summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett2-4/+20
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-12-12torture: do not reuse bindings between pipesAndrew Bartlett1-6/+10
This avoids connecting to the netlogon server over \pipe\lsarpc This works against windows because all pipes are implemented in the same process, but not Samba4, and relying on this is not recommended in the WSPP docs. Andrew Bartlett
2011-12-12s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest testAndrew Bartlett1-14/+17
This allows us to move this test to knownfail from skip
2011-12-12tdb2: don't use TDB2 versions of test tdb files.Rusty Russell1-5/+2
Now tdb2 handles tdb1 files, we don't need most of commit 5eecc854236f0b943aaa89e0c3a46f9fbd208ca9 which added TDB2 versions of all the testing tdbs. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Mon Dec 12 06:33:44 CET 2011 on sn-devel-104
2011-12-09s4:libcli/smb2: mark a request as error if we can't ship itStefan Metzmacher1-0/+2
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Dec 9 15:13:11 CET 2011 on sn-devel-104
2011-12-09s4:libcli/raw: mark a request as error if we can't ship itStefan Metzmacher1-0/+2
metze
2011-12-09s4:dsdb/common/util.c - test LDB result against LDB_SUCCESS as we are always ↵Matthias Dieter Wallnöfer1-1/+1
doing Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
2011-12-09s4 dns: Update requests with QCLASS != IN or ALL trigger NOTIMPLEMENTED errorsKai Blin2-0/+17
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Fri Dec 9 03:32:28 CET 2011 on sn-devel-104
2011-12-09s4 dns: Add test to prove two updates in one packet are a FORMERRKai Blin1-0/+18
2011-12-09s4 dns: More explicitly use the first question of an update packet onlyKai Blin1-1/+1
2011-12-09s4 dns: Get rid of const qualifier for prereqs, we do need to allocate thoseKai Blin2-6/+6
2011-12-09Revert "Install (platform-independent) python scripts to the PYTHONDIR ↵Jelmer Vernooij1-1/+1
rather than PYTHONARCHDIR." This reverts commit de4b8943bfb40e2f50c9e4e2ee5d39e986317d08. PYTHONDIR and PYTHONARCHDIR are both incorrect - they're the distribution's python locations, rather than the python locations for third party applications. For the moment, using PYTHONARCHDIR seems better though, because it works around an issue on Fedora/RedHat. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Fri Dec 9 01:58:50 CET 2011 on sn-devel-104
2011-12-08Add test for PEP8 - currently all errors are ignored, but we warn about them ↵Jelmer Vernooij1-0/+50
- and can ratchet if we want to. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Dec 8 23:44:10 CET 2011 on sn-devel-104
2011-12-08samba.drs_utils: Use new style classes and exceptions, fix formatting of ↵Jelmer Vernooij1-13/+19
docstrings to make pydoctor happy.
2011-12-08samba.kcc_utils: Fix formatting to match PEP8, make pydoctor happy.Jelmer Vernooij1-246/+214
2011-12-08Add tests for srvsvc python interface. Thanks Dhananjay SatheJelmer Vernooij2-0/+70
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Dec 8 04:57:52 CET 2011 on sn-devel-104
2011-12-08selftest: Some extra assertions.Jelmer Vernooij1-0/+4
2011-12-08dbcheck: cope with objects disappearing during checkingAndrew Tridgell2-6/+16
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Dec 8 03:23:49 CET 2011 on sn-devel-104
2011-12-08samba_kcc NTDSConnection translationDave Craft2-218/+1292
This is an advancement of samba_kcc to compute and commit the modification of a repsFrom on an NC Replica. The repsFrom is computed according to the MS tech spec for implied replicas of NTDSConnections. Proper maintenance of (DRS options, schedules, etc) from a NTDSConnection are now all present. New classes for inter-site transports, sites, and repsFrom) are now present in kcc_utils.py. Substantively this gets intra-site topology generation functional by committing the repsFrom that were computed from the DSA graph implemented in prior drops of samba_kcc Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-08Invocation of samba_kcc from KCC taskDave Craft3-21/+89
Modification to periodic and explicit invocation paths of the KCC topology generation code. Managed via samba_runcmd_send() API. The samba_kcc script is invoked if (kccsrv:samba_kcc = true) appears in smb.conf Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-08Add subreq and status to kcc_service structDave Craft1-2/+9
The subreq and status fields in the kcc_service struct are added for execution management of the external samba_kcc python script. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-07s4-selftest re-enable nsstest on libnss_winbind.soAndrew Bartlett1-1/+1
2011-12-07s4-kdc: only build hdb plugin if we build against system HeimdalAndrew Bartlett1-0/+1
It is not safe to have a system kadmin use our plugin if we do not share the same libkrb5. Andrew Bartlett
2011-12-07s4-dnsupdate: Do not attempt to add the PDC names if we are not a PDCAndrew Bartlett1-5/+11
2011-12-07pydsdb: provide a am_pdc hook like am_rodc to python scriptsAndrew Bartlett2-0/+26
2011-12-07s4-dns Use match-by-key in GSSAPI server if principal is not specifiedAndrew Bartlett1-22/+5
This allows dlz_bind9 to match on exactly the same key as bind9 itself Andrew Bartlett Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104
2011-12-07auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett2-3/+14
This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
2011-12-07dlz_bind9: Add command line options for URL and debugAmitay Isaacs2-9/+28
To specify debug level, use -d <level> in named.conf. To specify sam db, use -H <path/to/sam.ldb> in named.conf. The default log level is set to 0. The log level specified in smb.conf is not used. To set log level, use -d option.
