Age | Commit message (Collapse) | Author | Files | Lines |
|
wants to check for an existing domain join account, and fails. This
test shows that we need to return NT_STATUS_NONE_MAPPED when nothing
matches. (not yet tested if this helps vista).
Andrew Bartlett
(This used to be commit 7f3671bf11cab36a5c795d7db86f85081b73bc71)
|
|
Guenther
(This used to be commit 9c2b9642336ed954c8f9fc0ccce95547d7c18aa8)
|
|
Guenther
(This used to be commit cf953d04813d193da5e9714ceebb7826dc7e4d0b)
|
|
* netr_DsRGetDCName_flags, netr_DsRGetDCNameInfo_AddressType and netr_DsR_DcFlags
* the mask in netr_DsRGetDCNameEx2 turns out to be samr_AcctFlags
Guenther
(This used to be commit 9cdd6d9782a7a70f01d748228beb80c454d1468b)
|
|
if we return a zero assoc_group_id longhorn beta3 stops
after getting the bind_ack.
metze
(This used to be commit 09aea65960073cc8b50a4b39531490876f6d89ef)
|
|
LDB_ERR_NO_SUCH_OBJECT. Handle this (found against LDAP, ldb_tdb is
being updated).
Andrew Bartlett
(This used to be commit 93e2ff2e85c57a192aadac96ce09a678d464e8ad)
|
|
split MODULE::DCESRV from SUBSYSTEM::dcerpc_server
metze
(This used to be commit c7518d6140c54e0cc7c371bf4a4a5b06b7f63a9c)
|
|
(This used to be commit 150bb2238ea91ead3bdde0a34ff801b79bc83ec3)
|
|
(This used to be commit 52f32b7330ee1a2dd5850fd0e412279777edc00d)
|
|
linked list when moving it to another. This could cause a valgrind
error under the RPC-SCANNER test.
(This used to be commit 9ba8c008513e362fbb860af899006505cadb4a2f)
|
|
Andrew Bartlett
(This used to be commit ddf7354986a800455b6f55c2fdbeb8bb39381716)
|
|
Andrew Bartlett
(This used to be commit c9eb5bf19a702af32a4e4f109a27e4076303efdc)
|
|
TODO: we need to correctly implement assoc groups!
metze
(This used to be commit df7c6c6e0b961eda8daf182df8faed6b29639149)
|
|
(This used to be commit 623026f67aac56c45e298ce5d7af7dbf91ec5df7)
|
|
metze
(This used to be commit 3c786eb6bdb3289a237d231e75092a8b3ca56197)
|
|
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
|
|
- fill in our on bind_info struct correctly
- remember the local and remote DsBindInfo28 struct
- remember the remote bind_buid
w2k3 now tries replicate using DsGetNCChanges() from us,
after the NET-API-BECOME-DC test created the domain controller
and replicated all data.
(But we still give a DCERPC fault in DsGetNCChanges()...)
metze
(This used to be commit 33550c063d4e206fce63fdd99dc93a56995db580)
|
|
metze
(This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
also it's not always under the domain dn
metze
(This used to be commit b8c940f1e2bbd65ed5d2f4279434dd526456ad8b)
|
|
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
|
|
(This used to be commit 3cc299dbbe278936281f8e7071e6de8ec1bb219c)
|
|
(This used to be commit 42bb335bd50a5070ee59c9d9748db8a9e9d6a9b0)
|
|
(This used to be commit e84a369d9b2f1f7313892d5bbf077df6069ba677)
|
|
uint32_t server_id
to
struct server_id server_id;
which allows a server ID to have an node number. The node number will
be zero in non-clustered case. This is the most basic hook needed for
clustering, and ctdb.
(This used to be commit 2365abaa991d57d68c6ebe9be608e01c907102eb)
|
|
for NT4 DC's in mixed mode domains.
This call is triggered by tranferring the PDC FSMO Role to another DC
the real meta data is encoded in the user buffer which is just a DATA_BLOB in idl
metze
(This used to be commit d883815c8d64429e4dac26a93a15e67d31dc263e)
|
|
Andrew Bartlett
(This used to be commit 21b38ae1e4c48dab4b89f234f4dc26a3aed401c3)
|
|
Andrew Bartlett
(This used to be commit 05debeaced7296762b293cc804a71abcfb096066)
|
|
usual things are more complex than they appear.
Also remove the incorrect server-side implementation, which blindly
assumed some sense of consistancy across the API switch levels.
Andrew Bartlett
(This used to be commit 79941adbff843f5027dacd31b972deca4a1557ec)
|
|
supprisingly complex call...
It turns out that the in/out parameter 'level' is not in/out, but set
seperatly by the server-side code from r->req.req1.level.
This commit also breaks out some common code from samldb into samdb.
Andrew Bartlett
(This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
|
|
way to setup a Samba4 DC is to set 'server role = domain controller'.
We use the fSMORoleOwner attribute in the base DN to determine the PDC.
This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.
Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.
We also now use the ldb database to determine if we should run the
global catalog service.
In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.
Andrew Bartlett
(This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
|
|
I've attached the patch which fix this problem. I've only added
DCERPC_NDR_REF_ALLOC to the connection flags. This way it is processed
correctly by ndr_pull_init_flags and added to the ndr flags of the pull
structure.
metze
(This used to be commit ed4c7ce547c61907291d19c172d5eb6f4c4981fe)
|
|
to make the "remote" rpc proxy work for outlook and exchange
metze
(This used to be commit 00875f806eca4165cb098b0e01e33c74fdea2bf5)
|
|
(This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
|
|
there is no ongoing transaction in this code
(This used to be commit 93b738b1112d9e317cb29b32eee45003de37f693)
|
|
metze
(This used to be commit b4d7d49c276a4ec0bcf7971909e74e10476e9ca3)
|
|
a DC
metze
(This used to be commit df133cd22a350d422c49844e50a67f4cc1fb61e4)
|
|
(This used to be commit 0221d5b6c4250a3a2c86c623c534996d7decb1f6)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
DsWriteAccountSpn().
It passes the client toture test.
Andrew Bartlett
(This used to be commit a1e80eeb9561a856ac5aa1f5a991dcd648b152ff)
|
|
Andrew Bartlett
(This used to be commit 4c349f44f8a018e1ad6ed8e92c5083abc4979324)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
as well?
The server side change is needed to fix a valgrind error, which was
possibly exploitable if the client sent deliberately bad data
(This used to be commit e3c04cf165fe15739197b2713e78046399aa7653)
|
|
argument.
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
|
|
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
|
|
output in the testsuite rather than just True or False for a
set of tests.
The aim is to use this for:
* known failure lists (run all tests and detect tests that
started working or started failing). This
would allow us to get rid of the RPC-SAMBA3-* tests
* nicer torture output
* simplification of the testsuite system
* compatibility with other unit testing systems
* easier usage of smbtorture (being able to run one test
and automatically set up the environment for that)
This is still a work-in-progress; expect more updates over the next couple of
days.
(This used to be commit 0eb6097305776325c75081356309115f445a7218)
|
|
that's why ntsrv and win2k3 srv could pass the net test
and we could not...
rafal
(This used to be commit 60ade8ddbd01ac45e5fe6380542ba23cd861e133)
|