samba.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	s4-kdc Rework supported encryption type logic to match Microsoft	Andrew Bartlett	2010-11-16	1	-37/+16
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Thanks to Hongwei Sun for the clear description of the algorithim involved. Importantly, it isn't possible to remove encryption types from the list, only to add them over the defaults (DES and arcfour-hmac-md5, and additional AES for DCs and RODCs). This changes the behaviour for entries with msDS-supportedEncryptionTypes: 0, which Angelos Oikonomopoulos reported finding set by ADUC when attempting to store cleartext passwords. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 16 21:24:43 UTC 2010 on sn-devel-104
*	s4:acl LDB module - use also here "dsdb_find_nc_root" to implement the ↵	Matthias Dieter Wallnöfer	2010-11-16	1	-28/+57
\| \| \| \| \| \| \|	NC-specific checks Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 16 15:12:13 UTC 2010 on sn-devel-104
*	s4:descriptor LDB module - also "get_default_ag" should make use of ↵	Matthias Dieter Wallnöfer	2010-11-16	1	-12/+12
\| \| \| \|	"dsdb_find_nc_root"
*	s4:descriptor LDB module - handle the NCs in a more generic way by using ↵	Matthias Dieter Wallnöfer	2010-11-16	1	-10/+22
\| \| \| \|	"dsdb_find_nc_root"
*	s4:"dsdb_find_nc_root" - let it work also when the "namingContexts" ↵	Matthias Dieter Wallnöfer	2010-11-16	1	-8/+34
\| \| \| \| \| \|	attribute isn't available yet This is needed on provisioning when the modules aren't set up yet.
*	s4:descriptor LDB module - make more clear that special control entries ↵	Matthias Dieter Wallnöfer	2010-11-16	1	-0/+7
\| \| \| \|	never should be handled by modules
*	s4:objectclass LDB module - the "olddn" is the special DN for rename requests	Matthias Dieter Wallnöfer	2010-11-16	1	-1/+1
\|
*	s4-schema_load: Don't clean in_transaction flag until transaction is really ↵	Kamen Mazdrashki	2010-11-16	1	-7/+6
\| \| \| \| \| \| \|	finished Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Nov 16 11:00:35 UTC 2010 on sn-devel-104
*	s4:subtree_rename LDB module - make use of "dsdb_find_nc_root"	Matthias Dieter Wallnöfer	2010-11-16	1	-22/+27
\| \| \| \| \| \| \|	This is exactly what's needed there. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 16 08:42:07 UTC 2010 on sn-devel-104
*	s4:objectclass LDB module - free "nc_root" after name context comparisons	Matthias Dieter Wallnöfer	2010-11-16	1	-0/+2
\|
*	s4-test: fixes for test-howto.py	Andrew Tridgell	2010-11-16	2	-25/+36
\| \| \| \| \| \| \| \|	this fixes some timing issues, plus ensures we test both with and without kerberos Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Nov 16 07:58:55 UTC 2010 on sn-devel-104
*	s4-spoolss: fixed warning in call to torture_warning()	Andrew Tridgell	2010-11-16	1	-2/+2
\|
*	s4-eventlog: fixed dcerpc handle return	Andrew Tridgell	2010-11-16	1	-4/+12
\|
*	samba-tool Add test for --store-plaintext	Andrew Bartlett	2010-11-16	1	-1/+1
\| \| \| \| \|	Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 16 06:29:04 UTC 2010 on sn-devel-104
*	Update dcerpc_server.pc library name to match reality.	Brad Hards	2010-11-16	1	-1/+1
\|
*	samba-tool pwsettings Allow setting 'store cleartext'	Andrew Bartlett	2010-11-16	1	-2/+17
\| \| \| \| \| \|	This allows the 'store cleartext' password policy flag to be (un)set. Andrew Bartlett
*	s4-ldif_handlers Add handler for printing supplementalCredentials	Andrew Bartlett	2010-11-16	2	-1/+24
\|
*	s4-test_kinit Add tests for lowercase realm combinations	Andrew Bartlett	2010-11-16	1	-0/+4
\| \| \| \| \| \| \|	This tests that the handling of lowercase realms works in our KDC and libraries. Andrew Bartlett
*	heimdal Build ticket with the canonical server name	Andrew Bartlett	2010-11-16	1	-1/+1
\| \| \| \| \| \| \|	We need to use the name that the HDB entry returned, otherwise we will not canonicalise the reply as requested. Andrew Bartlett
