summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-01-18s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett3-28/+275
This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
2011-01-18s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett3-11/+61
This will allow for some more tokenGroups tests in future. Andrew Bartlett
2011-01-18s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett1-11/+11
2011-01-18s4-torture Remove unused temp dirs from the RPC-PAC test.Andrew Bartlett1-9/+0
The code previously required the creation of a messaging context, but this isn't done any more, so we don't need the tmp dir to put it in. Andrew Bartlett
2011-01-18s4-pyldb Fix tp_basicsize for PyLdbDnAndrew Bartlett1-1/+1
This wasn't actually causing problems before, as the structures were the same size. Andrew Bartlett
2011-01-18s4-pygensec Add bindings for server_start() and update()Andrew Bartlett1-4/+96
2011-01-18s4-pyauth Add bindings for auth_context_create() as AuthContext()Andrew Bartlett2-1/+81
2011-01-18s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2-12/+15
This does a talloc check of the returned pointer before casting it. Andrew Bartlett
2011-01-18s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2-6/+17
We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
2011-01-18s4-ldb_ldif: Take into account LDB_FLG_SHOW_BINARYKamen Mazdrashki1-1/+4
when user requires binary data to be displayed using samba user-friendly ldif handlers Found using following test search: bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \ "(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Jan 18 00:40:01 CET 2011 on sn-devel-104
2011-01-18s4-ldb_ldif: Don't check for LDB_FLG_SHOW_BINARY in ldb_should_b64_encodeKamen Mazdrashki1-4/+0
LDB_FLG_SHOW_BINARY is data representation flag and should not modify behavior of data checking functions. This lead to a bug in lib/ldb/ldb_tdb/ldb_index.c as ltdb_index_key() function relies on ldb_should_b64_encode function to determine how to process index keys. Found using following test search: bin/ldbsearch -H st/dc/private/sam.ldb -b "CN=Deleted Objects,DC=samba,DC=example,DC=com" \ "(objectGUID=97b52eac-6d89-434d-b935-1e5f2e086ffc)" replPropertyMetaData --show-deleted --show-binary
2011-01-17s4-provision: Fixed owner/group for hard-coded Sites descriptor.Nadezhda Ivanova1-3/+1
We must not specify explicitly owner and group. As there is a difference between WIN_2003 and WIN_2008, we should let descriptor module compute the correct default ones. Also removed inherited ACEs, they are ignored during SD creation anyway. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Jan 17 18:23:24 CET 2011 on sn-devel-104
2011-01-17s4-tools: Fixed a bug in ldapcmp - DACL was not retrieved correctly if the ↵Nadezhda Ivanova1-1/+4
object had no SACL. --Pair-Programmed-With: Zahari Zahariev
2011-01-17s4-tools: Added a --sort-aces option to ldapcmpNadezhda Ivanova1-6/+12
This option sorts the ACE lists during SD comparison in collision view to make it easier to determine of a difference is only in ACE order, and if not, where do differences start. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
2011-01-17ldb: new ABI sigs fileAndrew Tridgell1-0/+248
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Jan 17 06:09:23 CET 2011 on sn-devel-104
2011-01-17s4-dsdb: replaced the calls to ldb_search() in dsdb modules with ↵Andrew Tridgell4-26/+32
dsdb_module_search() this ensures we follow the module stack, and set the parent on child requests
2011-01-17s4-dsdb: pass parent request to dsdb_module_*() functions Andrew Tridgell25-235/+335
this preserves the request hierarchy for dsdb_module_*() calls inside dsdb ldb modules Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17ldb: added ldb_req_mark_trusted()Andrew Tridgell3-1/+14
this is used to mark a ldb child request trusted, if the caller has validated all inputs. This will be used when creating new child requests with trusted inputs. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-17ldb: inherit parent flags on child requests in modulesMatthias Dieter Wallnöfer1-0/+11
2011-01-17web_server: Display trivial placeholder page if SWAT could not be found.Jelmer Vernooij1-6/+19
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Jan 17 01:27:10 CET 2011 on sn-devel-104
2011-01-17web_server: Fix initialization.Jelmer Vernooij1-3/+6
2011-01-17web_server: Avoid references to swat. Load samba.web_server instead.Jelmer Vernooij2-8/+11
2011-01-17param: Load web service by default.Jelmer Vernooij1-1/+1
2011-01-15s4:dsdb_find_nc_root - fix it up to let the provisioning work correctlyMatthias Dieter Wallnöfer1-2/+2
Use the temporary list unless we have at least the three main "namingContexts" from the rootDSE available (Default, Configuration, Schema - these are mandatory on all AD deployments!). This bug has been discovered by Nadya in relation with her SD work. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
