Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-15 | s4-libnet: use finddcs_cldap() in libnet_lookup | Andrew Tridgell | 1 | -11/+17 | |
this may later be changed to do fallback to NBT as well, but for now cldap is sufficient Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-cldap: don't set the writable bit when we are a RODC | Andrew Tridgell | 1 | -2/+6 | |
when we are a RODC, don't respond with the writable bit in the server type response of netlogon requests Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-finddcs: added finddcs_cldap() | Andrew Tridgell | 4 | -4/+284 | |
this finds DCs with a specified set of server_type bit using SRV lookups and CLDAP Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-secrets: fixed shadowed variable warning | Andrew Tridgell | 1 | -4/+4 | |
we already have a 'v' in scope | |||||
2010-09-15 | cldap: use ipv4 not up for unbound cldap sockets | Andrew Tridgell | 1 | -1/+5 | |
If we use "ip" we end up with a PF_INET6 socket which breaks sendto() for v4 addresses. | |||||
2010-09-15 | s4-resolve: added resolve_name_multiple_recv() | Andrew Tridgell | 1 | -0/+34 | |
this allows for multiple replies to a SRV lookup Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-dns: fixed lookup of SRV records using dns_ex | Andrew Tridgell | 1 | -2/+2 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4: fixed some printf format errors | Andrew Tridgell | 3 | -3/+3 | |
2010-09-15 | s4-libnet: converted finddcs call to tevent_req | Andrew Tridgell | 4 | -89/+128 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-secrets: fetch secure channel type with domain SID | Andrew Tridgell | 4 | -4/+27 | |
The secure channel type is needed to work out what DC to connect to Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-auth: when we are a DC enable winbind auth | Andrew Tridgell | 1 | -1/+3 | |
As a RODC we need to forward some auth requests to a writable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-auth: set the RODC bit for RODC schannel | Andrew Tridgell | 2 | -1/+5 | |
When we are using SEC_CHAN_RODC we need to set the NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in ServerAuthenticate2 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-schannel: fixed reference to context after free | Andrew Tridgell | 1 | -2/+3 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-auth: allow multiple active auth backends | Andrew Tridgell | 1 | -35/+43 | |
when we are an RODC we need to be able to allow multiple auth backends to process a single auth request. First the sam backend will try to authenticate, using locally stored passwords. If this backend can't find local passwords then it will try the winbind backend and authenticate via a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-smb: serialise session setup operations | Andrew Tridgell | 2 | -0/+16 | |
the mixture of async and sync code in gensec makes a EOF on a socket during a session setup cause a crash. The simplest solution is to stop processing events on the socket until the session setup is complete. | |||||
2010-09-15 | talloc: fixed spelling errors in comment | Andrew Tridgell | 1 | -2/+2 | |
2010-09-15 | s4-rodc: add a trigger message for REPL_SECRET to auth_sam | Andrew Tridgell | 3 | -0/+73 | |
when an RODC tries to authenticate against an account and the account has no password information it needs to send a message to the drepl server to tell it to try and replicate the secret information from a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-messaging: add support for no_reply in irpc messages | Andrew Tridgell | 2 | -0/+8 | |
It can be useful for a irpc message to be one-way, where the client sends a messages and the server does not reply. This will be used for things like a triger message from an auth context to the drepl server to tell it to try a REPL_SECRET on a user in a RODC. Previously we've used raw messaging for messages that have no reply, but that doesn't allow us to use messages described by IDL Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-kcc: removed redundent loop check | Andrew Tridgell | 1 | -1/+1 | |
el has already been checked for NULL | |||||
2010-09-15 | s4-smb: smbsrv_blob_push_string() can return -1 | Andrew Tridgell | 1 | -8/+11 | |
need to use ssize_t, not size_t for error handling | |||||
