summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-10-04s4-kdc: fixed handling of previous vs current trust passwordAndrew Tridgell1-36/+77
This sorts out the correct handling for the 'kvno=255' problem. Windows will use the previous trust password for 1 hour after a password set, and indicates that the previous password is being used by sending current_kvno-1. That maps to 255 if the trust password has not actually been changed, so the initial trust password is being used. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-auth: rework map_user_info() to use cracknamesAndrew Tridgell2-13/+215
to properly support multi-domain forests we need to determine if an incoming username is part of a known forest domain or not. To do this for all possible SPN forms, we need to use CrackNames. This changes map_user_info() to use CrackNames if a SAM context is available, and asks the CrackNames services to parse the incoming username and domain into a NT4 form, which can then be used in the SAM. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-sam: don't look in GC NCs for user accountsAndrew Tridgell1-2/+6
We need to exclude GC partial replica naming contexts from SAM lookups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-kdc: don't look at global catalog NCs in the kdcAndrew Tridgell2-16/+23
the kdc should not be looking for users in GC partial replicas, as these users do not have all of the attributes needed for the KDC to operate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-kdc: treat a kvno of 255 as unspecifiedAndrew Tridgell1-1/+4
windows sometimes sends us a kvno of 255 for inter-domain trusts. We don't yet know why it does this, but it seems that we need to treat this as an unspecified kvno Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-kcc: if we are a GC, auto-add partial replicasAndrew Tridgell1-3/+147
when we are a global catalog server, the KCC needs to add partial replicas for all domain partitions that we don't have copies of
2011-10-04s4-dsdb: simplify samdb_is_gc()Andrew Tridgell1-28/+2
we already have a function for returning the NTDS options
2011-10-04s4-dsdb: add the DSDB_CONTROL_PARTIAL_REPLICA when neededAndrew Tridgell1-0/+9
when we are adding an object via DRS, we need to add the DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial replica, so ensure the partition module creates new NCs as partial replicas
2011-10-04heimdal: handle referrals for 3 part DRSUAPI SPNsAndrew Tridgell1-1/+18
This handles referrals for SPNs of the form E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are used during DRS replication when we don't know the dnsHostName of the target DC (which we don't know until the first replication from that DC completes). We use the 3rd part of the SPN directly as the realm name in the referral. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-repl: try harder to find the right SPN in replication serverAndrew Tridgell1-23/+72
when doing DRS between domains, using the right SPN is essential so the KDC can generate referrals to point us at the right DC. We prefer the GC/hostname/DNSDOMAIN form if possible, but if we can't find the hostname then this changes the code that generates the target principal name to use either the msDS-HasDomainNCs or hasMasterNCs attributes to try to find the target DC domainname so we can use the E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICAAndrew Tridgell7-60/+98
this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04s4-join: enable cleanup on failed joinAndrew Tridgell1-1/+1
if a join fails, then cleanup the old records
2011-10-04s4-drs: added DSDB_REPL_FLAG_ADD_NCNAME to DsAddEntry callAndrew Tridgell1-0/+1
we want new NCs to be created
2011-10-04s4-dsdb: added DSDB_REPL_FLAG_ADD_NCNAME flagAndrew Tridgell1-0/+1
2011-10-04s4-dsdb: fixed formatting of a debug messageAndrew Tridgell1-1/+1
another missing newline
2011-10-04s4-partition: allow creation of uninstantiated partitionsAndrew Tridgell1-6/+0
this is needed for a subdomain join by a new NC. The NC is initially uninstantiated
2011-10-04s4-dsdb: allow uninstantiated NC headsAndrew Tridgell1-2/+4
this allows INSTANCE_TYPE_WRITE to be not set if INSTANCE_TYPE_UNINSTANT is set
2011-10-04s4-repl: support creation of new NCs via DsAddEntryAndrew Tridgell1-0/+84
this adds a flag to dsdb_origin_objects_commit that tells it to create a new NC based on the nCName in a crossRef object
2011-10-04s4-repl: fixed formatting of some debug messagesAndrew Tridgell1-5/+5
2011-10-04dns: added example python script for dnsserver protocolAndrew Tridgell1-0/+89
2011-10-04dns: build python bindings for dnsserver RPC protocolAndrew Tridgell1-0/+6
2011-10-04samba-tool: cope with GC compares in ldapcmpAndrew Tridgell1-3/+5
the two base DNs do not need to match when doing GC replica compares
2011-10-04samba-tool: added --full-sync and --sync-all options to samba-tool drs replicateAndrew Tridgell1-3/+9
2011-10-04s4-dbchecker: fixed handling of DSDB DNs in dbcheckAndrew Tridgell1-1/+1
we need to use the original value, as ldb.Dn() can't parse a DSDB binary DN
2011-10-04s4-dsdb: update callers to dsdb_convert_object_ex()Andrew Tridgell2-0/+4
2011-10-04s4-repl: update instanceType in partial_replica replicationAndrew Tridgell1-0/+20
when we receive objects to a partial replica, we need to change the incoming instanceType to not include the INSTANCE_TYPE_WRITE flag. Partial replicas unset this flag.
