Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
metze
|
|
|
|
This is needed because we don't (want) to specify an explicit
local address. And the socket family (ipv4 vs. ipv6) needs to
be autodetected based on the remote address before the
socket() syscall.
Otherwise we would try to connect to a ipv4 address through an
ipv6only socket.
metze
|
|
|
|
|
|
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
|
|
|
|
|
|
"becomeDC_drsuapi1_add_entry_send"
We shouldn't use the now uninitialised "status" variable anymore.
|
|
|
|
|
|
Andrew Bartlett
|
|
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
|
|
It is nice to tell the user why their command failed :-)
|
|
Add checks to make sure that we join only supported AD domains (we agreed that
those are >= (Windows) 2003 Native per default - this is changeable with the
"ads:function level" option).
Add also checks to make sure that we cannot join domains which have a bigger
function level than our DC capable function level (e.g. a (Windows) 2008 DC
cannot join a (Windows) 2008 R2 domain).
|
|
Use
ads:functional level = 4
for DS_DC_FUNCTION_2008_R2
See libds/common/flags.h
|
|
|
|
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
I think this is what windows DCs use to see that we are read-only, but
I am not sure. Needs more testing.
|
|
|
|
Guenther
|
|
metze
|
|
metze
|
|
|
|
Guenther
|
|
Guenther
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
metze
(This used to be commit 4b054cee51c39c5430bcadd5c06a94dc3e6b0d8f)
|
|
metze
(This used to be commit 7dee6fb62d5adbd2eaaaf4d8ba9e87a72ef9f94b)
|
|
instead of version 2 (win2k3).
This makes the NET-API-BECOME-DC test work against windows 2003 and 2008.
Michael
(This used to be commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d)
|
|
auth.
This allows controlling whether krb5 auth is forced for the rpc bind in
libnet_become_dc. It defaults to "yes". For Windows 2000, DsGetNCChanges
only krb5 auth works due to a bug in Windows (it returns garbage - a
positive object count is returned along with first object == NULL).
For Windows 2008, on the other hand, krb5 auth does not work currently
due to the lack of support for AES keys. (Metze is working on that.)
Michael
(This used to be commit af85aad8147b85a0b9ea2ccc66b8f04efdfe5cf3)
|
|
This is for debugging and informational purposes only.
The assignment is implementation specific.
(WSPP docs, sec. 5.35).
Michael
(This used to be commit 1f5704e2dee5900e8d1d87699b76f67c0e12854e)
|
|
To work with w2k8.
Michael
(This used to be commit 7d80fab912576923c7474d77b8ed960b01296914)
|
|
metze
(This used to be commit 26d1f9366d8611af1a69095b4cede2d2c95c982d)
|
|
Michael
(This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de)
|
|
metze
(This used to be commit 35c7fa470a7433d081403b2b57a331c7dc287aef)
|
|
metze
(This used to be commit 511847f5f5015bcdef69e80b91cb08ffb1690e59)
|
|
metze
(This used to be commit 4e0708148a121bd41a12abf6122d5d6f3f09667a)
|
|
metze
(This used to be commit a6198ab6cb829969b12068324d870966a6cfc029)
|
|
With NTLMSSP we just get strange responses with a random object count
and a NULL object list. On the domain partition where we try to replicate
the password fields.
metze
(This used to be commit ce12a9105113ad7cff96b7d553a8d69901c56de7)
|
|
metze
(This used to be commit d41b3dd6ffc4fd894bc05798dbc2ff4b53933a06)
|
|
This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows. There is still more testing
to do, and the server implementation to complete.
Andrew Bartlett
(This used to be commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit a1280252ce924df69d911e597b7f65d8038abef9)
|
|
If we want to try this authenication mechanism, we can always manually
specify the binding string.
Andrew Bartlett
(This used to be commit 191d56d41e5af34e78e1ad711fb1c63c189f0b48)
|
|
(I presume this has resulted from the global variable elimination)
Perhaps the iconv handle argument to ndr_push_struct needs to be
marked as 'not NULL' or similar?
Andrew Bartlett
(This used to be commit e8081333b8d43d96974c9e06a26aaa25dd34da56)
|
|
(This used to be commit 50c46160d997e0448f51ae09e0f3c79e8519fa41)
|