summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett2010-10-021-43/+35
| | | | | | | | | Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
* s4-kdc Rework 'allowed encryption types' handling in the KDCAndrew Bartlett2010-10-021-28/+44
| | | | | | | All DCs and all krbtgt servers are forced to use AES, regardless of the msDS-SecondaryKrbTgtNumber value. Andrew Bartlett
* s4-auth Add make_server_info_pac() to include 'resource domain' groupsAndrew Bartlett2010-10-022-5/+40
| | | | | | | | Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett
* s4-auth Allocate domain SIDs under the sids array, not server_infoAndrew Bartlett2010-10-021-1/+1
| | | | Andrew Bartlett
* heimdal use returned server entry from HDB to compare realmsAndrew Bartlett2010-10-021-1/+1
| | | | | | | | Some hdb modules (samba4) may change the case of the realm in a returned result. Use that to determine if it matches the krbtgt realm also returned from the DB (the DB will return it in the 'right' case) Andrew Bartlett
* samba: share readline wrappers among all buildsystems.Günther Deschner2010-10-0112-173/+8
| | | | Guenther
* samba: share select wrappers.Günther Deschner2010-10-011-45/+0
| | | | Guenther
* s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell2010-10-011-0/+3
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-rpmd: fixed a use after realloc bugAndrew Tridgell2010-10-011-2/+8
| | | | | | | we could use old_el after the base message had been re allocated, due to adding timestamps. We need to re-find the element before using it Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fail the transaction instead of asserting on errorAndrew Tridgell2010-10-011-2/+10
| | | | | | | | It is more useful to fail the transaction and give the user an error message than to assert when we have an error in the repl_meta_data module Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4: Add 'subunit-test' make target.Jelmer Vernooij2010-10-011-0/+3
|
* autobuild-remote: Support autobuild.py rather than land.py.Jelmer Vernooij2010-10-011-50/+0
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Fri Oct 1 09:46:37 UTC 2010 on sn-devel-104
* Remove land.py - it's been obsoleted by autobuild.py.Jelmer Vernooij2010-10-011-118/+0
|
* heimdal: added verbose logging of hemimdal crypto errorsAndrew Bartlett2010-09-301-2/+15
|
* s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRETAndrew Tridgell2010-09-301-0/+3
| | | | | | otherwise we don't get the secrets! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-spn: don't try and send an empty SPN listAndrew Tridgell2010-09-301-0/+2
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* selftest: Let selftest provide the tempdir, rather than creating it as ↵Jelmer Vernooij2010-10-012-6/+2
| | | | sideeffect of tests.py.
* selftest: fixed a selftest error on snAndrew Tridgell2010-09-301-1/+1
| | | | Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
* delete_object: Remove unnecessary pass calls.Jelmer Vernooij2010-10-011-7/+0
|
* s4-selftest: Remove unnecessary PYTHONPATH overrides.Jelmer Vernooij2010-10-011-6/+6
|
* s4-selftest: Normalize paths.Jelmer Vernooij2010-10-011-5/+5
|
* s4-selftest: Finish conversion of selftest.sh to Python.Jelmer Vernooij2010-10-012-104/+104
|
* s4-selftest: Convert tests.sh to Python.Jelmer Vernooij2010-10-012-544/+510
|
* s4-provision: wipe the old keytabs when provisioningAndrew Tridgell2010-09-302-7/+29
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytabAndrew Tridgell2010-09-301-2/+5
| | | | | | we need to fetch the msDS-keyVersionNumber from the writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell2010-09-302-0/+8
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-libnet: wipe the old keytab when exportingAndrew Tridgell2010-09-301-0/+2
| | | | | | this prevents confusion with old keytab entries Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: silence the domainFunctionality not setup warningAndrew Tridgell2010-09-301-1/+2
|
* s4-drs: added support for level 10 of getncchangesAndrew Tridgell2010-09-302-73/+112
| | | | added a simple mapping from req8
* LDAPCmp feature to compare nTSecurityDescriptorsZahari Zahariev2010-09-301-34/+252
| | | | | | | | | | | | | | | | | New feature that enables LDAPCmp users to find unmatched or missing ACEs in objects for the three naming contexts between DCs in one domain (default) or different domains. Comparing security descriptors is not the default action but attribute compatison. So to activate the new mode there is --sd switch. However there are two view modes to the new --sd action which are 'section' (default) or 'collision'. In 'section' mode you can only find differences connected to missing or value unmatched ACEs but not disorder unmatch if ACE values and count are the same. All of the mentioned differences plus disorder ACE unmatch you can observe under 'collision' view however it is more verbose. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-selftest: Add some more comments to skip file.Jelmer Vernooij2010-09-301-1/+4
|
* selftest: Eliminate some unnecessary spaces.Jelmer Vernooij2010-09-301-36/+36
|
* s4-drepl: don't call UpdateRefs on a RODCAndrew Tridgell2010-09-291-5/+11
| | | | | | we use the ADD_REF bit in getncchanges instead Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-drepl: fixed the checking of replica_flags in the drepl serverAndrew Tridgell2010-09-291-7/+0
| | | | | | we were incorrectly avoiding a getncchanges when WRIT_REP was not set Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-kcc: fixed the replica_flags in repsFrom in the kccAndrew Tridgell2010-09-291-31/+72
| | | | | | | if our calculated replica_flags doesn't match the ones in our repsFrom then update it Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-dns: send A record updates via TKEYAndrew Tridgell2010-09-301-1/+6
|
* s4-smbtorture: add new EnumPrinters test to test printername/servernameGünther Deschner2010-09-301-13/+207
| | | | | | behaviour in EnumPrinter and GetPrinter calls. Guenther
* s4-samldb: also set a password on the krbtgt_NNNN accountAndrew Tridgell2010-09-291-0/+11
| | | | | | | when we setup the krbtgt_NNNN account using the DCPROMO_OID control, we also need to set an initial password for this account Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-devel: added new options to getncchanges scriptAndrew Tridgell2010-09-291-9/+65
| | | | | | added --pas, --dest-dsa and --replica-flags options Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell2010-09-291-26/+130
| | | | | | | | | | | This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
* s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2010-09-292-12/+63
| | | | this checks securiity on the NC root of the specified naming context
* s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell2010-09-291-0/+16
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS callAndrew Tridgell2010-09-291-10/+57
| | | | | we can't do SPN updates via sam writes and replication, as the sam is read-only
* s4-drsutils: expose DsBind() call in drs_utils.pyAndrew Tridgell2010-09-291-37/+38
| | | | this will be used by samba_spnupdate
* s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpersAndrew Tridgell2010-09-292-0/+12
| | | | | | | | | | | Our helper scripts can fail on Fedora with the PDT timezone (Western USA). This is the same issue we found with Heimdal earlier today, the 24 second difference between GMT and UTC, but this time in MIT Kerberos as linked into bind9. By forcing TZ=GMT in these scripts we avoid the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-rodc: RODC should not accept requests for role transferNadezhda Ivanova2010-09-291-0/+12
| | | | | A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
* s4-provision: simplify our generated krb5.confAndrew Tridgell2010-09-281-14/+1
| | | | | | | | we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: RODC DCs should be able to produce forwardable ticketsAndrew Tridgell2010-09-281-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal: fixed timegm UTC/GMT bugAndrew Tridgell2010-09-281-15/+6
| | | | | | | | | | | This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell2010-09-281-4/+4
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-26 10:02:17 +0000