Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-09-11 | s4-drs: actually call the new drsuapi_add_SPNs() code | Andrew Tridgell | 1 | -2/+2 | |
An early return here didn't do any good :-) | |||||
2009-09-11 | s4-drs: add the magic DRS SPNs on AddEntry | Andrew Tridgell | 2 | -27/+122 | |
When a DsAddEntry is used to create a nTDSDSA object we need to also create the SPNs for the NTDS GUID in the servers machine account. | |||||
2009-09-11 | s4/provision: add the nTDSDSA GUID based DNS entries and SPNs | Andrew Tridgell | 3 | -12/+27 | |
The DNS entries and SPNs are needed for samba<->samba DRS replication. This patch adds them for a standalone DC configure. A separate patch will add them for the vampire configure | |||||
2009-09-11 | s4/drs: parentGUID needs to be specififcally asked for | Andrew Tridgell | 1 | -1/+2 | |
Right now parentGUID is a normal attribute in s4, but it should be generated, which means we need to ask for it in a search if we want to use it. | |||||
2009-09-11 | s4/libcli: when we get a DNS lookup failure show the name | Andrew Tridgell | 1 | -0/+2 | |
When tracking down complex connection problems its useful knowing what name lookups failed. | |||||
2009-09-11 | s4/tort: RPC-DRSUAPI test case refactored to match torture architecture | Kamen Mazdrashki | 2 | -68/+74 | |
2009-09-11 | s4/tort: code clean up using torture_drsuapi_assert_call() macro | Kamen Mazdrashki | 1 | -132/+36 | |
After this change, when a test fails, it gives reasonable failure message. | |||||
2009-09-11 | s4/tort: assert macro for drsuapi dcerpc call | Kamen Mazdrashki | 1 | -0/+26 | |
The macro actually wraps common code pattern used in almost every test for DRSUAPI interface | |||||
2009-09-11 | s4/tort: Propagate torture_context and use torture_comment | Kamen Mazdrashki | 1 | -66/+79 | |
NOTE: Not every place where printf is used is replaced by torture_comment. Future work shall "missed" printfs also. | |||||
2009-09-11 | s3-schannel: remove last schannel hand-marshalling function. | Günther Deschner | 2 | -34/+0 | |
Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server). | Günther Deschner | 5 | -83/+118 | |
Guenther | |||||
2009-09-11 | s3-errors: add NT_STATUS_RPC_NT_PROCNUM_OUT_OF_RANGE. | Günther Deschner | 2 | -0/+2 | |
Guenther | |||||
2009-09-11 | s3-schannel: remove unused code. | Günther Deschner | 3 | -75/+0 | |
Guenther | |||||
2009-09-11 | s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply. | Günther Deschner | 1 | -10/+17 | |
Guenther | |||||
2009-09-11 | schannel: more work on reponse NL_AUTH_MESSAGES. | Günther Deschner | 6 | -1/+96 | |
Guenther | |||||
2009-09-11 | s3-nterr: add NT_STATUS_RPC_NT_PROTOCOL_ERROR to nt_errstr(). | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-11 | s3-util: add get/set_cmdline_auth_info_domain to user_auth_info struct. | Günther Deschner | 3 | -0/+22 | |
Guenther | |||||
2009-09-11 | s3-rpcclient: add lookupnames4 command. | Günther Deschner | 1 | -0/+52 | |
Guenther | |||||
2009-09-11 | s3-rpcclient: add ncacn transport handling for rpcclient. | Günther Deschner | 1 | -5/+88 | |
Guenther | |||||
2009-09-11 | s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct. | Günther Deschner | 2 | -0/+10 | |
Guenther | |||||
2009-09-11 | s4:setup Updated Display Specifiers from Microsoft (with #s) | Andrew Bartlett | 5 | -91/+30 | |
This fixes the issue with the original files that they didn't have a leading # in front of the comments, which caused our parsing scripts much pain. The files are now exactly as delivered. Andrew Bartlett | |||||
2009-09-11 | s4: Pass WINBINDD_SOCKET_DIR var in order to overide the location of the ↵ | Matthieu Patou | 1 | -0/+2 | |
Winbind socket | |||||
2009-09-11 | s4:ldb_map: Don't free ares too early. | Andrew Kroeger | 1 | -3/+3 | |
As found when running "make test" with the MALLOC_CHECK_ and MALLOC_PERTURB_ environment variables set. | |||||
2009-09-11 | s4/tort: CRACKNAMES tests to use private structure for testing. | Kamen Mazdrashki | 1 | -2/+33 | |
DsCrackNamesPrivate structure basically inherits DsPrivate structure while adding few test-specific members. | |||||
2009-09-11 | s4/tort: Make common setup/teardown drsuapi test funcs really common | Kamen Mazdrashki | 1 | -13/+6 | |
2009-09-11 | s4/tort: CrackNames test update to work against W2K3. | Kamen Mazdrashki | 1 | -0/+4 | |
DRSUAPI_DS_NAME_FORMAT_UKNOWN added to 'known-to-fail' responses as this actually means to ask AD to resolve a name from FQDN format to Unknown format. | |||||
2009-09-10 | util_strlist: Add some more "const"s - small correction | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-09-10 | util_strlist: Add some more "const"s | Matthias Dieter Wallnöfer | 2 | -22/+27 | |
