Stefan Metzmacher
77d959fb15
midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
...
metze
2010-09-29 10:49:41 +02:00
Stefan Metzmacher
45e3e54e08
midltests: support for fragmented RPC traffic
...
metze
2010-09-29 10:49:40 +02:00
Stefan Metzmacher
6c0a4b6477
midltests: print out the alloc_hint for requests and responses
...
metze
2010-09-29 10:49:40 +02:00
Stefan Metzmacher
25e19287f0
midltests: improve NDR64 downgrade
...
metze
2010-09-29 10:49:39 +02:00
Stefan Metzmacher
437db14522
midltests: revert to a simple default midltests.idl
...
metze
2010-09-29 10:49:39 +02:00
Günther Deschner
9dcd5e6c8f
s3-waf: add basic make test infrastructure, not able to test yet.
...
Guenther
2010-09-29 08:54:00 +02:00
Günther Deschner
bea8035c22
s3-waf: clean up socket-wrapper and nss-wrapper a little.
...
Guenther
2010-09-29 08:49:39 +02:00
Günther Deschner
292801bdf3
s3-waf: add vlp binary.
...
Guenther
2010-09-29 08:48:49 +02:00
Andrew Tridgell
31310826e0
s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call
...
we can't do SPN updates via sam writes and replication, as the sam is
read-only
2010-09-29 03:55:04 +00:00
Andrew Tridgell
739a4e4e23
s4-drsutils: expose DsBind() call in drs_utils.py
...
this will be used by samba_spnupdate
2010-09-29 03:55:04 +00:00
Andrew Tridgell
06022dad70
s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers
...
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.
By forcing TZ=GMT in these scripts we avoid the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29 03:55:04 +00:00
Nadezhda Ivanova
3b0d6fda38
s4-rodc: RODC should not accept requests for role transfer
...
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
2010-09-29 03:09:15 +00:00
Andrew Tridgell
cc288603ce
s4-provision: simplify our generated krb5.conf
...
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
4e0a3ea705
s4-kdc: RODC DCs should be able to produce forwardable tickets
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
04e3e27fd1
heimdal: fixed timegm UTC/GMT bug
...
This was a wonderful bug!
On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
dacfe67a0e
s4-sam: fixed termination of krbtgt_attrs (comma and NULL)
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
c83775d524
ldb-dn: don't crash on NULL in ldb_binary_encode_string()
...
Thanks to Nadya for finding this one!
2010-09-28 19:25:51 -07:00
Andrew Bartlett
3d4576b170
s4-kdc Ensure that an RODC may act as a server (needed to fill
...
the krbtgt role).
Andrew Bartlett
2010-09-28 19:25:50 -07:00
Andrew Bartlett
f84bdf91d8
heimdal Use a seperate krb5_auth_context for the delegated credentials
...
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.
Andrew Bartlett
2010-09-28 19:25:50 -07:00
Stefan Metzmacher
e2c305deb1
midltests/todo: add some random idl files I had tested month ago
...
metze
2010-09-29 03:08:25 +02:00
Stefan Metzmacher
ad99711f49
midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example
...
metze
2010-09-29 03:08:25 +02:00
Stefan Metzmacher
c5e221c5f8
midltests: add some usefull defines to midltests.idl
...
metze
2010-09-29 03:08:24 +02:00
Stefan Metzmacher
06108687e8
midltests: make it possible to allow downgrades to NDR32
...
metze
2010-09-29 03:08:24 +02:00
Stefan Metzmacher
115ad60125
midltests: add a midltests_tcp.exe tool
...
This uses a man in the middle approach in order to dump the
request and response pdus.
It also tests NDR32 and NDR64.
metze
2010-09-29 01:42:28 +02:00
Stefan Metzmacher
cf4e57281b
midltests: move the current implementation to midltests_simple.exe
...
metze
2010-09-29 01:42:27 +02:00
Stefan Metzmacher
d8a0436fb4
testprogs/win32: add vs2010-metze.cmd
...
metze
2010-09-29 01:42:26 +02:00
Günther Deschner
ec33a87d58
s3-printing: skip metadata entry when traversing printerlist.
