summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-dns: use the generated krb5.conf in samba_dnsupdateAndrew Tridgell2010-09-271-0/+5
| | | | | | | this gives one less thing that an admin can get wrong Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
* s4-provision: fixed the generation of the krb5.conf for vampireAndrew Tridgell2010-09-271-6/+6
| | | | we need a correct krb5.conf for nsupdate from bind9
* s4-ldbmodules: Added new module aclread to handle access checks on LDAP searchNadezhda Ivanova2010-09-264-0/+327
| | | | | | | It is currently enabled only if the request comes from the LDAP server, and is disabled by default. Use acl:search=true in smb.conf to enable it. It filters out all objects the user is not allowed to see, and all attributes the user does not have RP on. Extended access not supported yet.
* s4-tests: Added tests for search checks on attributesNadezhda Ivanova2010-09-262-5/+102
| | | | | The ACL reach tests are in the knowfail because aclread module is not enabled by default
* s4-tests: Removed search tests with anonymous credentials as they fail ↵Nadezhda Ivanova2010-09-262-4/+4
| | | | | | againts Windows These tests will fail in make test as well if the acl_read module is enabled.
* s4-dsdb: Added a function to check access on a particular object by its guidNadezhda Ivanova2010-09-261-0/+37
| | | | Similar to dsdb_check_access_on_dn, only it searches by guid.
* s4-dsdb: A helper to determine if an attribute is part of the search filterNadezhda Ivanova2010-09-261-0/+46
|
* s4-dsdb: Moved some helper functions to a separate fileNadezhda Ivanova2010-09-265-222/+260
| | | | We need these to be accessible to the aclread module as well.
* s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova2010-09-263-0/+6
|
* s4:schannel: handle move flag combinations in the serverStefan Metzmacher2010-09-261-13/+23
| | | | | | This fixes some testsuites in the CIFS plugfest. metze
* s4-auth: fixed the SID list for DCs in the PACAndrew Tridgell2010-09-264-29/+16
| | | | | | | | | | | the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
* s4-drs: use the system sam_ctx for updaterefsAndrew Tridgell2010-09-261-8/+9
| | | | this is needed for RODC clients calling updaterefs
* s4-spn: don't try to do SPN updates as a RODCAndrew Tridgell2010-09-261-0/+4
| | | | we don't have the permissions to do it
* s4-kerberos Don't segfault if the password isn't specified in keytab generationAndrew Bartlett2010-09-261-0/+7
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
* upgradeprovision: fix a typoMatthieu Patou2010-09-261-1/+1
|
* upgradeprovision: Fix a bug with renamed entriesMatthieu Patou2010-09-261-2/+13
| | | | | The SD was not refetched for renamed entries, resulting with a try to add an additional SD when there was already one.
* upgradeprovision: fix a bug with not updated linksMatthieu Patou2010-09-261-0/+1
|
* s4 provision: start with gpo of version 0 and be consistent between ↵Matthieu Patou2010-09-262-3/+3
| | | | different policies
* s4 upgradeprovision: fix a bug with empty reference objectsMatthieu Patou2010-09-261-1/+9
| | | | Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
* s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo ↵Matthieu Patou2010-09-261-3/+3
| | | | valid
* s4 provision: Make GPO folder group writableMatthieu Patou2010-09-261-3/+3
| | | | | | The group of this folder is domain administrator and it seems sensible that all domain administrators have the right to modify the gpo (they have it at the NT ACLs level ...)