*	s4-kdc Fix the realm handling again, this time pay attention to the flags	Andrew Bartlett	2010-11-16	1	-20/+20
\| \| \| \| \| \| \| \| \|	The KDC sets different flags for the AS-REQ (this is client-depenent) and the TGS-REQ to determine if the realm should be forced to the canonical value. If we do this always, or do this never, we get into trouble, so it's much better to honour the flags we are given. Andrew Bartlett
*	s4-kdc use 'flags' to only create the 'admin data' elements when requested	Andrew Bartlett	2010-11-16	1	-15/+19
\| \| \| \| \| \|	This avoids setting these values when the caller simply does not care Andrew Bartlett
*	s4-kdc Add 'flags' parameter to db fetch calls	Andrew Bartlett	2010-11-16	1	-8/+35
\| \| \| \| \| \|	This will allow these calls to honour the flags passed in from the KDC Andrew Bartlett
*	waf: added --git-local-changes configure option	Andrew Tridgell	2010-11-16	5	-29/+38
\| \| \| \| \| \| \| \| \| \| \| \| \|	if you use --git-local-changes then the version number that waf extracts from git will have a '+' on the end if you have local changes, as determined by running 'git diff'. This used to be the default, but unfortunately it is far too slow on some systems. On a NFS build system I was using the first line of configure took about 2 minutes. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Nov 16 01:51:54 UTC 2010 on sn-devel-104
*	s4-kdc Don't regenerate the PAC for cross-realm tickets	Andrew Bartlett	2010-11-15	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \|	We should never get a cross-realm ticket that was not issued by a full DC, but if someone claims to have such a thing, reject it rather than segfaulting on the NULL client pointer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 23:59:34 UTC 2010 on sn-devel-104
*	s4-kdc Don't always regenerate the PAC	Andrew Bartlett	2010-11-15	1	-2/+4
\| \| \| \| \| \| \| \| \|	The PAC was being regenerated on all normal DCs, because they don't have a msDS-SecondaryKrbTgtNumber attribute. Instead we need to check if it's set and not equal to our RODC number, allowing RODCs to trust the full DCs and itself, but not other RODCs. Andrew Bartlett
*	heimdal Fetch the client before the PAC check, but after obtaining krbtgt_out	Andrew Bartlett	2010-11-15	1	-31/+30
\| \| \| \| \| \| \| \|	By checking the client principal here, we compare the realm based on the normalised realm, but do so early enough to validate the PAC (and regenerate it if required). Andrew Bartlett
*	s4-gensec Indicate if GENSEC is in client or server mode in the debug	Andrew Bartlett	2010-11-15	1	-2/+4
\|
*	s4:heimdal - fix the return code of a non-void function	Matthias Dieter Wallnöfer	2010-11-15	1	-0/+2
\| \| \| \| \|	Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 23:14:57 UTC 2010 on sn-devel-104
*	s4:torture/basic/base.c - fix output warnings regarding "time_t"	Matthias Dieter Wallnöfer	2010-11-15	1	-2/+4
\| \| \| \|	"time_t" is generally "long int".
*	s4:objectclass LDB module - improve the default name context checking on ↵	Matthias Dieter Wallnöfer	2010-11-15	1	-16/+12
\| \| \| \| \| \|	modifications Pointed out by abartlet
*	s4-join: not all versions of w2003 have msDS-SupportedEncryptionTypes	Andrew Tridgell	2010-11-15	1	-2/+4
\| \| \| \| \|	Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 15 22:28:16 UTC 2010 on sn-devel-104
*	s4-devel: a script to test the Samba4 HOWTO	Andrew Tridgell	2010-11-15	2	-0/+605
\| \| \| \| \| \| \| \| \| \|	This provides a script that allows testing of most of the steps of the Samba4 HOWTO. The big difference between this and 'make test' is that it test against windows, using pexpect to control windows boxes via telnet. The info about VMs and other parameters are in separate conf files. I've included a sample config file that I use on my laptop.
