summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2012-09-05samba_tool: Improve samba-tool ntacl get/set to use the local sam.ldb SIDAndrew Bartlett1-19/+53
This gets the SID for the local machine correctly. We also add options for --use-ntvfs and --use-s3fs to help control exactly which database is being read and written. Andrew Bartlett
2012-09-05samba_tool: Fix ntacl get to correctly output in sddlAndrew Bartlett1-3/+3
2012-09-05s4-provision: Fix error message to contain the string SSDL of the ↵Andrew Bartlett1-2/+2
failed-to-match ACL
2012-09-05s4 dns: Revert erroneous push from wrong branchKai Blin7-461/+60
I've pushed the wrong branch for this, sorry about that. Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed Sep 5 14:10:54 CEST 2012 on sn-devel-104
2012-09-05s4 dns: Allow configuring signed updatesKai Blin1-1/+6
Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed Sep 5 10:45:22 CEST 2012 on sn-devel-104
2012-09-05s4 dns: Make sure to remember incoming tkey nameKai Blin1-0/+4
2012-09-05more tsig_verify stuffKai Blin3-12/+23
2012-09-05drop meKai Blin1-0/+3
2012-09-05hack: dns_sign_tsig correct memcpyKai Blin1-1/+1
2012-09-05HACK remove debug statementKai Blin1-1/+0
2012-09-05s4 dns: Verify incoming TSIG signaturesKai Blin4-9/+95
2012-09-05s4 dns: Handle GSS-TSIG signaturesKai Blin5-59/+352
2012-09-04s4-selftest: Try a more complex ACL - this example from a GPOAndrew Bartlett1-0/+14
Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 11:30:17 CEST 2012 on sn-devel-104
2012-09-04s4-selftest: Try to make ntacl unit tests better match their namesAndrew Bartlett1-5/+5
We are trying to test combinations of setting and getting via the VFS and directly to the underlying DB. Andrew Bartlett
2012-09-04s4-samba-tool: Ensure we also sync the SACL as well as the DACL during ↵Andrew Bartlett1-1/+1
sysvolreset
2012-09-04s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DCAndrew Bartlett2-13/+14
The name samba_dsdb is not ideal, but it matches the primary ldb module we use, and more importantly it avoids having '4' in the name. We should slowly avoid using the term samba4 in long-term places like the smb.conf because it is confusing to users given we are shipping Samba 4.0 as an AD DC as well as all the other supported roles (domain member/standalone server/classic DC) Additionally, samba4 will be an odd name when we eventually release Samba 5.0! samba4 remains accepted as an alias to ensure existing smb.conf files load, but to allow changes here in the future, we set the value during the smb.conf load, and not during the provision when we are an AD DC. This simplifies the default smb.conf for the vast majority of our users and reduces the number of things listed in smb.conf files that we later have to work around if we wish to change the name/implementation of the passdb glue module again. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
2012-09-03s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SIDAndrew Bartlett1-0/+1
2012-08-31Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP don't include any ↵Jeremy Allison1-4/+27
generic bits (they're used directly in the fileserver where the generic bits have already been mapped into file specific bits) we need to add the generic bits to the test when we have these privileges. Mark samba4.base.maximum_allowed knownfail until we implement NTCREATEX_OPTIONS_BACKUP_INTENT.
2012-08-31Rewrite torture_samba3_rpc_sharesec() to use a non-privileged user for share ↵Jeremy Allison2-15/+182
security descriptor testing.
2012-09-01s4-dsdb: Remove unused variablesAndrew Bartlett1-3/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
2012-09-01s4-kdc: Improve grammer and clarity of password change failure messages.Andrew Bartlett1-4/+3
This can still be improved further, but avoid mentioning reasons that clearly do not apply in this case. Andrew Bartlett
2012-09-01s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_contextAndrew Bartlett1-2/+0
This was found based on a log provided by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky! Andrew Bartlett
2012-08-31s4 dns: Store TKEYs in a ringbufferKai Blin3-57/+106
This stops us from potentially being DoSed by tons of TKEYs Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104
2012-08-31s4 dns: Negotiate GSSAPI-based TKEYsKai Blin4-1/+254
Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Fri Aug 31 10:38:35 CEST 2012 on sn-devel-104
2012-08-31s4-kdc: Give information on how long the password history isAndrew Bartlett1-1/+2
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104
2012-08-31s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctxAndrew Bartlett1-2/+2
These are only needed for as long as the call, and should be children of the private context. This was found based on a log provided by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky! Andrew Bartlett
2012-08-30Now ACL inheritance flags are working, add test_inheritance_flags() back ↵Jeremy Allison1-5/+10
into raw.acls to ensure we don't regress.
2012-08-30auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett2-0/+2
This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
2012-08-29s4-torture: Add start of a test to confirm winbindd PAC parsingAndrew Bartlett2-1/+154
So far this confirms that we can accept a ticket using the secrets.tdb entry. Andrew Bartlett
2012-08-29s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt ↵Andrew Bartlett1-1/+1
array it returns Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
2012-08-29selftest: Add a test for smbclient --machine-pass without secrets.tdbAndrew Bartlett1-1/+1
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults in the server. This essentially tests both sides. Andrew Bartlett
2012-08-28s3-classicupgrade: Fix import from ldapAndrew Bartlett1-2/+2
We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
2012-08-28selftest: Fix comment in blackbox_s3upgrade.shAndrew Bartlett1-1/+1
2012-08-28s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is ↵Andrew Bartlett2-7/+14
configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
2012-08-28s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett1-0/+2
This is then used in provision when the passdb backend is forced. Andrew Bartlett
2012-08-28selftest: Add test of smbclient --machine-pass against and using both s3 and s4Andrew Bartlett2-0/+37
This uses both smbclient binaries to ensure that both work in both environments. Andrew Bartlett
2012-08-28s4-dsdb: Remove double-free in update_keytab moduleAndrew Bartlett1-2/+0
2012-08-28s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in syncAndrew Bartlett6-2/+543
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-28lib/krb5_wrap: Move enctype conversion functions into a simple helper fileAndrew Bartlett1-45/+0
2012-08-28s4-classicupgrade: Read WINS DB before the provisionAndrew Bartlett1-6/+7
2012-08-28s4-classicupgrade: Do all the queries of data before the provision()Andrew Bartlett1-35/+35
This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett
2012-08-28s4-classicupgrade: Use s3param.get_context() instead of result.lpAndrew Bartlett1-1/+1
We should not need the guessed values here, but by changing to using the s3 loadparm context we can move this block to before the provision. Andrew Bartlett
2012-08-28lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrapAndrew Bartlett1-20/+0
2012-08-28lib/krb5_wrap: Bring list of all enc types into krb5_wrapAndrew Bartlett1-10/+1
2012-08-28s4-libnet: Ensure termination of enctype array in libnet_export_keytab()Andrew Bartlett1-1/+2
2012-08-27s4-torture: Test for #9058Volker Lendecke1-0/+72
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Aug 27 17:43:09 CEST 2012 on sn-devel-104
2012-08-25s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)Stefan Metzmacher1-3/+30
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104
2012-08-25s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)Stefan Metzmacher1-3/+30
metze
2012-08-25s4:winbind: add a netlogon_queue (tevent_queue)Stefan Metzmacher2-0/+12
This will protect the netlogon_creds later. metze
2012-08-25s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_reqStefan Metzmacher2-78/+122
metze