summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2012-07-03auth: Remove .get_challenge (only used for security=server)Andrew Bartlett7-97/+0
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
2012-07-02s4-torture: more printf removal from samlogon torture test.Günther Deschner1-29/+25
Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Jul 2 17:19:55 CEST 2012 on sn-devel-104
2012-06-28Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.Jeremy Allison2-5/+9
Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
2012-06-28selftest: run pdbtest against s3dc as wellAndrew Bartlett1-1/+1
This validates the password expiry, account disable in the s3 auth code and the save/restore of values in tdbsam. It also provides the first test of some net sam set subcommands. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 28 20:39:38 CEST 2012 on sn-devel-104
2012-06-28selftest: use a loop rather than declare tests for both dc and s3dcAndrew Bartlett1-16/+16
2012-06-28s4-torture: fix typo in samlogon test.Günther Deschner1-1/+1
Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Jun 28 18:43:46 CEST 2012 on sn-devel-104
2012-06-28s4-torture: use torture context for printing debug output.Günther Deschner1-111/+97
Guenther
2012-06-28source4/smbd/pidfile: don't panic if pid file is corrupt.Rusty Russell1-0/+3
In particular, on a virtual machine after a forced reboot, it contained "Ille" instead of a valid PID. Given it was the right length, I'm assuming it was filesystem corruption. process_exists_by_pid() then panics, when given a pid < 1. Reported-by: lostogre on #samba-technical Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Thu Jun 28 05:19:24 CEST 2012 on sn-devel-104
2012-06-27s4-selftest: expand passdb testingAndrew Bartlett1-0/+1
This tests pdb_samba4 in the first instance
2012-06-27s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it ↵Andrew Bartlett1-1/+7
non-critical
2012-06-27s4-dsdb: Remove hooks for non-directory password handlingAndrew Bartlett1-12/+0
This was an interesting hack, and the local_password module still exists, but until it has a use case and a test case, remove the bypass of password_hash. Andrew Bartlett
2012-06-26s3-torture: Use static printer for smbd spooler testDavid Disseldorp1-1/+9
Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Jun 26 18:04:43 CEST 2012 on sn-devel-104
2012-06-26torture: add test for smbd print job spoolingDavid Disseldorp1-0/+73
Clients can print by performing file IO on a printer share, rather than issuing spoolss RPCs. This commit attempts to reproduce bug 8719.
2012-06-26s4-samldb: do not talloc_steal() the elements of the original requestAndrew Bartlett1-4/+10
2012-06-24s4-join: Setup correct DNS configurationAndrew Bartlett2-28/+76
This means we do not need to run samba_upgradedns any more. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jun 24 18:10:10 CEST 2012 on sn-devel-104
2012-06-25s4-samba_upgradedns: Do not set DNS account for internal serverAndrew Bartlett1-32/+32
The internal DNS server does not need the samba-only NAME-dns account. Andrew Bartlett
2012-06-25s4-join: Import DNS zones in AD DC joinAndrew Bartlett3-20/+59
2012-06-24selftest: Test unix.whoami with kerberos on plugin_s4_dcAndrew Bartlett1-16/+4
This also tests the comparison with LDAP on anonymous connections and marks this as knownfail, while we investigate the correct behaviour here. Andrew Bartlett
2012-06-24s4-classicupgrade: Allow DNS backend to be specifiedAndrew Bartlett2-6/+12
2012-06-24s4-drepl: Ensure that the op->source does not get deallocated too earlyAndrew Bartlett2-9/+25
We need to have the struct dreplsrv_partition_source_dsa around until the end of the async op, so we use talloc_reference after carefully checking the callers and making the modifications required. This prevents a crash when replicating partitions in the vampire_dc test after adding DNS replication at join time. Andrew Bartlett
2012-06-23selftest: schema is not automatically reloaded now so if you modify it you ↵Matthieu Patou1-0/+9
have to reload it Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
2012-06-22s4-dsdb: operational handle modifyTimeStamp on the CN=aggregate DNMatthieu Patou1-1/+37
modifyTimeStamp is a generated attribute, for most object it's generated directly from the whenChanged attribute. But for the CN=aggregate object in the schema we have to handle it in a different way, that's because for this object whenChanged!=modifyTimeStamp (as checked against Windows 2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the most recently modified and loaded schema object (that is to the one with the highest USN before the schema was reload due to timeout or by the reloadSchemaNow command). Some third party are using this information to know if they have to update their schema cache and also to check that schema updates have been correctly reloaded by the DC, a good example of this behavior is exchange 2010.
2012-06-22s4-schema: improve the documentation of the dsdb_schema structureMatthieu Patou1-4/+6
2012-06-22s4-dsdb: Check for key SCHEMA_SEQ_NUM in metadata.tdb updatesMatthieu Patou2-3/+192
If the value has changed then reload the schema, this means that now the schema is only reloaded on a periodical basis or if we have been asked explicitly to do it and not necesserly if the schema partition has changed.
