1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

67276 Commits

Author SHA1 Message Date
Stefan Metzmacher
77d959fb15 midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
metze
2010-09-29 10:49:41 +02:00
Stefan Metzmacher
45e3e54e08 midltests: support for fragmented RPC traffic
metze
2010-09-29 10:49:40 +02:00
Stefan Metzmacher
6c0a4b6477 midltests: print out the alloc_hint for requests and responses
metze
2010-09-29 10:49:40 +02:00
Stefan Metzmacher
25e19287f0 midltests: improve NDR64 downgrade
metze
2010-09-29 10:49:39 +02:00
Stefan Metzmacher
437db14522 midltests: revert to a simple default midltests.idl
metze
2010-09-29 10:49:39 +02:00
Günther Deschner
9dcd5e6c8f s3-waf: add basic make test infrastructure, not able to test yet.
Guenther
2010-09-29 08:54:00 +02:00
Günther Deschner
bea8035c22 s3-waf: clean up socket-wrapper and nss-wrapper a little.
Guenther
2010-09-29 08:49:39 +02:00
Günther Deschner
292801bdf3 s3-waf: add vlp binary.
Guenther
2010-09-29 08:48:49 +02:00
Andrew Tridgell
31310826e0 s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call
we can't do SPN updates via sam writes and replication, as the sam is
read-only
2010-09-29 03:55:04 +00:00
Andrew Tridgell
739a4e4e23 s4-drsutils: expose DsBind() call in drs_utils.py
this will be used by samba_spnupdate
2010-09-29 03:55:04 +00:00
Andrew Tridgell
06022dad70 s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.

By forcing TZ=GMT in these scripts we avoid the problem

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29 03:55:04 +00:00
Nadezhda Ivanova
3b0d6fda38 s4-rodc: RODC should not accept requests for role transfer
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
2010-09-29 03:09:15 +00:00
Andrew Tridgell
cc288603ce s4-provision: simplify our generated krb5.conf
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
4e0a3ea705 s4-kdc: RODC DCs should be able to produce forwardable tickets
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
04e3e27fd1 heimdal: fixed timegm UTC/GMT bug
This was a wonderful bug!

On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
dacfe67a0e s4-sam: fixed termination of krbtgt_attrs (comma and NULL)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
c83775d524 ldb-dn: don't crash on NULL in ldb_binary_encode_string()
Thanks to Nadya for finding this one!
2010-09-28 19:25:51 -07:00
Andrew Bartlett
3d4576b170 s4-kdc Ensure that an RODC may act as a server (needed to fill
the krbtgt role).

Andrew Bartlett
2010-09-28 19:25:50 -07:00
Andrew Bartlett
f84bdf91d8 heimdal Use a seperate krb5_auth_context for the delegated credentials
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.

Andrew Bartlett
2010-09-28 19:25:50 -07:00
Stefan Metzmacher
e2c305deb1 midltests/todo: add some random idl files I had tested month ago
metze
2010-09-29 03:08:25 +02:00
Stefan Metzmacher
ad99711f49 midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example
metze
2010-09-29 03:08:25 +02:00
Stefan Metzmacher
c5e221c5f8 midltests: add some usefull defines to midltests.idl
metze
2010-09-29 03:08:24 +02:00
Stefan Metzmacher
06108687e8 midltests: make it possible to allow downgrades to NDR32
metze
2010-09-29 03:08:24 +02:00
Stefan Metzmacher
115ad60125 midltests: add a midltests_tcp.exe tool
This uses a man in the middle approach in order to dump the
request and response pdus.

It also tests NDR32 and NDR64.

metze
2010-09-29 01:42:28 +02:00
Stefan Metzmacher
cf4e57281b midltests: move the current implementation to midltests_simple.exe
metze
2010-09-29 01:42:27 +02:00
Stefan Metzmacher
d8a0436fb4 testprogs/win32: add vs2010-metze.cmd
metze
2010-09-29 01:42:26 +02:00
Günther Deschner
ec33a87d58 s3-printing: skip metadata entry when traversing printerlist.
We were creating a new printer (with a very broken name) out of the
lasttimestamp entry all the time.

