summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-05-25s4:samldb LDB module - convert a "dsdb_module_search" into ↵Matthias Dieter Wallnöfer1-5/+2
"dsdb_module_search_dn" It saves us from checking the number of returned entries. Reviewed-by: abartlet
2011-05-25s4:sam.py - uncomment/enhance some account type testsMatthias Dieter Wallnöfer1-30/+48
Reviewed-by: abartlet
2011-05-25s4:samldb LDB modules - only objectClass "computer" is allowed to embed all ↵Matthias Dieter Wallnöfer1-3/+33
types of account Reviewed-by: abartlet
2011-05-25s4:sam.py - tests for "isCriticalSystemObject" attributeMatthias Dieter Wallnöfer1-0/+132
Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix "isCriticalSystemObject" behaviourMatthias Dieter Wallnöfer1-3/+22
Tests against Windows Server show that it gets set to "FALSE" (not deleted) if we change the account type to a domain member. Reviewed-by: abartlet
2011-05-25s4:sam.py - unchanged "primaryGroupID" when account type remains the sameMatthias Dieter Wallnöfer1-0/+38
Enhance the testcase with a workstation example. Reviewed-by: abartlet
2011-05-25s4:samldb LDB module - fix the behaviour when changing the "userAccountControl"Matthias Dieter Wallnöfer1-14/+31
Ekacnet was not quite right yet but his patch made me think further. This primary group changing is only needed if the account type changes. With this patch we do one more search if the "userAccountControl" changes but we save us from doing these unneeded and wrong modify replace operations most of the time. Reviewed-by: abartlet
2011-05-25s4-provision Use correct tkey-gssapi-credentialAndrew Bartlett2-2/+4
We changed to ${DNSNAME} (the fully qualified domain name) a while back, and while it's usually functionally idential to the previous setting, this breaks down if there is more than one DNS server. Andrew Bartlett
2011-05-25selftest: Make knowfail/skip files consistent, always use ^prefixAndrew Bartlett1-80/+80
Except in one case (where we mark printing tests as knownfail), this has all our regular expressions start with ^, which ensures we don't accidentially mix up the samba3/samba4 prefix here. Because of the particular values in these files at the moment, this should not change the set of tests, but it will help to ensure that future edits follow the correct pattern. Andrew Bartlett
2011-05-21s4:sam.py - add tests to check that setting "userAccountValue" on usersdon't ↵Matthieu Patou1-2/+40
impact the "primaryGroupID" attribute Notice: The domain administrators groups isn't referenced as "Domain Admins" since this name could differ. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat May 21 19:19:57 CEST 2011 on sn-devel-104
2011-05-21s4:samldb LDB module - don't change the "primaryGroupId" on LDB ↵Matthieu Patou1-1/+16
modifications unless we are a computer/dc/rodc Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2011-05-21s4:lsa RPC server - handle LDB flags as "unsigned"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Metze
2011-05-21s4:ldb-samba/ldb_wrap.*-dsdb/samdb/samdb.c - handle LDB connection flags as ↵Matthias Dieter Wallnöfer3-7/+7
unsigned The LDB API ("ldb_connect") prescribes that they should be "unsigned". Signed-off-by: Metze
2011-05-21ldb:pyldb.c - all flags should be unsignedMatthias Dieter Wallnöfer1-10/+10
Adapt it to the previous commits Reviewed-by: Jelmer + Metze
2011-05-21ldb:ldb_sqlite3.c - all LDB flags should be handled as "unsigned"Matthias Dieter Wallnöfer1-2/+3
Signed-off-by: Metze
2011-05-21ldb:tools/cmdline.c + tools/ldbtest.c - the connection flags are typed as ↵Matthias Dieter Wallnöfer2-2/+2
"unsigned" Signed-off-by: Metze
2011-05-21ldb:ldbtest.c - make more use of LDB constantsMatthias Dieter Wallnöfer1-4/+4
Signed-off-by: Metze
2011-05-21s4:torture - always cast correctly when using the "%x" format string argumentMatthias Dieter Wallnöfer2-6/+6
Signed-off-by: Metze
2011-05-21s4:auth/ntlmssp/ntlmssp_server.c - add "const" in front of "dnsdomain"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Metze
2011-05-21add a demo script for dirsyncMatthieu Patou1-0/+156
Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat May 21 15:40:26 CEST 2011 on sn-devel-104
2011-05-21s4-dsdb: add unit tests for dirsync controlMatthieu Patou3-0/+716
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: implementation of the dirsync controlMatthieu Patou3-0/+1369
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: introduce dsdb_module_search_treeMatthieu Patou1-24/+63
