| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2010-09-26 | s4-ldbmodules: Added new module aclread to handle access checks on LDAP search | Nadezhda Ivanova | 4 | -0/+327 | |
| It is currently enabled only if the request comes from the LDAP server, and is disabled by default. Use acl:search=true in smb.conf to enable it. It filters out all objects the user is not allowed to see, and all attributes the user does not have RP on. Extended access not supported yet. | |||||
| 2010-09-26 | s4-tests: Added tests for search checks on attributes | Nadezhda Ivanova | 2 | -5/+102 | |
| The ACL reach tests are in the knowfail because aclread module is not enabled by default | |||||
| 2010-09-26 | s4-tests: Removed search tests with anonymous credentials as they fail ↵ | Nadezhda Ivanova | 2 | -4/+4 | |
| againts Windows These tests will fail in make test as well if the acl_read module is enabled. | |||||
| 2010-09-26 | s4-dsdb: Added a function to check access on a particular object by its guid | Nadezhda Ivanova | 1 | -0/+37 | |
| Similar to dsdb_check_access_on_dn, only it searches by guid. | |||||
| 2010-09-26 | s4-dsdb: A helper to determine if an attribute is part of the search filter | Nadezhda Ivanova | 1 | -0/+46 | |
| 2010-09-26 | s4-dsdb: Moved some helper functions to a separate file | Nadezhda Ivanova | 5 | -222/+260 | |
| We need these to be accessible to the aclread module as well. | |||||
| 2010-09-26 | s4-ldap: Added a control to apply the access checks on read via LDAP | Nadezhda Ivanova | 3 | -0/+6 | |
| 2010-09-26 | s4:schannel: handle move flag combinations in the server | Stefan Metzmacher | 1 | -13/+23 | |
| This fixes some testsuites in the CIFS plugfest. metze | |||||
| 2010-09-26 | s4-auth: fixed the SID list for DCs in the PAC | Andrew Tridgell | 4 | -29/+16 | |
| the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104 | |||||
| 2010-09-26 | s4-drs: use the system sam_ctx for updaterefs | Andrew Tridgell | 1 | -8/+9 | |
| this is needed for RODC clients calling updaterefs | |||||
| 2010-09-26 | s4-spn: don't try to do SPN updates as a RODC | Andrew Tridgell | 1 | -0/+4 | |
| we don't have the permissions to do it | |||||
| 2010-09-26 | s4-kerberos Don't segfault if the password isn't specified in keytab generation | Andrew Bartlett | 1 | -0/+7 | |
| Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104 | |||||
| 2010-09-26 | upgradeprovision: fix a typo | Matthieu Patou | 1 | -1/+1 | |
| 2010-09-26 | upgradeprovision: Fix a bug with renamed entries | Matthieu Patou | 1 | -2/+13 | |
| The SD was not refetched for renamed entries, resulting with a try to add an additional SD when there was already one. | |||||
| 2010-09-26 | upgradeprovision: fix a bug with not updated links | Matthieu Patou | 1 | -0/+1 | |
| 2010-09-26 | s4 provision: start with gpo of version 0 and be consistent between ↵ | Matthieu Patou | 2 | -3/+3 | |
| different policies | |||||
| 2010-09-26 | s4 upgradeprovision: fix a bug with empty reference objects | Matthieu Patou | 1 | -1/+9 | |
| Thanks to lukas@eecs.qmul.ac.uk for poiting it to me | |||||
| 2010-09-26 | s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo ↵ | Matthieu Patou | 1 | -3/+3 | |
| valid | |||||
| 2010-09-26 | s4 provision: Make GPO folder group writable | Matthieu Patou | 1 | -3/+3 | |
| The group of this folder is domain administrator and it seems sensible that all domain administrators have the right to modify the gpo (they have it at the NT ACLs level ...) | |||||
| 2010-09-26 | upgradeprovision: use the same case for hostname in reference provision as ↵ | Matthieu Patou | 1 | -1/+1 | |
| in the current provision Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104 | |||||
| 2010-09-26 | s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only | Andrew Tridgell | 1 | -1/+0 | |
| 2010-09-26 | s4-provision: switch to dns-HOSTNAME instead of dns | Andrew Tridgell | 4 | -25/+33 | |
| We now use a host specific account name for the DNS account, which is the account used for dynamic DNS updates. We also setup the servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN} and DNS/${DNSNAME} for compatibility with both the old and new SPNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
| 2010-09-26 | s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -1/+7 | |
| connections | |||||
| 2010-09-26 | s4-fsmo.py: Fix usage of 'paged_search' module for remote LDB connections | Kamen Mazdrashki | 1 | -2/+3 | |
| 2010-09-26 | s4-delete_object.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -2/+3 | |
| connections | |||||