2010-09-15 | s4-dsdb: check for invalid backend type | Andrew Tridgell | 1 | -0/+2 | |
2010-09-15 | s4-rootdse: setup length after NULL check | Andrew Tridgell | 1 | -2/+2 | |
2010-09-15 | s4-dsdb: fixed use after free for RODC | Andrew Tridgell | 1 | -2/+1 | |
2010-09-15 | s4-dsdb: free right context on failure | Andrew Tridgell | 1 | -1/+1 | |
down_req is not initialised yet | |||||
2010-09-15 | s4-dsdb: defer ac->msg after check for NULL ac | Andrew Tridgell | 1 | -1/+3 | |
2010-09-15 | s4-anr: check for allocation failure before use | Andrew Tridgell | 1 | -1/+1 | |
2010-09-14 | s4: Fix two typos | Volker Lendecke | 1 | -2/+2 | |
2010-09-14 | Allows changing the maximum number of simultaneous clients in winbindd ↵ | Pierre Carrier | 5 | -9/+30 | |
through an smb.conf option. Signed-off-by: Jeremy Allison <jra@samba.org> | |||||
2010-09-14 | Ensure incoming timespec values correctly wrap at nsecs. | Jeremy Allison | 2 | -0/+11 | |
Jeremy. | |||||
2010-09-14 | Fix string_to_sid() to allow non '\0' termination of the string - allows | Jeremy Allison | 1 | -11/+6 | |
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR. Jeremy. | |||||
2010-09-14 | s3-torture Add tests to show that the dom_sid parsing was faulty. | Andrew Bartlett | 1 | -0/+98 | |
Andrew Bartlett | |||||
2010-09-14 | s3-util_sid Use the NDR parser to parse struct dom_sid | Andrew Bartlett | 1 | -14/+8 | |
The manual parser failed to constrain the maximum number of sub-authorities to 15, allowing an overflow of the array. Andrew Bartlett | |||||
2010-09-14 | libcli/security Use sid_append_rid() in dom_sid_append_rid() | Andrew Bartlett | 1 | -5/+5 | |
This ensures that the maximum number of sub-authorities is respected, otherwise we may run off the end of the array. Andrew Bartlett | |||||
2010-09-14 | libcli/security Merge source3/ string_to_sid() to common code | Andrew Bartlett | 2 | -143/+92 | |
The source3 code repsects the limit of a maximum of 15 subauths, while the source4 code does not, creating a security issue as we parse string-form SIDs from clients. Andrew Bartlett | |||||
2010-09-14 | s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid | Andrew Bartlett | 1 | -1/+1 | |
This ensures that this, unlike the MAXSUBAUTHS macro, can't get out of sync with the structure. Andrew Bartlett | |||||
2010-09-14 | s3-util_sid Accept S-1-5 as a SID | Andrew Bartlett | 1 | -2/+10 | |
2010-09-14 | s3-dom_sid Use C99 types in dom_sid handling | Andrew Bartlett | 1 | -7/+7 | |
Andrew Bartlett | |||||
2010-09-14 | s3/profile: remove the magical clock initialization from the profile code | Björn Jacke | 2 | -64/+3 | |
there's no point in not profiling times if no monotonic clock is found - monotonic and realtime clock are equally fast. Just use clock_gettime_mono instead. | |||||
2010-09-14 | s3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID | Björn Jacke | 3 | -36/+0 | |
that clock is a CPU burnometer but we need a chronometer for profiling. | |||||
2010-09-14 | libreplace: use CLOCK_HIGHRES when available | Björn Jacke | 1 | -3/+5 | |
in Solaris 8 CLOCK_HIGHRES was the (only) name for CLOCK_MONOTONIC | |||||
2010-09-14 | ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2010-09-14 | rpc_server: Remove unnecessary dependency on server modules, build | Jelmer Vernooij | 1 | -1/+1 | |
system will take care of that. | |||||
2010-09-14 | waf: work around circular dependency finder erroneously removing dependency ↵ | Jelmer Vernooij | 1 | -1/+4 | |
of gensec on dcerpc. | |||||
2010-09-14 | selftest: Error out rather than die() when setting up an environment | Jelmer Vernooij | 1 | -55/+117 | |
fails. | |||||
2010-09-14 | selftest: If setting up environment fails, mark testsuites that use it as | Jelmer Vernooij | 1 | -12/+5 | |
errorring, don't skip it. | |||||
2010-09-14 | s4-smbtorture: try to fix spoolss winreg Form tests on bigendian machines. | Günther Deschner | 1 | -15/+36 | |
Guenther | |||||
2010-09-14 | tdb: add ABI/tdb-1.2.4.sigs | Stefan Metzmacher | 1 | -0/+60 | |
metze | |||||
2010-09-14 | nss_winbind: Fix soname. | Jelmer Vernooij | 1 | -1/+1 | |
2010-09-14 | subunit: Use RemoteError when passing errors to upstream subunit. | Jelmer Vernooij | 2 | -19/+26 | |
2010-09-14 | param: Add prototype for lpcfg_private_dir(), used by openchange. | Jelmer Vernooij | 1 | -0/+1 | |