Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-11-12 | tdb: set tdb->name early, as it's needed for tdb_name() | Stefan Metzmacher | 1 | -6/+27 | |
tdb_name() might be used within the given log function, which might be called from within tdb_open_ex(). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Nov 12 11:22:21 UTC 2010 on sn-devel-104 | |||||
2010-11-12 | s4-kdc: added proxying of kdc requests for RODCs | Andrew Tridgell | 5 | -66/+782 | |
when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104 | |||||
2010-11-12 | s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODC | Andrew Bartlett | 1 | -1/+7 | |
This means that when we are an RODC, and an account does not have the password attributes, we can now indicate to the kdc code that it should forward the request to a real DC. (The proxy code itself is not in this commit). Andrew Bartlett | |||||
2010-11-12 | heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller | Andrew Bartlett | 3 | -11/+34 | |
This means that no reply packet should be generated, but that instead the user of the libkdc API should forward the packet to a real KDC, that has a full database. Andrew Bartlett | |||||
2010-11-12 | s4-kdc: split the kdc process return into a tri-state | Andrew Tridgell | 3 | -53/+59 | |
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-11-12 | s4-kdc: we don't need the special include handling now | Andrew Tridgell | 1 | -6/+0 | |
the special handling was to cope with the conflict with the kdc.h header Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-11-12 | s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.h | Andrew Tridgell | 6 | -5/+5 | |
kdc.h conflicts with a heimdal header name | |||||
2010-11-11 | s4-tests: Make repl_schema.py test part of Samba4 test suite | Kamen Mazdrashki | 1 | -0/+1 | |
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Nov 11 19:38:18 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s4-repl: Propagate remote prefixMap in DRSUAPI data conversion functions | Kamen Mazdrashki | 3 | -4/+31 | |
2010-11-11 | s4-dsdb_syntax: Warning message that we can't find requested ATTID in Schema ↵ | Kamen Mazdrashki | 1 | -0/+1 | |
Cache | |||||
2010-11-11 | s4-prefixMap: dsdb_schema_pfm_oid_from_attid() to use const prefixMap | Kamen Mazdrashki | 1 | -1/+2 | |
It is not supposed to change supplied prefixMap | |||||
2010-11-11 | s4-dsdb_syntax: Use remote prefixMap to handle generic cases in ↵ | Kamen Mazdrashki | 1 | -2/+7 | |
drsuapi_to_ldb conversions | |||||
2010-11-11 | s4-dsdb_syntax: Add remote prefixMap member for dsdb_syntax conversions | Kamen Mazdrashki | 2 | -0/+5 | |
2010-11-11 | s4-repl: dsdb_extended_replicated_objects_convert -> ↵ | Kamen Mazdrashki | 4 | -54/+54 | |
dsdb_replicated_objects_convert/ It is part of dsdb_replicated_* family of functions | |||||
2010-11-11 | s4-repl: dsdb_extended_replicated_objects_commit -> ↵ | Kamen Mazdrashki | 3 | -9/+8 | |
dsdb_replicated_objects_commit It is part of dsdb_replicated_* family of functions | |||||
2010-11-11 | s4-repl: dsdb_convert_object -> dsdb_origin_object_convert | Kamen Mazdrashki | 1 | -7/+7 | |
It is used in dsdb_origin_objects_commit() func, hence the dsdb_origin_ prefix | |||||
2010-11-11 | s4-test: repl_schema - Make sure LdbError and ERR_NO_SUCH_OBJECT are visible | Kamen Mazdrashki | 1 | -0/+1 | |
2010-11-11 | s3: Well... Fix a stupid error | Volker Lendecke | 1 | -1/+1 | |
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Nov 11 18:54:00 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s3: Make cli_set_ea_fnum return NTSTATUS | Volker Lendecke | 3 | -8/+12 | |
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Nov 11 16:59:27 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s3: Make cli_set_ea_path return NTSTATUS | Volker Lendecke | 4 | -13/+25 | |
2010-11-11 | s3: Remove two pointless variables | Volker Lendecke | 1 | -5/+4 | |
2010-11-11 | s3: Convert cli_set_ea() to cli_trans() | Volker Lendecke | 1 | -40/+35 | |
2010-11-11 | s3: Convert cli_dfs_get_referral to cli_trans | Volker Lendecke | 2 | -32/+31 | |
2010-11-11 | s3: cli_dfs_check_error does not need to depend on cli->inbuf | Volker Lendecke | 1 | -10/+13 | |
2010-11-11 | s3: Make split_dfs_path return bool | Volker Lendecke | 1 | -11/+27 | |
2010-11-11 | s3: Remove some dead code | Volker Lendecke | 1 | -3/+0 | |
2010-11-11 | s3: Untangle an if-expression | Volker Lendecke | 1 | -1/+2 | |
2010-11-11 | s4/test: Expand BindTest | Anatoliy Atanasov | 1 | -20/+60 | |
