Age | Commit message (Collapse) | Author | Files | Lines |
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 30 06:25:46 CEST 2012 on sn-devel-104
|
|
per-DC attributes
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 16:51:34 CEST 2012 on sn-devel-104
|
|
|
|
add debugging
The logic looking for LostAndFound failed for a user, so add extensive
debugging to make this eaiser to trace down in future.
Andrew Bartlett
|
|
This should mean that a samba-tool drs replicate --full-sync forces a
replication of all objects, regardless of if we think the local name
is newer and regards any local name as being in conflict.
Andrew Bartlett
|
|
This allows us to proceed with replication when the source DC is sending us an object
which has a matching object in this NC (by name) but not by GUID.
Andrew Bartlett
|
|
This was incorrect in 02a356ea775a3ba589cb50af3c861ab86aaffa0b.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 14:54:33 CEST 2012 on sn-devel-104
|
|
Based on a patch proposal by Matthieu Patou <mat@matws.net>.
Andrew Bartlett
|
|
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 28 05:40:43 CEST 2012 on sn-devel-104
|
|
server
In these other cases, control of the sockets to bind to can be obtained using
"bind interfaces only = yes" and "interfaces = ".
Andrew Bartlett
|
|
metze
|
|
metze
|
|
metze
|
|
It's a reserved field...
metze
|
|
metze
|
|
metze
|
|
changing them
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
smb1cli_trans*
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 24 21:22:44 CEST 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
We use the slightly confusing 'case sensitive = yes' option for the same behaviour.
This avoids adding even more confusing documentation for the ntvfs-only option.
Andrew Bartlett
|
|
This stub codebase does not justify a merged parameter.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
|
|
smb1cli_trans*
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 24 00:08:58 CEST 2012 on sn-devel-104
|
|
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
When we revamp the idmap layer, we will end up just following the s3
options, and this option is not used there either.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This makes it easier to interpret failing output.
Andrew Bartlett
|
|
This compares only the domain SIDs betwen the two servers, rather than
the full token, as well known and other SIDs may be added locally
in both cases.
This also expands the test environments this is run against to verify
this between our AD server and domain members.
Andrew Bartlett
|
|
|
|
|
|
This works around an artificial limitation in socket_wrapper that breaks
some versions of GnuTLS when we return a short write.
Instead, keep pushing until the OS will not take it.
The correct solution will be to use tls_tstream, but the client code
for this is not yet tested and needs the ldap client layer changed
to use it.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 18 11:23:55 CEST 2012 on sn-devel-104
|
|
gensec_update()
This avoids a situation where we could destroy pointers on the stack due to
a nested event loop.
This is certainly not a final, generic solution, but it is a minimal change
while we work to make gensec and gensec_gssapi async.
Andrew Bartlett
|
|
|
|
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.
Andrew Bartlett
|
|
|
|
We should prevent this much further up the stack, but at least add a choke
at this point for now.
Additionally, this avoids administrator-forced replications causing
considerable damange to the directory.
Andrew Bartlett
|
|
We need a stackframe to call lp_load().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Jul 18 09:31:07 CEST 2012 on sn-devel-104
|
|
If we create a copy of the credential state we miss updates to the
credentials.
To establish a netlogon schannel connection we create client credentials
and authenticate with them using
dcerpc_netr_ServerAuthenticate2()
For this we call netlogon_creds_client_authenticator() which increases
the sequence number and steps the credentials. Lets assume the sequence
number is 1002.
After a successful authentication we get the server credentials and we
send bind a auth request with the received creds. This sets up gensec
and the gensec schannel module created a copy of the client creds and
stores it in the schannel auth state. So the creds stored in gensec have
the sequence number 1002.
After that we continue and need the client credentials to call
dcerpc_netr_LogonGetCapabilities()
to verify the connection. So we need to increase the sequence number of
the credentials to 1004 and step the credentials to the next state. The
server always does the same and everything is just fine here.
The connection is established and we want to do another netlogon call.
So we get the creds from gensec and want to do a netlogon call e.g.
dcerpc_netr_SamLogonWithFlags.
We get the needed creds from gensec. The sequence number is 1002 and
we talk to the server. The server is already ahead cause we are already
at sequence number 1004 and the server expects it to be 1006. So the
server gives us ACCESS_DENIED cause we use a copy in gensec.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|