Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-28 | s4-kdc Ensure that an RODC may act as a server (needed to fill | Andrew Bartlett | 1 | -5/+24 | |
the krbtgt role). Andrew Bartlett | |||||
2010-09-28 | heimdal Use a seperate krb5_auth_context for the delegated credentials | Andrew Bartlett | 3 | -1/+35 | |
If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett | |||||
2010-09-29 | midltests/todo: add some random idl files I had tested month ago | Stefan Metzmacher | 8 | -0/+1014 | |
metze | |||||
2010-09-29 | midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example | Stefan Metzmacher | 3 | -3/+682 | |
metze | |||||
2010-09-29 | midltests: add some usefull defines to midltests.idl | Stefan Metzmacher | 1 | -0/+24 | |
metze | |||||
2010-09-29 | midltests: make it possible to allow downgrades to NDR32 | Stefan Metzmacher | 1 | -4/+8 | |
metze | |||||
2010-09-29 | midltests: add a midltests_tcp.exe tool | Stefan Metzmacher | 5 | -5/+611 | |
This uses a man in the middle approach in order to dump the request and response pdus. It also tests NDR32 and NDR64. metze | |||||
2010-09-29 | midltests: move the current implementation to midltests_simple.exe | Stefan Metzmacher | 3 | -22/+34 | |
metze | |||||
2010-09-29 | testprogs/win32: add vs2010-metze.cmd | Stefan Metzmacher | 1 | -0/+24 | |
metze | |||||
2010-09-29 | s3-printing: skip metadata entry when traversing printerlist. | Günther Deschner | 1 | -0/+5 | |
We were creating a new printer (with a very broken name) out of the lasttimestamp entry all the time. Simo, please check. Guenther | |||||
2010-09-28 | pidl: add support for pointers in typedefs | Stefan Metzmacher | 4 | -249/+270 | |
metze | |||||
2010-09-28 | pidl:NDR/Parser: remove unused code for array element index | Stefan Metzmacher | 1 | -6/+0 | |
metze | |||||
2010-09-28 | pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags() | Stefan Metzmacher | 1 | -6/+4 | |
metze | |||||
2010-09-28 | pidl:NDR/Client: make the generated code look a bit nicer | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2010-09-28 | librpc/ndr: remove 'async' from ndr_interface_call | Stefan Metzmacher | 1 | -1/+0 | |
metze | |||||
2010-09-28 | pidl: remove unused async property handling | Stefan Metzmacher | 2 | -7/+1 | |
metze | |||||
2010-09-28 | pidl/Python: use has_property($d, "noopnum") helper function | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2010-09-28 | pidl:NDR/Client.pm: remove unreached code | Stefan Metzmacher | 1 | -3/+0 | |
metze | |||||
2010-09-28 | pidl/Python: remove todo handling from PythonFunction(), it's done by the caller | Stefan Metzmacher | 1 | -15/+6 | |
metze | |||||
2010-09-28 | pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case | Stefan Metzmacher | 1 | -0/+1 | |
metze | |||||
2010-09-28 | s3-waf: add in a little hack to deal with the ECHO rpc module for ↵ | Günther Deschner | 1 | -0/+4 | |
non-developer builds. This will be removed once we have the rpc modules subsystem in place. Guenther | |||||
2010-09-28 | autobuild: use git notes for autobuild messages | Andrew Tridgell | 1 | -1/+1 | |
This avoids changing the commit ID when we add a note that the autobuild has passed thanks to Jelmer for this suggestion! | |||||
2010-09-28 | selftest: enable FAIL_IMMEDIATELY in autobuild make test | Andrew Tridgell | 1 | -2/+2 | |
this should reduce the time we wait for previous failing builds. Right now this will only work for s4, as we need a makefile change for s3 support | |||||
2010-09-28 | s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ | Andrew Tridgell | 1 | -1/+32 | |
this extended getncchanges operation replicates a single object | |||||
2010-09-28 | ldb-tdb: ignore failure to register control on rootdse | Andrew Tridgell | 1 | -4/+1 | |
this is expected for non-sam LDBs | |||||
2010-09-28 | s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges | Andrew Tridgell | 1 | -14/+16 | |
this allows for replication by GUID or SID | |||||
