Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-28 | s4-drs: Added drs_security_access_check function | Nadezhda Ivanova | 2 | -0/+64 | |
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted | |||||
2010-09-28 | s4-dsdb: adapted check_access_on_dn for use in drs. | Nadezhda Ivanova | 1 | -9/+10 | |
2010-09-29 | heimdal Fix DNS name qualification to not mangle IP addresses | Andrew Bartlett | 1 | -5/+23 | |
If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Handle the case where we may be given a ticket from an RODC in db layer | Andrew Bartlett | 6 | -37/+83 | |
This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett | |||||
2010-09-29 | heimdal Add an error code for use in the RODC | Andrew Bartlett | 1 | -0/+1 | |
In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett | |||||
2010-09-29 | heimdal Add support for extracting a particular KVNO from the database | Andrew Bartlett | 7 | -19/+54 | |
This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett | |||||
2010-09-29 | s4-kdc Add common setup, handle RODC setup case | Andrew Bartlett | 5 | -73/+156 | |
This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett | |||||
2010-09-29 | s4-dsdb Add ldb_reset_err_string() when we set error codes. | Andrew Bartlett | 2 | -0/+4 | |
If we don't we could show an old, incrorrect error | |||||
2010-09-29 | s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY | Andrew Bartlett | 1 | -7/+8 | |
This simplifies the function. While doing so, also change the error string setting to set a really clear error string for the failure to find and failure to parse cases. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Add function to determine if a hdb entry is a RODC | Andrew Bartlett | 2 | -0/+18 | |
This is important, as we must ignore the PAC from an RODC. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO | Andrew Bartlett | 2 | -1/+19 | |
Andrew Bartlett | |||||
2010-09-29 | s4-dsdb Fix segfault in error case in rootdse module | Andrew Bartlett | 1 | -1/+4 | |
2010-09-28 | ldb: Fix path to alternative buildtools. | Jelmer Vernooij | 1 | -1/+1 | |
2010-09-28 | samba4: Don't update Makefile/configure from autogen.sh. | Jelmer Vernooij | 2 | -2/+12 | |
2010-09-28 | ldb/tevent: Fix detection of waf paths. | Jelmer Vernooij | 2 | -2/+11 | |
2010-09-28 | ldb: Update autogen-waf.sh to no longer overwrite existing files. | Jelmer Vernooij | 2 | -2/+12 | |
2010-09-28 | ldb: Remove samba-specific targets from Makefile. | Jelmer Vernooij | 1 | -8/+0 | |
2010-09-28 | ldb: Bump version because of addition of ldb_req_location. | Jelmer Vernooij | 1 | -1/+1 | |
2010-09-28 | s4-selftest: added a --fail-immediately option to s4 test | Andrew Tridgell | 1 | -0/+7 | |
this can be used to force an immediate test failure on the first failed test case. You can also use: make test FAIL_IMMEDIATELY=1 | |||||
2010-09-28 | s4-provision: fixed the authority response for our SOA record | Andrew Tridgell | 1 | -1/+1 | |
some clients rely on this being the hostname, not the domain Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104 | |||||
2010-09-27 | s4-dns: implemented RODC DNS update in dns update task | Andrew Tridgell | 1 | -0/+199 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-27 | s4-netlogon: added RODC DNS update call fwded to dnsupdate task | Andrew Tridgell | 2 | -4/+100 | |
when we get a netlogon RODC DNS update, we send it to the dnsupdate task | |||||
2010-09-27 | s4-dns: added --update-list option to samba_dnsupdate | Andrew Tridgell | 1 | -8/+14 | |
this allows us to use it for RODC netlogon updates | |||||
2010-09-27 | s4-kdc: added ifdef guards in kdc.h | Andrew Tridgell | 1 | -0/+5 | |
this prevents too much recursion in the compiler preprocessor | |||||
2010-09-27 | s4-ldb: removed an unused variable | Andrew Tridgell | 1 | -1/+0 | |
2010-09-27 | s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs | Andrew Tridgell | 1 | -1/+1 | |
