Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-18 | s3-build: only include smb_signing.h where needed. | Günther Deschner | 6 | -2/+6 | |
Guenther | |||||
2010-08-18 | s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed) | Andrew Bartlett | 1 | -1/+0 | |
2010-08-17 | smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly. | James Peach | 1 | -4/+6 | |
2010-08-17 | smbtorture: Emit correct test results if setup fails. | James Peach | 1 | -15/+31 | |
If the test setup fails, we still need to format the test result for the UI. At leas in the subunit case, the format doesn't specify what to do here, so we fail every test manually with the setup failure message. | |||||
2010-08-17 | smbtorture: Ensure that the RPC setup returns correct status. | James Peach | 1 | -4/+4 | |
2010-08-18 | s4:ldap_server use talloc_unlink() to avoid talloc_free() with references | Andrew Bartlett | 1 | -4/+4 | |
Both the session_info and the ldb can have references. Andrew Bartlett | |||||
2010-08-18 | s4:auth Change {anonymous,system}_session to use common session_info generation | Andrew Bartlett | 2 | -6/+8 | |
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett | |||||
2010-08-18 | s4:auth Avoid doing database lookups for NT AUTHORITY users | Andrew Bartlett | 2 | -108/+122 | |
2010-08-18 | s4:auth Remove system_session_anon() from python bindings | Andrew Bartlett | 5 | -58/+4 | |
2010-08-18 | s4:auth Remove the system:anonymous parameter used for the LDAP backend | Andrew Bartlett | 1 | -10/+4 | |
This isn't needed any more, and just introduces complexity. | |||||
2010-08-18 | s4:auth Remove special case constructor for admin_session() | Andrew Bartlett | 1 | -63/+13 | |
There isn't a good reason why this code is duplicated. Andrew Bartlett | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 13 | -37/+29 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-18 | s4:ntvfs Don't treat the user SID and primary group SID special for idmap | Andrew Bartlett | 1 | -12/+4 | |
This simply askes IDMAP about all the user SIDs, rather than the user and group sid, followed by all but the first two sids from the token. Andrew Bartlett | |||||
2010-08-18 | s4:security Bring in #defines for the user and primary group token location | Andrew Bartlett | 1 | -0/+3 | |
This will allow us to stop duplicating the user and primary group SID in the struct security_token, and therefore make it more like the NT_USER_TOKEN in Samba3. Andrew Bartlett | |||||
2010-08-17 | s3: Remove smbd_server_fd() from session_claim | Volker Lendecke | 4 | -10/+9 | |
2010-08-17 | s3: Remove smbd_server_fd() from read_smb_length() | Volker Lendecke | 1 | -12/+7 | |
2010-08-17 | s3: Move read_smb_length() to smbd/reply.c | Volker Lendecke | 3 | -44/+42 | |
2010-08-17 | s3: Remove smbd_server_fd from receive_smb_raw | Volker Lendecke | 1 | -25/+4 | |
This is only called from client code | |||||
2010-08-17 | s3: Lift smbd_server_fd() from receive_smb_raw_talloc | Volker Lendecke | 1 | -5/+5 | |
2010-08-17 | s3: Lift smbd_server_fd() from read_smb_length_return_keepalive | Volker Lendecke | 2 | -14/+29 | |
2010-08-17 | s3: Lift smbd_server_fd() from read_data() | Volker Lendecke | 2 | -22/+9 | |
All callers have appropriate debug messages themselves | |||||
2010-08-17 | s3: Lift smbd_server_fd() from read_fd_with_timeout() | Volker Lendecke | 3 | -44/+62 | |
2010-08-17 | s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵ | Matthias Dieter Wallnöfer | 1 | -2/+43 | |
here the new password change syntax | |||||
2010-08-17 | s4:kdc/kpasswdd.c - let the user change his own password with his own rights | Matthias Dieter Wallnöfer | 1 | -3/+44 | |
Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example). | |||||
2010-08-17 | s4:samr RPC server - samr_password.c - make real user password changes work | Matthias Dieter Wallnöfer | 1 | -50/+74 | |
Now it's finally possible that the user can change his password with a DSDB connection using his credentials. | |||||
2010-08-17 | s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵ | Matthias Dieter Wallnöfer | 2 | -4/+4 | |
password sets | |||||
2010-08-17 | s4:samdb_set_password/samdb_set_password_sid - make more arguments "const" | Matthias Dieter Wallnöfer | 1 | -5/+5 | |
2010-08-17 | s4:samdb_set_password/samdb_set_password_sid - make the adaptions to support ↵ | Matthias Dieter Wallnöfer | 1 | -13/+27 | |
the password change control And introduce parameters to pass the old password hashes. | |||||