2012-06-22s4-dsdb: Add/Update SCHEMA_SEQ_NUM key in the metadata.tdb after schemaUpdateNowMatthieu Patou4-2/+43
The idea is to signal to other process accessing the database that the schema was forced to be reloaded and so they should reload as well.
2012-06-22s4-drs: if schema has changed during replication notify other process that ↵Matthieu Patou1-0/+55
they have to reload the schema
2012-06-22s4-dsdb: move schema_load at the top of module stackMatthieu Patou1-1/+1
2012-06-22s4-extended: do not try to fix if there is no schemaMatthieu Patou1-0/+4
2012-06-22s4-schema: keep track of the timestamp of the most recently changed/created ↵Matthieu Patou3-1/+13
object
2012-06-22s4-schema: generalized time use its own syntax nowMatthieu Patou1-1/+0
2012-06-22s4-drsuapi: Fix a const warningMatthieu Patou1-1/+1
2012-06-22s4-drsuapi: rework the crackname implementation of functionnal namesMatthieu Patou1-24/+122
2012-06-22s4-dsdb-linkedattributes: register the VERIFY_NAME control, handle it when ↵Matthieu Patou1-10/+97
we are a GC In theory when presented this control and not a GC we should use the specified name as the DC to contact for cross-domain link verification. But for the moment we don't support this so we just fail when we have this control and are not a GC.
2012-06-22s4-ldap: handle VERIFY_NAME control encoding/decodingMatthieu Patou1-0/+96
2012-06-22s4-dsdb: support otherWellKnownObjectsMatthieu Patou1-24/+31
2012-06-22s4-dsdb: Try to avoid much of the time a db search for msDS-IntIDMatthieu Patou3-14/+97
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID). If so generate another random value. If not check if the highest USN in the database for the schema partition is the one that we know. If so it means that's only this ldb context that is touching the schema in the database. If not it means that's someone else has modified the database while we are doing our changes too (this case should be very bery rare) in order to be sure do the search in the database.
2012-06-22dsdb-schema: do not reload more often than schema_reload_intervalMatthieu Patou5-4/+65
Samba 4 use to try to reload the schema every time dsdb_get_schema was called (which could be 20+ time per ldb request). Now we only reload at most every xx seconds (xx being the value of dsdb:"schema_reload_interval" or 120). The timestamp of the last reloaded schema is kept in the dsdb_schema object. There is also a timestamp in the ldb_context, that is used by the LDAP server to know if it has to reload the schema after handling the request. This is used to allow that the schema will be immediately reload after a schemaUpdateNow request has been issued, the reload can't occur in the handling of the LDAP request itself because we have a transaction autostarted.
2012-06-22s4-dsdb: fix a warning about unused variableMatthieu Patou1-3/+0
2012-06-22s4:torture/raw: add raw.session.expire1Stefan Metzmacher1-0/+200
This demonstrates the interaction of CAP_DYNAMIC_REAUTH and NT_STATUS_NETWORK_SESSION_EXPIRED. metze
2012-06-22s4:torture/smb2: run smb2.session.reauth5 in a subdirectoryStefan Metzmacher1-14/+77
This way we can give anonymous full access to the directory. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 22 11:30:06 CEST 2012 on sn-devel-104
2012-06-22s4:torture/smb2: add smb2.durable-open.lock-oplockStefan Metzmacher1-0/+79
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 22 03:37:54 CEST 2012 on sn-devel-104
2012-06-22s4:torture/smb2: rename smb2.durable-open.lock to smb2.durable-open.lock-leaseStefan Metzmacher1-4/+4
metze
2012-06-21samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij5-23/+25
2012-06-21s4-provision: Give better clues on what Samba needs for s3fs ACL supportAndrew Bartlett1-1/+7
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 21 14:07:55 CEST 2012 on sn-devel-104
2012-06-21s4:torture/smb2: add smb2.durable-open.delete_on_close1Stefan Metzmacher1-2/+126
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jun 21 10:19:00 CEST 2012 on sn-devel-104
2012-06-21samba-tool: gpo: Fix creation of filesystem ACL from directory ACLAmitay Isaacs1-2/+8
Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Thu Jun 21 03:25:57 CEST 2012 on sn-devel-104
2012-06-21s4-pysmb: Parse security info as an unsigned integerAmitay Isaacs1-1/+1
2012-06-20s4-torture: Expand whoami test to confirm the user token.Andrew Bartlett1-2/+44
This uses the tokenGroups attribute on LDAP and the posix whoami call to confirm that user token matches between LDAP and CIFS. I have a seperate patch for the anonymous case, because this isn't consistent at this stage, and we need to study and fix that. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 20 18:43:43 CEST 2012 on sn-devel-104
2012-06-20s4-torture: Change the unix.whoami test to use torture_assert()Andrew Bartlett1-24/+19
2012-06-20s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett3-22/+51
errors