| 2010-09-26 | s4-sec_descriptor.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -1/+9 | |
| connections | |||||
| 2010-09-26 | s4-ldap_schema.py: Remove unused LDB connection to GC port | Kamen Mazdrashki | 1 | -5/+0 | |
| 2010-09-26 | s4-dsdb_schema_info.py: Fix usage of 'paged_search' module for remote LDB ↵ | Kamen Mazdrashki | 1 | -6/+7 | |
| connections | |||||
| 2010-09-26 | s4-ldapcmp: Fix usage of 'paged_search' module for remote LDB connections | Kamen Mazdrashki | 1 | -2/+3 | |
| 2010-09-26 | s4-ldapcmp: Extend ldapcmp to be able to compare more than one context at a time | Kamen Mazdrashki | 1 | -20/+33 | |
| If no arguments given, ldapcmp will compare all NCs | |||||
| 2010-09-25 | Check in configure/Makefile for those projects that have waf as primary ↵ | Jelmer Vernooij | 4 | -0/+142 | |
| build system. | |||||
| 2010-09-25 | ldb: mark the location of a lot more ldb requests | Andrew Tridgell | 28 | -15/+109 | |
| 2010-09-25 | s4-dsdb: added tagging of requests in dsdb modules | Andrew Tridgell | 8 | -0/+30 | |
| this allows you to call dsdb_req_chain_debug() in gdb or when writing debug code to see the request chain | |||||
| 2010-09-25 | ldb: added request location tracking | Andrew Tridgell | 4 | -0/+39 | |
| this is used to help debug async ldb requests. The ldb request handle now contains a location string and the parent request pointer. This allows us to print a backtrace of ldb requests in the dsdb modules. | |||||
| 2010-09-25 | s4-repl: make getncchanges a bit less verbose | Andrew Tridgell | 1 | -1/+1 | |
| this should reduce some of the clutter in make test | |||||
| 2010-09-25 | s4-net: added --ipaddress option to net commands | Andrew Tridgell | 6 | -6/+13 | |
| this allows override of server IP address, bypassing NBT or DNS name resolution of DCs Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> | |||||
| 2010-09-25 | s4-pynet: added server keyword to Net() initialisation | Andrew Tridgell | 1 | -3/+7 | |
| this sets up server_address in the libnet context Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> | |||||
| 2010-09-25 | s4-libnet: added server_address option in libnet context | Andrew Tridgell | 3 | -1/+6 | |
| this is used by libnet_LookupDCs Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> | |||||
| 2010-09-25 | s4-finddcs: allow override of server IP address | Andrew Tridgell | 2 | -1/+37 | |
| this will be used to implement --ipaddress option to net commands Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> | |||||
| 2010-09-25 | s4-repl: don't store repsFrom on DNs other than NC heads | Andrew Tridgell | 1 | -0/+9 | |
| we don't want a refsFrom on the Rid Manage$ DN Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
| 2010-09-25 | s4-pycredentials: avoid a tallloc_free on ref | Andrew Tridgell | 1 | -1/+1 | |
| with the new py object structure, we need to unlink not free | |||||
| 2010-09-25 | s4-repl: use namingContexts from rootDSE to initialise partition list | Andrew Tridgell | 1 | -53/+36 | |
| this is preferable to looking for the hasMasterNCs attribute on nTDSDSA objects. | |||||
| 2010-09-25 | s4-repl: force on WRIT_REP when we are a writable replica | Andrew Tridgell | 1 | -4/+3 | |
| this ensures we always mark ourselves as writeable when we are not an RODC | |||||
| 2010-09-25 | s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsa | Andrew Tridgell | 1 | -5/+6 | |
| this avoids a list walk in the calling code | |||||
| 2010-09-25 | torture: fixed a valgrind error in SMB2-CREATE | Andrew Tridgell | 1 | -0/+6 | |
| the lock structure had uninitialised elements, so we sent a random length. This also adds a 1 byte write, so there is real data that is being truncated with the 2nd open | |||||
| 2010-09-25 | s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn. | Nadezhda Ivanova | 1 | -1/+1 | |
| 2010-09-24 | s4-waf: add NDR_EVENTLOG. | Günther Deschner | 1 | -2/+2 | |
| Guenther | |||||
| 2010-09-24 | s4-waf: rename subsystem NDR_LSAPRC to NDR_LSA. | Günther Deschner | 1 | -1/+1 | |
| Guenther | |||||
| 2010-09-24 | s4-kerberos Rework keytab handling to export servicePrincipalName entries | Andrew Bartlett | 4 | -129/+171 | |
| This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett | |||||
| 2010-09-24 | s4-selftest Run slow tests less often | Andrew Bartlett | 1 | -16/+12 | |
| These tests don't need to be run twice - basic parsing errors that will show up with the various options will be caught quite well by other tests. Andrew Bartlett | |||||
 |
index : samba | |
| Unnamed repository; edit this file 'description' to name the repository. | ben |
| summaryrefslogtreecommitdiff |