summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-06-22dbchecker: cope with a broken link to Deleted ObjectsAndrew Tridgell1-2/+9
if a DN link to Deleted Objects has a bad GUID, we need to use show_deleted
2011-06-22dbchecker: fixed argument error for -H and DNAndrew Tridgell1-1/+1
2011-06-22dbchecker: when fixing a bad GUID in a DN, search by the string DNAndrew Tridgell1-1/+1
2011-06-22samba-tool: added --attrs option to dbcheckAndrew Tridgell2-8/+15
this allows checking of a specific list of attributes
2011-06-22samba-tool: make the dbcheck class available outside of samba-toolAndrew Tridgell2-285/+324
this will be used in provision, and probably in upgradeprovision as well
2011-06-22samba-tool: added --quiet option to dbcheckAndrew Tridgell1-35/+43
this will be used to allow for other tools (such as provision) to call into dbcheck without generating a lot of noise
2011-06-22s4:winbind/wb_init_domain: use DCERPC_SCHANNEL_128 in order to work against ↵Stefan Metzmacher1-1/+1
w2k8r2 metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 19:40:47 CEST 2011 on sn-devel-104
2011-06-22s4:ntvfs/cifs: add option to use S4U2ProxyStefan Metzmacher1-0/+49
Note: this doesn't work against a Samba4 KDC yet. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 18:17:43 CEST 2011 on sn-devel-104
2011-06-22s4:auth/kerberos: protect kerberos_kinit_password_cc() against old KDCsStefan Metzmacher1-1/+48
If the KDC does not support S4U2Proxy, it might return a ticket for the TGT client principal. metze
2011-06-22s4:auth/kerberos: add S4U2Proxy support to kerberos_kinit_password_cc()Stefan Metzmacher3-5/+134
For S4U2Proxy we need to use the ticket from the S4U2Self stage and ask the kdc for the delegated ticket for the target service. metze
2011-06-22s4-dsdb: bypass validation when relax setAndrew Tridgell1-1/+2
this allows dbcheck to fix bad attributes Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
2011-06-22samba-tool: allow for running dbcheck against a remove ldap serverAndrew Tridgell1-5/+14
this is useful for running it against a Windows server
2011-06-22samba-tool: expanded dbcheck DN checkingAndrew Tridgell1-21/+104
this now checks for bad GUID elements in DN links, and offers to fix them when possible Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4-dsdb: prioritise GUID in extended_dn_inAndrew Tridgell1-8/+11
if we search with a base DN that has both a GUID and a SID, then use the GUID first. This matters for the S-1-5-17 SID. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4-dsdb: catch duplicate matches in extended_dn_inAndrew Tridgell1-0/+12
When searching using extended DNs, if there are multiple matches then return an object not found error. This is needed for the case of a duplicate objectSid, which happens for S-1-5-17 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4:auth/kerberos: protect kerberos_kinit_password_cc() against old KDCsStefan Metzmacher1-1/+47
Old KDCs may not support S4U2Self (or S4U2Proxy) and return tickets which belongs to the client principal of the TGT. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 09:10:55 CEST 2011 on sn-devel-104
2011-06-22s4:auth/kerberos: remove one indentation level in kerberos_kinit_password_cc()Stefan Metzmacher1-94/+99
This will make the following changes easier to review. metze
2011-06-22s4:auth/kerberos: reformat kerberos_kinit_password_cc()Stefan Metzmacher1-32/+41
In order to make the following changes easier to review. metze
2011-06-22s4:auth/kerberos: don't mix s4u2self creds with machine account credsStefan Metzmacher1-24/+76
It's important that we don't store the tgt for the machine account in the same krb5_ccache as the ticket for the impersonated principal. We may pass it to some krb5/gssapi functions and they may use them in the wrong way, which would grant machine account privileges to the client. metze
2011-06-22s4:auth/kerberos: use better variable names in kerberos_kinit_password_cc()Stefan Metzmacher1-27/+41
This will make the following changes easier to review. metze
2011-06-22s4:auth/kerberos: don't ignore return code in kerberos_kinit_password_cc()Stefan Metzmacher1-0/+2
metze
2011-06-22samba-tool: added missing GUID component checks to dbcheckAndrew Tridgell1-4/+93
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 07:59:30 CEST 2011 on sn-devel-104
2011-06-22pyldb: added methods to get/set extended components on DNsAndrew Tridgell1-0/+51
this will be used by the dbcheck code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22pydsdb: added get_syntax_oid_from_lDAPDisplayName()Andrew Tridgell2-0/+45
this gives you access to the syntax oid of an attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22ldb: added extended_str() method to pyldbAndrew Tridgell1-0/+16
this gives access to ldb_dn_get_extended_linearized() from python Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22ldb: expose syntax oids to pythonAndrew Tridgell1-0/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22samba-tool: try to keep dbcheck.py in a logical orderingAndrew Tridgell1-29/+38
keep individual error handlers together and separate from driver code
