sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code
67,187 Commits 60 Branches 1,146 Tags
Commit Graph

24437 Commits

Author SHA1 Message Date
Andrew Tridgell
c972790249 s4-auth: removed unused variable dom_sid 2010-09-27 22:55:04 -07:00
Stefan Metzmacher
491102c1ce s4:gensec_tstream: remove plain socket handling 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
 2010-09-28 04:54:24 +00:00
Stefan Metzmacher
ca360fba10 s4:lib/tls: add gnutls backend for tstream 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
 2010-09-28 02:29:42 +00:00
Stefan Metzmacher
381f0fcd19 s4:gensec: add gensec_create_tstream() 
Based on the initial patch from Andreas Schneider <asn@redhat.com>.

metze
 2010-09-28 03:48:11 +02:00
Stefan Metzmacher
d6c48b4a5f s4:wrepl_server: use SOCKET_FLAG_NOCLOSE instead of a dup() 
The key thing is that we might have to turn the incomming
connection into a outgoing connection.

This change makes sense anyway, because we donate the fd to
tstream.

metze
 2010-09-28 03:48:10 +02:00
Stefan Metzmacher
9d8b886b3e s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the socket fd twice. 
metze
 2010-09-28 03:48:10 +02:00
Andrew Tridgell
6676142347 s4-ildap: two more places that need talloc_reparent() 
these contexts can have references

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
 2010-09-28 00:04:03 +00:00
Andrew Tridgell
396cdd6343 s4-kcc: don't print "Testing kcctpl_create_intersite_connections" 
log level 0 is excessive for this!
 2010-09-27 23:18:23 +00:00
Andrew Tridgell
8e1a3c8cca s4-drs: make getncchanges debug less verbose 
quieten make test a little
 2010-09-27 23:18:23 +00:00
Andrew Tridgell
8edf3d7131 s4-dns: avoid search domains expansion in DNS resolver 
add a '.' if the name contains a '.' already, but not at the end
 2010-09-27 23:18:23 +00:00
Andrew Tridgell
43d0c2e9ea heimdal: avoid DNS search domain expansion 
When you have a domain search list in resolv.conf, and one of the DNS
servers for a searched domain is uncontactable then we would timeout
resolving DNS names.

Avoid this by adding a '.' to the hostname if the hostname already has
a '.' in it, which we assume to mean it is fully qualified.
 2010-09-27 23:18:23 +00:00
Günther Deschner
93d7230d25 s4-smbtorture: rework spoolss_EnumPrintProcDataTypes test. 
Guenther
 2010-09-28 01:17:13 +02:00
Günther Deschner
a335848a88 s4-smbtorture: rework test_EnumPrintProcessors to let it test more combinations. 
Guenther
 2010-09-28 01:17:09 +02:00
Andrew Tridgell
7fbe700753 s4-ildap: fixed a talloc_steal with references error 
We need talloc_reparent() instead

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
 2010-09-27 20:38:00 +00:00
Nadezhda Ivanova
aeedd29d39 s4-ldb: Added ldb_request_replace_control 
It is the same as ldb_request_add_control, except it will replace
an existing control.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
 2010-09-27 19:00:38 +00:00
Anatoliy Atanasov
2cf0525b23 s4/irpc: Add security token to the binding handle when doing irp call forwarding 2010-09-27 09:59:21 -07:00
Anatoliy Atanasov
ed7bbc993d s4/irpc: Add function to add security token to the binding handle 2010-09-27 09:59:21 -07:00
Stefan Metzmacher
d9d4ded71a s4:irpc: optionaly pass the security_token via IRPC requests. 
metze
 2010-09-27 09:59:21 -07:00
Stefan Metzmacher
b32625b79f s4:torture/ldap: close connections with an UnbindRequest 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 27 07:14:23 UTC 2010 on sn-devel-104
 2010-09-27 07:14:23 +00:00
Stefan Metzmacher
b1ffacb437 LDAP-BASIC: test AbandonRequest 
metze
 2010-09-27 08:24:36 +02:00
Stefan Metzmacher
b65a164f3e s4:libcli/ldap: fix sending oneway requests 
metze
 2010-09-27 08:24:36 +02:00
Günther Deschner
f2310cacde waf: add more NDR subsystems for shared IDL files. 
Guenther
 2010-09-27 07:12:09 +02:00
Günther Deschner
611c8310ab s4-waf: remove NDR-SRVSVC alias. 
Thanks tridge, this was driving me nuts...

