summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4460: Add a new GENSEC module: gensec_gssapiAndrew Bartlett5-9/+376
(disabled by default, set parametric option: gensec:gssapi=yes to enable). This module backs directly onto GSSAPI, and allows us to sign and seal GSSAPI/Krb5 connections in particular. This avoids me reinventing the entire GSSAPI wheel. Currently a lot of things are left as default - we will soon start specifiying OIDs as well as passwords (it uses the keytab only at the moment). Tested with our LDAP-* torture tests against Win2k3. My hope is to use this module to access the new SPNEGO implementation in Heimdal, to avoid having to standards-verify our own. Andrew Bartlett (This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
2007-10-10r4459: GENSEC refinements:Andrew Bartlett9-125/+306
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
2007-10-10r4458: Create ncalrpc directory with 0755 rather then 0700 so non-root usersJelmer Vernooij1-1/+1
can use ncalrpc as well. (This used to be commit 02340bb6eec394576d23f2c51956f4c47f475452)
2007-10-10r4457: Fix IDL + add torture test for InqObjectJelmer Vernooij2-2/+23
(This used to be commit dbcaff7c71c9b7ee984a2ed458b6c3ce27772740)
2007-10-10r4456: NT4 usrmgr.exe asks for 4096 accounts, allow twice that.Volker Lendecke1-1/+1
Volker (This used to be commit f8588a769c185f871fdcd5db35428ad587bdfad3)
2007-10-10r4455: LSADS was a duplicate of DSSETUP, and is now goneAndrew Tridgell1-12/+1
(This used to be commit 05c8fd81ddec969ed5280e2fe9f838ac4399f1c9)
2007-10-10r4454: This is the patch I use to Samba3 nmbd to allow a WinXP boxAndrew Tridgell1-0/+178
to join a Samba4 domain. It is hard-coded for my GUID, so you will need to edit it to suit. I'm committing this so others can experiment. Obviously what we really need is a new nmbd in Samba4. (This used to be commit a30be712e5abe81b57f8b1b75ebf152018df0eea)
2007-10-10r4453: use lp_server_role(), which currently returns 3, for the dssetupAndrew Tridgell1-1/+1
role. The value '5', which is what my w2k3 DC returns, doesn't work. I'm not sure why this is. with this change the GUI ACL editor from w2k3 works properly, with either server role in the HKLM registry. (This used to be commit 27a8b270bdd029a850c5ec3d10c1ac42468169cb)
2007-10-10r4452: the beginnings of a dssetup rpc server.Andrew Tridgell4-13/+204
(This used to be commit 1c2170ae21d60c22ee3053fbf249dba59de576ba)
2007-10-10r4451: added initial RPC-DSSETUP torture test. It works for level1 ofAndrew Tridgell3-2/+73
ds_RolerGetPrimaryDomainInformation() (This used to be commit 7aec3dac6fd5165cfca5c650aaa29234e278d95d)
2007-10-10r4450: the beginnings of IDL for the dssetup pipe. I need this pipe for ACL ↵Andrew Tridgell2-27/+40
editing from w2k3 when we present ourselves as a DC in the registry (This used to be commit 9651901791e0553f106ab957c5787c109098248b)
2007-10-10r4449: fixed the helpstring for LSA IDLAndrew Tridgell1-1/+1
(This used to be commit 40a68a160e43b2e5d018e393ddecdfc50bad5360)
2007-10-10r4448: - fixed access_mask checking on acl setAndrew Tridgell4-9/+57
- honor the change ownership requests of acl set, changing the underlying unix owner/group - fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED (This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755)
2007-10-10r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()Andrew Tridgell1-42/+138
(This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2007-10-10r4446: attempt to fix the build - andrew, can you check I've done this right?Andrew Tridgell1-1/+1
