summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fixed incorrect use of cn instead of lDAPDisplayNameNadezhda Ivanova2010-06-291-2/+2
|
* s4:secrets Ensure secrets.ldb uses the same hooks as the rest of SambaAndrew Bartlett2010-06-292-46/+13
| | | | | | | This ensures that, for example, the utf8 functions are the same, the GUID handler is the same and the NOSYNC flag is applied. Andrew Bartlett
* s4:selftest Split out PKINIT tests from test_kinit.sh and test enc typesAndrew Bartlett2010-06-293-15/+83
| | | | | | | | | | | This allows us to run the PKINIT tests only against the main DC (for which the certificates were generated), while testing the available encryption types in each functional level. In particular, we need to assert that AES encryption is available in the 2008 functional level. Andrew Bartlett
* s4:kdc Rework the 'allowed enc types' calculationAndrew Bartlett2010-06-291-41/+35
| | | | | | | | | | This changes the calculation to apply the allowed enc types to all uses of the key (no point allowing a weak kinit to a key the server wanted strongly protected). It also ensures that all the non-DES keys are available on the krbtgt in particular, even as it does not have a msds-SupportedEncryptionTypes attributes. Andrew Bartlett
* s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDCAndrew Bartlett2010-06-291-0/+1
| | | | | | The KDC needs this to determine what encryption types an entry supports Andrew Bartlett
* s4:kerberos Add functions to convert msDS-SupportedEncryptionTypesAndrew Bartlett2010-06-292-0/+60
| | | | | | This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
* s4:libnet_join Fix typo in msDS-SupportedEncryptionTypesAndrew Bartlett2010-06-291-1/+1
|
* s4:provision Add an msDS-SupportedEncryptionTypes entry to our DCAndrew Bartlett2010-06-293-2/+35
| | | | | | | | This ensures that our DC will use all the available encyption types. (The KDC reads this entry to determine what the server supports) Andrew Bartlett
* build: only use git when found by configureAndrew Tridgell2010-06-293-17/+35
| | | | | | this rebuilds version.h whenever the git version changes, so we always get the right version with samba -V. That adds about 15s to the build time on each git commit, which shouldn't be too onerous
* build: allow LOAD_ENVIRONMENT() to pass when no configure has been runAndrew Tridgell2010-06-291-2/+5
| | | | this returns an empty environment
* build: allow always=True/False on SAMBA_GENERATOR()Andrew Tridgell2010-06-291-1/+5
| | | | | | | this allows us to force a rule to always run. Will be used by samba_version Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4/repl_meta_data: remove duplicated (and commented out) logKamen Mazdrashki2010-06-291-6/+0
|
* s4/ndr: Fix tuncating of constant to a 'long' typeKamen Mazdrashki2010-06-291-2/+2
|
* s4:lib/registry/ldb.c - add a missing braceMatthias Dieter Wallnöfer2010-06-281-1/+1
| | | | Sorry didn't check that earlier.
* s4:lib/registry/ldb.c - fix memory handling in "ldb_open_key"Matthias Dieter Wallnöfer2010-06-281-1/+4
|
* s4:lib/ldb/registry.c - handle the classname in the right wayMatthias Dieter Wallnöfer2010-06-281-1/+8
| | | | This is for "ldb_get_key_info".
* s4:lib/registry/ldb.c - remove really useless "local_ctx"Matthias Dieter Wallnöfer2010-06-281-8/+2
| | | | "mem_ctx" should fit for these few local allocations.
* s4:lib/registry/ldb.c - retrieve the classname correctly in ↵Matthias Dieter Wallnöfer2010-06-281-7/+6
| | | | "ldb_get_subkey_by_id"
* s4:lib/registry/ldb.c - change the "ldb_get_value" implementation to use the ↵Matthias Dieter Wallnöfer2010-06-281-20/+17
| | | | | | value cache and not an LDB lookup In addition this fixes the use of special characters in registry object names.
* s3: Change exit on immediate socket failure.Ira Cooper2010-06-281-4/+4
| | | | | | | This change makes it so socket errors early in the smbd child process cause orderly exits not coredumps. Signed-off-by: Jeremy Allison <jra@samba.org>
* s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvementMatthias Dieter Wallnöfer2010-06-281-3/+7
| | | | | We can save one search operation if "only_childs" is false and when we had no SID passed as extended DN component.
