summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-12-05samba-tool: add a function to cleanly demote a DCMatthieu Patou2-2/+257
samba-tool domain demote allow the local DC to properly demote against Microsoft and Samba DC.
2011-12-05s4-python: factorize the definition of get_dsServiceNameMatthieu Patou4-18/+14
2011-12-05s4-python: externalize some function to the drs_utils module so that they ↵Matthieu Patou2-25/+66
can be reused
2011-12-05s4-python: rename conflicting variable with the import optionMatthieu Patou1-2/+2
2011-12-03s4 dns: Test SOA queriesKai Blin1-0/+32
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Sat Dec 3 20:52:51 CET 2011 on sn-devel-104
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij17-59/+59
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-12-01s4-ntvfs: added allow_override check based on use of NT ACLAndrew Tridgell10-41/+59
This disables the posix permission override if the calculated permissions did not come from a NT ACL. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104
2011-12-01s4-ntvfs: fixed a unix ACL mapping bugAndrew Tridgell1-21/+25
the ACL mapping code was incorrectly allowing creation of directories in some situations where it should be denied by the unix permissions
2011-11-30s4-tests: Use long option names in test list script, to prevent 'eating' ↵Jelmer Vernooij1-38/+38
--list argument when e.g. is not set.
2011-11-30s4-testlist: Write diagnostic info to stderr, and purely test info to stdout.Jelmer Vernooij1-2/+2
2011-11-30s4:lib/tls - call "gnutls_transport_set_lowat" only on GNUTLS < 3.0Matthias Dieter Wallnöfer2-0/+8
This function call together with the lowat feature has been removed in release 3.0 as described in this mailing list post: http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html. Since we do not make any use of lowat (esprimed by each function call) we are free to simply omit it on v3.0 and later. This addresses bug #8537. Reviewed by: abartlet + metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104
2011-11-30s4:gensec/spnego: only try the mechs that match the client given onesStefan Metzmacher1-0/+4
Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
2011-11-30s4:libcli/raw: implement on top of smbXcli_conn/reqStefan Metzmacher20-1812/+1033
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 15:13:36 CET 2011 on sn-devel-104
2011-11-30s4:libcli: do the nbss session request within smbcli_sock_connect_*()Stefan Metzmacher4-147/+108
metze
2011-11-30s4:libcli/raw: remove unused functionsStefan Metzmacher2-76/+0
metze
2011-11-30s4:libcli: use smbcli_sock_connect() in smbcli_socket_connect()Stefan Metzmacher1-5/+11
metze
2011-11-30s4:libcli: move smbcli_transport_establish() logic into smbcli_socket_connect()Stefan Metzmacher4-38/+32
metze
2011-11-30s4:libcli: convert smbcli_transport_connect_* to tevent_reqStefan Metzmacher3-92/+240
metze
2011-11-30s4:lib/socket: add socket_connect_multi_ex_*Stefan Metzmacher2-10/+147
This add an async establish hook, that gets called before a connection success is detected. This can be used to do a NBT session request and it makes sure that we don't cancel the connection on port 445, just because the tcp connect on port 139 worked. metze
2011-11-30s4-kdc: Add hdb plugin for samba4, to allow kadmin to workAndrew Bartlett6-43/+104
This will help users who are used to the kadmin interface, and could be extended to import existing MIT or Heimdal keys into a Samba4 AD domain. To use, add to your krb5.conf [kdc] database = { dbname = samba4: } or [kdc] database = { dbname = samba4:/usr/local/samba/etc/smb.conf } And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
2011-11-29s4:libcli/raw: copy smbcli_transport_connect_* to clisocket.cStefan Metzmacher2-124/+123
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 29 17:34:52 CET 2011 on sn-devel-104
2011-11-29s4:libcli/raw: add transport->ev as copy of transport->socket->event.ctxStefan Metzmacher8-6/+9
We'll remove transport->socket soon, but removing transport->ev will take a bit longer. metze
2011-11-29s4:torture: use tctx->ev as event context for pollingStefan Metzmacher6-22/+14
metze
2011-11-29s4:gentest: get the tid from the smbcli_tree structStefan Metzmacher1-2/+4
metze
2011-11-29s4:libcli/smb2: make sure only one idle event runs at a timeStefan Metzmacher2-9/+17
metze
2011-11-29s4:python: add --machinepass option to 'samba-tool domain join'Stefan Metzmacher1-5/+11
metze
2011-11-29s4:python/samba/join.py: add optional 'machinepass' parameter to join_*()Stefan Metzmacher1-6/+12
metze
