summaryrefslogtreecommitdiff
path: root/source4/libnet
AgeCommit message (Collapse)AuthorFilesLines
2009-11-12s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS importAndrew Bartlett1-25/+38
This will allow us in future to do tests on the LDB values we generate from the DRS replication. Andrew Bartlett
2009-11-12s4:vampire Print error message when we fail on the CLDAP pingAndrew Bartlett1-2/+7
Andrew Bartlett
2009-11-06s4:libnet_passwd - fix pointer typeMatthias Dieter Wallnöfer1-1/+1
2009-11-06s4/drs: dsdb_map_int2oid() replaced by dsdb_schema_pfm_oid_from_attid()Kamen Mazdrashki1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_verify_oid_mappings_drsuapi() replaced by ↵Kamen Mazdrashki1-1/+1
dsdb_schema_pfm_contains_drsuapi_pfm() dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented prefixMap interface. This name was choosen to clearly show, that this a week verification in case we want to determine if remote schema is changed. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-11-06s4/drs: dsdb_load_oid_mappings_drsuapi() -> dsdb_load_prefixmap_from_drsuapi()Kamen Mazdrashki1-1/+1
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use dsdb_schema_pfm_from_drsuapi_pfm() function to load drsuapi_prefixMap into schema->prefixmap Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-10-23s4-python: we need to include Python.h firstAndrew Tridgell1-1/+1
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell4-4/+4
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-19s4-libnet: fixed privilege handling in samsync to use the right dbAndrew Tridgell1-30/+29
I only noticed this one because of Karolins spelling fix :-)
2009-10-19Fix typo.Karolin Seeger1-1/+1
privilage -> privilege Karolin
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-1/+1
2009-10-02s4-libnet: give sane error messages when functional levels don't matchAndrew Tridgell1-8/+12
It is nice to tell the user why their command failed :-)
2009-10-02s4:libnet_become_dc - add checks for valid domain/forest function levelsMatthias Dieter Wallnöfer1-10/+52
Add checks to make sure that we join only supported AD domains (we agreed that those are >= (Windows) 2003 Native per default - this is changeable with the "ads:function level" option). Add also checks to make sure that we cannot join domains which have a bigger function level than our DC capable function level (e.g. a (Windows) 2008 DC cannot join a (Windows) 2008 R2 domain).
2009-09-28s4-libnet: fixed debug formattingAndrew Tridgell1-2/+2
2009-09-24s4-libnet: allow the functional level of becomeDC to be specifiedAndrew Tridgell1-1/+2
Use ads:functional level = 4 for DS_DC_FUNCTION_2008_R2 See libds/common/flags.h
2009-09-24s4-libnet: avoid a steal with references errorAndrew Tridgell1-1/+2
2009-09-21s4:libnet_become_dc - bump down the level requested by abartletMatthias Dieter Wallnöfer1-1/+1
2009-09-20s4:provision Use code to store domain join in 'net join' as wellAndrew Bartlett2-284/+51
This ensures we only have one codepath to store the secret, and therefore that we have a single choke point for setting the saltPrincipal, which we were previously skipping. Andrew Bartlett
2009-09-19s4-resolve: fixed a crash bug on timeoutAndrew Tridgell1-1/+1
We were creating the name resolution context as a child of lp_ctx, which meant when we gave up on a connection the timer on name resolution kept running, and when it timed out the callback crashed as the socket was already removed.
2009-09-17s4:libnet_become_dc - Fix some uninitialised variablesMatthias Dieter Wallnöfer1-3/+3
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer1-1/+1
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-15s4-repl: don't do double replicationAndrew Tridgell1-2/+4
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-10s4/vampire: fixed i/j index mixup in vampire codeAndrew Tridgell1-3/+3
2009-09-09s4: allow repl:RODC=true/false to set ourselves as a RODCAndrew Tridgell1-2/+6
I think this is what windows DCs use to see that we are read-only, but I am not sure. Needs more testing.
2009-09-08s4: fixed updaterefs options bitmapAndrew Tridgell1-1/+1
2009-09-07s4: fixed the secrets.ldb construction in libnetAndrew Tridgell1-8/+8
on a vampire join we were not putting the right attributes and objectclass on the secrets.ldb record
2009-09-03show more reasonable object counts during a vampireAndrew Tridgell1-4/+18
We now show the total number of objects we have processed, which gives the user a better idea of how much has been done. A vampire on a large domain can take an hour or more (which needs to be fixed btw, it is a problem with the lack of scalability of the ltdb index code). Watching the same msg for an hour makes you wonder if any progress is being made!
2009-09-02wrap the entire vampire operation in a transactionAndrew Tridgell1-13/+24
We want to grab the whole database, or none of it. This is also needed to get linked attributes right
2009-07-31s4:libnet: use talloc_strdup() instead of talloc_reference()Stefan Metzmacher2-2/+2
metze
2009-07-28Fix compile of py_net.cAndrew Bartlett1-1/+3
2009-07-28s4:libnet Add in a 'credentials' parameter for python libnet_JoinAndrew Bartlett1-7/+20
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett4-2/+84
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher4-85/+2
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
2009-07-27s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett4-2/+85
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-19Add missing includes.Jelmer Vernooij1-0/+1
2009-07-15s4:libnet: rename uint => uint32_t because uint is not portableStefan Metzmacher4-6/+6
metze
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner2-2/+2
Guenther
2009-07-02the settings structure needs to be initialisedAndrew Tridgell1-0/+1
2009-07-01use a talloc_reparent in a very ugly wayAndrew Tridgell1-2/+11
this works around some terrible use of talloc in the libnet code
2009-07-01use the new talloc_reparent in two placesAndrew Tridgell1-1/+1
2009-06-18s4:libnet Allow 'net password change' to work on expired passwordsAndrew Bartlett8-7/+35
We need to pass down flags to the DCE/RPC layer to allow fallback to anonymous connections, as we can't log in with an expired password. The anonymous connection can then change the password with SAMR. Andrew Bartlett
2009-05-25fixed the client side password change codeAndrew Tridgell1-61/+25
The client side code was not falling back to older routines correctly as it didn't check for the operation range error appropriately. It also used the old rpc semantics.
2009-05-14s4:libnet Use str_list_make_single() in resolv codeAndrew Bartlett1-1/+1
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett6-15/+9
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-04-14Use common samsync delta decryption functions in libnet_samsync.cAndrew Bartlett1-134/+2
Andrew Bartlett
2009-04-02major upgrade to the ldb attribute handlingAndrew Tridgell1-1/+1
This is all working towards supporting the full WSPP schema without a major performance penalty. We now use binary searches when looking up classes and attributes. We also avoid the loop loading the attributes into ldb, by adding a hook to override the ldb attribute search function in a module. The attributes can thus be loaded once, and then saved as part of the global schema. Also added support for a few more key attribute syntaxes, as needed for the full schema.
2009-03-19s4:cldap: rewrite the cldap library based on tsocketStefan Metzmacher3-24/+34
metze
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-2/+2
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-1/+1
consistency with Samba 3.
2009-02-02s4:libnet: s/new/nStefan Metzmacher1-9/+9
metze