* s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/commentsMatthias Dieter Wallnöfer2010-06-281-9/+11
|
* s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where ↵Matthias Dieter Wallnöfer2010-06-281-3/+11
| | | | | | possible And always catch LDB errors
* selftest: Remove accidentally committed dummy test.Jelmer Vernooij2010-06-281-1/+0
|
* s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.Endi S. Dewata2010-06-281-3/+30
| | | | Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵Endi S. Dewata2010-06-281-0/+4
| | | | | | DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.Endi S. Dewata2010-06-281-6/+8
| | | | Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not ↵Endi S. Dewata2010-06-281-1/+8
| | | | | | available in the DN. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s3: Make some routines static in smbldapVolker Lendecke2010-06-282-4/+2
|
* s4:repl_meta_data LDB module - fix counter typeMatthias Dieter Wallnöfer2010-06-281-1/+1
|
* s4:acl LDB module - fix counter typeMatthias Dieter Wallnöfer2010-06-281-1/+2
|
* s4:dcesrv_drsuapi.c - fix a counter variableMatthias Dieter Wallnöfer2010-06-281-2/+1
|
* s4:selftest - also "rpc.samr.users.privileges" does work nowMatthias Dieter Wallnöfer2010-06-281-1/+0
|
* s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"Matthias Dieter Wallnöfer2010-06-281-3/+6
| | | | | | - Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code
* s4:knownfail - "pwdLastSet" test does work nowMatthias Dieter Wallnöfer2010-06-281-1/+0
|
* s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays also ↵Matthias Dieter Wallnöfer2010-06-281-1/+2
| | | | for s4
* s4:torture - SAMR password tests - activate support for password sets on ↵Matthias Dieter Wallnöfer2010-06-281-22/+17
| | | | level "18" and "21"
* s4:selftest - activate the lanman password changesMatthias Dieter Wallnöfer2010-06-281-0/+1
| | | | This is needed for a working "OemChangePasswordUser2" operation.
* s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviourMatthias Dieter Wallnöfer2010-06-281-1/+72
| | | | Behaviour as the torture SAMR passwords tests show.
* s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0Matthias Dieter Wallnöfer2010-06-281-0/+9
| | | | Taken from s3
* s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵Matthias Dieter Wallnöfer2010-06-281-0/+8
| | | | from s3 to s4
* s4:dcesrv_samr_SetUserInfo - implement password set level 21Matthias Dieter Wallnöfer2010-06-281-0/+33
|
* s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵Matthias Dieter Wallnöfer2010-06-281-0/+10
| | | | user password
* s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵Matthias Dieter Wallnöfer2010-06-281-1/+1
| | | | | | haven't activated the the lanman auth This is what s3 does.
* s4:samr_password.c - add a function which sets the password through ↵Matthias Dieter Wallnöfer2010-06-281-0/+48
| | | | | | encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21.
* s4-smbtorture: fix typo.Günther Deschner2010-06-281-1/+1
| | | | | | Not my day... Guenther
* s4:torture/rpc/samr.c - test_SetPassword_LastSet - fix "pwdLastSet" testMatthias Dieter Wallnöfer2010-06-281-33/+31
| | | | | | | | - Remove superflous checks (on level 18, 24, 26 we do always have "pwdLastSet" resets if "password_expired" > 0) - Fixed some bugs Signed-off-by: Günther Deschner <gd@samba.org>
* s4-smbtorture: add trustDomainPasswords blob test to LOCAL-NDR testsuite.Günther Deschner2010-06-281-0/+64
| | | | | | | | | | Our parsing of this struct is incorrect atm. and apparently also causes the s4 server to crash. Thanks to Sumit Bose <sbose@redhat.com> for providing the auth data retrieved from a w2k3 domain.msc operation. Guenther
* s3-registry: missed one perflib keyname delimiter.Günther Deschner2010-06-281-1/+1
| | | | Guenther
* s3: More cleanup in winbindd_ads.c:query_userVolker Lendecke2010-06-281-13/+10
| | | | We can't ads_msgfree after the ads struct has been killed. Do early returns.