2010-09-28 | s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c | Andrew Tridgell | 2 | -44/+42 | |
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier | |||||
2010-09-28 | waf: we don't need the preprocessor recursion limit any more | Andrew Tridgell | 2 | -6/+0 | |
thanks to ita for this | |||||
2010-09-28 | s4-drs: Added check for drs-manage-topology to updateRefs. | Nadezhda Ivanova | 1 | -7/+9 | |
2010-09-28 | s4-drs: Added drs_security_access_check function | Nadezhda Ivanova | 2 | -0/+64 | |
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted | |||||
2010-09-28 | s4-dsdb: adapted check_access_on_dn for use in drs. | Nadezhda Ivanova | 1 | -9/+10 | |
2010-09-29 | heimdal Fix DNS name qualification to not mangle IP addresses | Andrew Bartlett | 1 | -5/+23 | |
If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Handle the case where we may be given a ticket from an RODC in db layer | Andrew Bartlett | 6 | -37/+83 | |
This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett | |||||
2010-09-29 | heimdal Add an error code for use in the RODC | Andrew Bartlett | 1 | -0/+1 | |
In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett | |||||
2010-09-29 | heimdal Add support for extracting a particular KVNO from the database | Andrew Bartlett | 7 | -19/+54 | |
This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett | |||||
2010-09-29 | s4-kdc Add common setup, handle RODC setup case | Andrew Bartlett | 5 | -73/+156 | |
This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett | |||||
2010-09-29 | s4-dsdb Add ldb_reset_err_string() when we set error codes. | Andrew Bartlett | 2 | -0/+4 | |
If we don't we could show an old, incrorrect error | |||||
2010-09-29 | s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY | Andrew Bartlett | 1 | -7/+8 | |
This simplifies the function. While doing so, also change the error string setting to set a really clear error string for the failure to find and failure to parse cases. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Add function to determine if a hdb entry is a RODC | Andrew Bartlett | 2 | -0/+18 | |
This is important, as we must ignore the PAC from an RODC. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO | Andrew Bartlett | 2 | -1/+19 | |
Andrew Bartlett | |||||
2010-09-29 | s4-dsdb Fix segfault in error case in rootdse module | Andrew Bartlett | 1 | -1/+4 | |
2010-09-29 | Make upgrade procedure more explicit. | Michael Wood | 1 | -3/+5 | |
Add in a compile step. Change the tar command to include the recommended dirs. | |||||
2010-09-28 | s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared | Günther Deschner | 1 | -0/+7 | |
module by default). Guenther | |||||
2010-09-28 | s3-waf: add vfs_linux_xfs_sgid to the list of default shared modules. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-09-28 | s3: Attempt to fix bug 7518 | Volker Lendecke | 1 | -6/+6 | |
If select returns -1, we can't rely on the fd sets. The current code might loop endlessly because when putting an invalid fd (the closed socket?) on the read set, a select implementation might choose not to touch it but directly return with EINVAL. Thus run_events will see the socket readable, which leads to a "return true", and thus a NT_STATUS_RETRY -> same game again. We should never get into this situation, but to me the logfiles given in bug 7518 do not reveal enough information to understand how this can happen. | |||||
2010-09-28 | s3: Increase the debuglevel for connection termination msgs | Volker Lendecke | 1 | -2/+2 | |
2010-09-28 | s3-waf: fix dependencies in most of our module subsystems. | Günther Deschner | 4 | -23/+3 | |
Guenther | |||||
2010-09-28 | s3-waf: add pam_smbpass. | Günther Deschner | 3 | -6/+18 | |
Guenther | |||||
2010-09-28 | s3-auth_util: make sure the system server info actually contains S-1-5-18. | Günther Deschner | 1 | -0/+9 | |
Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther | |||||
2010-09-28 | s3-printing: remove unused old structs. | Günther Deschner | 1 | -60/+0 | |
Guenther |