summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-07-20auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett4-3/+10
This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s4-param Handle P_CHAR and P_BOOLREV in pyparamAndrew Bartlett1-0/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with ↵Günther Deschner1-15/+16
unencrypted auth info. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
2011-07-15s4-smbtorture: add very basic tests for lsa_CreateTrustedDomainEx.Günther Deschner1-21/+79
Guenther
2011-07-15lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, notGünther Deschner1-1/+6
lsa_TrustDomainInfoAuthInfoInternal. Guenther
2011-07-15lsa: rename auth info argument in lsa_CreateTrustedDomainEx2Günther Deschner3-5/+5
Guenther
2011-07-15s4:kdc: set *_strongest_*_key to true to restore the old behaviorStefan Metzmacher1-0/+13
TODO: check why this is needed. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
2011-07-15s4:auth/credentials: with the build after heimdal importStefan Metzmacher1-0/+1
metze
2011-07-15s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECLStefan Metzmacher1-0/+1
metze
2011-07-15s4:heimdal: add missing filesStefan Metzmacher6-1/+642
metze
2011-07-15s4:heimdal: import lorikeet-heimdal-201107150856 (commit ↵Stefan Metzmacher312-2505/+3559
48936803fae4a2fb362c79365d31f420c917b85b)
2011-07-14s4:heimdal_build: we need k5crypto and gssapi_krb5 aliases also when using ↵Stefan Metzmacher1-13/+7
system libraries metze
2011-07-14s4:heimdal_build: only maintain lib/gssapi/{spnego,krb5} file lists onceStefan Metzmacher1-90/+67
This also makes sure we only create private headers if we use internal heimdal. metze
2011-07-14s4:heimdal_build: provide HEIMDAL_UNUSED_ATTRIBUTEStefan Metzmacher1-0/+2
metze
2011-07-14s4-winbind handle all values for server roleAndrew Bartlett1-0/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jul 14 08:20:13 CEST 2011 on sn-devel-104
2011-07-14s4-param finish services hooks for s4->s3 loadparm contextAndrew Bartlett2-2/+30
2011-07-14s4-param cope with parameters of type charAndrew Bartlett1-0/+12
2011-07-14Add intrasite code test switchDave Craft2-0/+9
kcc_service struct gets a intrasite_code boolean that is filled in via parametric parameter kccsrv:intrasite = [true/false] in smb.conf. This will allow us to continue to utilize old simple KCC topology as continuing default while newer intra-site topology matures further. Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Jul 14 00:19:12 CEST 2011 on sn-devel-104
2011-07-14Add kccsrv_add_repsFrom() possibility of NULL res argumentDave Craft1-2/+2
We need the ability to utilize this function in a different manner. KCC intra-site topology has already vetted the replica as being appropriate to produce a repsFrom from. We do not want kccsrv_add_repsFrom() to produce further checking as was the case for simple topology. Thus if we pass a NULL (res) parameter this extra check will be skipped. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14Remove static to allow availability to other KCC filesDave Craft1-4/+4
kccsrv_replica_flags() and kccsrv_add_repsFrom() need to be available to functions outside kcc_periodic.c Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14kcc_connection invocation_id added to structDave Craft1-0/+1
Utilized by KCC to carry the invocation id of the NTDSDSA that we are replicating the name context from. Utilized when NTDSConnection is created (much like dsa_guid tracks the NTDSDSA objectGUID that we are replicating the name context from). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14KCC NTDSConnection should utilize NTDSCONN_OPT_IS_GENERATEDDave Craft1-1/+9
Previously this set an explicit (0x1) value whereas it can now utilize NTDSCONN_OPT_IS_GENERATED from flags.h Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14Standalone samdb_ntds_site_settings_options() helperDave Craft1-0/+48
A helper function for retrieving the ntds site settings via standalone function call. Used within KCC Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-14NTDSConnection and NTDSA Site setting flagsDave Craft1-8/+0
Flags that were missing from flags.h or were incorrectly defined inline to the kcc_topology.c code (and thus unusable elsewhere). These are the NTDSConnection and NTDSDSA Site settings flags. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-13s4-dsdb: fixed the defaultObjectCategory to have a full GUIDAndrew Tridgell1-0/+24
