Age | Commit message (Collapse) | Author | Files | Lines |
|
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.
Now that security=server has been removed, we have no such module.
This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.
Andrew Bartlett
|
|
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 2 17:19:55 CEST 2012 on sn-devel-104
|
|
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
|
|
This validates the password expiry, account disable in the s3 auth code
and the save/restore of values in tdbsam.
It also provides the first test of some net sam set subcommands.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 20:39:38 CEST 2012 on sn-devel-104
|
|
|
|
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Jun 28 18:43:46 CEST 2012 on sn-devel-104
|
|
Guenther
|
|
In particular, on a virtual machine after a forced reboot, it
contained "Ille" instead of a valid PID. Given it was the right
length, I'm assuming it was filesystem corruption.
process_exists_by_pid() then panics, when given a pid < 1.
Reported-by: lostogre on #samba-technical
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Thu Jun 28 05:19:24 CEST 2012 on sn-devel-104
|
|
This tests pdb_samba4 in the first instance
|
|
non-critical
|
|
This was an interesting hack, and the local_password module still exists, but
until it has a use case and a test case, remove the bypass of password_hash.
Andrew Bartlett
|
|
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jun 26 18:04:43 CEST 2012 on sn-devel-104
|
|
Clients can print by performing file IO on a printer share, rather than
issuing spoolss RPCs.
This commit attempts to reproduce bug 8719.
|
|
|
|
This means we do not need to run samba_upgradedns any more.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 24 18:10:10 CEST 2012 on sn-devel-104
|
|
The internal DNS server does not need the samba-only NAME-dns
account.
Andrew Bartlett
|
|
|
|
This also tests the comparison with LDAP on anonymous connections
and marks this as knownfail, while we investigate the correct
behaviour here.
Andrew Bartlett
|
|
|
|
We need to have the struct dreplsrv_partition_source_dsa around until the end of the
async op, so we use talloc_reference after carefully checking the callers and
making the modifications required.
This prevents a crash when replicating partitions in the vampire_dc test after
adding DNS replication at join time.
Andrew Bartlett
|
|
have to reload it
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
|
|
modifyTimeStamp is a generated attribute, for most object it's generated
directly from the whenChanged attribute. But for the CN=aggregate object
in the schema we have to handle it in a different way, that's because
for this object whenChanged!=modifyTimeStamp (as checked against Windows
2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the
most recently modified and loaded schema object (that is to the one with
the highest USN before the schema was reload due to timeout or by the
reloadSchemaNow command).
Some third party are using this information to know if they have to
update their schema cache and also to check that schema updates have
been correctly reloaded by the DC, a good example of this behavior is
exchange 2010.
|
|
|
|
If the value has changed then reload the schema, this means that now the
schema is only reloaded on a periodical basis or if we have been asked
explicitly to do it and not necesserly if the schema partition has
changed.
|
|
The idea is to signal to other process accessing the database that the
schema was forced to be reloaded and so they should reload as well.
|
|
they have to reload the schema
|
|
|
|
|
|
object
|
|
|
|
|
|
|
|
we are a GC
In theory when presented this control and not a GC we should use the
specified name as the DC to contact for cross-domain link verification.
But for the moment we don't support this so we just fail when we have
this control and are not a GC.
|
|
|
|
|
|
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because
in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID).
If so generate another random value.
If not check if the highest USN in the database for the schema partition is the
one that we know.
If so it means that's only this ldb context that is touching the schema in the database.
If not it means that's someone else has modified the database while we are doing our changes too
(this case should be very bery rare) in order to be sure do the search in the database.
|
|
Samba 4 use to try to reload the schema every time dsdb_get_schema was
called (which could be 20+ time per ldb request). Now we only reload at
most every xx seconds (xx being the value of dsdb:"schema_reload_interval"
or 120). The timestamp of the last reloaded schema is kept in the
dsdb_schema object. There is also a timestamp in the ldb_context, that
is used by the LDAP server to know if it has to reload the schema after
handling the request. This is used to allow that the schema will be
immediately reload after a schemaUpdateNow request has been issued, the
reload can't occur in the handling of the LDAP request itself because
we have a transaction autostarted.
|
|
|
|
This demonstrates the interaction of CAP_DYNAMIC_REAUTH
and NT_STATUS_NETWORK_SESSION_EXPIRED.
metze
|
|
This way we can give anonymous full access to the directory.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 22 11:30:06 CEST 2012 on sn-devel-104
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 22 03:37:54 CEST 2012 on sn-devel-104
|
|
metze
|
|
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 21 14:07:55 CEST 2012 on sn-devel-104
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 21 10:19:00 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jun 21 03:25:57 CEST 2012 on sn-devel-104
|
|
|
|
This uses the tokenGroups attribute on LDAP and the posix whoami call
to confirm that user token matches between LDAP and CIFS.
I have a seperate patch for the anonymous case, because this isn't
consistent at this stage, and we need to study and fix that.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 20 18:43:43 CEST 2012 on sn-devel-104
|
|
|
|
errors
|