summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-10-01s4-repl: use the GC principal name for DRS replication connectionAndrew Tridgell3-6/+76
this is required when talking to RODCs (for notify calls), and is good practice for all DCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01s4-rpc: added target_principal binding handle optionAndrew Tridgell6-4/+16
this allows you to specify a target SPN for a connection Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01s4-dsdb: added dsdb_search_by_dn_guid()Andrew Tridgell1-0/+26
this is more efficient than first searching for the DN, then doing a search. We should look at using this in lots of existing code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-02s4:rpc_server/netlogon: don't use dcerpc_binding_handle_call_send/recv() ↵Stefan Metzmacher1-12/+9
directly metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Oct 2 03:11:38 UTC 2010 on sn-devel-104
2010-10-02s4-gensec Always honour the set server principalAndrew Bartlett1-1/+1
The spengo code won't set this unless it is allowed to by this same option, but other callers may need it. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
2010-10-02s4-drs: fixed comparison login in replicated renamesAndrew Tridgell1-45/+72
we need to ensure we only ever compare USNs from the same originating invocation ID. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Oct 2 01:45:19 UTC 2010 on sn-devel-104
2010-10-02s4-kcc: remove stale repsTo entries in the KCCAndrew Tridgell1-0/+32
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-02s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett1-43/+35
Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
2010-10-02s4-kdc Rework 'allowed encryption types' handling in the KDCAndrew Bartlett1-28/+44
All DCs and all krbtgt servers are forced to use AES, regardless of the msDS-SecondaryKrbTgtNumber value. Andrew Bartlett
2010-10-02s4-auth Add make_server_info_pac() to include 'resource domain' groupsAndrew Bartlett2-5/+40
Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett
2010-10-02s4-auth Allocate domain SIDs under the sids array, not server_infoAndrew Bartlett1-1/+1
Andrew Bartlett
2010-10-02heimdal use returned server entry from HDB to compare realmsAndrew Bartlett1-1/+1
Some hdb modules (samba4) may change the case of the realm in a returned result. Use that to determine if it matches the krbtgt realm also returned from the DB (the DB will return it in the 'right' case) Andrew Bartlett
2010-10-01samba: share readline wrappers among all buildsystems.Günther Deschner12-173/+8
Guenther
2010-10-01samba: share select wrappers.Günther Deschner1-45/+0
Guenther
2010-10-01s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell1-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01s4-rpmd: fixed a use after realloc bugAndrew Tridgell1-2/+8
we could use old_el after the base message had been re allocated, due to adding timestamps. We need to re-find the element before using it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01s4-dsdb: fail the transaction instead of asserting on errorAndrew Tridgell1-2/+10
It is more useful to fail the transaction and give the user an error message than to assert when we have an error in the repl_meta_data module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01s4: Add 'subunit-test' make target.Jelmer Vernooij1-0/+3
2010-10-01autobuild-remote: Support autobuild.py rather than land.py.Jelmer Vernooij1-50/+0
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Fri Oct 1 09:46:37 UTC 2010 on sn-devel-104
2010-10-01Remove land.py - it's been obsoleted by autobuild.py.Jelmer Vernooij1-118/+0
2010-09-30heimdal: added verbose logging of hemimdal crypto errorsAndrew Bartlett1-2/+15
2010-09-30s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRETAndrew Tridgell1-0/+3
otherwise we don't get the secrets! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-spn: don't try and send an empty SPN listAndrew Tridgell1-0/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-01selftest: Let selftest provide the tempdir, rather than creating it as ↵Jelmer Vernooij2-6/+2
sideeffect of tests.py.
2010-09-30selftest: fixed a selftest error on snAndrew Tridgell1-1/+1
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
2010-10-01delete_object: Remove unnecessary pass calls.Jelmer Vernooij1-7/+0
2010-10-01s4-selftest: Remove unnecessary PYTHONPATH overrides.Jelmer Vernooij1-6/+6
2010-10-01s4-selftest: Normalize paths.Jelmer Vernooij1-5/+5
2010-10-01s4-selftest: Finish conversion of selftest.sh to Python.Jelmer Vernooij2-104/+104
2010-10-01s4-selftest: Convert tests.sh to Python.Jelmer Vernooij2-544/+510
2010-09-30s4-provision: wipe the old keytabs when provisioningAndrew Tridgell2-7/+29
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytabAndrew Tridgell1-2/+5
we need to fetch the msDS-keyVersionNumber from the writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell2-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-libnet: wipe the old keytab when exportingAndrew Tridgell1-0/+2
this prevents confusion with old keytab entries Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-dsdb: silence the domainFunctionality not setup warningAndrew Tridgell1-1/+2
2010-09-30s4-drs: added support for level 10 of getncchangesAndrew Tridgell2-73/+112
added a simple mapping from req8
2010-09-30LDAPCmp feature to compare nTSecurityDescriptorsZahari Zahariev1-34/+252
New feature that enables LDAPCmp users to find unmatched or missing ACEs in objects for the three naming contexts between DCs in one domain (default) or different domains. Comparing security descriptors is not the default action but attribute compatison. So to activate the new mode there is --sd switch. However there are two view modes to the new --sd action which are 'section' (default) or 'collision'. In 'section' mode you can only find differences connected to missing or value unmatched ACEs but not disorder unmatch if ACE values and count are the same. All of the mentioned differences plus disorder ACE unmatch you can observe under 'collision' view however it is more verbose. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-30s4-selftest: Add some more comments to skip file.Jelmer Vernooij1-1/+4
2010-09-30selftest: Eliminate some unnecessary spaces.Jelmer Vernooij1-36/+36
2010-09-29s4-drepl: don't call UpdateRefs on a RODCAndrew Tridgell1-5/+11
we use the ADD_REF bit in getncchanges instead Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drepl: fixed the checking of replica_flags in the drepl serverAndrew Tridgell1-7/+0
we were incorrectly avoiding a getncchanges when WRIT_REP was not set Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-kcc: fixed the replica_flags in repsFrom in the kccAndrew Tridgell1-31/+72
if our calculated replica_flags doesn't match the ones in our repsFrom then update it Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-30s4-dns: send A record updates via TKEYAndrew Tridgell1-1/+6
2010-09-30s4-smbtorture: add new EnumPrinters test to test printername/servernameGünther Deschner1-13/+207
behaviour in EnumPrinter and GetPrinter calls. Guenther
2010-09-29s4-samldb: also set a password on the krbtgt_NNNN accountAndrew Tridgell1-0/+11
when we setup the krbtgt_NNNN account using the DCPROMO_OID control, we also need to set an initial password for this account Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-devel: added new options to getncchanges scriptAndrew Tridgell1-9/+65
added --pas, --dest-dsa and --replica-flags options Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell1-26/+130
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2-12/+63
this checks securiity on the NC root of the specified naming context
2010-09-29s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS callAndrew Tridgell1-10/+57
we can't do SPN updates via sam writes and replication, as the sam is read-only
generated by cgit (git 2.34.1) at 2024-07-08 21:08:01 +0000