2009-09-10 | Fix bug 6707 - 3.4.1 segfault in parsing configs. | Marc Aurele La France | 1 | -4/+4 | |
Fixes an occasional segfault caused by an out-of-bounds reference in config file parsing. | |||||
2009-09-10 | s4:srvsvc: Fix logic on error checking. | Andrew Kroeger | 1 | -6/+6 | |
2009-09-10 | s4:pwsettings: Added blackbox tests. | Andrew Kroeger | 2 | -0/+30 | |
The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings. | |||||
2009-09-10 | testprogs:subunit.sh: Add function for expected failures. | Andrew Kroeger | 1 | -0/+15 | |
The testit_expect_failure() function is like the testit() function, with reversed error detection logic. This reversal only affects the pass/fail logic and logging - the original return code from the command is still returned to the calling script. | |||||
2009-09-10 | s4:pwsettings: Show default values in help messages. | Andrew Kroeger | 1 | -4/+4 | |
2009-09-10 | s4:pwsettings: Add 'default' option for password complexity. | Andrew Kroeger | 1 | -2/+2 | |
2009-09-10 | s4:pwsettings: Added validation. | Andrew Kroeger | 1 | -4/+26 | |
Validate that each field is within its allowed range. Also validate that the maximum password age is greater than the minimum password length (if the maximum password age is set). I could not find these values documented anywhere in the WSPP docs. I used the values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs the validation of values. | |||||
2009-09-10 | s4:pwsettings: Don't assume a value for pwdProperties. | Andrew Kroeger | 1 | -2/+2 | |
If we cannot retrieve the value, do not assume a particular value. The fact that we could not retrieve the value indicates a larger problem that we don't want to make worse bypossibly clearing bit fields in the pwdProperties attribute. | |||||
2009-09-10 | s4:pwsettings: Run all updates as a single modify() operation. | Andrew Kroeger | 1 | -31/+19 | |
This ensures that all changes are made, or none are made. It also makes it possible to do validation as we go and abort in case of an error, while always leaving things in a consistent state. | |||||
2009-09-10 | s4:pwsettings: Added --quiet option. | Andrew Kroeger | 1 | -16/+17 | |
Also changed all non-error status output to use the message() function, which respects the --quiet option. | |||||
2009-09-10 | s4:netlogon - Put the "supported encryption types" more back in the ↵ | Matthias Dieter Wallnöfer | 1 | -6/+8 | |
"LogonGetDomainInfo" call They're needed only at the end. | |||||
2009-09-10 | Revert "s4: Let the "setpassword" script finally use the ↵ | Matthias Dieter Wallnöfer | 2 | -70/+9 | |
"samdb_set_password" routine" This reverts commit fdd62e9699b181a140292689fcd88a559bc26211. abartlet and I agreed that this isn't the right way to enforce the password policies. Sooner or later we've to control them anyway on the directory level. | |||||
2009-09-10 | s4/torture: fixed lots of crash bugs in the DRS tests | Andrew Tridgell | 1 | -17/+19 | |
2009-09-10 | s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP | Andrew Bartlett | 1 | -31/+30 | |
We need to be more careful to do the cleanup functions for the right backend. In future, these perhaps should be provided by the ProvisionBackend class. Andrew Bartlett | |||||
2009-09-10 | s4/drs: enable attribute encryption | Andrew Tridgell | 1 | -6/+41 | |
This means we now get passwords vampired correctly for s4<->s4 replication. | |||||
2009-09-10 | s4: kludge_acl needs to be above repl_meta_data | Andrew Tridgell | 1 | -2/+2 | |
We have to bypass kludge_acl in replication as otherwise we aren't allowed access to the password entries | |||||
2009-09-10 | s4/repl: give a useful error message if we can't decode an object | Andrew Tridgell | 1 | -1/+4 | |
2009-09-10 | libcli: added a drsuapi attribute encryption function | Andrew Tridgell | 2 | -11/+78 | |
2009-09-10 | libcli:drsuapi Add function to encrypt data for transport over DRSUAPI | Andrew Bartlett | 1 | -0/+102 | |
This is for the server side of the GetNCChanges call. Andrew Bartlett | |||||
2009-09-10 | s4/drs: changed the UpdateRefs server to use the dn instead of the GUID | Andrew Tridgell | 1 | -27/+18 | |
Our vampire code sends a zero GUID in the updaterefs calls. Windows seems to ignore the GUID and use the DN in the naming context instead, so I have changed our UpdateRefs server implementation to do the same. With this change we can now vampire from s4<->s4 successfully! Now to see if all the attributes came across correctly. | |||||
2009-09-09 | OPC oota edits | John H Terpstra | 1 | -6/+6 | |
2009-09-10 | s4/drs: correctly fill in the GUID of DRS objects | Andrew Tridgell | 1 | -1/+1 | |