summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-11-12upgradeprovision: use relaxed control while adding missing object containerMatthieu Patou1-1/+3
2010-11-12upgradeprovision: fix pb with dns-hostname, regenerate a correct keytabMatthieu Patou2-1/+75
2010-11-12upgradeprovision: use the relax/(upgrade)provision when modifying objectMatthieu Patou1-1/+8
For certain attribute we use the relax/provision control so that we try to respect checks as this is not a good idea to always force unwanted behavior.
2010-11-12upgradeprovision: use the (upgrade)provision control alsoMatthieu Patou1-2/+2
2010-11-12upgradeprovision: update revision for forestupdate and domainupdate objectsMatthieu Patou1-1/+4
2010-11-12samldb: relax groupType modification checksMatthieu Patou1-27/+32
Allow programs with the PROVISION control to bypass groupType checks. This is needed by upgradeprovision for older alpha (11, 10 ...)
2010-11-12Add a script to make backup of samba provisionMatthieu Patou1-0/+65
2010-11-12s4:objectclass LDB module - we should not simply ignore additional ↵Matthias Dieter Wallnöfer2-2/+29
"objectClass" attribute changes There first one we perform all other tentatives are terminated with ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows). Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
2010-11-12s4:repl_meta_data LDB module - convert two debug messages into error messagesMatthias Dieter Wallnöfer1-4/+4
These regarding "objectGUID".
2010-11-12s4:samldb/objectclass_attrs LDB modules - move "description" logic from ↵Matthias Dieter Wallnöfer4-198/+245
"objectclass_attrs" into "samldb" This according to an answer from dochelp is SAM specific behaviour.
2010-11-12s4: Remove obsolete mkversion.shJelmer Vernooij1-133/+0
2010-11-12samba_version: When working from git checkout, display git revision SHA1 ratherJelmer Vernooij1-1/+1
than Bazaar revision ids.
2010-11-12torture: Only add in tests for socket_wrapper/nss_wrapper when they have ↵Jelmer Vernooij2-2/+18
been enabled.
2010-11-12unix_privs: Add missing dependency on libreplace.Jelmer Vernooij1-1/+1
2010-11-12heimdal_build: Add missing dependency on replace, necessary because ↵Jelmer Vernooij1-1/+1
replace.h is included.
2010-11-12Lowercase DNS_UPDATE_SRV name.Jelmer Vernooij1-1/+1
2010-11-12s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell5-66/+782
when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
2010-11-12s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODCAndrew Bartlett1-1/+7
This means that when we are an RODC, and an account does not have the password attributes, we can now indicate to the kdc code that it should forward the request to a real DC. (The proxy code itself is not in this commit). Andrew Bartlett
2010-11-12heimdal Return HDB_ERR_NOT_FOUND_HERE to the callerAndrew Bartlett3-11/+34
This means that no reply packet should be generated, but that instead the user of the libkdc API should forward the packet to a real KDC, that has a full database. Andrew Bartlett
2010-11-12s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell3-53/+59
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-12s4-kdc: we don't need the special include handling nowAndrew Tridgell1-6/+0
the special handling was to cope with the conflict with the kdc.h header Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-12s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell6-5/+5
kdc.h conflicts with a heimdal header name
2010-11-11s4-tests: Make repl_schema.py test part of Samba4 test suiteKamen Mazdrashki1-0/+1
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Thu Nov 11 19:38:18 UTC 2010 on sn-devel-104
2010-11-11s4-repl: Propagate remote prefixMap in DRSUAPI data conversion functionsKamen Mazdrashki3-4/+31
2010-11-11s4-dsdb_syntax: Warning message that we can't find requested ATTID in Schema ↵Kamen Mazdrashki1-0/+1
Cache
2010-11-11s4-prefixMap: dsdb_schema_pfm_oid_from_attid() to use const prefixMapKamen Mazdrashki1-1/+2
It is not supposed to change supplied prefixMap
2010-11-11s4-dsdb_syntax: Use remote prefixMap to handle generic cases in ↵Kamen Mazdrashki1-2/+7
drsuapi_to_ldb conversions
2010-11-11s4-dsdb_syntax: Add remote prefixMap member for dsdb_syntax conversionsKamen Mazdrashki2-0/+5
2010-11-11s4-repl: dsdb_extended_replicated_objects_convert -> ↵Kamen Mazdrashki4-54/+54
dsdb_replicated_objects_convert/ It is part of dsdb_replicated_* family of functions
2010-11-11s4-repl: dsdb_extended_replicated_objects_commit -> ↵Kamen Mazdrashki3-9/+8
dsdb_replicated_objects_commit It is part of dsdb_replicated_* family of functions
2010-11-11s4-repl: dsdb_convert_object -> dsdb_origin_object_convertKamen Mazdrashki1-7/+7
It is used in dsdb_origin_objects_commit() func, hence the dsdb_origin_ prefix
2010-11-11s4-test: repl_schema - Make sure LdbError and ERR_NO_SUCH_OBJECT are visibleKamen Mazdrashki1-0/+1
2010-11-11s4/test: Expand BindTestAnatoliy Atanasov1-20/+60
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104
2010-11-11s4/test: Add bind.py to make testAnatoliy Atanasov1-0/+1
bind.py is a place to have tests for ldb binding with different credentials. For starter we have a simple bind with machine account.
