summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova22-359/+618
2009-09-21s4:kerberos Fix the salt to match Windows 2008.Andrew Bartlett2-2/+2
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett
2009-09-21s4:provision Make our default salt match our server behaviourAndrew Bartlett1-1/+1
We need to look into salting algorithms further. Andrew Bartlett
2009-09-21s4:provision - Fix up ProvisioningError class as suggested by JelmerMatthias Dieter Wallnöfer1-5/+5
2009-09-21s4:samdb/tools - That should fix now the last failuresMatthias Dieter Wallnöfer3-3/+5
2009-09-21s4:libnet_become_dc - bump down the level requested by abartletMatthias Dieter Wallnöfer1-1/+1
2009-09-21s4:scripts - Reintroduce "-H" parameterMatthias Dieter Wallnöfer6-12/+46
I removed it since on some scripts it was present, on others not - so I thought it wouldn't be really needed. This was a bad decision (pointed out by abartlet). So I reintroduce it on all scripts (to have consistent parameters).
2009-09-20s4:provision Make us Windows 2008 level by defualt againAndrew Bartlett1-4/+5
Also add a note to clarify that this should not be changed without discussion and consensus. We don't want this bouncing around. Paramater support to allow optional selection of Win2003 mode welcomed. Andrew Bartlett
2009-09-21s4:dsdb/resolve_oids: add fast pathes for the common operations without oidsStefan Metzmacher1-0/+217
metze
2009-09-21s4:dsdb/resolve_oids: check return values in recursionStefan Metzmacher1-3/+6
metze
2009-09-20s4:py_security Add missing headerAndrew Bartlett1-0/+23
2009-09-20Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova9-52/+92
2009-09-20s4:provision Use code to store domain join in 'net join' as wellAndrew Bartlett7-309/+283
This ensures we only have one codepath to store the secret, and therefore that we have a single choke point for setting the saltPrincipal, which we were previously skipping. Andrew Bartlett
2009-09-20s4:ldb print out which LDB the transaction is still active on.Andrew Bartlett1-2/+2
2009-09-20s4:provision split provision of DNS zone and self join keytabAndrew Bartlett4-28/+34
2009-09-20s4-selftest: disable RAP-SCAN testAndrew Tridgell1-0/+1
also pointless now we have docs
2009-09-20s4-selftest: disable RPC-COUNTCALLS Andrew Tridgell1-0/+1
The RPC-COUNTCALLS was useful when we were working out IDL by hand
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova6-14/+405
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-21Merge branch 'master' of git://git.samba.org/sambaMatthias Dieter Wallnöfer1-0/+29
2009-09-20s4:python tools - try to fix some test problemsMatthias Dieter Wallnöfer3-14/+16
2009-09-20s4:samba3sam.py test - remove the primary group ID attribute hereMatthias Dieter Wallnöfer1-7/+2
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm).
2009-09-20s4:sec_descriptor - fix constantMatthias Dieter Wallnöfer1-4/+4
2009-09-20Disable descriptor module unless enabled in smb.confNadezhda Ivanova1-0/+29
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf
2009-09-20s4:dsdb/common/util - Check for the right forest/domain function levelMatthias Dieter Wallnöfer1-0/+57
This adds a function which performs the check for the supported forest and domain function levels. On an unsuccessful result a textual error message can be created (parameter "errmsg" != NULL) which gives hints for the user to help him fixing the issue.
2009-09-20s4:server.c - add linespace (only cosmetic)Matthias Dieter Wallnöfer1-1/+2
2009-09-20s4:domainlevel - fixed another errorMatthias Dieter Wallnöfer1-26/+9
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a copy of the one under the directory root object. Therefore there doesn't exist the "Windows 2000 Mixed" forest level.
2009-09-20Fixed a difference in domain sid type when SID is provided by user.Nadezhda Ivanova1-1/+4
2009-09-20s4:ldb_parse - Fix the type of an array entryMatthias Dieter Wallnöfer1-1/+1
I found this through a compile warning. Hope that I got this right.
2009-09-20s4:provision_configuration - fix "sPNMappings"Matthias Dieter Wallnöfer1-2/+1
I reread some docs about this attributes and it seems that this as mapping attribute isn't host specific but in common for the whole domain. To allow Windows DCs to join our s4 domain sooner or later we have to provide the full attribute.
2009-09-20s4:domainlevel - further improvementsMatthias Dieter Wallnöfer1-9/+50
- The tool displays now also mixed/interim domain levels and warns about them (s4 isn't capable to run on them) - But it allows now also to raise/step-up from them - It displays now also levels higher than 2008 R2 (altough we don't support them yet) but to be able to get a correct output
2009-09-20s4:provision: add the 'resolve_oids' on the top of the module stackStefan Metzmacher1-1/+2
metze
2009-09-20dsdb/samdb: add resolve_oids moduleStefan Metzmacher2-0/+438
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze
2009-09-20s4:build: require ldb 0.9.7Stefan Metzmacher1-1/+1
metze
2009-09-20s4:ldb: add ldb_parse_tree_copy_shallow() and change version to 0.9.7Stefan Metzmacher3-1/+65
metze
2009-09-19s4-auth: add SID_NT_ENTERPRISE_DCS is a server trust accountAndrew Tridgell1-1/+13
2009-09-19s4-drs: security checking on DRS needs to default to onAndrew Tridgell1-1/+2
2009-09-19s4-ldb: display an error if we can't decode a NDR blobAndrew Tridgell1-1/+3
2009-09-19s4-repl: need param.h for lp_parm_boolAndrew Tridgell1-0/+1
2009-09-19Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.cAnatoliy Atanasov1-0/+8
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov3-14/+8
2009-09-19Add drs_security_level_check for dcesrv calls security checksAnatoliy Atanasov6-20/+36
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-20s4:provision_basedn_modify - fix the "auditPolicy" attributeMatthias Dieter Wallnöfer1-1/+2
I had to think about how to encode the string 0x0001 (taken from Windows Server). The problem is due to the "0" byte at the beginning of it. BASE64 encoding seems a good method to do it.
2009-09-19s4:utils Remove typo...Andrew Bartlett1-1/+0
2009-09-19s4:dsdb Print the partition we failed to suggest replication forAndrew Bartlett1-1/+2
2009-09-19s4:utils Explian fix for testparm -vAndrew Bartlett1-2/+6
The problem here was that we take an address of a bool, and then (via a void*) cast it to a int *, so put this in a comment. Andrew Bartlett
2009-09-19s4-ldb: bump minimum version in ldb tooAndrew Tridgell1-1/+1
2009-09-19more include minimisationAndrew Tridgell12-41/+0
2009-09-19tdb: increase minor versionAndrew Tridgell1-1/+1
we depend on reads in transactions for s4 replication
2009-09-19s4-smbd: removed unnecessary includesAndrew Tridgell5-11/+0
2009-09-19s4-scripts: make minimal_includes handle our -I overridesAndrew Tridgell1-10/+20