Simo, please check.

Guenther
2010-09-29 01:23:54 +02:00
Stefan Metzmacher
fcee50b9c9 pidl: add support for pointers in typedefs
metze
2010-09-28 23:06:52 +02:00
Stefan Metzmacher
d4636c47c7 pidl:NDR/Parser: remove unused code for array element index
metze
2010-09-28 23:06:51 +02:00
Stefan Metzmacher
7fff22c29d pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags()
metze
2010-09-28 23:06:49 +02:00
Stefan Metzmacher
3fa29cdd94 pidl:NDR/Client: make the generated code look a bit nicer
metze
2010-09-28 23:06:48 +02:00
Stefan Metzmacher
bffa192bfe librpc/ndr: remove 'async' from ndr_interface_call
metze
2010-09-28 23:06:47 +02:00
Stefan Metzmacher
96666d48a7 pidl: remove unused async property handling
metze
2010-09-28 23:06:45 +02:00
Stefan Metzmacher
a73a2abb3a pidl/Python: use has_property($d, "noopnum") helper function
metze
2010-09-28 23:06:44 +02:00
Stefan Metzmacher
65c5278f4d pidl:NDR/Client.pm: remove unreached code
metze
2010-09-28 23:06:42 +02:00
Stefan Metzmacher
121ad074f9 pidl/Python: remove todo handling from PythonFunction(), it's done by the caller
metze
2010-09-28 23:06:41 +02:00
Stefan Metzmacher
a0fa1dd6fc pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case
metze
2010-09-28 23:06:40 +02:00
Günther Deschner
46774388dc s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds.
This will be removed once we have the rpc modules subsystem in place.

Guenther
2010-09-28 22:55:18 +02:00
Andrew Tridgell
e257e7a40b autobuild: use git notes for autobuild messages
This avoids changing the commit ID when we add a note that the
autobuild has passed

thanks to Jelmer for this suggestion!
2010-09-28 11:36:40 -07:00
Andrew Tridgell
00611cbcf6 selftest: enable FAIL_IMMEDIATELY in autobuild make test
this should reduce the time we wait for previous failing builds.

Right now this will only work for s4, as we need a makefile change for
s3 support
2010-09-28 11:36:40 -07:00
Andrew Tridgell
f4177b66c5 s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ
this extended getncchanges operation replicates a single object
2010-09-28 11:36:40 -07:00
Andrew Tridgell
491e89fa1c ldb-tdb: ignore failure to register control on rootdse
this is expected for non-sam LDBs
2010-09-28 11:36:40 -07:00
Andrew Tridgell
9aa07e72c8 s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges
this allows for replication by GUID or SID
2010-09-28 11:36:40 -07:00
Andrew Tridgell
d4939ce4fc s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c
this will be used outside of the drs server.

This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
2010-09-28 11:36:40 -07:00
Andrew Tridgell
cd3eddbb59 waf: we don't need the preprocessor recursion limit any more
thanks to ita for this
2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
8045b35b1b s4-drs: Added check for drs-manage-topology to updateRefs. 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
440cee48b9 s4-drs: Added drs_security_access_check function
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
6caa512815 s4-dsdb: adapted check_access_on_dn for use in drs. 2010-09-28 11:36:40 -07:00
Andrew Bartlett
4be2696644 heimdal Fix DNS name qualification to not mangle IP addresses
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle.  Instead, check if it can be parsed
as a numeric address first, and only then mangle.

Andrew Bartlett
2010-09-29 04:23:07 +10:00
Andrew Bartlett
89ee9e6518 s4-kdc Handle the case where we may be given a ticket from an RODC in db layer
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.

Andrew Bartlett
2010-09-29 04:23:07 +10:00