With this function your own search tree can be specified This function is similar to ldb_build_search_req_ex as it allows to pass a parse tree structure. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: relax a bit the checks on read acl when dirsync control is specifiedMatthieu Patou1-12/+42
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4-dsdb: create flag for requesting ACL relax in case of DIRSYNC requestMatthieu Patou1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4: do not change the critical flag when it's on a dirsync controlMatthieu Patou1-1/+5
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-21s4: add blackbox test for renameMatthieu Patou1-0/+3
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat May 21 09:50:34 CEST 2011 on sn-devel-104
2011-05-21upgradeprovision: add hostname in the blackbox testsMatthieu Patou1-1/+1
2011-05-21Make the purge first so that the provision can reused during testsMatthieu Patou1-3/+3
2011-05-21Add a script for renaming a DCMatthieu Patou1-0/+200
2011-05-21s4-python: Remove not used importsMatthieu Patou2-7/+4
2011-05-21s4-python: move function find_provision_key_parameters to provision ↵Matthieu Patou5-113/+112
namespace as it can be used not only for upgradeprovision
2011-05-20torture-dfs: fix a typo that was causing the test to be flackyMatthieu Patou1-1/+1
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri May 20 09:39:12 CEST 2011 on sn-devel-104
2011-05-18selftest: Re-enable strings.py from source3/stf as a python subunit testAndrew Bartlett5-0/+170
2011-05-18s4-libnet: Remove libnet_Join and create libnet_Join_memberAndrew Bartlett4-49/+21
libnet_Join conflicts with a function in the source3 netapi of the same name, and the ability to join as a DC via this particular method is unused. Andrew Bartlett
2011-05-18build: Expand dcerpc-samba grouping libraryAndrew Bartlett1-1/+1
This is possible in common now because the generated RPC code does not rely on a particular dcerpc layer. Andrew Bartlett
2011-05-18waf-build: Add more libraries to avoid duplicate symbolsAndrew Bartlett1-2/+3
The new source of duplicates is calling libnetapi from inside smbtorture. Andrew Bartlett
2011-05-18s4-selftest: gensec test is finished, don't skipAndrew Bartlett1-1/+0
2011-05-18selftest: Don't skip Samba3 tests in the top level buildAndrew Bartlett1-56/+64
The regular expressions here were not specific enough, they matched the samba3. names from the source3/selftest/tests.py Found by Andreas Schneider Andrew Bartlett
2011-05-18torture: desactivate the level 4 tests for DFS referralMatthieu Patou1-2/+17
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed May 18 13:04:00 CEST 2011 on sn-devel-104
2011-05-18s4-dfs: Add workaround so that XP really works wellMatthieu Patou1-13/+18
XP seems to have problems working at a correct speed (or even working at all if we return referral of level 4).
2011-05-18s4:ntvfs/cifs: return NT_STATUS_INTERNAL_ERROR if no credentials are availableStefan Metzmacher1-1/+1
This is a configuration problem on the server, no invalid parameter from the client. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed May 18 08:49:00 CEST 2011 on sn-devel-104
2011-05-18s4:kdc: split s4u2self and s4u2proxy checksStefan Metzmacher4-23/+55
metze
2011-05-18s4:kdc: UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION => ↵Stefan Metzmacher1-0/+14
flags.trusted_for_delegation metze
2011-05-18s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROSStefan Metzmacher1-0/+1
Otherwise we would not impersonate the desired principal. This still doesn't work for plaintext auth, but should avoid ntlmssp. metze
2011-05-18s4:auth/credentials: pass 'self_service' to ↵Stefan Metzmacher5-10/+36
cli_credentials_set_impersonate_principal() This also adds a cli_credentials_get_self_service() helper function. In order to support S4U2Proxy we need to be able to set the service principal for the S4U2Self step independent of the target principal. metze
2011-05-18s4:gensec_gssapi: avoid delegation if s4u2self/proxy is usedStefan Metzmacher1-0/+4
metze
2011-05-18HEIMDAL:kdc: check and regenerate the PAC in the s4u2proxy caseStefan Metzmacher1-13/+38
TODO: we need to add a S4U_DELEGATION_INFO to the PAC later. metze
2011-05-18HEIMDAL:kdc: pass the correct principal name for the resulting service ticketStefan Metzmacher1-38/+36
Depending on S4U2Proxy the principal name for the resulting ticket is not the principal of the client ticket. metze
2011-05-18HEIMDAL:kdc: let check_PAC() to verify the incoming server and krbtgt cheksumsStefan Metzmacher1-4/+7
For a normal TGS-REQ they're both signed with krbtgt key. But for S4U2Proxy requests which ask for contrained delegation, the keys differ. metze