...
We were creating a new printer (with a very broken name) out of the
lasttimestamp entry all the time.
Simo, please check.
Guenther
2010-09-29 01:23:54 +02:00
Stefan Metzmacher
fcee50b9c9
pidl: add support for pointers in typedefs
...
metze
2010-09-28 23:06:52 +02:00
Stefan Metzmacher
d4636c47c7
pidl:NDR/Parser: remove unused code for array element index
...
metze
2010-09-28 23:06:51 +02:00
Stefan Metzmacher
7fff22c29d
pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags()
...
metze
2010-09-28 23:06:49 +02:00
Stefan Metzmacher
3fa29cdd94
pidl:NDR/Client: make the generated code look a bit nicer
...
metze
2010-09-28 23:06:48 +02:00
Stefan Metzmacher
bffa192bfe
librpc/ndr: remove 'async' from ndr_interface_call
...
metze
2010-09-28 23:06:47 +02:00
Stefan Metzmacher
96666d48a7
pidl: remove unused async property handling
...
metze
2010-09-28 23:06:45 +02:00
Stefan Metzmacher
a73a2abb3a
pidl/Python: use has_property($d, "noopnum") helper function
...
metze
2010-09-28 23:06:44 +02:00
Stefan Metzmacher
65c5278f4d
pidl:NDR/Client.pm: remove unreached code
...
metze
2010-09-28 23:06:42 +02:00
Stefan Metzmacher
121ad074f9
pidl/Python: remove todo handling from PythonFunction(), it's done by the caller
...
metze
2010-09-28 23:06:41 +02:00
Stefan Metzmacher
a0fa1dd6fc
pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case
...
metze
2010-09-28 23:06:40 +02:00
Günther Deschner
46774388dc
s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds.
...
This will be removed once we have the rpc modules subsystem in place.
Guenther
2010-09-28 22:55:18 +02:00
Andrew Tridgell
e257e7a40b
autobuild: use git notes for autobuild messages
...
This avoids changing the commit ID when we add a note that the
autobuild has passed
thanks to Jelmer for this suggestion!
2010-09-28 11:36:40 -07:00
Andrew Tridgell
00611cbcf6
selftest: enable FAIL_IMMEDIATELY in autobuild make test
...
this should reduce the time we wait for previous failing builds.
Right now this will only work for s4, as we need a makefile change for
s3 support
2010-09-28 11:36:40 -07:00
Andrew Tridgell
f4177b66c5
s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ
...
this extended getncchanges operation replicates a single object
2010-09-28 11:36:40 -07:00
Andrew Tridgell
491e89fa1c
ldb-tdb: ignore failure to register control on rootdse
...
this is expected for non-sam LDBs
2010-09-28 11:36:40 -07:00
Andrew Tridgell
9aa07e72c8
s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges
...
this allows for replication by GUID or SID
2010-09-28 11:36:40 -07:00
Andrew Tridgell
d4939ce4fc
s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c
...
this will be used outside of the drs server.
This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
2010-09-28 11:36:40 -07:00
Andrew Tridgell
cd3eddbb59
waf: we don't need the preprocessor recursion limit any more
...
thanks to ita for this
2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
8045b35b1b
s4-drs: Added check for drs-manage-topology to updateRefs.
2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
440cee48b9
s4-drs: Added drs_security_access_check function
...
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
6caa512815
s4-dsdb: adapted check_access_on_dn for use in drs.
2010-09-28 11:36:40 -07:00
Andrew Bartlett
4be2696644
heimdal Fix DNS name qualification to not mangle IP addresses
...
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle. Instead, check if it can be parsed
as a numeric address first, and only then mangle.
Andrew Bartlett
2010-09-29 04:23:07 +10:00
Andrew Bartlett
89ee9e6518
s4-kdc Handle the case where we may be given a ticket from an RODC in db layer
...
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.
Andrew Bartlett
2010-09-29 04:23:07 +10:00