this fixes the DN to have a full GUID for new objects Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jul 13 14:03:30 CEST 2011 on sn-devel-104
2011-07-13s4-dsdb: another special case for the "member" attributeAndrew Tridgell1-1/+6
thanks to Matthias for his great test suite work! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb Don't process deletion of member attributes here.Andrew Bartlett1-0/+9
We don't need to compare the delete against the primaryGroupID check here - that test is for adds. Andrew Bartlett
2011-07-13dsdb: fixed special case of zero NTTIMEAndrew Tridgell1-0/+20
we can't convert 0 NTTIME via a unix time_t Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13dbcheck: use samdb_schema for getting the backlinkAndrew Tridgell1-1/+1
this is not available on an ldap samdb Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13ldb: use base searches for @ special DNsAndrew Tridgell4-21/+20
subtree searches on these DNs don't work any more Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13dbcheck: only do the provision dbcheck if there are objects to checkAndrew Tridgell1-13/+14
when in FILL_DRS mode, there are no objects to check yet Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-provision: fixed the GUIDs in the provision using dbcheckAndrew Tridgell1-0/+16
some DNs are are not setup with GUIDs during the provision because of circular dependencies between objects. This adds a dbcheck pass to the provision to fix those DNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb: fixed modify of ACLs on deleted objectsAndrew Tridgell1-2/+4
this is needed for the dbcheck code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13dbcheck: only fix replPropertyMetaData if we included it in the searchAndrew Tridgell1-11/+14
if we didn't find a replPropertyMetaData attribute at all then don't try fixing it Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13dbcheck: added checks for missing and orphansed backlinksAndrew Tridgell1-19/+18
this checks for missing backlinks or backlinks without a forward link and optionally fixes them Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13s4-dsdb: raise debug level for backlink errorsAndrew Tridgell1-1/+1
when dbcheck is fixing missing backlinks we don't want a DEBUG 0 message Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13dbcheck: fixed ldap check with no database specifiedAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13dbcheck: added --reindex optionAndrew Tridgell2-3/+20
this allows you to force a reindex of the database Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13samba-tool: fixed ldapcmp to run as non-root Andrew Tridgell1-2/+9
this avoids the need for access to the secrets database Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13dbcheck: added checking of backlinksAndrew Tridgell1-54/+92
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-13pydsdb: added get_backlink_from_lDAPDisplayName()Andrew Tridgell2-0/+50
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-13s4-dsdb: moved checking of duplicate member entries to repl_meta_data.cAndrew Tridgell2-35/+20
the samldb checks failed to account for the possibility of a member being removed and added in the same modify operation. This happens (for example) when dbcheck is fixing a SID in a DN. The repl_meta_data.c code already has this check, it just wasn't giving the right specialised error code for the 'member' attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-07-12s4:libcli/raw: s/SMBchkpth/SMBcheckpathStefan Metzmacher3-3/+3
metze
2011-07-12s4:winsdb: place wins.ldb in "state dir" instead of "lock dir"Stefan Metzmacher1-1/+1
It's not only a cache as we also support static records. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 12 16:16:45 CEST 2011 on sn-devel-104
2011-07-12s4:provision: place the sysvol share under "state dir" instead of "lock dir"Stefan Metzmacher1-1/+1
metze
2011-07-12s4:param: add "state dir" and "cache dir" optionsStefan Metzmacher7-1/+93
metze
2011-07-12s4:libcli/raw: remove SMBkeepaliveStefan Metzmacher1-1/+0
metze
2011-07-12s4:smb_server: s/SMBkeepalive/NBSSkeepaliveStefan Metzmacher1-3/+3
metze
2011-07-11dbcheck: use get_lDAPDisplayName_by_attid()Andrew Tridgell1-11/+3
this is better than doing a schema search inside the dbcheck code Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Jul 11 07:43:18 CEST 2011 on sn-devel-104
2011-07-11dsdb: added get_lDAPDisplayName_by_attidAndrew Tridgell2-0/+37
this allows conversion from a DRS attribute ID to a LDAP display name Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>