Age | Commit message (Collapse) | Author | Files | Lines |
|
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
|
|
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
|
|
(This used to be commit 9590805bcbdd1924eda5a69978ffac7ec7603451)
|
|
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
|
|
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
|
|
(This used to be commit 8741e8fee619cccd84f2f10e00426df1d4f34074)
|
|
(This used to be commit b706708210a05d6f10474a3cd2bbc550704d4356)
|
|
- Implement QueryDomainInformationPolicy in Samba4
- Allow RPC-LSA to pass against Windows 2008 (which does not allow
the Audit privilage to be removed)
Andrew Bartlett
(This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
|
|
This is enforced by the new RPC-LSA test.
Andrew Bartlett
(This used to be commit da200ac64485fd9531b1aa048570c682b680b012)
|
|
This fixes some info levels in the QueryTrustedDomainInfo call, and
changes from implementing lsa_Delete to lsa_DeleteObject (which has an
explicit close and reutrns a NULL handle).
Andrew Bartlett
(This used to be commit 1f12c368b2566b378a6c521c389b8b1bafbcf916)
|
|
Andrew Bartlett
(This used to be commit ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e)
|
|
metze
(This used to be commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e)
|
|
you need "dcesrv:header signing=yes" to enable it.
metze
(This used to be commit bde2496e6b7034c99243b22434a97aebeb8f75b9)
|
|
metze
(This used to be commit c2186d5d60aa2b57ecafaa57f9fd41f2a6717046)
|
|
(This used to be commit b62490e3e21b606b66e0737a403b0d170b64cddd)
|
|
Allow 0 and 0x12345678 only.
This fixes the RPC-HANDLES test.
metze
(This used to be commit c123e597cc84685abf2b0d3564e1a26d80bbef2f)
|
|
(This used to be commit ae311d89d2d477b235a6a9294a8bb463ed0a8c05)
|
|
presumably LSA).
Tests show that Vista requires the sesion key to be truncated for a
domain join.
Andrew Bartlett
(This used to be commit af629a3738298d27eb2dbecf466ceb503cec9638)
|
|
(This used to be commit 532ccbbe7aa360440f455dfa136f425b9996e998)
|
|
This check breaks more than it fixes, and while technically not
correct, is the best solution we have at this time. Otherwise,
SCHANNEL binds from WinXP fail.
Andrew Bartlett
(This used to be commit f8628fa330abcd50923d995d5bda1f4811582ea9)
|
|
Michael
(This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de)
|
|
The 'comment' element in a number of domain structures is called
oem_information. This was picked up actually because with OpenLDAP
doing the schema checking, it noticed that 'comment' was not a valid
attribute.
The rename tries to keep this consistant in both the LDB mappings and
IDL, so we don't make the same mistake in future.
This has no real schema impact, as this value isn't actually used for
anything, as 'comment' was not used in the provision.
Andrew Bartlett
(This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a)
|
|
The change to the RPC-LSA test proves that when the remote server has
0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not
NT_STATUS_OK.
Andrew Bartlett
(This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b)
|
|
metze
(This used to be commit 76dd521bcf53a245bd1412968e9b921e5c2f10c9)
|
|
metze
(This used to be commit 9ff0ce42b32bf0f1463d2cb9c2a6595f51b13d04)
|
|
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
|
|
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
|
|
middle.
(This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
|
|
(This used to be commit c41bd3005f5f0b9cfd3709fc9217b4a401d265b4)
|
|
context is altered by dcerpc alter_context requests. It prevents dcerpc_server from returning errors (nca_s_fault_access_denied, then nca_s_fault_context_mismatch in further client requests) and keeps the connection alive.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 718f9ce6889346c92894e868f0678fbe404a43ab)
|
|
and adds a const 4 bytes blob to pkt.u.fault.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 652b8c5f156b357e231057a5a0fbded88f4f9c5f)
|
|
Conflicts:
source/Makefile
source/auth/config.mk
source/auth/gensec/config.mk
source/build/m4/public.m4
source/build/make/python.mk
source/build/make/rules.mk
source/build/smb_build/header.pm
source/build/smb_build/main.pl
source/build/smb_build/makefile.pm
source/dsdb/config.mk
source/dsdb/samdb/ldb_modules/config.mk
source/kdc/config.mk
source/lib/events/config.mk
source/lib/events/events.c
source/lib/ldb/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/util/config.mk
source/libcli/smb2/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/nbt_server/config.mk
source/ntptr/ntptr_base.c
source/ntvfs/posix/config.mk
source/ntvfs/sysdep/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/rpc_server/service_rpc.c
source/scripting/ejs/config.mk
source/scripting/python/config.mk
source/smb_server/config.mk
source/smbd/server.c
source/torture/config.mk
source/torture/smb2/config.mk
source/wrepl_server/config.mk
(This used to be commit 13bbd420681519894a4036729c43273912c9b402)
|
|
the code.
Make sure we pass around the event_context where we need it instead.
All test but a few python ones fail. Jelmer promised to fix them.
(This used to be commit 3045d391626fba169aa26be52174883e18d323e9)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 92856d5054106894b65cd1a1b5119c0facfc4cff)
|
|
altogether.
(This used to be commit dbeab2a9cdee4e5f69afeb2603ba29cbed56debd)
|
|
Conflicts:
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/makefile.pm
source/heimdal_build/config.mk
source/lib/events/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/registry/config.mk
source/lib/socket_wrapper/config.mk
source/lib/tdb/config.mk
source/lib/tls/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/scripting/ejs/config.mk
source/smbd/process_model.mk
(This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
|
|
(This used to be commit 25cbb1b76720a271984ad5c023e45476094562f1)
|
|
(This used to be commit 033db9730f1aa6d1941fbb83f55578aaa75e28bd)
|
|
(This used to be commit 3e3563f2840e7cd795f5fc157003af3c932cb4d1)
|
|
(This used to be commit 92e71c19f4e1d3ca123a083942ec578d21f7012c)
|
|
(This used to be commit 71aa38842c270d52d39b805bf7ce29e25e062024)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit 977dbdeaf363c8905ed9fd0570eba4be80582833)
|
|
Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.
Andrew Bartlett
(This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
|
|
Now that we don't create users/domain groups/aliases in the builtin
domain, we hit some bugs in the server-side implementation of the
enumeration functions.
In essence, it turns out to be: don't treat 0 as a special case.
Also, fix up the PDC name to always be returned. I'm sure nothing
actually uses it, particularly for BUILTIN...
Andrew Bartlett
(This used to be commit 353bb79f568f20c8469cb9458f7b14c24612ad23)
|
|
The gendb_*() API does not return error codes, and mixes error returns
with the count of returned entries.
Andrew Bartlett
(This used to be commit facbc8dfa5188fdd610f400b5be6e05bc33b0820)
|
|
Andrew Bartlett
(This used to be commit 9bfc4757887ceabb4c621d62c140515794679250)
|
|
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
|
|
(This used to be commit f2e49744717eb46bbfafeea9e2eb412a38a142e7)
|