1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1867 Commits

Author SHA1 Message Date
Andrew Bartlett
7213199f6e s4-repl: Use samdb_reference_dn_is_our_ntdsa() 2012-08-14 15:37:22 +02:00
Andrew Bartlett
9566786853 s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dn
As this value is calculated new each time, we need to give it a context to live on.

If the value is the forced value during provision, a reference is taken.

This was responsible for the memory leak in the replication process.  In the
example I was given, this DN appeared in memory 13596 times!

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-08-14 10:05:14 +02:00
Björn Jacke
13f8674a15 build: rename security → samba-security
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
2012-08-10 14:22:20 +02:00
Andrew Bartlett
8b1a9f3ebd lib/param: Remove "ntptr providor" and hard-code in s4 spoolss server
This stub codebase does not justify a merged parameter.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-24 10:46:12 +10:00
Stefan Metzmacher
04d770adac s4:rpc_server/netlogon: add support for AES based netlogon schannel
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Stefan Metzmacher
99231181e3 s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for it
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
e48aabc006 s4:rpc_server/netlogon: implement netr_LogonGetCapabilities
This is also needed to support AES.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Andreas Schneider
a49eb60e04 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 11:50:40 CEST 2012 on sn-devel-104
2012-07-06 11:50:40 +02:00
Andreas Schneider
1744e99d0a s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np 2012-07-06 10:00:58 +02:00
Andreas Schneider
997c780d24 s4-lsarpc: Restrict LookupSids3 to crypto connections only. 2012-07-06 10:00:58 +02:00
Andreas Schneider
1a12bbd5d8 s4-lsarpc: Restrict LookupNames4 to crypto connections only. 2012-07-06 10:00:58 +02:00
Andreas Schneider
13a7f98f9f s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3. 2012-07-06 10:00:58 +02:00
Andreas Schneider
9fa979c934 s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4. 2012-07-06 10:00:58 +02:00
Andrew Bartlett
b8815dc23d lib/param: Create a seperate server role for "active directory domain controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.

To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.

Andrew Bartlett
2012-06-15 09:18:33 +02:00
Alexander Bokovoy
eaf9b86d60 Revert "waf-mitkrb5: enable dcerpc_server library to support OpenChange client code"
This reverts commit f8c447b1a4.

After discussing with Julien (Openchange) and Metze, I decided to revert this code.
Instead I made a patch to Openchange which allows to build client side only.

Openchange server code requires working s4 member DC and --without-ad-dc build
does not provide working provisioning even if we enable dcerpc_server and end point mapper.

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Fri Jun  1 16:46:08 CEST 2012 on sn-devel-104
2012-06-01 16:46:07 +02:00
Alexander Bokovoy
f8c447b1a4 waf-mitkrb5: enable dcerpc_server library to support OpenChange client code
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-01 09:29:47 +02:00
Alexander Bokovoy
2ddf89a2bc Introduce system MIT krb5 build with --with-system-mitkrb5 option.
System MIT krb5 build also enabled by specifying --without-ad-dc

When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.

Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
  * Samba 4 client libraries and their Python bindings
  * Samba 3 server (smbd, nmbd, winbindd from source3/)
  * Samba 3 client libraries

In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23 17:51:50 +03:00
Simo Sorce
302abe6190 auth and s4-rpc_server: Do not use features we currently can't implement with MIT Kerbros build 2012-05-23 17:51:49 +03:00
Simo Sorce
27549b4e31 Fix direct access to krb5_principal structure 2012-05-04 16:51:29 +02:00
Simo Sorce
4b29cf5f66 Move kdc_get_policy helper in the lsa server where it belongs.
This was used in only 2 places, db-glue.c and the lsa server.
In db-glue.c it is awkward though, as it forces to use an unconvenient lsa
structure and conversions from time_t to nt_time only to have nt_times
converted back to time_t for actual use. This is silly.

Also the kdc-policy file was a single funciton library, that's just ridiculous.

The loadparm helper is all we need to keep the values consistent, and if we
ever end up doing something with group policies we will care about it when it's
the time. the code would have to change quite a lot anyway.

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
2012-04-20 01:53:37 +02:00
Amitay Isaacs
ffce812c22 s4-rpc: dnsserver: Fix IPv6 reverse zone handling
Thanks to Marcel Ritter <marcel.ritter@rrze.fau.de> for the patch.
2012-03-21 11:41:50 +11:00
Jelmer Vernooij
b4d35bee38 libndr: Rename policy_handle_empty to ndr_policy_handle_empty.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Jelmer Vernooij
95ca5fbadd libndr: Rename ndr64_transfer_syntax and null_ndr_syntax_id so they have a ndr_ prefix.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20 13:54:07 +01:00
Amitay Isaacs
a35da7972e s4-rpc: dnsserver: Fix the typo in comparing two DNS records
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Mar  2 10:27:41 CET 2012 on sn-devel-104
2012-03-02 10:27:41 +01:00
Amitay Isaacs
cf139b4efc s4-rpc: dnsserver: Update data type for TXT DNS records 2012-03-02 00:24:50 +11:00
Andrew Bartlett
e7397eeaa2 s4-netlogond: Fix use of uninitialised value dns_name
The GET_CHECK_STR macro (now unrolled) did not initialise the trusts->array[n].dns_name
when the value was not set.  New tests for our trusted domains code create
domain trusts without a DNS domain name.  Found by the autobuild flakey build detector.

