| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
I implemented this referral test in C since the LDB python API isn't capable
to extract referrals from search result sets (there the result sets are simple
lists which contain only the matching entries).
First I enhanced the RootDSE test to return all partition base DNs in a new
null-terminated list "partitions". Then I used this in my referrals test which
I've implemented in the LDB api since I needed some certain DN functions.
|
|
This is a first, very basic implementation of the referrals (more informations
at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12).
To have the full referral support (and to always point to the right host) the
full implementation using DNS will be needed (at the moment we always point to
the main DC which is referenceable through the DNS domainname).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The domain scope control is always removed, from the search one only the two
interesting flags (which are handled) and it is marked as non-critical.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed for my work regarding the referrals when the domain scope control
isn't specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
They don't cause any harm to our functionality - so ignore them were not needed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This was causing marshalling faults when we returned errors.
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
|
|
|
|
|
|
|
|
connecitons
|
|
We need this so we can create independent DRS connections to
different DCs.
|
|
|
|
|
|
|
|
calculated buffer size in RPC-SPOOLSS.
Guenther
|
|
msDS-IntId attribute should be replicated, so it must be
implemented in a module that is before repl_meta_data module
(thanks abartlet for pointing this out).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
These tests server behavior when a client compounds both synchronous
and asynchronous requests.
|
|
|
|
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
|
|
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)
This is the same change applied to s3
|
|
|
|
|
|
This allows a python script to query the internal network interface
lists from Samba
|
|
This periodically calls samba_dnsupdate to update our DNS entries if
needed
|
|
defaults to SBINDIR/samba_dnsupdate
This command will do periodic dynamic DNS updates using TSIG-GSS
|
|
|
|
|
|
Simo, I'm not really sure that those checks are valid. I read MS-NRPC section
3.5.4.1 about LOGONSRV_HANDLEs ("server_name" is of this type). There isn't
stated that the server name has necessarily to be in the DNS form and should
also be valid when it's NULL (if DCE server and client are the same - I don't
know if me make use of it in s4).
|
|
start implementing calls related to trusted domain information
|
|
|
|
|
|
Otherwise we get a "talloc_free with references" warning.
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
The comment for USER_INFO_INTERACTIVE_LOGON looks like a cut-n-paste from the line above.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
In addition I removed a "talloc_free(req)" since we never free elsewhere the
requests explicitly and do it only indirectly with freeing the "conn" object
when the testsuite terminates.
|
|
Actually return trust relationships by searching the appropriate
entries in the SAM database.
Add checks and return the correct flags, type and attributes.
|
|
|
|
|
|
For add requests we need the add request messages, for modify requests we need
the modify request messages.
|
|
Always better to rely on the standards rather than on custom results.
|
|
On production systems a user for sure strongly disagrees to use local IP
addresses (how should the server be accessible?). Therefore if the user didn't
specify an IP as provision option and in the "/etc/hosts" file we have at
least one not-local IP which resolves to our hostname use this or one of them.
Notice: if a host has more public IP addresses with the same name assigned the
behaviour is non-deterministic (well, okay - by the entries order it is). But
then the user is invited to specify the host IP manually.
This should address bug #5484.
|
