summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-02-21s4:partition DSDB module - Cosmetic fixupsMatthias Dieter Wallnöfer1-16/+23
2010-02-21s4:password_hash - Fix up request message pointersMatthias Dieter Wallnöfer1-7/+7
For add requests we need the add request messages, for modify requests we need the modify request messages.
2010-02-21s4:dsdb/util.c - Use LDB result constants in some more helper functionsMatthias Dieter Wallnöfer1-11/+11
Always better to rely on the standards rather than on custom results.
2010-02-21s4:provision.py - try to use other addresses than "127.0.0.x" and "::1"Matthias Dieter Wallnöfer1-2/+10
On production systems a user for sure strongly disagrees to use local IP addresses (how should the server be accessible?). Therefore if the user didn't specify an IP as provision option and in the "/etc/hosts" file we have at least one not-local IP which resolves to our hostname use this or one of them. Notice: if a host has more public IP addresses with the same name assigned the behaviour is non-deterministic (well, okay - by the entries order it is). But then the user is invited to specify the host IP manually. This should address bug #5484.
2010-02-21s4:AD content - Implement the new password settings containerMatthias Dieter Wallnöfer1-0/+5
2010-02-21s4:AD content - adequate some revision levels to match Windows Server 2008Matthias Dieter Wallnöfer2-5/+5
2010-02-21s4:AD content - Add the DFSR objects which exist on Windows Server >= 2008Matthias Dieter Wallnöfer2-4/+22
Those replace the FRS ones.
2010-02-21cleanupSimo Sorce1-133/+131
remove trailing spaces, tabs and blank lines
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett8-65/+197
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-19s4:lsa open trusted domain also with dns nameSimo Sorce1-3/+7
When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available.
2010-02-19remove trailing tabs and spacesSimo Sorce1-9/+9
2010-02-19readability reformattingSimo Sorce1-28/+36
stop this function from maiking my eyes bleed
2010-02-20s4:rpc_server Add a 'if_version' parameter to the bind operation.Andrew Bartlett3-4/+6
This allows the interface version to be forwarded to the remote server in the RPC proxy, both in the endpoint lookup and the subsequent bind. Andrew Bartlett
2010-02-19s4-smbtorture: more work on devicemode tests.Günther Deschner1-35/+63
Guenther
2010-02-19s4-smbtorture: explain failure conditions in printer device mode tests a ↵Günther Deschner1-11/+20
little more. Guenther
2010-02-19s4-smbtorture: add --option=torture:spoolss_check_size=yes.Günther Deschner1-0/+6
This disables the size calculation comparison by default. Guenther
2010-02-19s4-smbtorture: print more comments while running SD and DM tests in ↵Günther Deschner1-15/+14
RPC-SPOOLSS-PRINTER. Guenther
2010-02-19s4:selftest Add test for the RPC proxyAndrew Bartlett1-0/+3
2010-02-19s4:rpc_server Record the remote connections association group IDAndrew Bartlett2-6/+39
By recording the association group the remote server assigned to our proxied RPC connection, we can ensure we use the same value when the client wishes to use it. This isn't stored in a private pointer, as mapiproxy will want to use this feature too. Andrew Bartlett
2010-02-19s4:winbind Make the 'no SID found' message even more detailedAndrew Bartlett2-5/+26
Now we give the user a clue as to what may be wrong, and the file path that we could not find the domain SID in. Andrew Bartlett
2010-02-17Revert "Got back to 16-byte padding on auth RPC. S3 clients and servers now ↵Jeremy Allison1-6/+4
cope with this. Jeremy" This reverts commit 38c50c7027d2a2a9a3df060b74b2a2efce4d9e6f. As tridge requested, we need this to work with older S3 servers, not just for smbtorture4. Jeremy.
