Age | Commit message (Collapse) | Author | Files | Lines |
|
This ensures we only have one codepath to store the secret, and
therefore that we have a single choke point for setting the
saltPrincipal, which we were previously skipping.
Andrew Bartlett
|
|
|
|
|
|
We now show the total number of objects we have processed, which gives
the user a better idea of how much has been done. A vampire on a large
domain can take an hour or more (which needs to be fixed btw, it is a
problem with the lack of scalability of the ltdb index code). Watching
the same msg for an hour makes you wonder if any progress is being
made!
|
|
We want to grab the whole database, or none of it.
This is also needed to get linked attributes right
|
|
|
|
This is all working towards supporting the full WSPP schema without a
major performance penalty.
We now use binary searches when looking up classes and attributes. We
also avoid the loop loading the attributes into ldb, by adding a hook
to override the ldb attribute search function in a module. The
attributes can thus be loaded once, and then saved as part of the
global schema.
Also added support for a few more key attribute syntaxes, as needed
for the full schema.
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
|
|
metze
(This used to be commit 34f8b2abdd546f6b60ddae2ad839119f211c995c)
|
|
metze
(This used to be commit 35c7fa470a7433d081403b2b57a331c7dc287aef)
|
|
The total_object_count member of DsGetNCChangesCtr[1|6] was wrong
it's the error code of an extended operation.
DsGetNCChangesCtr6 has a nc_object_count value which contains
the estimated amount of objects in the naming_context.
W2k seems to have a bug and sends this number of objects
in the extended_ret field. Maybe it's just a bug and
not a feature:-)
metze
(This used to be commit 67931092128ce89aadf689a54e20d6e4a9d7fe2c)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
Andrew Bartlett
(This used to be commit b191a1953c24545e9dc1869fc33cb29343d4e3f2)
|
|
By using the already open smb.conf and sam.ldb, we not only avoid
overhead, but also remove the risk we could touch a different
database.
Andrew Bartlett
(This used to be commit 38634183a074556c8dfdcb6affc60f4bcc15a3f0)
|
|
This adds in the newly attached secrets handling, as well as an
interface to the command line 'net' tool.
Andrew Bartlett
(This used to be commit 1282e3c39479aa580124206814b493370d10690a)
|
|
This will use DRS Replication (metze's thesis work) and possibly
samsync, and will work outside the smbtorture process.
Andrew Bartlett
(This used to be commit 02a33165ca700f71cf09680ded35c87aa2e88552)
|
|
(This used to be commit 50c46160d997e0448f51ae09e0f3c79e8519fa41)
|
|
library, so it can be overridden by OpenChange.
(This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
|
|
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
|
|
(This used to be commit 40ae12c08647c47a9c504d39ee6f61c32b4e5748)
|
|
(This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
|
|
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
|
|
lib/messaging/
lib/registry/
lib/ldb-samba/
librpc/rpc/
auth/auth_winbind.c
auth/gensec/
auth/kerberos/
dsdb/repl/
dsdb/samdb/
dsdb/schema/
torture/
cluster/ctdb/
kdc/
ntvfs/ipc/
torture/rap/
ntvfs/
utils/getntacl.c
ntptr/
smb_server/
libcli/wrepl/
wrepl_server/
libcli/cldap/
libcli/dgram/
libcli/ldap/
libcli/raw/
libcli/nbt/
libnet/
winbind/
rpc_server/
metze
(This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
|
|
metze
(This used to be commit 86db839382a6cf92e659abb9e8e51ef828e1e422)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
metze
(This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
metze
(This used to be commit 8711d01ffd080c43512b88b995daf2d6b7c06ba1)
|
|
Andrew Bartlett
(This used to be commit 9e15a51579157405b2013b9b948d279fefd0eda6)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
NULL).
This showed up in a manual pre-TP3 test of the 'net samdump' code, and
shows the critical need for the windows testing infrustructure on the
build farm.
Andrew Bartlett
(This used to be commit 9cef40779ad987b506b1f514a67b5b1c8aea9969)
|
|
Guenther
(This used to be commit 556666756418ad50c533199c736fe3696a7e20cb)
|
|
rafal
(This used to be commit 221907fc0d0141c6c73f10f2dc829879205b9bcb)
|
|
and make it async. Also, update any other usages of old function.
Build goes fine and so do tests, comments to follow.
rafal
(This used to be commit aef0a2de9d2f01a6f619e3fccc8715288f5c37a3)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
default.
(This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
|
|
appear in DNS, so need to match.
Andrew Bartlett
(This used to be commit d092b0493d7c61112ef132c8fb259c15f189c5f6)
|
|
the remote sever, and to query it for domain information.
Provide and use this information in the SamSync/Vampire callbacks, to allow a
parallel connection to LDAP, if we are talking to AD. This allows us
to get at some important attributes not exposed in the old protocol.
With this, we are able to do a all-GUI vampire of a AD domain from
SWAT, including getting all the SIDs, servicePrincipalNames and the
like correct.
Andrew Bartlett
(This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
|
|
Andrew Bartlett
(This used to be commit cefba10bd5ed1f6d10a071e4239088d91f661a36)
|
|
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
|
|
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
|