summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-06-29s4:kdc Rework the 'allowed enc types' calculationAndrew Bartlett1-41/+35
This changes the calculation to apply the allowed enc types to all uses of the key (no point allowing a weak kinit to a key the server wanted strongly protected). It also ensures that all the non-DES keys are available on the krbtgt in particular, even as it does not have a msds-SupportedEncryptionTypes attributes. Andrew Bartlett
2010-06-29s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDCAndrew Bartlett1-0/+1
The KDC needs this to determine what encryption types an entry supports Andrew Bartlett
2010-06-29s4:kerberos Add functions to convert msDS-SupportedEncryptionTypesAndrew Bartlett2-0/+60
This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
2010-06-29s4:libnet_join Fix typo in msDS-SupportedEncryptionTypesAndrew Bartlett1-1/+1
2010-06-29s4:provision Add an msDS-SupportedEncryptionTypes entry to our DCAndrew Bartlett3-2/+35
This ensures that our DC will use all the available encyption types. (The KDC reads this entry to determine what the server supports) Andrew Bartlett
2010-06-29build: only use git when found by configureAndrew Tridgell3-17/+35
this rebuilds version.h whenever the git version changes, so we always get the right version with samba -V. That adds about 15s to the build time on each git commit, which shouldn't be too onerous
2010-06-29build: allow LOAD_ENVIRONMENT() to pass when no configure has been runAndrew Tridgell1-2/+5
this returns an empty environment
2010-06-29build: allow always=True/False on SAMBA_GENERATOR()Andrew Tridgell1-1/+5
this allows us to force a rule to always run. Will be used by samba_version Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-29s4/repl_meta_data: remove duplicated (and commented out) logKamen Mazdrashki1-6/+0
2010-06-29s4/ndr: Fix tuncating of constant to a 'long' typeKamen Mazdrashki1-2/+2
2010-06-28s4:lib/registry/ldb.c - add a missing braceMatthias Dieter Wallnöfer1-1/+1
Sorry didn't check that earlier.
2010-06-28s4:lib/registry/ldb.c - fix memory handling in "ldb_open_key"Matthias Dieter Wallnöfer1-1/+4
2010-06-28s4:lib/ldb/registry.c - handle the classname in the right wayMatthias Dieter Wallnöfer1-1/+8
This is for "ldb_get_key_info".
2010-06-28s4:lib/registry/ldb.c - remove really useless "local_ctx"Matthias Dieter Wallnöfer1-8/+2
"mem_ctx" should fit for these few local allocations.
2010-06-28s4:lib/registry/ldb.c - retrieve the classname correctly in ↵Matthias Dieter Wallnöfer1-7/+6
"ldb_get_subkey_by_id"
2010-06-28s4:lib/registry/ldb.c - change the "ldb_get_value" implementation to use the ↵Matthias Dieter Wallnöfer1-20/+17
value cache and not an LDB lookup In addition this fixes the use of special characters in registry object names.
2010-06-28 s3: Change exit on immediate socket failure.Ira Cooper1-4/+4
This change makes it so socket errors early in the smbd child process cause orderly exits not coredumps. Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-28s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvementMatthias Dieter Wallnöfer1-3/+7
We can save one search operation if "only_childs" is false and when we had no SID passed as extended DN component.
2010-06-28s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/commentsMatthias Dieter Wallnöfer1-9/+11
2010-06-28s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where ↵Matthias Dieter Wallnöfer1-3/+11
possible And always catch LDB errors
2010-06-28selftest: Remove accidentally committed dummy test.Jelmer Vernooij1-1/+0
2010-06-28s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.Endi S. Dewata1-3/+30
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-28s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵Endi S. Dewata1-0/+4
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-28s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.Endi S. Dewata1-6/+8
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-28s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not ↵Endi S. Dewata1-1/+8
available in the DN. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-28s3: Make some routines static in smbldapVolker Lendecke2-4/+2
2010-06-28s4:repl_meta_data LDB module - fix counter typeMatthias Dieter Wallnöfer1-1/+1
2010-06-28s4:acl LDB module - fix counter typeMatthias Dieter Wallnöfer1-1/+2
2010-06-28s4:dcesrv_drsuapi.c - fix a counter variableMatthias Dieter Wallnöfer1-2/+1
2010-06-28s4:selftest - also "rpc.samr.users.privileges" does work nowMatthias Dieter Wallnöfer1-1/+0
2010-06-28s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"Matthias Dieter Wallnöfer1-3/+6
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code
2010-06-28s4:knownfail - "pwdLastSet" test does work nowMatthias Dieter Wallnöfer1-1/+0
2010-06-28s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also ↵Matthias Dieter Wallnöfer1-1/+2
for s4
2010-06-28s4:torture - SAMR password tests - activate support for password sets on ↵Matthias Dieter Wallnöfer1-22/+17
level "18" and "21"
2010-06-28s4:selftest - activate the lanman password changesMatthias Dieter Wallnöfer1-0/+1
This is needed for a working "OemChangePasswordUser2" operation.
2010-06-28s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviourMatthias Dieter Wallnöfer1-1/+72
Behaviour as the torture SAMR passwords tests show.
2010-06-28s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0Matthias Dieter Wallnöfer1-0/+9
Taken from s3
2010-06-28s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵Matthias Dieter Wallnöfer1-0/+8
from s3 to s4
2010-06-28s4:dcesrv_samr_SetUserInfo - implement password set level 21Matthias Dieter Wallnöfer1-0/+33
2010-06-28s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵Matthias Dieter Wallnöfer1-0/+10
user password
2010-06-28s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵Matthias Dieter Wallnöfer1-1/+1
haven't activated the the lanman auth This is what s3 does.
2010-06-28s4:samr_password.c - add a function which sets the password through ↵Matthias Dieter Wallnöfer1-0/+48
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21.
2010-06-28s4-smbtorture: fix typo.Günther Deschner1-1/+1
Not my day... Guenther
2010-06-28s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" testMatthias Dieter Wallnöfer1-33/+31
- Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet" resets if "password_expired" > 0) - Fixed some bugs Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-28s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite.Günther Deschner1-0/+64
Our parsing of this struct is incorrect atm. and apparently also causes the s4 server to crash. Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved from a w2k3 domain.msc operation. Guenther
2010-06-28s3-registry: missed one perflib keyname delimiter.Günther Deschner1-1/+1
Guenther
2010-06-28s3: More cleanup in winbindd_ads.c:query_userVolker Lendecke1-13/+10
We can't ads_msgfree after the ads struct has been killed. Do early returns.
2010-06-28s3: Fix a valgrind errorVolker Lendecke1-2/+1
nss_get_info_cached does not necessarily fill in gid
2010-06-28s3: Re-arrange winbindd_ads.c:query_userVolker Lendecke1-23/+24
We can't access the LDAP message after nss_get_info_cached has potentially destroyed the ads_struct
2010-06-28s3: free -> SAFE_FREEVolker Lendecke1-1/+1