summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* s4:various scripts under "setup" - UnificationMatthias Dieter Wallnöfer2009-09-184-73/+74
| | | | | | | - This unified the shape of those four scripts (comments, command sequence, call of SamDB) - To consider the samdb.py changes regarding the filter: there is now always the possibility either to specify the username or the search filter
* s4:domainlevel/pwsettings - Remove unused importMatthias Dieter Wallnöfer2009-09-182-2/+0
|
* s4:samdb.py - Unification of the interfacesMatthias Dieter Wallnöfer2009-09-182-38/+54
| | | | | | | | | - When a user account is requested by a call always the search filter will be passed as argument. This helps us to unify the API - Add/fix some comments; in particular new comments inform the developer which requirements exist if he wants to use calls which manipulate the "userPassword" attribute (On s4 no problem - but on certain domain levels on Windows Server)
* s4:minschema/fullschema - add correct header commentsMatthias Dieter Wallnöfer2009-09-182-2/+2
|
* s4:rpc_server: remove some now unused codeStefan Metzmacher2009-09-182-199/+0
| | | | metze
* s4:ntvfs_ipc: add real named pipe supportStefan Metzmacher2009-09-182-236/+652
| | | | | | | | | | | | | | | | | | We now open a named via the named_pipe_auth code and process IO via the tstream interface. This means we support byte mode and message mode named pipes. We also correctly issue NT_STATUS_PIPE_BUSY when a smb_trans request comes in and a read or smb_trans is already pending. We also have support for async dcerpc over ncacn_np now, and we now can remove the ncacn_np specific hacks from the rpc_server/ code. metze
* s4:torture: the spoolss notify test should listen on the ncacn_np endpointStefan Metzmacher2009-09-181-0/+20
| | | | metze
* s4:rpc_server: export dcesrv_add_ep() so that torture tests can use itStefan Metzmacher2009-09-182-5/+9
| | | | metze
* s4:service_named_pipe: accept delegated credentialsStefan Metzmacher2009-09-182-3/+101
| | | | metze
* s4:torture: don't use 'pipe' as variable name it's a system callStefan Metzmacher2009-09-181-3/+3
| | | | metze
* s4:heimdal/gssapi/krb5: set cred_handle in _gsskrb5_import_credStefan Metzmacher2009-09-181-0/+1
| | | | metze
* s4:domainlevel - fix indentationsMatthias Dieter Wallnöfer2009-09-181-4/+4
|
* s4:domainlevel - Add a script which allows raising the domain/forest levelMatthias Dieter Wallnöfer2009-09-181-0/+181
| | | | | | This simple script allows raising the domain and/or forest level for s4. I integrated also the basic checks (since we don't perform them in LDB yet): e.g. the forest level can't be higher than the domain level(s).
* s4:pwsettings - Simplify the error handling a bitMatthias Dieter Wallnöfer2009-09-181-5/+2
|
* python: create a script for reorgnizing an LDB file.Matthieu Patou2009-09-181-0/+60
| | | | This script helps to reclaim waisted place.
* s4:provision - Bump down the domain and forest level to Windows 2000Matthias Dieter Wallnöfer2009-09-182-9/+10
| | | | | | | | | | | | - The DC level we keep on Windows Server 2008 R2 (we should call ourself always the newest server type) - The domain/forest level we set to the minimum (Windows 2000 native) to allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed" mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is set always to 0 - I'll add a script which allows to bump the DC level (basically sets the "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and on the "DC" object)
* s4:provision - Some rework (continuation)Matthias Dieter Wallnöfer2009-09-174-40/+311
| | | | | | | | | | | - Fix up "servicePrincipalNames" attributes on the DC object - Add some informative comments (most in "provision_self_join.ldif") - Add also comments where objects are missing which we may add later when we support the feature (mainly for FRS) - Add "domain updates" objects also under "CN=Configuration" (they exist twice) - Add the default services under "Services" to allow interoperability with some MS client tools - Smaller changes
* pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl.Matthieu Patou2009-09-172-2/+19
| | | | Fix bug #6723
* s4-sam: add a note about the solaris clientAndrew Tridgell2009-09-171-0/+2
|
* s4-rpc: added NDR64 supportAndrew Tridgell2009-09-175-7/+31
| | | | This adds support for the nd464 binding string option
* spnego: Support ASN.1 BIT STRING and use it in SPNEGO.Kouhei Sutou2009-09-171-2/+4
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer2009-09-171-7/+18
| | | | | | - Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
* s4:descriptor - cosmeticMatthias Dieter Wallnöfer2009-09-171-1/+1
|
* s4:libnet_become_dc - Fix some uninitialised variablesMatthias Dieter Wallnöfer2009-09-171-3/+3
|
