summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s4:srvsvc: Fix logic on error checking.Andrew Kroeger2009-09-101-6/+6
|
* s4:pwsettings: Added blackbox tests.Andrew Kroeger2009-09-102-0/+30
| | | | | | The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
* testprogs:subunit.sh: Add function for expected failures.Andrew Kroeger2009-09-101-0/+15
| | | | | | | The testit_expect_failure() function is like the testit() function, with reversed error detection logic. This reversal only affects the pass/fail logic and logging - the original return code from the command is still returned to the calling script.
* s4:pwsettings: Show default values in help messages.Andrew Kroeger2009-09-101-4/+4
|
* s4:pwsettings: Add 'default' option for password complexity.Andrew Kroeger2009-09-101-2/+2
|
* s4:pwsettings: Added validation.Andrew Kroeger2009-09-101-4/+26
| | | | | | | | | | Validate that each field is within its allowed range. Also validate that the maximum password age is greater than the minimum password length (if the maximum password age is set). I could not find these values documented anywhere in the WSPP docs. I used the values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs the validation of values.
* s4:pwsettings: Don't assume a value for pwdProperties.Andrew Kroeger2009-09-101-2/+2
| | | | | | | If we cannot retrieve the value, do not assume a particular value. The fact that we could not retrieve the value indicates a larger problem that we don't want to make worse bypossibly clearing bit fields in the pwdProperties attribute.
* s4:pwsettings: Run all updates as a single modify() operation.Andrew Kroeger2009-09-101-31/+19
| | | | | | This ensures that all changes are made, or none are made. It also makes it possible to do validation as we go and abort in case of an error, while always leaving things in a consistent state.
* s4:pwsettings: Added --quiet option.Andrew Kroeger2009-09-101-16/+17
| | | | | Also changed all non-error status output to use the message() function, which respects the --quiet option.
* s4:netlogon - Put the "supported encryption types" more back in the ↵Matthias Dieter Wallnöfer2009-09-101-6/+8
| | | | | | "LogonGetDomainInfo" call They're needed only at the end.
* Revert "s4: Let the "setpassword" script finally use the ↵Matthias Dieter Wallnöfer2009-09-102-70/+9
| | | | | | | | | "samdb_set_password" routine" This reverts commit fdd62e9699b181a140292689fcd88a559bc26211. abartlet and I agreed that this isn't the right way to enforce the password policies. Sooner or later we've to control them anyway on the directory level.
* s4/torture: fixed lots of crash bugs in the DRS testsAndrew Tridgell2009-09-101-17/+19
|
* s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAPAndrew Bartlett2009-09-101-31/+30
| | | | | | | | We need to be more careful to do the cleanup functions for the right backend. In future, these perhaps should be provided by the ProvisionBackend class. Andrew Bartlett
* s4/drs: enable attribute encryptionAndrew Tridgell2009-09-101-6/+41
| | | | | This means we now get passwords vampired correctly for s4<->s4 replication.
* s4: kludge_acl needs to be above repl_meta_dataAndrew Tridgell2009-09-101-2/+2
| | | | | We have to bypass kludge_acl in replication as otherwise we aren't allowed access to the password entries
* s4/repl: give a useful error message if we can't decode an objectAndrew Tridgell2009-09-101-1/+4
|
* libcli: added a drsuapi attribute encryption functionAndrew Tridgell2009-09-102-11/+78
|
* libcli:drsuapi Add function to encrypt data for transport over DRSUAPIAndrew Bartlett2009-09-101-0/+102
| | | | | | This is for the server side of the GetNCChanges call. Andrew Bartlett
* s4/drs: changed the UpdateRefs server to use the dn instead of the GUIDAndrew Tridgell2009-09-101-27/+18
| | | | | | | | | Our vampire code sends a zero GUID in the updaterefs calls. Windows seems to ignore the GUID and use the DN in the naming context instead, so I have changed our UpdateRefs server implementation to do the same. With this change we can now vampire from s4<->s4 successfully! Now to see if all the attributes came across correctly.
* OPC oota editsJohn H Terpstra2009-09-091-6/+6
|
* s4/drs: correctly fill in the GUID of DRS objectsAndrew Tridgell2009-09-101-1/+1
|
* s4: fix spellingAndrew Tridgell2009-09-101-1/+1
|
* s4/provision: another fix for breakage from b1dabb1133Andrew Tridgell2009-09-101-6/+8
|
* s4:provision Don't reference provision_backend when using LDBAndrew Bartlett2009-09-101-1/+3
| | | | | | This broke in Endi's patch for Fedora DS support Andrew Bartlett
* s4/torture: don't mix declarations and codeAndrew Tridgell2009-09-101-22/+22
|
* s4: regenerate drsuapi IDLAndrew Tridgell2009-09-102-0/+24
|
* s4/schema: teach the schema_syntax code how to encode/decode more attributesAndrew Tridgell2009-09-101-0/+104
| | | | | | | We were trying to encode strings like 'top' as integers, without first looking them up in our schema. We need special handling for all the attributes that contain attributeID_id or governsID_id fields that should be translated first before encoding.
