summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell2010-09-302-0/+8
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-libnet: wipe the old keytab when exportingAndrew Tridgell2010-09-301-0/+2
| | | | | | this prevents confusion with old keytab entries Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: silence the domainFunctionality not setup warningAndrew Tridgell2010-09-301-1/+2
|
* autobuild: added much better email reportingAndrew Tridgell2010-09-301-10/+48
| | | | logs are now accessible via http://git.samba.org
* autobuild: fixed exit statusAndrew Tridgell2010-09-301-1/+1
| | | | this should fix the case where we don't send logs on failure
* s4-drs: added support for level 10 of getncchangesAndrew Tridgell2010-09-302-73/+112
| | | | added a simple mapping from req8
* LDAPCmp feature to compare nTSecurityDescriptorsZahari Zahariev2010-09-301-34/+252
| | | | | | | | | | | | | | | | | New feature that enables LDAPCmp users to find unmatched or missing ACEs in objects for the three naming contexts between DCs in one domain (default) or different domains. Comparing security descriptors is not the default action but attribute compatison. So to activate the new mode there is --sd switch. However there are two view modes to the new --sd action which are 'section' (default) or 'collision'. In 'section' mode you can only find differences connected to missing or value unmatched ACEs but not disorder unmatch if ACE values and count are the same. All of the mentioned differences plus disorder ACE unmatch you can observe under 'collision' view however it is more verbose. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s3: Add "smbcontrol winbindd ip-dropped <local-ip>"Volker Lendecke2010-09-306-0/+87
| | | | | | | | This is supposed to improve the winbind reconnect time after an ip address has been moved away from a box. Any kind of HA scenario will benefit from this, because winbindd does not have to wait for the TCP timeout to kick in when a local IP address has been dropped and DC replies are not received anymore.
* s3: Re-introduce a procid_self()Volker Lendecke2010-09-301-1/+1
| | | | | Giving the parent pid to reinit_after_fork is not a good idea.... None of the other callers do this, checked it.
* s3: Fix a typo in dump-domain-list smbcontrol usage msgVolker Lendecke2010-09-301-1/+1
|
* s4-selftest: Add some more comments to skip file.Jelmer Vernooij2010-09-301-1/+4
|
* selftest: Eliminate some unnecessary spaces.Jelmer Vernooij2010-09-301-36/+36
|
* selftest: Avoid accessing deprecated BaseException.message.Jelmer Vernooij2010-09-301-1/+1
| | | | Thanks to Andreas for pointing this out.
* subunit: Import new upstream snapshot (adds subunit_progress())Jelmer Vernooij2010-09-304-0/+80
|
* testtools: Import new upstream snapshot.Jelmer Vernooij2010-09-305-3/+49
|
* s4-drepl: don't call UpdateRefs on a RODCAndrew Tridgell2010-09-291-5/+11
| | | | | | we use the ADD_REF bit in getncchanges instead Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-drepl: fixed the checking of replica_flags in the drepl serverAndrew Tridgell2010-09-291-7/+0
| | | | | | we were incorrectly avoiding a getncchanges when WRIT_REP was not set Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-kcc: fixed the replica_flags in repsFrom in the kccAndrew Tridgell2010-09-291-31/+72
| | | | | | | if our calculated replica_flags doesn't match the ones in our repsFrom then update it Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* idl-drsuapi: fixed another replica_flags that should use the bitmapAndrew Tridgell2010-09-291-1/+1
| | | | Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-dns: send A record updates via TKEYAndrew Tridgell2010-09-301-1/+6
|
* s3-spoolss: make sure to exit early and with the appropriate error code inGünther Deschner2010-09-301-0/+4
| | | | | | _spoolss_GetPrinterDriver2. Guenther
* spoolss: use the correct flags for spoolss_PrinterInfo1 struct.Günther Deschner2010-09-301-1/+1
| | | | Guenther
* s3-spoolss: Fix servername/printername handling which turns out to be very ↵Günther Deschner2010-09-306-141/+189
| | | | | | important to get right. Guenther
* s4-smbtorture: add new EnumPrinters test to test printername/servernameGünther Deschner2010-09-301-13/+207
| | | | | | behaviour in EnumPrinter and GetPrinter calls. Guenther
* s4-samldb: also set a password on the krbtgt_NNNN accountAndrew Tridgell2010-09-291-0/+11
| | | | | | | when we setup the krbtgt_NNNN account using the DCPROMO_OID control, we also need to set an initial password for this account Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-devel: added new options to getncchanges scriptAndrew Tridgell2010-09-291-9/+65
| | | | | | added --pas, --dest-dsa and --replica-flags options Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell2010-09-291-26/+130
| | | | | | | | | | | This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2010-09-292-12/+63
| | | | this checks securiity on the NC root of the specified naming context
* util: added BINARY_ARRAY_SEARCH_V()Andrew Tridgell2010-09-291-0/+16
| | | | this is used to search an array of values
* s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell2010-09-291-0/+16
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* libds: added more UF_ -> ACB_ flags mappingsAndrew Tridgell2010-09-292-2/+5
| | | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
* midltests: add midltests-pipe-sync-ndr32-downgrade-02.idlStefan Metzmacher2010-09-292-0/+3566
| | | | metze
* midltests: support for fragmented RPC trafficStefan Metzmacher2010-09-291-5/+57
| | | | metze
* midltests: print out the alloc_hint for requests and responsesStefan Metzmacher2010-09-291-4/+4
| | | | metze
* midltests: improve NDR64 downgradeStefan Metzmacher2010-09-291-4/+21
| | | | metze
* midltests: revert to a simple default midltests.idlStefan Metzmacher2010-09-291-248/+3
| | | | metze
* s3-waf: add basic make test infrastructure, not able to test yet.Günther Deschner2010-09-293-0/+158
| | | | Guenther
* s3-waf: clean up socket-wrapper and nss-wrapper a little.Günther Deschner2010-09-291-15/+5
| | | | Guenther
* s3-waf: add vlp binary.Günther Deschner2010-09-291-0/+5
| | | | Guenther
* s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS callAndrew Tridgell2010-09-291-10/+57
| | | | | we can't do SPN updates via sam writes and replication, as the sam is read-only
* s4-drsutils: expose DsBind() call in drs_utils.pyAndrew Tridgell2010-09-291-37/+38
| | | | this will be used by samba_spnupdate
* s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpersAndrew Tridgell2010-09-292-0/+12
| | | | | | | | | | | Our helper scripts can fail on Fedora with the PDT timezone (Western USA). This is the same issue we found with Heimdal earlier today, the 24 second difference between GMT and UTC, but this time in MIT Kerberos as linked into bind9. By forcing TZ=GMT in these scripts we avoid the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-rodc: RODC should not accept requests for role transferNadezhda Ivanova2010-09-291-0/+12
| | | | | A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
* s4-provision: simplify our generated krb5.confAndrew Tridgell2010-09-281-14/+1
| | | | | | | | we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: RODC DCs should be able to produce forwardable ticketsAndrew Tridgell2010-09-281-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal: fixed timegm UTC/GMT bugAndrew Tridgell2010-09-281-15/+6
| | | | | | | | | | | This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell2010-09-281-4/+4
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb-dn: don't crash on NULL in ldb_binary_encode_string()Andrew Tridgell2010-09-281-0/+3
| | | | Thanks to Nadya for finding this one!
* s4-kdc Ensure that an RODC may act as a server (needed to fillAndrew Bartlett2010-09-281-5/+24
| | | | | | the krbtgt role). Andrew Bartlett
* heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett2010-09-283-1/+35
| | | | | | | If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-26 17:21:55 +0000