Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-05-18 | s4:kdc: UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION => ↵ | Stefan Metzmacher | 1 | -0/+14 | |
flags.trusted_for_delegation metze | |||||
2011-05-18 | s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROS | Stefan Metzmacher | 1 | -0/+1 | |
Otherwise we would not impersonate the desired principal. This still doesn't work for plaintext auth, but should avoid ntlmssp. metze | |||||
2011-05-18 | s4:auth/credentials: pass 'self_service' to ↵ | Stefan Metzmacher | 5 | -10/+36 | |
cli_credentials_set_impersonate_principal() This also adds a cli_credentials_get_self_service() helper function. In order to support S4U2Proxy we need to be able to set the service principal for the S4U2Self step independent of the target principal. metze | |||||
2011-05-18 | s4:gensec_gssapi: avoid delegation if s4u2self/proxy is used | Stefan Metzmacher | 1 | -0/+4 | |
metze | |||||
2011-05-18 | HEIMDAL:kdc: check and regenerate the PAC in the s4u2proxy case | Stefan Metzmacher | 1 | -13/+38 | |
TODO: we need to add a S4U_DELEGATION_INFO to the PAC later. metze | |||||
2011-05-18 | HEIMDAL:kdc: pass the correct principal name for the resulting service ticket | Stefan Metzmacher | 1 | -38/+36 | |
Depending on S4U2Proxy the principal name for the resulting ticket is not the principal of the client ticket. metze | |||||
2011-05-18 | HEIMDAL:kdc: let check_PAC() to verify the incoming server and krbtgt cheksums | Stefan Metzmacher | 1 | -4/+7 | |
For a normal TGS-REQ they're both signed with krbtgt key. But for S4U2Proxy requests which ask for contrained delegation, the keys differ. metze | |||||
2011-05-17 | s4-dfs: Use a workaround for ndr relative pointer bug/limitation | Matthieu Patou | 1 | -11/+8 | |
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Tue May 17 01:33:27 CEST 2011 on sn-devel-104 | |||||
2011-05-17 | s4-torture: Add more tests to DFS referral suite | Matthieu Patou | 1 | -4/+30 | |
2011-05-17 | torture: adapt to idl evolution | root | 2 | -48/+48 | |
2011-05-17 | s4-dfs: clean the code | Matthieu Patou | 1 | -44/+50 | |
2011-05-17 | s4-dfs: fix bugs in idl and adapt code accordingly | Matthieu Patou | 1 | -17/+23 | |
2011-05-17 | s4-python: add an option for just fixing gpo folders | Matthieu Patou | 1 | -189/+196 | |
2011-05-17 | s4-python: keep wheel_gid as an integer | Matthieu Patou | 1 | -1/+1 | |
2011-05-17 | s4-python: raise an error if unable to bind remote ldap while joining | Matthieu Patou | 1 | -0/+11 | |
2011-05-16 | waf: Enable Samba3 torture tests in top level build. | Andreas Schneider | 1 | -12/+12 | |
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon May 16 13:57:01 CEST 2011 on sn-devel-104 | |||||
2011-05-16 | s4-smbtorture: add test_netremotetod. | Günther Deschner | 2 | -0/+18 | |
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon May 16 12:45:52 CEST 2011 on sn-devel-104 | |||||
2011-05-16 | s4-libcli/rap: add smbcli_rap_netremotetod(). | Günther Deschner | 1 | -0/+47 | |
Guenther | |||||
2011-05-13 | do an explicit A record search for SRV entries | Luke Howard | 1 | -4/+22 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2011-05-13 | s4/test/getnc_exop: Tune the the test to work against windows | Kamen Mazdrashki | 1 | -17/+27 | |
It turns out that sometimes, w2k8-r2 returns objects even when FSMO extended request has failed. Also verify that target DC returns source_dsa_guid and source_dsa_invocation_id correctly Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Fri May 13 02:26:04 CEST 2011 on sn-devel-104 | |||||
2011-05-11 | s4/drepl_fsmo: Add an CR so that message is visible in the logs | Kamen Mazdrashki | 1 | -1/+1 | |
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed May 11 21:03:59 CEST 2011 on sn-devel-104 | |||||
2011-05-11 | s4/getnc_exop: Initial implementation of a testsuite for GetNCChanges ↵ | Kamen Mazdrashki | 1 | -0/+136 | |
extended opeartion handling | |||||
2011-05-11 | s4/getncchanges: Pre-mark extended requests as success in case a ↵ | Kamen Mazdrashki | 1 | -0/+4 | |
sub-function "forget" to do this | |||||
2011-05-11 | s4/getncchanges: Implement placeholder for handling ex-op collection of objects | Kamen Mazdrashki | 1 | -13/+44 | |
Right now it is solely based on function that handles objects in normal DsGetNCChanges calls. | |||||
2011-05-11 | s4/getncchanges: Move the code that collects objects into separate function | Kamen Mazdrashki | 1 | -41/+67 | |
2011-05-11 | s4/getncchanges: Don't mask Extended operation result - callers need it | Kamen Mazdrashki | 1 | -1/+0 | |
2011-05-11 | s4/getncchanges: Fail extended request rather than failing whole request | Kamen Mazdrashki | 1 | -1/+3 | |