2010-02-18s4-smbtorture: skip printer info cross tests against samba 3 for now.Günther Deschner1-0/+4
Not even w2k8r2 passes them atm. Guenther
2010-02-18s4-smbtorture: try more combinations to find printers in ↵Günther Deschner1-0/+14
test_EnumPrinters_findname(). Also take a note of servers returning full UNC printer paths although we did not set the servername. Guenther
2010-02-18s4-smbtorture: simplify test_PrinterInfo_DevMode a bit.Günther Deschner1-17/+4
Guenther
2010-02-18s4-smbtorture: avoid potential loop while adding a new printer in ↵Günther Deschner1-0/+7
RPC-SPOOLSS-PRINTER. Guenther
2010-02-17Got back to 16-byte padding on auth RPC. S3 clients and servers now cope ↵Jeremy Allison1-4/+6
with this. Jeremy
2010-02-18s4:param Modify secrets_get_domain_sid to give more useful errorsAndrew Bartlett5-87/+55
This also moves the calls to secrets_get_domain_sid back into winbind_task_init(), so that we can terminate with a much more detailed error message. (The previous message was simply NT_STATUS_CANT_ACCESS_DOMAIN_INFO). Andrew Bartlett
2010-02-17s4/rodc: change the libnet_become_dc code to do RODC joinAnatoliy Atanasov3-6/+59
2010-02-17s4/drs:kccdrs_replica_get_info_obj_metadata implementationAnatoliy Atanasov3-20/+96
Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl The get_info_obj_metadata implementation is ported from implementation i developed and tested at the samba io lab 2009
2010-02-17s4/ldap: Refactor the fix for ldap nested searchesKamen Mazdrashki2-13/+15
Current implementation synchronizes processing for all types of LDAP request, not only LDAP_Search ones. Synchronization for ldap replies processing is done locally in ldb_ildap module as this concerns only ildb_callback() function. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-02-17s4-smbtorture: unify test list to run against single created printers in ↵Günther Deschner1-18/+28
RPC-SPOOLSS-PRINTER. This is to make sure we run the same tests for printers created via AddPrinter and via AddPrinterEx. Guenther
2010-02-17s4-smbtorture: also test level 2 sets for devicemodes and see if they persist.Günther Deschner1-0/+21
Guenther
2010-02-17s4-smbtorture: refactor setprinter devicemode calls in RPC-SPOOLSS-PRINTER.Günther Deschner1-19/+71
Guenther
2010-02-17s4-provision: freeze the DNS zone before creating the zone fileAndrew Tridgell1-2/+10
This prevents bind from getting confused if it has a journal for the zone.
2010-02-17s4-dnsupdate: use samba_runcmd() in the dns update taskAndrew Tridgell2-17/+37
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-17s4-param: added "rndc command" smb.conf optionAndrew Tridgell2-0/+5
2010-02-17s4-provision: fix permissions on generated DNS zone fileAndrew Tridgell1-9/+11
The zone file needs to be writeable by bind to allow for it to flush its journal on dynamic updates Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-17s4-rpc: paranoid check for auth_lengthAndrew Tridgell1-0/+11
This is not strictly needed as the ndr_pull_advance() checks it a few lines further down, but I want to save Jeremy getting more grey hairs :-)
2010-02-16s4-kcc: remove a qsort() that snuck into the new topology codeAndrew Tridgell1-2/+1
2010-02-16s4-rpc: don't use auth padding in rpc bind requests as it breaks s3Andrew Tridgell1-0/+7
The s3 RPC server returns a bind_nak if it gets a rpc bind with auth padding. This change forces a padding length of zero to maximimise compatibility with s3 servers. I've left the padding code in as a #if 0 to make it easier for us to test/fix the s3 server code, which should be changed to correctly handle arbitrary auth padding in all rpc requests with auth trailers.
2010-02-16s4-dcerpc: fixed auth padding to be relative to the stub, not packetAndrew Tridgell2-10/+17
The recent dcerpc padding changes made our padding relative to the packet header, instead of the start of the stub. Surprisingly, this broke w2k8r2 doing a dcpromo join to a s4 server. It seems that w2k8r2 is very fussy about the padding it gets in some circumstances.
2010-02-16s4-dsdb: return LDB_ERR_CONSTRAINT_VIOLATION on num_recs != 1Andrew Tridgell1-1/+1
In a single record search, LDB_ERR_CONSTRAINT_VIOLATION is more useful than the generic LDB_ERR_OPERATIONS_ERROR Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-samdb: use dsdb_search() in cracknamesAndrew Tridgell1-57/+24
greatly simplifies some of the cracknames code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-kcc: remove search_onelevel_with_deleted() in kccAndrew Tridgell1-52/+3
Use dsdb_search() instead Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: removed gendb_search_single_extended_dn()Andrew Tridgell2-15/+19
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()Andrew Tridgell5-33/+86
dsdb_find_dn_by_guid() now takes a struct GUID instead of a guid_string. All the callers in fact wanted a struct GUID, so we now avoid the extra conversion. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: replace dsdb_find_dn_by_guid() with a dsdb_search() callAndrew Tridgell1-67/+84
much simpler code by using dsdb_flags Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: change dsdb_search_dn_with_deleted() to dsdb_search_dn() with ↵Andrew Tridgell1-56/+58
dsdb_flags Allows for arbitrary controls
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell12-95/+52
This allows for controls to be added easily where they are needed.
2010-02-16s4-dsdb: replace dsdb_modify_permissive() with dsdb_modify() and dsdb_flagsAndrew Tridgell4-40/+45