summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-06-30s4:ldb Allow rootdse module to build without ldb_private.hAndrew Bartlett3-2/+4
It seems quite reasonable to allow modules to re-initialise the set of cached DNs on the ldb context. Andrew Bartlett
2009-06-30s4: dsdb Avoid using the internal ldb_private.h headerAndrew Bartlett5-118/+122
This job is not complete (the partition module remains a unfinished task), but now we do use the private ldb headers much less. Andrew Bartlett
2009-06-30s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookupsAndrew Bartlett4-24/+33
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail list user principal name) in an AS-REQ. Evidence from the wild (Win2k8 reportadely) indicates that this is instead valid for all types of requests. While this is now handled in heimdal/kdc/misc.c, a flag is now defined in Heimdal's hdb so that we can take over this handling in future (once we start using a system Heimdal, and if we find out there is more to be done here). Andrew Bartlett
2009-06-30s4:kdc Only get the lp_ctx once for a LDB_fetch()Andrew Bartlett1-11/+18
2009-06-30Rework hdb-samba4 to remove useless abstractions.Andrew Bartlett1-84/+44
The function LDB_lookup_principal() has been eliminated, and it's contents spread back to it's callers. Removing the abstraction makes the code clearer. Also ensure we never pass unescaped user input to a LDB search function. Andrew Bartlett
2009-06-30s4:dsdb Explain the parsing steps for userPrincipalName cracknames callsAndrew Bartlett1-0/+4
2009-06-29s4-smbtorture: use torture_comment & torture_warning in RPC samr tests.Günther Deschner1-205/+206
Guenther
2009-06-29s4-smbtorture: correctly test comment behaviour in RPC-SAMR-USERS against s3.Günther Deschner1-7/+4
Guenther
2009-06-29s4-smbtorture: add RPC-SAMR-MACHINE-AUTH test.Günther Deschner2-1/+486
This test talks to a DC as a joined workstation member - in the same way winbindd does, in particular the calls used in this test's query pattern will all request for SEC_FLAG_MAXIMUM_ALLOWED access_mask (which pretty much all of samba's client code does as well). In fact this test verifies that winbind can correctly talk to a samba dc using samr dcerpc calls. Guenther
2009-06-29s4-smbtorture: add torture_suite_add_machine_workstation_rpc_iface_tcase.Günther Deschner5-10/+65
Unlike torture_suite_add_machine_bdc_rpc_iface_tcase() which joins as a BDC (ACB_SRVTRUST) this joins as a member workstation (ACB_WSTRUST). Guenther
2009-06-29Adds the impersonation level in ntcreatex requests to SAMBA 3 misc torture testMatthias Dieter Wallnöfer1-0/+4
Specifies the impersonation level according to the reporter commit in bug #6283
2009-06-29Correct some typos in the LDB partition moduleMatthias Dieter Wallnöfer1-5/+5
2009-06-29SAMDB: Don't check for "sAMAccountName" twiceMatthias Dieter Wallnöfer1-1/+0
2009-06-29Enhancement of "simple ldap map" with "systemFlags" attributeMatthias Dieter Wallnöfer1-0/+22
Enhance the simple ldap map to support also the "systemFlags" attribute in the correct way.
2009-06-29ldb: Properly handle NULL when copying attr lists.Andrew Kroeger1-4/+4
When copying an attribute list, ensure the list itself is not NULL before attempting to access elements of the list.
2009-06-29Correct the headers of some SAMBA 4 setup python scriptsMatthias Dieter Wallnöfer3-3/+3
2009-06-29Two patches which fix issues on cross compiling/buildingNathaniel McCallum1-1/+3
2009-06-29Fixes for SAMBA3RPC torture testMatthias Dieter Wallnöfer1-4/+11
On calls where both NT_STATUS and WERROR results are returned and consulted we have to make sure to form function results considering both. This errors have been found through a run against SAMBA 4.
2009-06-29Small patch for SPOOLSS pipeMatthias Dieter Wallnöfer1-5/+5
Prevents a crash of the SAMBA 4 daemon on the torture SPOOLSS test due to not initialised structures.
2009-06-26Upgrade ntvfs_map_*info to ntvfs_map_async_setup/ntvfs_map_async_finishSam Liddicott1-33/+80
ntvfs_map_fsinfo, ntvfs_map_qpathinfo, ntvfs_map_qfileinfo used an old synchronous mapping technique, acceptable on the grounds that they were only used by the simple vfs which was synchronous. Other vfs may/do use these functions, and by upgrading them to use the ntvfs_map_async_setup/ntvfs_map_async_finish framework, they can now be used asynchronously. Signed-off-by: Sam Liddicott <sam@liddicott.com> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-06-25s4 auth_winbind: Internally, info3 has utf8 buffers, not utf16 buffers.Kai Blin1-63/+16
Thanks to gd for the catch.