*	net: Add and fix some German translation	André Hentschel	2010-11-15	1	-4/+4
\| \| \| \| \| \| \| \| \|	typo spotted by Michael Wood Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Mon Nov 15 21:44:39 UTC 2010 on sn-devel-104
*	s4:objectclass LDB module - implement the "objectClass" change restrictions ↵	Matthias Dieter Wallnöfer	2010-11-15	1	-0/+25
\| \| \| \| \| \| \|	on Windows 2000 forest function level Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
*	heimdal_base: Fix include path so heim_threads.h can be found.	Jelmer Vernooij	2010-11-15	1	-1/+1
\| \| \| \| \|	Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 15 12:26:53 UTC 2010 on sn-devel-104
*	smb_server: Build as shared module.	Jelmer Vernooij	2010-11-15	3	-3/+3
\|
*	heimdal_base: Add missing dependency on replace.	Jelmer Vernooij	2010-11-15	1	-1/+1
\|
*	nbtd: Build service as shared module.	Jelmer Vernooij	2010-11-15	2	-6/+7
\|
*	waf: fixed configure again on RHEL5	Andrew Tridgell	2010-11-15	1	-1/+1
\| \| \| \| \| \| \|	the fancier cmd_output() broke git versioning Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 15 11:33:41 UTC 2010 on sn-devel-104
*	s4-dns: added --fail-immediately option to samba_dnsupdate	Andrew Tridgell	2010-11-15	1	-1/+13
\| \| \| \|	this is useful for manual testing
*	s4-dns: fixed registration of multiple IPs in samba_dnsupdate	Andrew Tridgell	2010-11-15	1	-1/+1
\| \| \| \| \| \|	bitten by python object references again! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
*	heimdal Fix handling of backwards cross-realm detection for Samba4	Andrew Bartlett	2010-11-15	1	-18/+48
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components. The easy way to keep this test passing is to consider also what we need to do to get the krbtgt account for the PAC signing - and to use krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use that resutl for realm comparion. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104
*	s4-kdc Fix realm handling in our KDC	Andrew Bartlett	2010-11-15	1	-38/+6
\| \| \| \| \| \| \|	we should reset the realm part of the principal, but not the lowercase realm embedded in the 'krbtgt/realm@REALM'. Andrew Bartlett
*	s4: Build ldap and samba3_smb services as shared modules.	Jelmer Vernooij	2010-11-15	4	-5/+7
\| \| \| \| \|	Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
*	cldap: Build as shared module.	Jelmer Vernooij	2010-11-15	2	-1/+2
\|
*	kdc: Build as shared module by default.	Jelmer Vernooij	2010-11-15	1	-0/+1
\|
*	auth/ntlm: Use name consistent with other service names.	Jelmer Vernooij	2010-11-15	1	-1/+1
\|
*	auth/gensec Handle incorrect username or password in Kerberos client code	Andrew Bartlett	2010-11-15	2	-0/+3
\| \| \| \| \| \| \|	Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
*	s4-kdc update startup routines after heimdal update	Andrew Bartlett	2010-11-15	1	-1/+13
\| \| \| \| \| \| \|	We should check the errors from krb5_kdc_windc_init and we now need to additionally run krb5_kdc_pkinit_config() Andrew Bartlett
*	s4-kdc Remove use of heimdal private headers in kpasswd server.	Andrew Bartlett	2010-11-15	1	-16/+3
\| \| \| \| \| \| \|	This remains an abuse, because it relies on setting into the krb5_principal structure, but at least it causes less trouble for the server. Andrew Bartlett