(This used to be commit 9f0bf657aeee86d859742fb4da3a0f806e7060b6)
2007-10-10r4445: put the unlink test in a subdirectory, and ensure it cleans upAndrew Tridgell1-2/+6
(This used to be commit 382231ca365eccec8024af9420b1ebe41953bdb5)
2007-10-10r4444: - initialise registry:HKEY_LOCAL_MACHINE to a reasonable default (whereAndrew Tridgell1-8/+9
provision.pl suggests hklm.ldb be put) - fix the globals init not to wipe parametic values after initialising them (this bug prevented default values for parametric parameters) (This used to be commit 6a360c52c1723b4c3485a97ebcfeb907f840a051)
2007-10-10r4443: test lsa_LookupNames3() even when lsa_LookupSids3() failsAndrew Tridgell1-0/+4
(This used to be commit d37f556258ba12479e4e9acc5cdb5535ebf41d7f)
2007-10-10r4442: fix lsa_TranslatedSid3 (its a dom_sid2 not a dom_sid)Andrew Tridgell1-1/+1
(This used to be commit 0dd258709554265efaa0d25ad5bc86b559139c2e)
2007-10-10r4441: gensec_krb5 update:Andrew Bartlett1-6/+21
- Use more of the clikrb5.c wrapper calls - Don't use the session keytab if we kinit for the user. Andrew Bartlett (This used to be commit e15dbee00628475d5e1c1f329a7f9b199bc36360)
2007-10-10r4440: - add a start of srvsvc_NetShareCheck() server codeStefan Metzmacher2-17/+83
- filterout hidden shares in NetShareEnum() - get max_connections right metze (This used to be commit c685823c5d75f22177549566866301523a64a1dd)
2007-10-10r4439: unlimited connections is -1Stefan Metzmacher1-1/+1
metze (This used to be commit e62b36bef193f6a58ee035d581ef0f574f1e2910)
2007-10-10r4438: the ADMIN$ share is a diskshare but hiddenStefan Metzmacher1-9/+12
metze (This used to be commit 33a185ec3b211f6137abd6367ccc81d5102e5f4f)
2007-10-10r4437: added IDL and test code for lsa_LookupSids3() and lsa_LookupNames3().Andrew Tridgell2-2/+123
For some reason I am getting ACCESS_DENIED from w2k3 on lsa_LookupSids3(). I will investigate. (This used to be commit c759fa0000e37c3e93a7529a7701998af6727612)
2007-10-10r4436: add one more flagStefan Metzmacher1-0/+1
metze (This used to be commit 7886000e031622795fecb6ec37990c133b1e66f7)
2007-10-10r4435: add another error codeStefan Metzmacher2-0/+2
metze (This used to be commit 02861f63052c48fc85c6694ad8164cc6cc5443d4)
2007-10-10r4434: - fix some NetShare* idl functionsStefan Metzmacher2-7/+38
- add torture test for NetShareCheck() metze (This used to be commit 96000a2261ed56fda613a45e3aa460eb3c87082a)
2007-10-10r4433: added the boilerplate for the new w2k3 LSA functions in preparationAndrew Tridgell2-0/+287
for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2007-10-10r4432: - add srvsvc_NetShareInfo level 1006 and 1501 idlStefan Metzmacher3-283/+572
- implement srvsvc_NetGetShareInfo() - add more error checks - bring the rest of the code in the same layout metze (This used to be commit 0dd14d9fc611a33dad4e559321d6c50d82efb5d1)
2007-10-10r4431: add WERR_NET_NAME_NOT_FOUNDStefan Metzmacher2-3/+5
metze (This used to be commit 74e65680fa9a6b8f04c6ae62ec1da49659879fb5)
2007-10-10r4430: - fixed the BASE-LOCK* tests to use a subdirectory, and properly ↵Andrew Tridgell1-12/+30
setup the directory before each test, thus avoiding errors due to previous failures (This used to be commit a44fa5319d87e57f4b904334d9ea65cc6807b789)
2007-10-10r4429: the owner of a file always gets SEC_STD_DELETEAndrew Tridgell1-6/+5
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
2007-10-10r4428: use minimum open permissions in the 'acl' command in smbclient, so ↵Andrew Tridgell1-1/+8
the user is not prevented from viewing the acl by other access bits (This used to be commit 61e71782f573d0fa5b88237299df516c67405e30)