* s4:provision - Some reworkMatthias Dieter Wallnöfer2009-09-1712-23610/+23878
| | | | | | | | | | - Add/change "wellKnownObjects" attributes - Order entries in "provision_basedn_modify.ldif" - Add/change "delete entries" object under BASEDN and CONFIGDN - Fix default version number of "Default domain policy" group policy - Add "domain updates" objects for interoperability with MS AD maintaining tools - Show version number in the "oEMInformation" attribute (suggested by ekacnet) - Smaller fixups
* s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer2009-09-174-16/+10
| | | | | | | | | | Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
* s4/python: flagsMatthias Dieter Wallnöfer2009-09-172-9/+83
| | | | | - Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags - Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
* util_smb: For some (unknown) reason the previous patch changed the ↵Matthias Dieter Wallnöfer2009-09-131-0/+0
| | | | permissions - Reset them
* Port the Samba 4 shm_setup to QNX.Matt Kraai2009-09-131-0/+18
|
* idl: added DsExecuteKCC IDLAndrew Tridgell2009-09-171-3/+3
|
* spnego: share spnego_parse.Günther Deschner2009-09-174-475/+2
| | | | Guenther
* Owner and group defaulting.Nadezhda Ivanova2009-09-166-58/+598
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Tests for descriptor inheritanceZahari Zahariev2009-09-163-1/+1613
| | | | | Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc In the kpasswd server, don't use the client address in mk_privAndrew Bartlett2009-09-161-0/+8
| | | | | | | | | | This code eventually calls into mk_priv in the Heimdal code, and if the client is behind NAT, or somehow has an odd idea about it's own network addresses, it will fail to accept this packet if we set an address. It seems easiser not to. (Found by testing with NetAPP at plugfest) Andrew Bartlett
* s4:rpc_server netgotiate max xmit size with RPC clientAndrew Bartlett2009-09-161-2/+2
| | | | | | | | Testing against NetAPP showed that clients can object to being told a larger max xmit fragment size than they negotiated. Choose the minimum of the server and client values. Andrew Bartlett
* s4-repl: raise a debug levelAndrew Tridgell2009-09-161-1/+1
|
* s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't existAndrew Tridgell2009-09-161-0/+8
| | | | When a partition is first created it still needs a uSNHighest value
* libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher2009-09-161-33/+56
| | | | | | This prepares support for HMAC-SHA256/AES. metze
* s4-repl: take advantage of async RPC forwardingAndrew Tridgell2009-09-152-26/+7
| | | | This uses async RPC forwarding for the DsReplicaSync call
* s4-rpc: added a module for forwarding RPC requestsAndrew Tridgell2009-09-153-9/+116
| | | | | | | | dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC request to another task in Samba4, with the return being handled asynchronously. This is useful for forwarding DRS requests to the repl or kcc tasks
* s4-drs: lock down key DRS callsAndrew Tridgell2009-09-154-22/+54
| | | | | The key DRS calls should only be allowed by administrators or domain controllers
* s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2009-09-152-0/+10
| | | | | This will be used as a simple way to lock down DRS replication to administrators and domain controllers
* s4-ldb: ldap attribute names can contain a '.'Andrew Tridgell2009-09-151-1/+2
| | | | When they are of the form of OIDs
* s4-ldb: expose ldb_transaction_prepare_commit() in ldbAndrew Tridgell2009-09-153-21/+64
| | | | | It is useful to be able to control the 2 phase commit from application code (s4 replication uses it)
* s4-repl: don't do double replicationAndrew Tridgell2009-09-154-6/+44
| | | | | | | | When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
* s4-drs: filter based on local_usnAndrew Tridgell2009-09-151-1/+1
| | | | | The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData
* s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell2009-09-151-10/+10
| | | | | we were setting local_usn after the marshall, so it wasn't going into the object
* s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()Andrew Tridgell2009-09-152-4/+4
| | | | | | Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better.
* s4-ldb: cope better with corruption of tdb recordsAndrew Tridgell2009-09-154-5/+30
| | | | | | | | | When doing an indexed search if we hit a corrupt record we abandoned the indexed search and did a full search. The problem was that we might have sent some records to the caller already, which means the caller ended up with duplicate records. Fix this by returning a search error if indexing returns an error and we have given any records to the caller.
* s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell2009-09-151-0/+5
|
generated by cgit (git 2.34.1) at 2025-09-26 17:20:54 +0000