in case that destination_dsa_guid is not valid | |||||
2011-05-09 | build: Remove --disable-s3build so we can rely on these subsystems | Andrew Bartlett | 1 | -6/+1 | |
This will make it easier to write code that uses the whole codebase. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon May 9 12:25:33 CEST 2011 on sn-devel-104 | |||||
2011-05-09 | selftest: Test both users created in plugin_s4_dc environment | Andrew Bartlett | 1 | -0/+1 | |
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon May 9 06:10:52 CEST 2011 on sn-devel-104 | |||||
2011-05-08 | selftest: Polish selftest-vars.sh a little so it can be used again | Kamen Mazdrashki | 1 | -10/+14 | |
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sun May 8 22:50:01 CEST 2011 on sn-devel-104 | |||||
2011-05-08 | s4-selftest Add tests for proxy_samba4_dc | Andrew Bartlett | 1 | -0/+1 | |
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun May 8 20:03:45 CEST 2011 on sn-devel-104 | |||||
2011-05-08 | ncalrpc: Force ncalrpc dir to be mode 755 in all users | Andrew Bartlett | 1 | -0/+7 | |
This allows this directory to be shared between Samba3 and Samba4 in a Franky-style setup easily. Andrew Bartlett | |||||
2011-05-08 | s4-dsdb Add transactions to dsdb modify helpers | Andrew Bartlett | 1 | -0/+18 | |
2011-05-08 | s4-samr Remove incorrect transaction_cancel() in error path | Andrew Bartlett | 1 | -1/+0 | |
The transactions are now handled entirely within dsdb_add_user() Andrew Bartlett | |||||
2011-05-08 | s4-param cope with doulbe-parsing of -foo and +foo lists | Andrew Bartlett | 1 | -3/+9 | |
For some reason these lists are parsed twice, and so any -foo was failing as it was already removed the first time. Andrew Bartlett | |||||
2011-05-08 | s4-interfaces: keep interfaces in the order they were declared | Andrew Tridgell | 1 | -1/+5 | |
the spoolss notify test depends on the interfaces order Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun May 8 13:57:58 CEST 2011 on sn-devel-104 | |||||
2011-05-08 | s4-interfaces Rename interfaces code so not to conflict with source3/ | Andrew Bartlett | 28 | -113/+113 | |
The iface_count, iface_n_bcast, and load_interfaces functions conflicted with functions of the same name in source3, so the source4 functions were renamed. Hopefully we can actually wrap one around the other in future. Andrew Bartlett | |||||
2011-05-08 | lib/socket move interfaces code to the top level | Andrew Bartlett | 3 | -334/+6 | |
2011-05-08 | s4-lib/socket Samba4 is not IPv6 compatible | Andrew Bartlett | 1 | -0/+5 | |
Don't add IPv6 interfaces until we actually support them. I'll soon have IPv6 service at home, and then I'll make it my buisness to sort this out once and for all. Andrew Bartlett | |||||
2011-05-08 | s4-lib merge get_interfaces() from Samba3 to Samba4 | Andrew Bartlett | 3 | -100/+375 | |
2011-05-08 | s4-param Don't set variables such as the debuglevel unless global | Andrew Bartlett | 1 | -2/+18 | |
This ensures that when a second lp_ctx is created, that it does not set global variables such as the debug level, log file etc, potentially overriding the settings created by another context. In particular this matters when loading Samba4 modules into Samba3. Andrew Bartlett | |||||
2011-05-08 | Improve debug messages when creating socket directories | Andrew Bartlett | 1 | -1/+1 | |
This makes clear what the permissions error and directory name actually is Andrew Bartlett | |||||
2011-05-08 | libds: moved enum security_types to a common header | Andrew Tridgell | 2 | -2/+2 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2011-05-08 | s4-auth Rename auth -> auth4 to avoid conflict with s3 auth | Andrew Bartlett | 23 | -78/+80 | |
2011-05-08 | s4-ntvfs: Rename brl_*() -> brlock_*() to avoid conflict with brlock_init in s3 | Andrew Bartlett | 7 | -24/+24 | |
2011-05-08 | s4-auth: remove unused prototype | Andrew Tridgell | 1 | -4/+1 | |
2011-05-06 | s4-smbd: fix randseed_init() usage. | Günther Deschner | 1 | -1/+1 | |
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri May 6 17:37:11 CEST 2011 on sn-devel-104 | |||||
2011-05-06 | libcli/smb Move cifs posix helper functions and headers in common | Andrew Bartlett | 4 | -191/+2 | |
unix_perms_to_wire() was a duplicate symbol in the top level build. Andrew Bartlett | |||||
2011-05-06 | lib/util Rename ms_fnmatch() to ms_fnmatch_protocol() to avoid dup symbol | Andrew Bartlett | 5 | -9/+9 | |
This verison of the function takes a protcol as argument to determine matching rules. Andrew Bartlett | |||||
2011-05-06 | errors: Remove unused unix_to_werror() | Andrew Bartlett | 1 | -5/+0 | |