Guenther
 2010-09-27 07:12:08 +02:00
Günther Deschner
d834671f68 s4-smbtorture: remove unneeded dcerpc_mgmt alias. 
Guenther
 2010-09-27 07:12:08 +02:00
Andrew Tridgell
785410c493 s4-drs: fixed comment in getncchanges code 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
 2010-09-27 04:54:43 +00:00
Andrew Tridgell
06274bd870 s4-gensec: fixed a valgrind error in gensec 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 21:12:09 -07:00
Andrew Tridgell
a40dcd161c s4-dns: use the generated krb5.conf in samba_dnsupdate 
this gives one less thing that an admin can get wrong

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
 2010-09-27 02:35:29 +00:00
Andrew Tridgell
93be0d6178 s4-provision: fixed the generation of the krb5.conf for vampire 
we need a correct krb5.conf for nsupdate from bind9
 2010-09-27 01:53:45 +00:00
Nadezhda Ivanova
99ac4e92ff s4-ldbmodules: Added new module aclread to handle access checks on LDAP search 
It is currently enabled only if the request comes from the LDAP server, and is
disabled  by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
93ba17285d s4-tests: Added tests for search checks on attributes 
The ACL reach tests are in the knowfail because aclread module is not
enabled by default
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3e08965369 s4-tests: Removed search tests with anonymous credentials as they fail againts Windows 
These tests will fail in make test as well if the acl_read module is enabled.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
dc9991ab0e s4-dsdb: Added a function to check access on a particular object by its guid 
Similar to dsdb_check_access_on_dn, only it searches by guid.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
4d3f528411 s4-dsdb: A helper to determine if an attribute is part of the search filter 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
b77edca7f8 s4-dsdb: Moved some helper functions to a separate file 
We need these to be accessible to the aclread module as well.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3d0e36bc87 s4-ldap: Added a control to apply the access checks on read via LDAP 2010-09-26 15:36:09 -07:00
Stefan Metzmacher
80f8419ef2 s4:schannel: handle move flag combinations in the server 
This fixes some testsuites in the CIFS plugfest.

metze
 2010-09-26 09:40:36 +02:00
Andrew Tridgell
7dbfeb0dc0 s4-auth: fixed the SID list for DCs in the PAC 
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
 2010-09-26 07:09:08 +00:00
Andrew Tridgell
f33fc39f37 s4-drs: use the system sam_ctx for updaterefs 
this is needed for RODC clients calling updaterefs
 2010-09-26 06:29:06 +00:00
Andrew Tridgell
f3ceec9b1b s4-spn: don't try to do SPN updates as a RODC 
we don't have the permissions to do it
 2010-09-26 06:29:06 +00:00
Andrew Bartlett
0b5a556b76 s4-kerberos Don't segfault if the password isn't specified in keytab generation 
Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
 2010-09-26 03:29:34 +00:00
Matthieu Patou
c680a42504 upgradeprovision: fix a typo 2010-09-26 06:22:43 +04:00
Matthieu Patou
873bd98904 upgradeprovision: Fix a bug with renamed entries 
The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.
 2010-09-26 06:22:43 +04:00
Matthieu Patou
43274c9071 upgradeprovision: fix a bug with not updated links 2010-09-26 06:22:43 +04:00
Matthieu Patou
a8f8f277ff s4 provision: start with gpo of version 0 and be consistent between different policies 2010-09-26 06:22:43 +04:00
Matthieu Patou
76d87b7fb5 s4 upgradeprovision: fix a bug with empty reference objects 
Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
 2010-09-26 06:22:43 +04:00
Matthieu Patou
3c95d4d313 s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo valid 2010-09-26 06:22:43 +04:00
Matthieu Patou
dfa468fd08 s4 provision: Make GPO folder group writable 
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
 2010-09-26 06:22:43 +04:00
Matthieu Patou
69ef2b3705 upgradeprovision: use the same case for hostname in reference provision as in the current provision 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
 2010-09-26 01:21:52 +00:00
Andrew Tridgell
e8fec1d3c6 s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only 2010-09-26 01:21:50 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns 
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 01:21:49 +00:00