* upgradeprovision: use the same case for hostname in reference provision as ↵Matthieu Patou2010-09-261-1/+1
| | | | | | | in the current provision Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
* s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account onlyAndrew Tridgell2010-09-261-1/+0
|
* s4-provision: switch to dns-HOSTNAME instead of dnsAndrew Tridgell2010-09-264-25/+33
| | | | | | | | | We now use a host specific account name for the DNS account, which is the account used for dynamic DNS updates. We also setup the servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN} and DNS/${DNSNAME} for compatibility with both the old and new SPNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB ↵Kamen Mazdrashki2010-09-261-1/+7
| | | | connections
* s4-fsmo.py: Fix usage of 'paged_search' module for remote LDB connectionsKamen Mazdrashki2010-09-261-2/+3
|
* s4-delete_object.py: Fix usage of 'paged_search' module for remote LDB ↵Kamen Mazdrashki2010-09-261-2/+3
| | | | connections
* s4-sec_descriptor.py: Fix usage of 'paged_search' module for remote LDB ↵Kamen Mazdrashki2010-09-261-1/+9
| | | | connections
* s4-ldap_schema.py: Remove unused LDB connection to GC portKamen Mazdrashki2010-09-261-5/+0
|
* s4-dsdb_schema_info.py: Fix usage of 'paged_search' module for remote LDB ↵Kamen Mazdrashki2010-09-261-6/+7
| | | | connections
* s4-ldapcmp: Fix usage of 'paged_search' module for remote LDB connectionsKamen Mazdrashki2010-09-261-2/+3
|
* s4-ldapcmp: Extend ldapcmp to be able to compare more than one context at a timeKamen Mazdrashki2010-09-261-20/+33
| | | | If no arguments given, ldapcmp will compare all NCs
* Check in configure/Makefile for those projects that have waf as primary ↵Jelmer Vernooij2010-09-254-0/+142
| | | | build system.
* ldb: mark the location of a lot more ldb requestsAndrew Tridgell2010-09-2528-15/+109
|
* s4-dsdb: added tagging of requests in dsdb modulesAndrew Tridgell2010-09-258-0/+30
| | | | | this allows you to call dsdb_req_chain_debug() in gdb or when writing debug code to see the request chain
* ldb: added request location trackingAndrew Tridgell2010-09-254-0/+39
| | | | | | this is used to help debug async ldb requests. The ldb request handle now contains a location string and the parent request pointer. This allows us to print a backtrace of ldb requests in the dsdb modules.
* s4-repl: make getncchanges a bit less verboseAndrew Tridgell2010-09-251-1/+1
| | | | this should reduce some of the clutter in make test
* s4-net: added --ipaddress option to net commandsAndrew Tridgell2010-09-256-6/+13
| | | | | | | this allows override of server IP address, bypassing NBT or DNS name resolution of DCs Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
* s4-pynet: added server keyword to Net() initialisationAndrew Tridgell2010-09-251-3/+7
| | | | | | this sets up server_address in the libnet context Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
* s4-libnet: added server_address option in libnet contextAndrew Tridgell2010-09-253-1/+6
| | | | | | this is used by libnet_LookupDCs Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
* s4-finddcs: allow override of server IP addressAndrew Tridgell2010-09-252-1/+37
| | | | | | this will be used to implement --ipaddress option to net commands Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
* s4-repl: don't store repsFrom on DNs other than NC headsAndrew Tridgell2010-09-251-0/+9
| | | | | | we don't want a refsFrom on the Rid Manage$ DN Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell2010-09-251-1/+1
| | | | with the new py object structure, we need to unlink not free
* s4-repl: use namingContexts from rootDSE to initialise partition listAndrew Tridgell2010-09-251-53/+36
| | | | | this is preferable to looking for the hasMasterNCs attribute on nTDSDSA objects.
* s4-repl: force on WRIT_REP when we are a writable replicaAndrew Tridgell2010-09-251-4/+3
| | | | | this ensures we always mark ourselves as writeable when we are not an RODC
* s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsaAndrew Tridgell2010-09-251-5/+6
| | | | this avoids a list walk in the calling code
* torture: fixed a valgrind error in SMB2-CREATEAndrew Tridgell2010-09-251-0/+6
| | | | | | | | the lock structure had uninitialised elements, so we sent a random length. This also adds a 1 byte write, so there is real data that is being truncated with the 2nd open
* s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn.Nadezhda Ivanova2010-09-251-1/+1
|
* s4-waf: add NDR_EVENTLOG.Günther Deschner2010-09-241-2/+2
| | | | Guenther
* s4-waf: rename subsystem NDR_LSAPRC to NDR_LSA.Günther Deschner2010-09-241-1/+1
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-09-26 21:12:49 +0000