2007-10-10r4427: - added ldb_msg_*() functions for sorting, comparing and copying messagesAndrew Tridgell3-0/+153
- added a ldb_msg_canonicalize() function that fixes a record to not have any duplicate elements - changed ldbedit to use ldb_msg_canonicalize(). This fixes a bug when you rename multiple elements in a record in one edit (This used to be commit f006e724400843419c8b6155cbeae1876983855e)
2007-10-10r4426: fix same namesStefan Metzmacher2-25/+25
metze (This used to be commit 18bbe40fe1e400546ff3750213f6c0505895e357)
2007-10-10r4425: - move srvsvc and wkssvc server code to the new ↵Stefan Metzmacher4-95/+161
W_ERROR_HAVE_NO_MEMORY() macro - add parameters for server_info:platform_id = 500 /* this is PLATFORM_ID_NT */ server_info:version_major = 5 server_info:version_minor = 2 - implmented srvsvc_NetSrvGetInfo level 101 - make dcesrv_common_get_server_name() match w2k3 metze (This used to be commit 16f43207704397c6e3c0132e9f17c8a1a846ddca)
2007-10-10r4424: fixed a simple bug in the '|' handling in indexed ldb searches. I'mAndrew Tridgell1-0/+1
amazed we got along for so long with this bug! (This used to be commit 937159cf2c6ae08808bd10946fcdbd8741e1a560)
2007-10-10r4423: give lp_parm_int() and lp_parm_ulong() default valuesStefan Metzmacher3-12/+6
metze (This used to be commit c44f4d44b51789916e50c9da93046d0a15245edc)
2007-10-10r4422: make lp_set_cmdline("torture:dangerous", "Yes") a bool parameterStefan Metzmacher5-8/+8
metze (This used to be commit 19482a2245abbf9154423ca8997957b56333fba2)
2007-10-10r4421: fix typoStefan Metzmacher1-2/+2
metze (This used to be commit 222abd4171ce69c65a13b52675d4d75009056bca)
2007-10-10r4420: - add usefull helper macros for allocation failures,Stefan Metzmacher1-0/+13
they should be used in mostly all our code after calling a talloc_* function - the current NTSTATUS_TALLOC_CHECK() and WERR_TALLOC_CHECK() should be replaced by this new macros metze (This used to be commit b6376590f4b2409b2237809d378d9425fe1ce07e)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher11-131/+177
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4418: fix compiler warning and remove unused typedefStefan Metzmacher1-2/+1
metze (This used to be commit 5861657fd12aae026c06ab8c6ae1f1656d06d0a1)
2007-10-10r4417: Reply to samr_QueryDomainInfo with the same static value as level2 does.Volker Lendecke1-0/+16
Volker (This used to be commit 04cf580ef30ac38f3f312184a7b18551195a17ce)
2007-10-10r4416: [in,out] variables do have an r->out component...Volker Lendecke1-1/+1
Volker (This used to be commit 97247c902962b7c0ac69691ae8d7300321de41d5)
2007-10-10r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to ↵Volker Lendecke1-1/+58
delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2007-10-10r4414: Various bits&pieces:Volker Lendecke3-58/+160
* Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2007-10-10r4413: login failure doesn't warrant a level 1 debug (its filling my logs ↵Andrew Tridgell1-1/+1
during torture tests) (This used to be commit b9284c16dc37bf14fceeaa694e82f36a38b0dd93)
2007-10-10r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. ↵Andrew Tridgell1-0/+2
This was being done in the full ACL code, but not in the unix access check code, which meant that qfileinfo was failing for some parameters (This used to be commit 96d017e521f5a996a7a274682838855d077834bc)
2007-10-10r4411: when checking for create permissions, we need to check the parent, ↵Andrew Tridgell1-1/+1
not the child! (This used to be commit 30b4c20b1c9aea94dd2a0611b58860797d244e5a)