2011-06-22s4-dsdb: don't add zero GUID to BINARY_DNAndrew Tridgell1-9/+11
When converting from DRS to ldb format for a BINARY_DN, don't add the GUID extended DN element if the GUID is all zeros. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-21s4-smbtorture: rework the spoolss notify test a bit.Günther Deschner1-16/+15
Guenther
2011-06-21s4-smbtorture: use ipv4 addresses for backchannel spoolss change notifyGünther Deschner1-1/+1
connections for now. Guenther
2011-06-21s4/auth: Trivial spelling fixes.Brad Hards2-6/+6
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-21build: move dynconfig for top level build upAndrew Bartlett1-115/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-21s4-param Autogenerate the loadparm_globals and loadparm_service tablesAndrew Bartlett3-153/+226
This makes it much easier and less error prone to add new parameters as we merge the s3 and s4 loadparm systems. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jun 21 04:41:54 CEST 2011 on sn-devel-104
2011-06-21selftest: Run tests for libsmbclient and libnetapiAndrew Bartlett2-1/+6
This adds the known failure for the one test (netbios browsing) that fails. Andrew Bartlett
2011-06-21s4-torture Enable libnetapi and libsmbclient tests using combined buildAndrew Bartlett4-27/+25
Because we now always build the source3 code, we can link directly against a private libnetapi and libsmbclient to test the behaviour of these important APIs. We use a private libnetapi_net_init(), and by using this interface rather than the public one, we can ensure that the correct smb.conf is loaded (as smbtorture4 is a Samba4 semantics binary). The #include of the source3 includes.h is required to do the manual lp_load(). Andrew Bartlett
2011-06-21s4-cmdline: Rename popt tables to avoid symbol conflictsAndrew Bartlett3-12/+12
These same names are use in the source3 popt code, which is called from in libsmbclient and libnet. These are then included in the smbtorture binary for testing Andrew Bartlett
2011-06-21lib/util: Use common d_printf() in the whole codebaseAndrew Bartlett1-6/+0
This removes the lang_tdb based varient, the only user of the lang_tdb code is SWAT, which calls that directly. 'net' and 'pam_winbind' are internationalised using gettext. Andrew Bartlett
2011-06-21s4-param Add my authorship to this scriptAndrew Bartlett1-2/+3
2011-06-20Use tevent_req_oomVolker Lendecke4-5/+5
This fixes a few Coverity errors
2011-06-20tdb2: tie it into build process if --enable-tdb2-breaks-compatRusty Russell1-1/+1
This is simplistic. We need to support making TDB2 a standalone library, but for now, we simply built it in-tree. Once we have tdb1 compatibility in tdb2, we can rename this option to --enable-tdb2. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb2: create tdb2 versions of various testing TDBs.Rusty Russell1-2/+5
Soon, TDB2 will handle tdb1 files, but until then, we substitute. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_compat: use tdb_open_compat.Rusty Russell3-29/+51
This is a helper for the common case of opening a tdb with a logging function, but it doesn't do all the work, since TDB1 and TDB2's log functions are different types. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb2: #ifdef out TDB_ERR_NOLOCK and TDB_ERR_LOCK_TIMEOUT.Rusty Russell1-0/+4
These don't exist in tdb2. The former is used in one weird place in tdb1, and the latter not at all. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20ldb: replace 'struct TDB_DATA' with 'TDB_DATA'Rusty Russell3-6/+6
The typedef is TDB2 compatible, the struct isn't. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_unlockall/tdb_unlockall_read: ignore return value.Rusty Russell1-1/+2
TDB2 returns void here. tdb_unlockall will *always* return with the database unlocked, but it will complain via the log function if it wasn't locked. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_traverse/tdb_traverse_read: check returns for negative, not -1.Rusty Russell2-3/+3
TDB2 returns a negative error number on failure. This is compatible if we always check for < 0 instead of == -1. Also, there's no tdb_traverse_read in TDB2: we don't try to make traverse reliable any more, so there are no write locks anyway. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_transaction_cancel: ignore return value.Rusty Russell1-4/+1
TDB2 returns void here. tdb_transaction_cancel will *always* return with the transaction cancelled, but it will complain via the log function if a transaction wasn't in progress. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_store: check returns for 0, not -1.Rusty Russell3-3/+3
TDB2 returns a negative error number on failure. This is compatible if we always check for != 0 instead of == -1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_delete: check returns for 0, not -1.Rusty Russell1-1/+1
TDB2 returns a negative error number on failure. This is compatible if we always check for != 0 instead of == -1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_fetch_compat: use instead of tdb_fetch.Rusty Russell7-15/+17
This is a noop for tdb1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>