2011-01-15s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer1-7/+7
This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
2011-01-15s4:samr RPC server - always interpret filter integer values as signedMatthias Dieter Wallnöfer1-4/+4
To prevent platform-dependant problems. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
2011-01-14s4:web_server - immeditately assign "wdata" as private data for the stream ↵Matthias Dieter Wallnöfer1-11/+11
socket This fixes bug #7887. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 22:33:13 CET 2011 on sn-devel-104
2011-01-14s4:urgent_replication.py - remove a now superflous RELAX controlMatthias Dieter Wallnöfer1-1/+1
The LSA object creation protection changed to the trusted/untrusted connection model. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
2011-01-14s4:samldb LDB module - fix "userAccountControl" handlingMatthias Dieter Wallnöfer2-15/+39
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags are set on LDAP add operations. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
2011-01-14ldb:ldb_dn.c - fix counter type in "ldb_dn_minimise"Matthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Jan 14 10:43:29 CET 2011 on sn-devel-104
2011-01-14waf: use PYTHONARCHDIR for installing python shared libsAndrew Tridgell5-1/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 08:19:40 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: only enforce the extended dn rules over ldapAndrew Tridgell1-2/+21
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jan 14 07:23:31 CET 2011 on sn-devel-104
2011-01-14s4-dsdb: removed the last use of samdb_search_*() from the dsdb ldb modulesAndrew Tridgell1-4/+12
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: removed some more samdb_search_*() calls from samldb.cAndrew Tridgell1-26/+69
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: replaced another use of samdb_search in a ldb moduleAndrew Tridgell1-4/+10
we should be using the dsdb_module_search*() calls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: fixed primaryGroupID to use dsdb_module_search_dn()Andrew Tridgell1-6/+14
this avoids using a multi-part extended DN in a search that hits the check in extended_dn_in Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: fixed filtering of tokengroupsAndrew Tridgell1-5/+3
builtin groups are shown in user tokenGroups searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: new ABI file for 0.9.23Andrew Tridgell1-0/+247
2011-01-14s4-kdc: don't ask for an extended DN for krbtgt_dnAndrew Tridgell1-1/+1
otherwise msg->dn would be non-minimal and would fail in searches Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-test: added a tokengroups testAndrew Tridgell2-0/+101
this tests that the remote tokenGroups match the internally calculated ones Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-samdb: give a more useful debug when we can't open the privileges dbAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-auth: fixed status return Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-samba-tool: fixed the gpo command to use the right DN for access checksAndrew Tridgell1-5/+14
2011-01-14s4-dsdb: minimise the DN in group expansionAndrew Tridgell1-0/+5
this DN we have came from an extended DN search, which means it may have multiple extended components. We need to minimise the DN before AD will accept it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: added ldb_dn_minimise()Andrew Tridgell2-0/+64
this removes any extraneous components from a DN. For an extended DN, this means removing the string DN and all but the first extended component. This is needed as AD returns "invalid syntax" if you don't use a minimal DN as the base DN for a search. A non-minimal DN also doesn't ever match in a search expression. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dns: renamed DNS_TYPE_ZERO to DNS_TYPE_TOMBSTONEAndrew Tridgell1-5/+5
we now know that these are tombstone records, with a timestamp Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-dsdb: validate number of extended componentsAndrew Tridgell1-2/+10
this checks that the number of extended components in a DN is valid, to match MS AD behaviour. We need to do this to ensure that our tools don't try to do operations that will be invalid when used against MS servers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14ldb: added ldb_dn_get_extended_comp_num()Andrew Tridgell3-1/+10
this returns the number of extended components. We need this to validate a DN in the extended_dn_in module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-samba_tool Added ACL checking to python GPO management toolAndrew Bartlett1-8/+26
2011-01-14pyldb Simplify python wrappers for struct ldb_val (LdbValue)Andrew Bartlett1-17/+4
Andrew Bartlett