2009-06-25s4 auth_winbind: Don't allocate the rids for the info3 structure within the loopKai Blin1-4/+4
2009-06-25s4: Add libwbclient backend to auth_winbindKai Blin2-1/+216
2009-06-24Reenable the LDAPI socket for the merged buildVolker Lendecke1-2/+0
It seems that the samba4 part of the merged build does not pick up the DEVELOPER flag from the s3 configure. Jelmer, can you fix that properly? Thanks, Volker
2009-06-24s4-smbtorture: more paranoid checks while testing group membership in RPC-SAMR.Günther Deschner1-1/+27
Guenther
2009-06-19s4-smbtorture: fix test_GetInfoLevel crash bug in RPC-DFS.Günther Deschner1-0/+2
Guenther
2009-06-19Allow developers access the the privilaged ldapi socket for the momentAndrew Bartlett1-0/+4
This allows us some time to get the EXTERNAL bind working
2009-06-19On our way to alpha9!Andrew Bartlett1-2/+2
2009-06-19Mark as release versionAndrew Bartlett1-1/+1
2009-06-19s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdefAndrew Bartlett1-1/+11
This makes it clear to our users that this particular implementation isn't final (all parties are agreed that an EXTERNAL bind is the right way to do this, but it has not been implemented yet). Andrew Bartlett
2009-06-19s4:ldb Add test for integer normalisation behaviourAndrew Bartlett1-0/+17
This uses groupType as the example, but this actually applies to all integer types in AD. Andrew Bartlett
2009-06-19Fixed some uninitialised variablesMatthias Dieter Wallnöfer5-18/+20
I tried hard to not change the program logic. Should fix bug #6439.
2009-06-19Correct handling of 32-bit integer attributes in SAMBA 4Matthias Dieter Wallnöfer4-41/+88
- LDB handles now all 32-bit integer attributes correctly (also with overflows) according to the schema - LDAP backends handle the attributes "groupType", "userAccountControl" and "sAMAccountType" correctly. This handling doesn't yet use the schema but the conversion file "simple_ldap.map.c" which contains them hardcoded. Did also a refactoring of the conversion function there. - Bug #6136 should be gone
2009-06-18Remove unused variableAndrew Bartlett1-3/+0
2009-06-18Bump the ldb version and the version Samba4 requires.Andrew Bartlett2-2/+2
We have made a lot of useful changes to LDB since the last realese, that Samba4 now relies on. This ensures that a build against a system LDB will only succeed against the right version. Andrew Bartlett
2009-06-18s4: Add tests and 'must change password' flags in setpassword and newuserAndrew Bartlett4-12/+25
In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett
2009-06-18s4:libnet Allow 'net password change' to work on expired passwordsAndrew Bartlett11-9/+41
We need to pass down flags to the DCE/RPC layer to allow fallback to anonymous connections, as we can't log in with an expired password. The anonymous connection can then change the password with SAMR. Andrew Bartlett
2009-06-18s4:kdc Allow a password change when the password is expiredAndrew Bartlett12-70/+98
This requires a rework on Heimdal's windc plugin layer, as we want full control over what tickets Heimdal will issue. (In particular, in case our requirements become more complex in future). The original problem was that Heimdal's check would permit the ticket, but Samba would then deny it, not knowing it was for kadmin/changepw Also (in hdb-samba4) be a bit more careful on what entries we will make the 'change_pw' service mark that this depends on. Andrew Bartlett
2009-06-18s4:setup Add an option to 'setpassword' to force password change at next loginAndrew Bartlett3-3/+17
2009-06-18s4:gensec Print GSSAPI error message when unable to find PACAndrew Bartlett1-1/+3
2009-06-18Require the new tdb 1.1.5 (for performance reasons)Andrew Bartlett2-2/+2
While tdb has not changed ABI in a way that requires this, we don't want Samba4 somehow built against the old version with performance problems on large, growing databases. Andrew Bartlett
2009-06-18Fixes for the "cldap" testsMatthias Dieter Wallnöfer2-6/+19
- Insert a check after the "tsocket" library call to make sure that the call terminated correctly - Add a comment to explain why on further calls of "cldap_socket_init" the destination address hasn't to be specified
2009-06-18source4/client/client.c: Possible memory leaksSlava Semushin1-2/+5
Patch for bug #6446 cppcheck found 2 possible memory leaks: [./source4/client/client.c:3305]: (error) Memory leak: base_directory [./source4/client/client.c:3305]: (error) Memory leak: desthost Patch in attach.
2009-06-18Fix resource leak in lib/ldb/tools/ldbmodify.cSlava Semushin1-0/+1
Patch for bug #6389
2009-06-18Fix syntax error in lib/ldb/ldb_sqlite3/base160.cSlava Semushin1-1/+1
Patch for bug #6388
2009-06-18LDB: Link against both tevent and tallocEric Sandall1-1/+1
Patch for bug #6269 When linking against tevent you also need to link against talloc. This patch fixes external/libevent.m4 to do so.
2009-06-18s4: Call va_end() after all va_start()/va_copy() calls.Andrew Kroeger1-0/+1
This corrects the issues reaised in bug #6129, and some others that were not originally identified. It also accounts for some code that was in the original bug report but appears to have since been made common between S3 and S4. Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
2009-06-18NETLOGON pipe improvementsMatthias Dieter Wallnöfer2-33/+81
Patch for bug #4939 This refactors the NETLOGON code related to this bug: - Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc. to WSPP) - Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP) - Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is also true when a domain is running in mixed mode) - Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex" (acc. to WSPP) - Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
2009-06-18Use system Python LDB bindings, if present.Jelmer Vernooij1-1/+9
2009-06-18Use system LDB by default if the right version was found.Jelmer Vernooij1-2/+2