Age | Commit message (Collapse) | Author | Files | Lines |
|
This sorts out the correct handling for the 'kvno=255'
problem. Windows will use the previous trust password for 1 hour after
a password set, and indicates that the previous password is being used
by sending current_kvno-1. That maps to 255 if the trust password has
not actually been changed, so the initial trust password is being
used.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
to properly support multi-domain forests we need to determine if an
incoming username is part of a known forest domain or not. To do this
for all possible SPN forms, we need to use CrackNames.
This changes map_user_info() to use CrackNames if a SAM context is
available, and asks the CrackNames services to parse the incoming
username and domain into a NT4 form, which can then be used in the
SAM.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We need to exclude GC partial replica naming contexts from SAM lookups
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the kdc should not be looking for users in GC partial replicas, as
these users do not have all of the attributes needed for the KDC to
operate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
windows sometimes sends us a kvno of 255 for inter-domain trusts. We
don't yet know why it does this, but it seems that we need to treat
this as an unspecified kvno
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are a global catalog server, the KCC needs to add partial
replicas for all domain partitions that we don't have copies of
|
|
we already have a function for returning the NTDS options
|
|
when we are adding an object via DRS, we need to add the
DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial
replica, so ensure the partition module creates new NCs as partial
replicas
|
|
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).
We use the 3rd part of the SPN directly as the realm name in the
referral.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC. We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
if a join fails, then cleanup the old records
|
|
we want new NCs to be created
|
|
|
|
another missing newline
|
|
this is needed for a subdomain join by a new NC. The NC is initially
uninstantiated
|
|
this allows INSTANCE_TYPE_WRITE to be not set if
INSTANCE_TYPE_UNINSTANT is set
|
|
this adds a flag to dsdb_origin_objects_commit that tells it to create
a new NC based on the nCName in a crossRef object
|
|
|
|
|
|
|
|
the two base DNs do not need to match when doing GC replica compares
|
|
|
|
we need to use the original value, as ldb.Dn() can't parse a DSDB
binary DN
|
|
|
|
when we receive objects to a partial replica, we need to change the
incoming instanceType to not include the INSTANCE_TYPE_WRITE
flag. Partial replicas unset this flag.
|
|
this sets the appropriate flags for replication with FULL_SYNC and
partial replica replications
|
|
With this set, we accept changes even if they have the same tuple as
the local copy. This can be used by a FULL_SYNC replication to recover
a replica that is corrupt
|
|
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow
changes to any replicated attributes. This ensures partial replicates
are not alterered
|
|
this allows the replication server to control replication via a set of
flags. Initial flags will allow control for partial replications and
full_sync support
|
|
|
|
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Sep 29 18:59:54 CEST 2011 on sn-devel-104
|
|
Also, skip samba4.smb2.ioctl for now. Snapshots are not supported by
default.
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Thu Sep 29 14:47:05 CEST 2011 on sn-devel-104
|
|
Currently only covers FSCTL_GET_SHADOW_COPY_DATA.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Add a corresponding test case to smb2.read.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
NETWORK_NAME_DELETED/USER_SESSION_DELETED
Most Windows versions have a strange order to
verify the session id, tree id and file id.
(They should be checked in that order, but windows
seems to check the file id before the others).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 28 21:12:07 CEST 2011 on sn-devel-104
|
|
If there're a problem with signing or the session doesn't exists
any more the server responses with a failure, instead of not
sending a response.
For now we ignore the reponse, as there's not much we could do with it
and it's not likely that we generate bad requests, which trigger
that behavior, except for testing.
metze
|
|
session
metze
|
|
NT_STATUS_USER_SESSION_DELETED
metze
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Sep 28 14:19:20 CEST 2011 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 28 05:10:53 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Wed Sep 28 03:37:22 CEST 2011 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Sep 25 17:12:05 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sat Sep 24 22:49:50 CEST 2011 on sn-devel-104
|
|
|
|
it use NT_STATUS_IS_ERROR which is not completely the same as NT_STATUS_IS_OK
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Sep 23 09:22:56 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Sep 23 06:06:57 CEST 2011 on sn-devel-104
|