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s4/test: Add bind.py to make test | Anatoliy Atanasov | 1 | -0/+1 | |
bind.py is a place to have tests for ldb binding with different credentials. For starter we have a simple bind with machine account. | |||||
2010-11-11 | heimdal Don't dereference NULL in error verify_checksum error path | Andrew Bartlett | 1 | -1/+1 | |
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s4-provision UTF16 encode the password in sam.ldb, not secrets.ldb | Andrew Bartlett | 1 | -2/+2 | |
The password in secrets.ldb is UTF8, while clearTextPassword in sam.ldb is UTF16. This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which had these the wrong way around. Andrew Bartlett | |||||
2010-11-11 | s4-dsdb Remove incorrectly declared ** variable used as *. | Andrew Bartlett | 1 | -6/+3 | |
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett | |||||
2010-11-11 | s4-dsdb Convert new krbtgt_xxx password into UTF16 | Andrew Bartlett | 1 | -1/+12 | |
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett | |||||
2010-11-11 | s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8 | Andrew Bartlett | 1 | -1/+5 | |
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett | |||||
2010-11-11 | s4:pytevent.c - fix a discard const warning | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 11 09:47:55 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | ldb:ldb_ldap.c rename operation - check for the RDN name and value | Matthias Dieter Wallnöfer | 1 | -3/+11 | |
Make it more similar to "ldb_ildap.c" and also more save | |||||
2010-11-11 | s4:dsdb - proof against empty RDN values where expected | Matthias Dieter Wallnöfer | 5 | -5/+40 | |
This should prevent crashes as pointed out on the mailing list. | |||||
2010-11-11 | Cannot create OU using custom Schema class | Zahari Zahariev | 1 | -0/+56 | |
If we define our own child class 'subClassOf' system Schema class e.g. organizationalUnit then we cannot create OU in the Dafualt Naming Context that has this custom Schama class in the objectClass attribute. | |||||
2010-11-11 | s4:objectclass LDB module - allow RDNs also to come from superclasses | Matthias Dieter Wallnöfer | 1 | -11/+39 | |
Detected by a testcase written by Zahari Zahariev. | |||||
2010-11-11 | s4:passwords.py - add a test for the normal "userPassword" behaviour | Matthias Dieter Wallnöfer | 1 | -1/+97 | |
Just to make sure that this works now too | |||||
2010-11-11 | s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵ | Matthias Dieter Wallnöfer | 4 | -12/+59 | |
according to the "dSHeuristics" | |||||
2010-11-11 | s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵ | Matthias Dieter Wallnöfer | 2 | -78/+77 | |
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't). | |||||
2010-11-11 | s4:libnet/libnet_samsync_ldb.c - remove "userPassword" remove code | Matthias Dieter Wallnöfer | 1 | -6/+0 | |
It could also be a normal attribute with a normal content, and if it's not like that then it's for sure empty. | |||||
2010-11-11 | s4:local_password LDB module - remove schema checking code and fix some typos | Matthias Dieter Wallnöfer | 1 | -12/+6 | |
This is now done by the "objectclass_attrs" LDB module. | |||||
2010-11-11 | s4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics" | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-11-11 | s4:selftest/tests.py - skip the "passwords.py" suite on Windows 2000 domain ↵ | Matthias Dieter Wallnöfer | 1 | -1/+5 | |
function level The "userPassword" password change functionality isn't available and so it causes big parts of the testsuite to fail. On the other hand we've basic tests in "acl.py" and indirectly also over SAMR and kpasswd so I propose to simply skip it. | |||||
2010-11-11 | s4:acl.py - two password change tests are expected to fails on Windows 2000 ↵ | Matthias Dieter Wallnöfer | 1 | -3/+14 | |
function level | |||||
2010-11-11 | s4:upgradehelpers.py - use "clearTextPassword" rather than "userPassword" | Matthias Dieter Wallnöfer | 1 | -5/+8 | |
It's the default internal s4 password change attribute | |||||
2010-11-11 | s4:speedtest.py - use "unicodePwd" for setting user's password | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
It's available on all AD hosts (including Windows 2000) and on all configurations! | |||||
2010-11-11 | s4:speedtest.py - remove duplicated code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |