| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
this allows checking of a specific list of attributes
|
|
this will be used in provision, and probably in upgradeprovision as
well
|
|
this will be used to allow for other tools (such as provision) to call
into dbcheck without generating a lot of noise
|
|
w2k8r2
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 19:40:47 CEST 2011 on sn-devel-104
|
|
Note: this doesn't work against a Samba4 KDC yet.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 18:17:43 CEST 2011 on sn-devel-104
|
|
If the KDC does not support S4U2Proxy, it might return a ticket
for the TGT client principal.
metze
|
|
For S4U2Proxy we need to use the ticket from the S4U2Self stage
and ask the kdc for the delegated ticket for the target service.
metze
|
|
this allows dbcheck to fix bad attributes
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
|
|
this is useful for running it against a Windows server
|
|
this now checks for bad GUID elements in DN links, and offers to fix
them when possible
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
if we search with a base DN that has both a GUID and a SID, then use
the GUID first. This matters for the S-1-5-17 SID.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When searching using extended DNs, if there are multiple matches then
return an object not found error. This is needed for the case of a
duplicate objectSid, which happens for S-1-5-17
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Old KDCs may not support S4U2Self (or S4U2Proxy) and return tickets
which belongs to the client principal of the TGT.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 09:10:55 CEST 2011 on sn-devel-104
|
|
This will make the following changes easier to review.
metze
|
|
In order to make the following changes easier to review.
metze
|
|
It's important that we don't store the tgt for the machine account
in the same krb5_ccache as the ticket for the impersonated principal.
We may pass it to some krb5/gssapi functions and they may use them
in the wrong way, which would grant machine account privileges to
the client.
metze
|
|
This will make the following changes easier to review.
metze
|
|
metze
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 07:59:30 CEST 2011 on sn-devel-104
|
|
this will be used by the dbcheck code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives you access to the syntax oid of an attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives access to ldb_dn_get_extended_linearized() from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
keep individual error handlers together and separate from driver code
|
|
When converting from DRS to ldb format for a BINARY_DN, don't add the
GUID extended DN element if the GUID is all zeros.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
connections for now.
Guenther
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This makes it much easier and less error prone to add new parameters
as we merge the s3 and s4 loadparm systems.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jun 21 04:41:54 CEST 2011 on sn-devel-104
|
|
This adds the known failure for the one test (netbios browsing) that
fails.
Andrew Bartlett
|
|
Because we now always build the source3 code, we can link directly
against a private libnetapi and libsmbclient to test the behaviour of
these important APIs.
We use a private libnetapi_net_init(), and by using this interface
rather than the public one, we can ensure that the correct smb.conf is
loaded (as smbtorture4 is a Samba4 semantics binary).
The #include of the source3 includes.h is required to do the manual
lp_load().
Andrew Bartlett
|
|
These same names are use in the source3 popt code, which is called from
in libsmbclient and libnet. These are then included in the smbtorture
binary for testing
Andrew Bartlett
|
|
This removes the lang_tdb based varient, the only user of the lang_tdb
code is SWAT, which calls that directly.
'net' and 'pam_winbind' are internationalised using gettext.
Andrew Bartlett
|
|
|
|
This fixes a few Coverity errors
|
|
This is simplistic. We need to support making TDB2 a standalone library,
but for now, we simply built it in-tree.
Once we have tdb1 compatibility in tdb2, we can rename this option to
--enable-tdb2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Soon, TDB2 will handle tdb1 files, but until then, we substitute.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This is a helper for the common case of opening a tdb with a logging
function, but it doesn't do all the work, since TDB1 and TDB2's log
functions are different types.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
These don't exist in tdb2. The former is used in one weird place in
tdb1, and the latter not at all.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
The typedef is TDB2 compatible, the struct isn't.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns void here. tdb_unlockall will *always* return with the
database unlocked, but it will complain via the log function if it wasn't
locked.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for < 0 instead of == -1.
Also, there's no tdb_traverse_read in TDB2: we don't try to make
traverse reliable any more, so there are no write locks anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns void here. tdb_transaction_cancel will *always* return
with the transaction cancelled, but it will complain via the log
function if a transaction wasn't in progress.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This is a noop for tdb1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
We change all the headers and wscript files to use tdb_compat; this
means we have one place to decide whether to use TDB1 or TDB2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jun 20 09:23:15 CEST 2011 on sn-devel-104
|