2010-11-11heimdal Don't dereference NULL in error verify_checksum error pathAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
2010-11-11s4-provision UTF16 encode the password in sam.ldb, not secrets.ldbAndrew Bartlett1-2/+2
The password in secrets.ldb is UTF8, while clearTextPassword in sam.ldb is UTF16. This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which had these the wrong way around. Andrew Bartlett
2010-11-11s4-dsdb Remove incorrectly declared ** variable used as *.Andrew Bartlett1-6/+3
The cleartext_utf16_str variable was declared char **, but due to the cast on convert_string_talloc() and the lack of type checking here and on data_blob_const (due to void *) it was able to be used as if it was a char *. The simple solution seems to be to fill in cleartext_utf16 blob directly. Andrew Bartlett
2010-11-11s4-dsdb Convert new krbtgt_xxx password into UTF16Andrew Bartlett1-1/+12
The new stricter test on clearTextPassword values caught out that we did not provide a utf16 password here. Andrew Bartlett
2010-11-11s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8Andrew Bartlett1-1/+5
The UTF16MUNGED helper will map all invalid sequences (except odd input length) to valid input sequences, per the rules. Therefore if it fails, we need to bail out, somehing serious is wrong. Andrew Bartlett
2010-11-11ldb:ldb_ldap.c rename operation - check for the RDN name and valueMatthias Dieter Wallnöfer1-3/+11
Make it more similar to "ldb_ildap.c" and also more save
2010-11-11s4:dsdb - proof against empty RDN values where expectedMatthias Dieter Wallnöfer5-5/+40
This should prevent crashes as pointed out on the mailing list.
2010-11-11Cannot create OU using custom Schema classZahari Zahariev1-0/+56
If we define our own child class 'subClassOf' system Schema class e.g. organizationalUnit then we cannot create OU in the Dafualt Naming Context that has this custom Schama class in the objectClass attribute.
2010-11-11s4:objectclass LDB module - allow RDNs also to come from superclassesMatthias Dieter Wallnöfer1-11/+39
Detected by a testcase written by Zahari Zahariev.
2010-11-11s4:passwords.py - add a test for the normal "userPassword" behaviourMatthias Dieter Wallnöfer1-1/+97
Just to make sure that this works now too
2010-11-11s4:password_hash and acl LDB modules - handle the "userPassword" attribute ↵Matthias Dieter Wallnöfer4-12/+59
according to the "dSHeuristics"
2010-11-11s4:password_hash LDB module - move "samdb_msg_find_old_and_new_ldb_val" into ↵Matthias Dieter Wallnöfer2-78/+77
the password_hash LDB module It's only used there and so I think it doesn't really belong in "dsdb/common/util.c" (I first thought that it could be useful for ACL checking but obviously it wasn't).
2010-11-11s4:libnet/libnet_samsync_ldb.c - remove "userPassword" remove codeMatthias Dieter Wallnöfer1-6/+0
It could also be a normal attribute with a normal content, and if it's not like that then it's for sure empty.
2010-11-11s4:local_password LDB module - remove schema checking code and fix some typosMatthias Dieter Wallnöfer1-12/+6
This is now done by the "objectclass_attrs" LDB module.
2010-11-11s4:ldb_modules/util.c - "dsHeuristics" -> "dSHeuristics"Matthias Dieter Wallnöfer1-2/+2
2010-11-11s4:selftest/tests.py - skip the "passwords.py" suite on Windows 2000 domain ↵Matthias Dieter Wallnöfer1-1/+5
function level The "userPassword" password change functionality isn't available and so it causes big parts of the testsuite to fail. On the other hand we've basic tests in "acl.py" and indirectly also over SAMR and kpasswd so I propose to simply skip it.