Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-11-12 | upgradeprovision: use relaxed control while adding missing object container | Matthieu Patou | 1 | -1/+3 | |
2010-11-12 | upgradeprovision: fix pb with dns-hostname, regenerate a correct keytab | Matthieu Patou | 2 | -1/+75 | |
2010-11-12 | upgradeprovision: use the relax/(upgrade)provision when modifying object | Matthieu Patou | 1 | -1/+8 | |
For certain attribute we use the relax/provision control so that we try to respect checks as this is not a good idea to always force unwanted behavior. | |||||
2010-11-12 | upgradeprovision: use the (upgrade)provision control also | Matthieu Patou | 1 | -2/+2 | |
2010-11-12 | upgradeprovision: update revision for forestupdate and domainupdate objects | Matthieu Patou | 1 | -1/+4 | |
2010-11-12 | samldb: relax groupType modification checks | Matthieu Patou | 1 | -27/+32 | |
Allow programs with the PROVISION control to bypass groupType checks. This is needed by upgradeprovision for older alpha (11, 10 ...) | |||||
2010-11-12 | Add a script to make backup of samba provision | Matthieu Patou | 1 | -0/+65 | |
2010-11-12 | s4:objectclass LDB module - we should not simply ignore additional ↵ | Matthias Dieter Wallnöfer | 2 | -2/+29 | |
"objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104 | |||||
2010-11-12 | s4:repl_meta_data LDB module - convert two debug messages into error messages | Matthias Dieter Wallnöfer | 1 | -4/+4 | |
These regarding "objectGUID". | |||||
2010-11-12 | s4:samldb/objectclass_attrs LDB modules - move "description" logic from ↵ | Matthias Dieter Wallnöfer | 4 | -198/+245 | |
"objectclass_attrs" into "samldb" This according to an answer from dochelp is SAM specific behaviour. | |||||
2010-11-12 | s4: Remove obsolete mkversion.sh | Jelmer Vernooij | 1 | -133/+0 | |
2010-11-12 | samba_version: When working from git checkout, display git revision SHA1 rather | Jelmer Vernooij | 1 | -1/+1 | |
than Bazaar revision ids. | |||||
2010-11-12 | torture: Only add in tests for socket_wrapper/nss_wrapper when they have ↵ | Jelmer Vernooij | 2 | -2/+18 | |
been enabled. | |||||
2010-11-12 | unix_privs: Add missing dependency on libreplace. | Jelmer Vernooij | 1 | -1/+1 | |
2010-11-12 | heimdal_build: Add missing dependency on replace, necessary because ↵ | Jelmer Vernooij | 1 | -1/+1 | |
replace.h is included. | |||||
2010-11-12 | Lowercase DNS_UPDATE_SRV name. | Jelmer Vernooij | 1 | -1/+1 | |
2010-11-12 | s4-kdc: added proxying of kdc requests for RODCs | Andrew Tridgell | 5 | -66/+782 | |
when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104 | |||||
2010-11-12 | s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODC | Andrew Bartlett | 1 | -1/+7 | |
This means that when we are an RODC, and an account does not have the password attributes, we can now indicate to the kdc code that it should forward the request to a real DC. (The proxy code itself is not in this commit). Andrew Bartlett | |||||
2010-11-12 | heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller | Andrew Bartlett | 3 | -11/+34 | |
This means that no reply packet should be generated, but that instead the user of the libkdc API should forward the packet to a real KDC, that has a full database. Andrew Bartlett | |||||
2010-11-12 | s4-kdc: split the kdc process return into a tri-state | Andrew Tridgell | 3 | -53/+59 | |
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-11-12 | s4-kdc: we don't need the special include handling now | Andrew Tridgell | 1 | -6/+0 | |
the special handling was to cope with the conflict with the kdc.h header Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-11-12 | s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.h | Andrew Tridgell | 6 | -5/+5 | |
kdc.h conflicts with a heimdal header name | |||||
2010-11-11 | s4-tests: Make repl_schema.py test part of Samba4 test suite | Kamen Mazdrashki | 1 | -0/+1 | |
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Nov 11 19:38:18 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s4-repl: Propagate remote prefixMap in DRSUAPI data conversion functions | Kamen Mazdrashki | 3 | -4/+31 | |
2010-11-11 | s4-dsdb_syntax: Warning message that we can't find requested ATTID in Schema ↵ | Kamen Mazdrashki | 1 | -0/+1 | |
Cache | |||||
2010-11-11 | s4-prefixMap: dsdb_schema_pfm_oid_from_attid() to use const prefixMap | Kamen Mazdrashki | 1 | -1/+2 | |
It is not supposed to change supplied prefixMap | |||||
2010-11-11 | s4-dsdb_syntax: Use remote prefixMap to handle generic cases in ↵ | Kamen Mazdrashki | 1 | -2/+7 | |
