew Tridgell3-2/+10
The 'NONE' attribute has value 0xFFFFFFFF. Adding this ensures the compiler will complain if it is set to use 16 bit enums. We rely on being able to store 32 bits in an attid enum.
2010-01-09s4-drs: fixed the NC in the getncchanges RID alloc replyAndrew Tridgell1-11/+13
the search happens on a different DN to the NC of the request, but the reply is with the original NC
2010-01-09s4-debug: removed debug_ctx(). It didn't catch on :-)Andrew Tridgell1-4/+0
There was only one user, which isn't worth it for the overhead.
2010-01-09s4-messaging: remove only usage of debug_ctx()Andrew Tridgell1-2/+4
2010-01-09s4-messaging: fixed a memory leak in messaging_path()Andrew Tridgell1-2/+9
It is a bit convoluted to fix, as cluster_id_string() may return a const string.
2010-01-09s4-drs: fixed usage of ldb_dn_new()Andrew Tridgell1-1/+1
2010-01-09s4-ldb: validate the type of the ldb argument to ldb_dn_new()Andrew Tridgell1-1/+7
It has been a common bug to get the first two arguments the wrong way around
2010-01-08Fix commentSimo Sorce1-1/+1
2010-01-08Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison1-0/+3
This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy.
2010-01-08s4:provision_self_join.ldif - Adapt comment after implementation of ↵Matthias Dieter Wallnöfer1-2/+2
distributed RIDs
2010-01-08s4-kdc: Migrate tcp connections to tsocket.Andreas Schneider1-89/+188
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-08s4:kdc: use LIBSAMBA_TSOCKETStefan Metzmacher1-1/+1
metze
2010-01-08s4:kdc: the ->process function returns "bool"Stefan Metzmacher1-9/+9
metze
2010-01-08libcli/util: add tstream_read_pdu_blob_send/recvStefan Metzmacher3-0/+251
This will take the some full_request callback function as the Samba4 packet code. metze