summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-11-29s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett5-70/+163
This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-29s4-provision: Fix the security ace for DnsAdmins group on DNS recordsAmitay Isaacs1-12/+19
Find the objectSid for DnsAdmins group and use that instead of a fixed sid. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Nov 29 07:38:06 CET 2011 on sn-devel-104
2011-11-29s4-repl: Check if GC SPN exists before using it for replicationAmitay Isaacs1-3/+54
Sometimes windows DC will set up dNSHostname before setting up GC SPN and that causes replication errors since samba tries to use GC SPN, which does not yet exist locally. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-provision: Make BIND9_DLZ as the default backend for DNSAmitay Isaacs4-6/+6
2011-11-29dlz_bind9: Added access check to verify dynamic updateAmitay Isaacs2-17/+167
This creates session info from kerberos ticket and verifies if the signer has write access to a particular DN corresponding to the name in dynamic update. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29dlz_bind9: Use the sam database in dns/ as defaultAmitay Isaacs2-60/+14
This change is introduced to access samdb copy directly, rather than over ildap. The advantage is that the samba server does not need to be running for bind9 to start.
2011-11-29s4-provision: Create a samdb copy for access by dlz_bind9 moduleAmitay Isaacs4-56/+158
This creates a copy of rootdse, configuration and schema partitions for dlz_bind9 use in dns/ directory. Since dlz_bind9 requires write access to DNS partitions (DomainDnsZones and ForestDnsZones), those partitions are hard-linked (or symlinked) to the actual partitions. An empty domain partition is created so samdb layer can work.
2011-11-29s4-provision: Extract security descriptors in separate fileAmitay Isaacs2-77/+111
Need to use domain security descriptor from sambadns.py also.
2011-11-29s4-test: Remove metadata and ldb.d directory on clean upAmitay Isaacs1-0/+5
When using partitions, metadata.tdb automatically gets created in ${prefix}ldb.d/ directory. To correctly clean up check if metadata.tdb exists, then remove metadata.tdb and directory.
2011-11-29s4-samdb: seqence_number() operation must be in a transactionAmitay Isaacs1-0/+14
2011-11-29s4-dsdb: Added metadata to partition module for global sequence numberAmitay Isaacs5-17/+612
This adds support for global sequence number which is independent of partition information. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: use dsdb_module_extended instead of duplicate codeAmitay Isaacs2-31/+13
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Return ldb_result context in dsdb_module_extendedAmitay Isaacs1-3/+20
The result of the extended operation is now available in the calling routine. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number supportAmitay Isaacs2-140/+13
This was a hack for LDAP backends to store a sequence number as a timestamp. It is still supported in standalone ldb tdb backend. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-27s4:torture/ldap/cldap.c - remove the ↵Matthias Dieter Wallnöfer1-87/+4
"test_cldap_netlogon_flag_ds_dns_forest" test The test is wrong since the DNS_* (DS_DNS_CONTROLLER, DS_DNS_DOMAIN, DS_DNS_FOREST_ROOT) flags are never set on the plain CLDAP pipe. They get added only over the DsRGetDCName* calls over NETLOGON RPC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Nov 27 16:23:27 CET 2011 on sn-devel-104
2011-11-27s4:selftest/test_samba_tool.sh - add a basic unit test for the new "domain ↵Matthias Dieter Wallnöfer2-6/+9
info" command Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27samba-tool: domain info - add basic exception handlingMatthias Dieter Wallnöfer1-2/+4
It is nicer to get an error message rather than a stacktrace on wrong IP addresses. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27samba-tool: add a domain info command to get basic infoMatthieu Patou1-1/+24
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctlyMatthias Dieter Wallnöfer2-12/+14
The rules are explained in MS-NRPC 2.2.1.2.1. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we ↵Matthieu Patou1-1/+1
are unable to translate the domain to a dn Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4:cldap_server/netlogon.c - DS_SERVER_CLOSEST handlingMatthias Dieter Wallnöfer1-2/+5
DS_SERVER_CLOSEST is only set when the client and server site coincide. MS-NRPC 2.2.1.2.1 Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4:netcmd/common.py: add a "netcmd" function to do a cldap netlogon requestMatthias Dieter Wallnöfer1-0/+9