2010-09-27 | s4-dsdb: added samdb_find_site_for_computer() and ↵ | Andrew Tridgell | 1 | -0/+57 | |
samdb_find_ntdsguid_for_computer() these will be used by the new RODC dns update code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-27 | s4-auth: removed unused variable dom_sid | Andrew Tridgell | 1 | -1/+1 | |
2010-09-28 | s4:gensec_tstream: remove plain socket handling | Stefan Metzmacher | 1 | -124/+12 | |
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104 | |||||
2010-09-28 | s4:lib/tls: add gnutls backend for tstream | Stefan Metzmacher | 3 | -3/+1298 | |
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104 | |||||
2010-09-28 | s4:gensec: add gensec_create_tstream() | Stefan Metzmacher | 3 | -1/+764 | |
Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze | |||||
2010-09-28 | s4:wrepl_server: use SOCKET_FLAG_NOCLOSE instead of a dup() | Stefan Metzmacher | 1 | -18/+3 | |
The key thing is that we might have to turn the incomming connection into a outgoing connection. This change makes sense anyway, because we donate the fd to tstream. metze | |||||
2010-09-28 | s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the ↵ | Stefan Metzmacher | 1 | -0/+1 | |
socket fd twice. metze | |||||
2010-09-28 | s4-ildap: two more places that need talloc_reparent() | Andrew Tridgell | 2 | -2/+2 | |
these contexts can have references Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104 | |||||
2010-09-27 | s4-kcc: don't print "Testing kcctpl_create_intersite_connections" | Andrew Tridgell | 1 | -1/+1 | |
log level 0 is excessive for this! | |||||
2010-09-27 | s4-drs: make getncchanges debug less verbose | Andrew Tridgell | 1 | -1/+1 | |
quieten make test a little | |||||
2010-09-27 | s4-dns: avoid search domains expansion in DNS resolver | Andrew Tridgell | 1 | -0/+8 | |
add a '.' if the name contains a '.' already, but not at the end | |||||
2010-09-27 | heimdal: avoid DNS search domain expansion | Andrew Tridgell | 1 | -1/+16 | |
When you have a domain search list in resolv.conf, and one of the DNS servers for a searched domain is uncontactable then we would timeout resolving DNS names. Avoid this by adding a '.' to the hostname if the hostname already has a '.' in it, which we assume to mean it is fully qualified. | |||||
2010-09-28 | s4-smbtorture: rework spoolss_EnumPrintProcDataTypes test. | Günther Deschner | 1 | -34/+79 | |
Guenther | |||||
2010-09-28 | s4-smbtorture: rework test_EnumPrintProcessors to let it test more combinations. | Günther Deschner | 1 | -33/+15 | |
Guenther | |||||
2010-09-27 | s4-ildap: fixed a talloc_steal with references error | Andrew Tridgell | 1 | -1/+1 | |
We need talloc_reparent() instead Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104 | |||||
2010-09-27 | s4-ldb: Added ldb_request_replace_control | Nadezhda Ivanova | 3 | -1/+35 | |
It is the same as ldb_request_add_control, except it will replace an existing control. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104 | |||||
2010-09-27 | s4/irpc: Add security token to the binding handle when doing irp call forwarding | Anatoliy Atanasov | 1 | -0/+7 | |
2010-09-27 | s4/irpc: Add function to add security token to the binding handle | Anatoliy Atanasov | 2 | -0/+12 | |
2010-09-27 | s4:irpc: optionaly pass the security_token via IRPC requests. | Stefan Metzmacher | 2 | -0/+8 | |
metze | |||||
2010-09-27 | s4:torture/ldap: close connections with an UnbindRequest | Stefan Metzmacher | 1 | -0/+29 | |
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Sep 27 07:14:23 UTC 2010 on sn-devel-104 | |||||
2010-09-27 | LDAP-BASIC: test AbandonRequest | Stefan Metzmacher | 1 | -0/+41 | |
metze | |||||
2010-09-27 | s4:libcli/ldap: fix sending oneway requests | Stefan Metzmacher | 1 | -18/+26 | |
metze | |||||
2010-09-27 | waf: add more NDR subsystems for shared IDL files. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2010-09-27 | s4-waf: remove NDR-SRVSVC alias. | Günther Deschner | 1 | -1/+0 | |
Thanks tridge, this was driving me nuts... Guenther |