summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-09-18s4:various scripts under "setup" - UnificationMatthias Dieter Wallnöfer4-73/+74
- This unified the shape of those four scripts (comments, command sequence, call of SamDB) - To consider the samdb.py changes regarding the filter: there is now always the possibility either to specify the username or the search filter
2009-09-18s4:domainlevel/pwsettings - Remove unused importMatthias Dieter Wallnöfer2-2/+0
2009-09-18s4:samdb.py - Unification of the interfacesMatthias Dieter Wallnöfer2-38/+54
- When a user account is requested by a call always the search filter will be passed as argument. This helps us to unify the API - Add/fix some comments; in particular new comments inform the developer which requirements exist if he wants to use calls which manipulate the "userPassword" attribute (On s4 no problem - but on certain domain levels on Windows Server)
2009-09-18s4:minschema/fullschema - add correct header commentsMatthias Dieter Wallnöfer2-2/+2
2009-09-18s4:rpc_server: remove some now unused codeStefan Metzmacher2-199/+0
metze
2009-09-18s4:ntvfs_ipc: add real named pipe supportStefan Metzmacher2-236/+652
We now open a named via the named_pipe_auth code and process IO via the tstream interface. This means we support byte mode and message mode named pipes. We also correctly issue NT_STATUS_PIPE_BUSY when a smb_trans request comes in and a read or smb_trans is already pending. We also have support for async dcerpc over ncacn_np now, and we now can remove the ncacn_np specific hacks from the rpc_server/ code. metze
2009-09-18s4:torture: the spoolss notify test should listen on the ncacn_np endpointStefan Metzmacher1-0/+20
metze
2009-09-18s4:rpc_server: export dcesrv_add_ep() so that torture tests can use itStefan Metzmacher2-5/+9
metze
2009-09-18s4:service_named_pipe: accept delegated credentialsStefan Metzmacher2-3/+101
metze
2009-09-18s4:torture: don't use 'pipe' as variable name it's a system callStefan Metzmacher1-3/+3
metze
2009-09-18s4:heimdal/gssapi/krb5: set cred_handle in _gsskrb5_import_credStefan Metzmacher1-0/+1
metze
2009-09-18s4:domainlevel - fix indentationsMatthias Dieter Wallnöfer1-4/+4
2009-09-18s4:domainlevel - Add a script which allows raising the domain/forest levelMatthias Dieter Wallnöfer1-0/+181
This simple script allows raising the domain and/or forest level for s4. I integrated also the basic checks (since we don't perform them in LDB yet): e.g. the forest level can't be higher than the domain level(s).
2009-09-18s4:pwsettings - Simplify the error handling a bitMatthias Dieter Wallnöfer1-5/+2
2009-09-18python: create a script for reorgnizing an LDB file.Matthieu Patou1-0/+60
This script helps to reclaim waisted place.
2009-09-18s4:provision - Bump down the domain and forest level to Windows 2000Matthias Dieter Wallnöfer2-9/+10
- The DC level we keep on Windows Server 2008 R2 (we should call ourself always the newest server type) - The domain/forest level we set to the minimum (Windows 2000 native) to allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed" mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is set always to 0 - I'll add a script which allows to bump the DC level (basically sets the "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and on the "DC" object)
2009-09-17s4:provision - Some rework (continuation)Matthias Dieter Wallnöfer4-40/+311
- Fix up "servicePrincipalNames" attributes on the DC object - Add some informative comments (most in "provision_self_join.ldif") - Add also comments where objects are missing which we may add later when we support the feature (mainly for FRS) - Add "domain updates" objects also under "CN=Configuration" (they exist twice) - Add the default services under "Services" to allow interoperability with some MS client tools - Smaller changes
2009-09-17pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl.Matthieu Patou2-2/+19
Fix bug #6723
2009-09-17s4-sam: add a note about the solaris clientAndrew Tridgell1-0/+2
2009-09-17s4-rpc: added NDR64 supportAndrew Tridgell5-7/+31
This adds support for the nd464 binding string option
2009-09-17spnego: Support ASN.1 BIT STRING and use it in SPNEGO.Kouhei Sutou1-2/+4
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer1-7/+18
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
2009-09-17s4:descriptor - cosmeticMatthias Dieter Wallnöfer1-1/+1
2009-09-17s4:libnet_become_dc - Fix some uninitialised variablesMatthias Dieter Wallnöfer1-3/+3
2009-09-17s4:provision - Some reworkMatthias Dieter Wallnöfer12-23610/+23878
- Add/change "wellKnownObjects" attributes - Order entries in "provision_basedn_modify.ldif" - Add/change "delete entries" object under BASEDN and CONFIGDN - Fix default version number of "Default domain policy" group policy - Add "domain updates" objects for interoperability with MS AD maintaining tools - Show version number in the "oEMInformation" attribute (suggested by ekacnet) - Smaller fixups
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer4-16/+10
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-17s4/python: flagsMatthias Dieter Wallnöfer2-9/+83
- Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags - Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
2009-09-13util_smb: For some (unknown) reason the previous patch changed the ↵Matthias Dieter Wallnöfer1-0/+0
permissions - Reset them
2009-09-13Port the Samba 4 shm_setup to QNX.Matt Kraai1-0/+18
2009-09-17idl: added DsExecuteKCC IDLAndrew Tridgell1-3/+3
2009-09-17spnego: share spnego_parse.Günther Deschner4-475/+2
Guenther
2009-09-16Owner and group defaulting.Nadezhda Ivanova6-58/+598
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16Tests for descriptor inheritanceZahari Zahariev3-1/+1613
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16s4:kdc In the kpasswd server, don't use the client address in mk_privAndrew Bartlett1-0/+8
This code eventually calls into mk_priv in the Heimdal code, and if the client is behind NAT, or somehow has an odd idea about it's own network addresses, it will fail to accept this packet if we set an address. It seems easiser not to. (Found by testing with NetAPP at plugfest) Andrew Bartlett
2009-09-16s4:rpc_server netgotiate max xmit size with RPC clientAndrew Bartlett1-2/+2
Testing against NetAPP showed that clients can object to being told a larger max xmit fragment size than they negotiated. Choose the minimum of the server and client values. Andrew Bartlett
2009-09-16s4-repl: raise a debug levelAndrew Tridgell1-1/+1
2009-09-16s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't existAndrew Tridgell1-0/+8
When a partition is first created it still needs a uSNHighest value
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher1-33/+56
This prepares support for HMAC-SHA256/AES. metze
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell2-26/+7
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-rpc: added a module for forwarding RPC requestsAndrew Tridgell3-9/+116
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC request to another task in Samba4, with the return being handled asynchronously. This is useful for forwarding DRS requests to the repl or kcc tasks
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell4-22/+54
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15s4-ldb: ldap attribute names can contain a '.'Andrew Tridgell1-1/+2
When they are of the form of OIDs
2009-09-15s4-ldb: expose ldb_transaction_prepare_commit() in ldbAndrew Tridgell3-21/+64
It is useful to be able to control the 2 phase commit from application code (s4 replication uses it)
2009-09-15s4-repl: don't do double replicationAndrew Tridgell4-6/+44
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15s4-drs: filter based on local_usnAndrew Tridgell1-1/+1
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-15s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()Andrew Tridgell2-4/+4
Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better.
2009-09-15s4-ldb: cope better with corruption of tdb recordsAndrew Tridgell4-5/+30
When doing an indexed search if we hit a corrupt record we abandoned the indexed search and did a full search. The problem was that we might have sent some records to the caller already, which means the caller ended up with duplicate records. Fix this by returning a search error if indexing returns an error and we have given any records to the caller.
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5