2011-10-04s4-repl: add FULL_SYNC and PARTIAL_REPLICA flagsAndrew Tridgell1-5/+27
this sets the appropriate flags for replication with FULL_SYNC and partial replica replications
2011-10-04s4-dsdb: implement DSDB_REPL_FLAG_PRIORITISE_INCOMINGAndrew Tridgell1-4/+22
With this set, we accept changes even if they have the same tuple as the local copy. This can be used by a FULL_SYNC replication to recover a replica that is corrupt
2011-10-04s4-dsdb: disallow changes based on instanceTypeAndrew Tridgell1-4/+13
if instanceType does not include INSTANCE_TYPE_WRITE, then disallow changes to any replicated attributes. This ensures partial replicates are not alterered
2011-10-04s4-dsdb: added DSDB_REPL_FLAG* to replicationAndrew Tridgell1-2/+15
this allows the replication server to control replication via a set of flags. Initial flags will allow control for partial replications and full_sync support
2011-10-04s4-ldap-server: disallow all modifies on global catalog portAndrew Tridgell1-0/+20
2011-10-02s4 provision: Set server role default when called from command line to 'dc'Kai Blin1-0/+3
2011-09-29s4:smb_server/smb2: make sure we sign the final session setupStefan Metzmacher1-3/+10
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Sep 29 18:59:54 CEST 2011 on sn-devel-104
2011-09-29s4: add SMB2_FSCTL opcodesDavid Disseldorp3-3/+18
Also, skip samba4.smb2.ioctl for now. Snapshots are not supported by default. Autobuild-User: David Disseldorp <ddiss@samba.org> Autobuild-Date: Thu Sep 29 14:47:05 CEST 2011 on sn-devel-104
2011-09-29s4-torture: add smb2 ioctl test suiteDavid Disseldorp3-1/+89
Currently only covers FSCTL_GET_SHADOW_COPY_DATA. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-09-29s4-torture: remove unchecked read from smb2 createDavid Disseldorp2-9/+9
Add a corresponding test case to smb2.read. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-09-28s4:torture/smb2/lock: remove samba4 specific checks for ↵Stefan Metzmacher1-12/+14
NETWORK_NAME_DELETED/USER_SESSION_DELETED Most Windows versions have a strange order to verify the session id, tree id and file id. (They should be checked in that order, but windows seems to check the file id before the others). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 28 21:12:07 CEST 2011 on sn-devel-104
2011-09-28s4:libcli/smb2: ignore SMB2_OP_CANCEL responsesStefan Metzmacher1-0/+10
If there're a problem with signing or the session doesn't exists any more the server responses with a failure, instead of not sending a response. For now we ignore the reponse, as there's not much we could do with it and it's not likely that we generate bad requests, which trigger that behavior, except for testing. metze
2011-09-28s4:libcli/smb2: correctly sign SMB2_OP_CANCEL request if they belong to a ↵Stefan Metzmacher1-0/+1
session metze
2011-09-28s4:libcli/smb2: don't try to check the signing if we got ↵Stefan Metzmacher1-1/+2
NT_STATUS_USER_SESSION_DELETED metze
2011-09-28libcli: Install libcli.h.Jelmer Vernooij2-4/+289
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Sep 28 14:19:20 CEST 2011 on sn-devel-104
2011-09-28s4:libcli/resolve: only try broadcast messages to ipv4 addressesStefan Metzmacher1-2/+12
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 28 05:10:53 CEST 2011 on sn-devel-104
2011-09-28dns: Do as BIND and MS DNS and drop quries with qdcount != 1Kai Blin1-5/+11
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Wed Sep 28 03:37:22 CEST 2011 on sn-devel-104
2011-09-28dns: The QCLASS is called IN, not IPKai Blin1-6/+6
2011-09-27s4-ldap_server: Fix segfault on startup failure of ldap serverAndrew Bartlett1-2/+2
2011-09-25libcliraw: Make smb_raw_write_recv public and include it in a public header.Jelmer Vernooij2-1/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Sep 25 17:12:05 CEST 2011 on sn-devel-104
2011-09-24s4 winbind: Don't drop workgroup name for getpw*Kai Blin2-2/+16
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Sat Sep 24 22:49:50 CEST 2011 on sn-devel-104
2011-09-23build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett10-10/+10
2011-09-23python-s4: use PyErr_SetNTSTATUS instead of PyErr_NTSTATUS_IS_ERR_RAISE as ↵Matthieu Patou1-2/+4
it use NT_STATUS_IS_ERROR which is not completely the same as NT_STATUS_IS_OK Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Sep 23 09:22:56 CEST 2011 on sn-devel-104
2011-09-23pys4: really return an exception if the status if not correctMatthieu Patou1-4/+2
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Sep 23 06:06:57 CEST 2011 on sn-devel-104