drsuapi_to_ldb conversions | |||||
2010-11-11 | s4-dsdb_syntax: Add remote prefixMap member for dsdb_syntax conversions | Kamen Mazdrashki | 2 | -0/+5 | |
2010-11-11 | s4-repl: dsdb_extended_replicated_objects_convert -> ↵ | Kamen Mazdrashki | 4 | -54/+54 | |
dsdb_replicated_objects_convert/ It is part of dsdb_replicated_* family of functions | |||||
2010-11-11 | s4-repl: dsdb_extended_replicated_objects_commit -> ↵ | Kamen Mazdrashki | 3 | -9/+8 | |
dsdb_replicated_objects_commit It is part of dsdb_replicated_* family of functions | |||||
2010-11-11 | s4-repl: dsdb_convert_object -> dsdb_origin_object_convert | Kamen Mazdrashki | 1 | -7/+7 | |
It is used in dsdb_origin_objects_commit() func, hence the dsdb_origin_ prefix | |||||
2010-11-11 | s4-test: repl_schema - Make sure LdbError and ERR_NO_SUCH_OBJECT are visible | Kamen Mazdrashki | 1 | -0/+1 | |
2010-11-11 | s4/test: Expand BindTest | Anatoliy Atanasov | 1 | -20/+60 | |
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s4/test: Add bind.py to make test | Anatoliy Atanasov | 1 | -0/+1 | |
bind.py is a place to have tests for ldb binding with different credentials. For starter we have a simple bind with machine account. | |||||
2010-11-11 | heimdal Don't dereference NULL in error verify_checksum error path | Andrew Bartlett | 1 | -1/+1 | |
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104 | |||||
2010-11-11 | s4-provision UTF16 encode the password in sam.ldb, not secrets.ldb | Andrew Bartlett | 1 | -2/+2 | |
The password in secrets.ldb is UTF8, while clearTextPassword in sam.ldb is UTF16. This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which had these the wrong way around. Andrew Bartlett | |||||
2010-11-11 | s4-dsdb Remove incorrectly declared ** variable used as *. | Andrew Bartlett | 1 | -6/+3 | |
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett | |||||
2010-11-11 | s4-dsdb Convert new krbtgt_xxx password into UTF16 | Andrew Bartlett | 1 | -1/+12 | |
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett | |||||
2010-11-11 | s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8 | Andrew Bartlett | 1 | -1/+5 | |
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett | |||||
2010-11-11 | ldb:ldb_ldap.c rename operation - check for the RDN name and value | Matthias Dieter Wallnöfer | 1 | -3/+11 | |
Make it more similar to "ldb_ildap.c" and also more save | |||||
2010-11-11 | s4:dsdb - proof against empty RDN values where expected | Matthias Dieter Wallnöfer | 5 | -5/+40 | |
This should prevent crashes as pointed out on the mailing list. | |||||
2010-11-11 | Cannot create OU using custom Schema class | Zahari Zahariev | 1 | -0/+56 | |
If we define our own child class 'subClassOf' system Schema class e.g. organizationalUnit then we cannot create OU in the Dafualt Naming Context that has this custom Schama class in the objectClass attribute. | |||||
2010-11-11 | s4:objectclass LDB module - allow RDNs also to come from superclasses | Matthias Dieter Wallnöfer | 1 | -11/+39 | |
Detected by a testcase written by Zahari Zahariev. | |||||
2010-11-11 | s4:passwords.py - add a test for the normal "userPassword" behaviour | Matthias Dieter Wallnöfer | 1 | -1/+97 | |
Just to make sure that this works now too | |||||
2010-11-11 | s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵ | Matthias Dieter Wallnöfer | 4 | -12/+59 | |
according to the "dSHeuristics" | |||||
2010-11-11 | s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵ | Matthias Dieter Wallnöfer | 2 | -78/+77 | |
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't). | |||||
2010-11-11 | s4:libnet/libnet_samsync_ldb.c - remove "userPassword" remove code | Matthias Dieter Wallnöfer | 1 | -6/+0 | |
It could also be a normal attribute with a normal content, and if it's not like that then it's for sure empty. | |||||
2010-11-11 | s4:local_password LDB module - remove schema checking code and fix some typos | Matthias Dieter Wallnöfer | 1 | -12/+6 | |
This is now done by the "objectclass_attrs" LDB module. | |||||
2010-11-11 | s4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics" | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-11-11 | s4:selftest/tests.py - skip the "passwords.py" suite on Windows 2000 domain ↵ | Matthias Dieter Wallnöfer | 1 | -1/+5 | |
function level The "userPassword" password change functionality isn't available and so it causes big parts of the testsuite to fail. On the other hand we've basic tests in "acl.py" and indirectly also over SAMR and kpasswd so I propose to simply skip it. |