This is useful for a new "samba-tool domain info" command. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26s4:libnet/py_net.c: "py_net_finddc" - add an "address" parameterMatthias Dieter Wallnöfer4-14/+25
This is useful for a new "samba-tool domain info" command. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26s4:libnet/py_net.c - initialise optional keyword argumentsMatthias Dieter Wallnöfer1-1/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26s4:libcli/finddcs_cldap.c - let "finddcs_cldap" work either with the IP ↵Matthias Dieter Wallnöfer1-14/+27
address or the domain name This will be useful for a new "samba-tool domain info" command. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26smbtorture: avoid sigsev if the password is not correctMatthieu Patou1-1/+1
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-26s4:update_keytab LDB module - no need to filter for the DNMatthias Dieter Wallnöfer1-2/+2
We launch a search request with base scope on exactly the same DN (see downwards). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-24s4:libcli/smb2: use talloc_zero() in smb2_request_init()Stefan Metzmacher1-16/+3
metze
2011-11-24s4:libcli/smb2: fix compiler warning in smb2_push_o16s16_string()Stefan Metzmacher1-1/+3
metze
2011-11-24s4:libcli/smb2: implement on top of smbXcli_conn/reqStefan Metzmacher15-882/+452
metze
2011-11-24s4:torture/smb2: use tctx->ev as event context for pollingStefan Metzmacher3-8/+7
metze
2011-11-24s4 dns: Test QCLASS_NONE queryKai Blin1-0/+14
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Nov 24 14:10:45 CET 2011 on sn-devel-104
2011-11-24s4 dns: Test QTYPE_ALL queryKai Blin1-0/+25
2011-11-24s4 dns: Check more of the returned values for the A queryKai Blin1-0/+3
2011-11-24s4 dns: Move dns_transaction_udp to other helper functionsKai Blin1-13/+14
2011-11-22s4-dns: added --no-credentials option to samba_dnsupdateAndrew Tridgell1-3/+10
this is for a user who is doing DNS updates via key files rather than GSSAPI. This allows the update to go through without a kerberos error Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Nov 22 06:34:59 CET 2011 on sn-devel-104
2011-11-21Fix a bunch of "warning: variable ‘XXXX’ set but not used ↵Jeremy Allison9-40/+28
[-Wunused-but-set-variable]" warnings from the new gcc. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Nov 21 23:39:08 CET 2011 on sn-devel-104
2011-11-20s4-smbtorture: add ndr test for nbt_netlogon_packet to avoid future regressions.Günther Deschner1-0/+36
Guys, we really should make sure to always add ndr tests like this whenever we change some sensitive libndr or handmarshalling bits. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Sun Nov 20 23:10:39 CET 2011 on sn-devel-104
2011-11-19s4-dsdb: Modify the repl_meta_data behavior to allow Metadata change on ↵Matthieu Patou1-2/+8
attribute interSiteTopologyGenerator even if the value didn't change Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
2011-11-18s3-py-passdb: Fix handling of uninitialized gid valuesAmitay Isaacs2-2/+2
Uninitialized gid value is set to -1 and return as such from python passdb api. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Nov 18 06:18:33 CET 2011 on sn-devel-104
2011-11-18dsdb: Fix the password expiry calculationAmitay Isaacs1-1/+1
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
2011-11-18s3-passdb_test: Policy values are converted to signed integerAmitay Isaacs1-1/+1
No need to check value for 0xffffffff (4294967295).
2011-11-18s4-s3-upgrade: Add --verbose option to print extra detailsAmitay Isaacs2-3/+6
2011-11-18s4-auth log details about any token we fail to convert to a unix tokenAndrew Bartlett1-0/+17
Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-11-18s4-s3-upgrade: Fix idmap types ID_TYPE_UID/ID_TYPE_GID instead of UID/GIDAmitay Isaacs1-3/+3
2011-11-18samba-tool: Fix the domain account policy max_pwd_age calculationAmitay Isaacs1-2/+8
Windows sets maxPwdAge to -0x8000000000000000 when maximum password age is set to 0 days.
2011-11-18s4-s3-upgrade: Fix the minimum and maximum password age calculationAmitay Isaacs1-4/+4
Windows sets maxPwdAge to -0x8000000000000000 when maximum password age is set to 0 days.
2011-11-18s4-s3-upgrade now look for -1 as the special 'not set' valueAndrew Bartlett1-1/+1
this is possible because we know the py_passdb will always set -1 here, not passing though 0xFFFFFFFF. Andrew Bartlett
2011-11-17s4 dns: Reduce test output noise by upping log level for dns_name_packet loggingKai Blin1-3/+6
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Nov 17 20:10:05 CET 2011 on sn-devel-104
2011-11-17s4 dns: Add a first test caseKai Blin2-0/+120