2011-12-07dlz_bind9: Set debugging output to stderrAmitay Isaacs1-0/+3
2011-12-07dlz_bind9: Use client supplied credentials for DNS record updateAmitay Isaacs1-0/+79
This creates the DNS records with correct owner and group settings.
2011-12-07dlz_bind9: For creating a child entry, use only SEC_ADS_CREATE_CHILDAmitay Isaacs1-1/+1
The member servers in AD do not have access to modify the parent, but do have access to create child DNS records.
2011-12-06Install (platform-independent) python scripts to the PYTHONDIR rather than ↵Jelmer Vernooij1-1/+1
PYTHONARCHDIR.
2011-12-05s4-drs: do not try to contact for replication servers that are not anymore ↵Matthieu Patou1-6/+40
in reps* Servers connection can be removed from repsTo and respFrom either due to DC demote or topology change by the KCC, if a server is removed from the reps* it must be effectivly removed from the list of server that we will contact for getNcChanges and for replicaSync. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
2011-12-05s4-resolver: do not use all the A and AAAA records, those after a NS are not ↵Matthieu Patou2-1/+17
the one we want to use
2011-12-05s4-drs: mark WERR_DS_DRA_BUSY as a non error in DsReplicaUpdateRefsMatthieu Patou1-2/+22
2011-12-05s4: add blackbox test for the demote functionMatthieu Patou2-0/+40
2011-12-05samba-tool: refuse to demote if the current DC has still rolesMatthieu Patou1-4/+12
2011-12-05samba-tool: add a function to cleanly demote a DCMatthieu Patou2-2/+257
samba-tool domain demote allow the local DC to properly demote against Microsoft and Samba DC.
2011-12-05s4-python: factorize the definition of get_dsServiceNameMatthieu Patou4-18/+14
2011-12-05s4-python: externalize some function to the drs_utils module so that they ↵Matthieu Patou2-25/+66
can be reused
2011-12-05s4-python: rename conflicting variable with the import optionMatthieu Patou1-2/+2
2011-12-03s4 dns: Test SOA queriesKai Blin1-0/+32
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Sat Dec 3 20:52:51 CET 2011 on sn-devel-104
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij17-59/+59
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-12-01s4-ntvfs: added allow_override check based on use of NT ACLAndrew Tridgell10-41/+59
This disables the posix permission override if the calculated permissions did not come from a NT ACL. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104
2011-12-01s4-ntvfs: fixed a unix ACL mapping bugAndrew Tridgell1-21/+25
the ACL mapping code was incorrectly allowing creation of directories in some situations where it should be denied by the unix permissions
2011-11-30s4-tests: Use long option names in test list script, to prevent 'eating' ↵Jelmer Vernooij1-38/+38
--list argument when e.g. is not set.
2011-11-30s4-testlist: Write diagnostic info to stderr, and purely test info to stdout.Jelmer Vernooij1-2/+2
2011-11-30s4:lib/tls - call "gnutls_transport_set_lowat" only on GNUTLS < 3.0Matthias Dieter Wallnöfer2-0/+8
This function call together with the lowat feature has been removed in release 3.0 as described in this mailing list post: http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html. Since we do not make any use of lowat (esprimed by each function call) we are free to simply omit it on v3.0 and later. This addresses bug #8537. Reviewed by: abartlet + metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104
2011-11-30s4:gensec/spnego: only try the mechs that match the client given onesStefan Metzmacher1-0/+4
Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
2011-11-30s4:libcli/raw: implement on top of smbXcli_conn/reqStefan Metzmacher20-1812/+1033
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 15:13:36 CET 2011 on sn-devel-104