Andrew Bartlett
2012-02-27 07:36:05 +01:00
Jelmer Vernooij
f25d1f5006 dcerpc_server: Add 'modulesdir' variable to pkg-config file.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Feb 23 16:26:25 CET 2012 on sn-devel-104
2012-02-23 16:26:25 +01:00
Andrew Bartlett
b7becc0b19 s4-rpc_server: Fix search for existing trust to actually look for the dns name
Found by a eagle-eyed user.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
2012-01-26 08:39:47 +01:00
Amitay Isaacs
44a85e3752 s4-rpc:dnsserver: DNS names are case insensitive 2012-01-12 05:10:08 +01:00
Amitay Isaacs
f8163195b0 s4-rpc:dnsserver: Do not replace @ with zone_name in update operation
This fixes the problem when updating DNS record for '@' or domain name.
2012-01-06 11:04:49 +11:00
Matthias Dieter Wallnöfer
9a91d7f05a s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explaination
NETLOGON pipe is only thought for DCs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23 10:36:33 +01:00
Stefan Metzmacher
601f3822d5 s4:drsuapi/getncchanges: the default for isRecycled is FALSE
metze

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104
2011-12-23 09:30:09 +01:00
Matthieu Patou
7d13f7d4a1 s4-drsuapi: we store boolean in upppercase so we need to test them in uppercase
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23 07:57:21 +01:00
Amitay Isaacs
271c7d9251 s4:rpc-dnsserver: Set the rank for the new DNS record correctly
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Dec 23 07:56:34 CET 2011 on sn-devel-104
2011-12-23 07:56:34 +01:00
Amitay Isaacs
56bf8e250a s4:rpc-dnsserver: Add comments 2011-12-23 16:18:25 +11:00
Amitay Isaacs
95868605e2 s4:rpc-dnsserver: Make sure that zone information is filled in
This fixes the problem of NULL zone in zone operations when specific
zone is specified and no zone filter is specified.
2011-12-23 16:18:25 +11:00
Amitay Isaacs
10860d58d7 s4:rpc-dnsserver: Implement zone management RPC operations
- ZoneCreate operation to create zone.
- DeleteZoneFromDs operation to delete zone

When a zone is deleted, all the records in that zone are also deleted.
2011-12-23 16:18:25 +11:00
Amitay Isaacs
e398bdb76b s4:rpc-dnsserver: Add multiple DNS records in a single operation
This allows to add dnsNode objectclass with multiple DNS records in a
single operation. Useful for creating @ record which has NS and SOA
records.
2011-12-23 16:18:25 +11:00
Amitay Isaacs
f14ddcc2e1 s4:rpc-dnsserver: Use handy macros for error checking 2011-12-23 16:18:25 +11:00
Amitay Isaacs
3d139b49cb s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation 2011-12-23 16:18:24 +11:00
Amitay Isaacs
07639b5023 s4:rpc-dnsserver: Fix the enumeration of DNS records
If a node has data and children, do not return the children unless
the node is the top level node.
2011-12-23 16:18:24 +11:00
Amitay Isaacs
fe0e08acfb s4:rpc-dnsserver: Use cached zone information to get rootservers
This removes the hardcoded search for DC=RootDNSServers, and uses
the cached zone information.
2011-12-23 16:17:10 +11:00
Amitay Isaacs
6a5352da59 s4:rpc-dnsserver: Implement EnumDirectoryPartition operation 2011-12-23 16:17:10 +11:00
Amitay Isaacs
5673e2cec9 s4:rpc-dnsserver: Cache DNS partition information
This information will be used for the RPC calls for partition
information.
2011-12-23 16:17:09 +11:00
Amitay Isaacs
9f76e076fa s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag
And use fReverse flag in the enumeration of zones.
2011-12-23 16:17:09 +11:00
Amitay Isaacs
0120a397a7 s4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to compare 2011-12-23 16:17:09 +11:00
Stefan Metzmacher
b2bace63d3 s4:drsuapi/getncchanges: return WERR_NOMEM if talloc_array() fails
metze
2011-12-19 11:49:19 +01:00
Matthieu Patou
3164d7bdd5 s4-drs: introduce a timeout in the getncchanges processing to always return something in less than x seconds
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19 11:49:19 +01:00
Matthieu Patou
55af1a7cf7 s4-drs: avoid calling unecesserly ldb_msg_find_attr_as_* as this call in unefficient
Current implementation of ldb_msg_find_attr_as_* iterate on the list of
attributes returned by the search and make a string comparison. As we
sorting the array of messages / guids we tend to call this function many
times. By storing the GUID and the USN in a separate structure we are
sure to call this function only once per attribute and object.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-19 11:49:19 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
2011-12-12 12:57:07 +01:00