* s4/schema: don't crash if we don't have subClassOfAndrew Tridgell2009-09-101-2/+7
|
* s4/drsuapi: tech the IDL about some more key attribute namesAndrew Tridgell2009-09-101-0/+8
|
* s4: Use SASL authentication against Fedora DS.Endi Sukma Dewata2009-09-106-23/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | 1. During instance creation the provisioning script will import the SASL mapping for samba-admin. It's done here due to missing config schema preventing adding the mapping via ldapi. 2. After that it will use ldif2db to import the cn=samba-admin user as the target of SASL mapping. 3. Then it will start FDS and continue to do provisioning using the Directory Manager with simple bind. 4. The SASL credentials will be stored in secrets.ldb, so when Samba server runs later it will use the SASL credentials. 5. After the provisioning is done (just before stopping the slapd) it will use the DM over direct ldapi to delete the default SASL mappings included automatically by FDS, leaving just the new samba-admin mapping. 6. Also before stopping slapd it will use the DM over direct ldapi to set the ACL on the root entries of the user, configuration, and schema partitions. The ACL will give samba-admin the full access to these partitions. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:docs: Add info about how to obtain cifs module in cifs mount helper manpageVolker Lendecke2009-09-091-0/+8
|
* Fix compile in a usually non-selected define.Jeremy Allison2009-09-091-1/+1
| | | | Jeremy.
* s3:smbd: Add a "hidden" parameter "share:fake_fscaps"Volker Lendecke2009-09-091-0/+3
| | | | | | | | | | | This is needed to support some special app I've just come across where I had to set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There might be others to fake. This is definitely a "Don't touch if you don't know what you're doing" thing, so I decided to make this an undocumented parametric parameter. I know this sucks, so feel free to beat me up on this. But I don't think it will hurt.
* s3:examples:ldap: allow substing search on more attributes in nds schema fileBjörn Jacke2009-09-091-2/+2
|
* s4/torture: add new SMB oplock testsAravind Srinivasan2009-09-091-2/+397
| | | | | * test if oplocks are granted when requesting delete-on-close * test how oplocks are broken by byte-range-lock requests
* s4/torture: convert printf to torture_comment()Aravind Srinivasan2009-09-091-6/+9
| | | | Allows "make test" and other harnesses to print cleaner output.
* s3:examples:ldap: fix some OIDs in various schema filesBjörn Jacke2009-09-094-13/+13
|
* s4/drs: when we don't find an attribute use zero valuesAndrew Tridgell2009-09-101-19/+10
| | | | thanks to metze for pointing this out
* s4/vampire: fixed i/j index mixup in vampire codeAndrew Tridgell2009-09-101-3/+3
|
* s4:drs match the meta_data and attributes arrayAndrew Tridgell2009-09-091-16/+46
| | | | | These two arrays need to be in sync, as they are walked in sync by the client
* s4/drs: broke out the core of the getncchanges codeAndrew Tridgell2009-09-091-81/+96
| | | | It is easier to understand without the heavy nesting
* s4:drs level_out is a pointerAndrew Tridgell2009-09-091-1/+1
| | | | DsAddEntry now seems to work for simple tests
* s4:drs split addentry and getncchanges into separate filesAndrew Tridgell2009-09-097-292/+375
| | | | | These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
* Added "admin_session" method.Nadezhda Ivanova2009-09-094-1/+223
| | | | | | The purpose of admin_session is to be able to execute parts of provisioning as the user Administrator in order to have the correct group and owner in the security descriptors. To be used for provisioning and tests only.
* s4/repl: implement DsReplicaSyncAndrew Tridgell2009-09-093-5/+68
| | | | | | | | | | | This patch implements DsReplicaSync by passing the call via irpc to the repl server task. The repl server then triggers an immediate replication of the specified partition. This means we no longer need to set a small value for dreplsrv:periodic_interval to force frequent DRS replication. We can now wait for the DC to send us a ReplicaSync msg for any partition that changes, and we immediately sync that partition.
* s4/repl: added refresh of repsToAndrew Tridgell2009-09-091-1/+87
| | | | | | | | | I've found that w2k3 deletes the repsTo records we carefully created in the vampire join if we don't refresh them frequently. After about 30mins all 3 repsTo records are gone. This patch adds automatic refresh of the repsTo by calling DSReplicaUpdateRefs every time we do a sync cycle with the server
* s4: fixed format of repsTo in samdbAndrew Tridgell2009-09-095-353/+70
| | | | | | | Metze pointed out what the windows tool ldp.exe will examine repsTo attributes on remote DCs, so we do in fact need to use the same format that windows uses. This patch changes the server side implementation of UpdateRefs to use the windows format
* s4: allow repl:RODC=true/false to set ourselves as a RODCAndrew Tridgell2009-09-091-2/+6
| | | | | I think this is what windows DCs use to see that we are read-only, but I am not sure. Needs more testing.
* s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server ↵Günther Deschner2009-09-091-1/+1
| | | | | | | | | | principal. Patch from Robert LeBlanc <robert@leblancnet.us>. Thanks! Guenther
* ntlmssp: avoid duplicate inclusion of helper headers.Günther Deschner2009-09-091-1/+0
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-09-25 21:00:16 +0000