2010-08-17 | s4:password_hash LDB module - perform the adaptions to understand the new ↵ | Matthias Dieter Wallnöfer | 1 | -8/+26 | |
password change control | |||||
2010-08-17 | s4:acl LDB module - support password changes over the ↵ | Matthias Dieter Wallnöfer | 1 | -1/+15 | |
DSDB_CONTROL_PASSWORD_CHANGE_OID control This control is used from the SAMR and "kpasswd" password changes. It is strictly private and means "this is a password change and not a password set". | |||||
2010-08-17 | s4:DSDB - DSDB_CONTROL_PASSWORD_CHANGE_OID - add a structure as value to the ↵ | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
control This contains the NT and/or LM hash of the password specified by the user. | |||||
2010-08-17 | s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" | Matthias Dieter Wallnöfer | 4 | -11/+10 | |
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash. | |||||
2010-08-17 | Revert "waf: enable gccdeps in developer mode" | Stefan Metzmacher | 1 | -3/+2 | |
This reverts commit 61930f50cbace4741500d8b53fc11a4ef3e0d4f8. This breaks the build with older gcc versions gcc --version gcc (SUSE Linux) 4.3.2 [gcc-4_3-branch revision 141291] (This is SLES 11) Please only enable it if thet compiler supports it. metze | |||||
2010-08-17 | s4:selftest: recreate $SELFTEST_PREFIX/s4client with each make test run | Stefan Metzmacher | 1 | -3/+3 | |
Otherwise just fill the disks of the build-farm hosts. metze | |||||
2010-08-17 | s4:selftest: run ldapi tests in 'dc:local' environment | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2010-08-17 | s4-tests: Added tests for acl checks on search requests | Nadezhda Ivanova | 1 | -0/+218 | |
2010-08-17 | s3: Directly call write_data from print_job_write() | Volker Lendecke | 1 | -1/+1 | |
2010-08-17 | s3: Remove unused "pos" arg from print_job_write | Volker Lendecke | 3 | -6/+3 | |
2010-08-17 | s3-samr: Correctly fix the transition from enum to uint32_t. | Andreas Schneider | 1 | -1/+5 | |
What type an enum is depends on the implementation, the compiler and probably the compiler options. sizeof(enum) is normally not sizeof(int)! | |||||
2010-08-17 | s4-ldb: ensure element flags are zero in ldb search return | Andrew Tridgell | 1 | -0/+2 | |
the distinguishedName element was getting an uninitialised flags value | |||||
2010-08-17 | s4-ldbwrap: ensure session_info in ldb opaque remains valid | Andrew Tridgell | 1 | -0/+15 | |
A DRS DsBind handle can be re-used in a later connection. This implies reuse of the session_info for the connection. If the first connection is shutdown then the session_info in the sam context on the 2nd connection must remain valid. | |||||
2010-08-17 | s4-rpcserver: log unknown RPC calls at debug level 3 | Andrew Tridgell | 1 | -0/+6 | |
This was added as we are occasionally getting an encrypted unknown netlogon call, and I'm having trouble looking at it in wireshark | |||||
2010-08-17 | s4-netlogon: added SEC_CHAN_RODC | Andrew Tridgell | 2 | -1/+7 | |
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs | |||||
2010-08-17 | s4-net: use an encrypted ldap session when setting passwords | Andrew Tridgell | 1 | -0/+3 | |
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME" to set a password remotely on a windows DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: check the type of session_info from the opaque | Andrew Tridgell | 1 | -2/+2 | |
we saw a crash with a bad pointer here, and this may help track it down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-drs: allow getncchanges from RODC with WRIT_REP set | Andrew Tridgell | 1 | -2/+2 | |
w2k8r2 is setting this bit as a RODC. Instead of refusing the replication, we now remove the bit from req8, which means other places in the code that check this bit can stay the same Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-drs: added domain_sid to DRS security checks | Andrew Tridgell | 6 | -10/+14 | |
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER | Andrew Tridgell | 1 | -6/+6 | |
check more than the user_sid, and also check for the right rid value Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNT | Andrew Tridgell | 2 | -2/+10 | |
when this is in user_account_control the account is a RODC, and we need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-dsdb: cope with cracknames of form dnsdomain\account | Andrew Tridgell | 1 | -2/+8 | |
this is used by w2k8r2 when doing a RODC dcpromo Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> |