2011-11-29s4:python/samba/join.py: add optional 'machinepass' parameter to class dc_joinStefan Metzmacher1-2/+6
metze
2011-11-29s4:py_net: add optional 'machinepass' parameter to py_net_join_member()Stefan Metzmacher1-3/+4
metze
2011-11-29s4:libnet: make it possible to join with a given machine passwordStefan Metzmacher2-4/+16
metze
2011-11-29s4:libnet/py_net: ZERO_STRUCT() struct libnet_Join_member in ↵Stefan Metzmacher1-0/+2
py_net_join_member() metze
2011-11-29s4:torture/rpc: use talloc_zero() in torture_join_domain()Stefan Metzmacher1-2/+2
metze
2011-11-29s4:libnet: use talloc_zero(struct libnet_JoinDomain) in libnet_Join_member()Stefan Metzmacher1-2/+1
metze
2011-11-29s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett5-70/+163
This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-29s4-provision: Fix the security ace for DnsAdmins group on DNS recordsAmitay Isaacs1-12/+19
Find the objectSid for DnsAdmins group and use that instead of a fixed sid. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Nov 29 07:38:06 CET 2011 on sn-devel-104
2011-11-29s4-repl: Check if GC SPN exists before using it for replicationAmitay Isaacs1-3/+54
Sometimes windows DC will set up dNSHostname before setting up GC SPN and that causes replication errors since samba tries to use GC SPN, which does not yet exist locally. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-provision: Make BIND9_DLZ as the default backend for DNSAmitay Isaacs4-6/+6
2011-11-29dlz_bind9: Added access check to verify dynamic updateAmitay Isaacs2-17/+167
This creates session info from kerberos ticket and verifies if the signer has write access to a particular DN corresponding to the name in dynamic update. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29dlz_bind9: Use the sam database in dns/ as defaultAmitay Isaacs2-60/+14
This change is introduced to access samdb copy directly, rather than over ildap. The advantage is that the samba server does not need to be running for bind9 to start.
2011-11-29s4-provision: Create a samdb copy for access by dlz_bind9 moduleAmitay Isaacs4-56/+158
This creates a copy of rootdse, configuration and schema partitions for dlz_bind9 use in dns/ directory. Since dlz_bind9 requires write access to DNS partitions (DomainDnsZones and ForestDnsZones), those partitions are hard-linked (or symlinked) to the actual partitions. An empty domain partition is created so samdb layer can work.
2011-11-29s4-provision: Extract security descriptors in separate fileAmitay Isaacs2-77/+111
Need to use domain security descriptor from sambadns.py also.
2011-11-29s4-test: Remove metadata and ldb.d directory on clean upAmitay Isaacs1-0/+5
When using partitions, metadata.tdb automatically gets created in ${prefix}ldb.d/ directory. To correctly clean up check if metadata.tdb exists, then remove metadata.tdb and directory.
2011-11-29s4-samdb: seqence_number() operation must be in a transactionAmitay Isaacs1-0/+14
2011-11-29s4-dsdb: Added metadata to partition module for global sequence numberAmitay Isaacs5-17/+612
This adds support for global sequence number which is independent of partition information. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: use dsdb_module_extended instead of duplicate codeAmitay Isaacs2-31/+13
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Return ldb_result context in dsdb_module_extendedAmitay Isaacs1-3/+20
The result of the extended operation is now available in the calling routine. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number supportAmitay Isaacs2-140/+13
This was a hack for LDAP backends to store a sequence number as a timestamp. It is still supported in standalone ldb tdb backend. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-27s4:torture/ldap/cldap.c - remove the ↵Matthias Dieter Wallnöfer1-87/+4
"test_cldap_netlogon_flag_ds_dns_forest" test The test is wrong since the DNS_* (DS_DNS_CONTROLLER, DS_DNS_DOMAIN, DS_DNS_FOREST_ROOT) flags are never set on the plain CLDAP pipe. They get added only over the DsRGetDCName* calls over NETLOGON RPC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Nov 27 16:23:27 CET 2011 on sn-devel-104
2011-11-27s4:selftest/test_samba_tool.sh - add a basic unit test for the new "domain ↵Matthias Dieter Wallnöfer2-6/+9
info" command Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27samba-tool: domain info - add basic exception handlingMatthias Dieter Wallnöfer1-2/+4
It is nicer to get an error message rather than a stacktrace on wrong IP addresses. Signed-off-by: Stefan Metzmacher <metze@samba.org>