Simo Sorce [Wed, 3 Sep 2008 14:44:09 +0000 (10:44 -0400)]
The msync manpage reports that msync *must* be called before munmap. Failure to do so may result in lost data. Fix an ifdef check, I really think we meant to check HAVE_MMAP here.
(cherry picked from commit
74c8575b3f3b90ea21ae6aa7ccd95947838af956)
(This used to be commit
8fd54bb55f0c23bd025d1719abcbe75c6a2ea8ac)
Volker Lendecke [Tue, 12 Aug 2008 20:31:52 +0000 (22:31 +0200)]
Attempt to fix bug 5684
With the ctdb checkin
dde9f3f006 tdb optimized out write lock checks for
write-enabled transaction. Sadly, this also removed the possibility to ever
remove dead records left over from tdb_delete calls within a transaction.
Tridge, please check this! Did
dde9f3f006 have any reason beyond performance
optimizations?
Thanks,
Volker
(cherry picked from commit
3f884c4ae36f3260e63626bdd4989d9258ae6497)
(This used to be commit
1d85e0647e287d269b3f6b534da88f497d6f76c3)
Stefan Metzmacher [Sun, 14 Sep 2008 16:50:13 +0000 (18:50 +0200)]
Fix warnings on SuSE 9.0.
The macros "[un]likely" are already defined on SuSE 9.0.
Patch from Volker.
(partialy cherry-picked
30d181c92463aecd6e649330d3645d86d5a17e43)
metze
(This used to be commit
ad7ed33f786124e4afbba4330201a3a6463c6f73)
Volker Lendecke [Sat, 19 Apr 2008 14:56:44 +0000 (16:56 +0200)]
Fix bug 5400
Thanks to Jason Mader!
Volker
(cherry picked from commit
87d8a63ce4e6dd91ea3193d0a2574520a5857be2)
(This used to be commit
34ab9e5a23458c9f9845d1ff808c142cb2f1f2a4)
Stefan Metzmacher [Sun, 14 Sep 2008 16:46:34 +0000 (18:46 +0200)]
Fix out of tree build. Remove the embedded srcdir path from talloc and tdb.
(partialy cherry picked from commit
359921acd436684a0b4cf76ba15f82a224d2c337)
metze
(This used to be commit
d89b8fee5210c7b4d8fad24edea34f9732aec708)
Yannick Bergeron [Fri, 8 Aug 2008 17:32:15 +0000 (13:32 -0400)]
using NGROUPS_MAX instead of 32 for the max group value in rep_initgroups() subroutine in lib/replace/replace.c
(cherry picked from commit
13b1a232d2fe05ae3e924ea2503d05ff5084146e)
(This used to be commit
0d2fb0e280e497094a4c95f8dca1383ee1cfa982)
Yannick Bergeron [Wed, 6 Aug 2008 17:23:00 +0000 (13:23 -0400)]
Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c
(cherry picked from commit
b45e7fabc64e699e4fa013ef15f98a004dae3f32)
(This used to be commit
661f8e166118d257ab32a30392cd616db097bc4c)
Karolin Seeger [Mon, 14 Jul 2008 14:40:36 +0000 (16:40 +0200)]
Fix typo.
retieve -> retrieve
Karolin
(partialy cherry-picked from
37c64130701ab13b6f34998ac17fec2d128c2e08)
metze
(This used to be commit
4d92e6d582a5b2094b2aaa9008a54b37ccfcc2d7)
Volker Lendecke [Tue, 10 Jun 2008 14:14:30 +0000 (16:14 +0200)]
Correctly find a [u]int32_t replacement
(cherry picked from commit
346375cda557a675f8f882ca2ae8edffec725a72)
(cherry picked from commit
15a53945c9563b4517bd8b69a9bb0554eef5edff)
(This used to be commit
46c3fc67e91bbdb820e4bddd085933a8570e504c)
Jeremy Allison [Fri, 9 May 2008 21:51:45 +0000 (14:51 -0700)]
Fix replacement getpass. If we ^C at the prompt echo was left off.
Jeremy.
(cherry picked from commit
e54c71954ae484fe4a4e195db33440490e78e256)
(This used to be commit
d61a86b8cdb4dd474611baadc61a0c37db0f8e62)
Stefan Metzmacher [Fri, 12 Sep 2008 13:47:02 +0000 (15:47 +0200)]
rpc_server: don't send auth trailers in level connect
Also ignore auth trailers in level connect on receive.
This fixes [krb5,connect] against windows.
TODO: maybe the gensec mech need to decide if signatures
are needed in level connect.
metze
(This used to be commit
2e3629719790e7631d9de383b565dc8a0997bcfb)
Stefan Metzmacher [Fri, 12 Sep 2008 12:39:57 +0000 (14:39 +0200)]
librpc/rpc: don't send auth trailers in level connect
Also ignore auth trailers in level connect on receive.
This fixes [krb5,connect] against windows.
TODO: maybe the gensec mech need to decide if signatures
are needed in level connect.
metze
(This used to be commit
eca0502b8620f2110a303b84def4f0bf48cc4ea5)
Stefan Metzmacher [Sat, 13 Sep 2008 08:22:39 +0000 (10:22 +0200)]
rpc_server: correctly calculate the auth padding
metze
(This used to be commit
e82468a8f538aa0cf6d477fb54cc0178c0d64574)
Stefan Metzmacher [Sat, 13 Sep 2008 16:49:03 +0000 (18:49 +0200)]
client free credentials when not needed anymore
(This used to be commit
d982b69df638f17da6af398e2613986240031064)
Jeremy Allison [Fri, 12 Sep 2008 21:59:32 +0000 (14:59 -0700)]
Comment the delay write time tests so I know what they're
testing.
Jeremy.
(This used to be commit
2bf9074c7751324483744f55b02cfb044bb0b2dd)
Jelmer Vernooij [Fri, 12 Sep 2008 19:31:56 +0000 (21:31 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
(This used to be commit
eff27744d3dcb4f6bcdf9bd03583bb38634c398d)
Jelmer Vernooij [Fri, 12 Sep 2008 19:28:48 +0000 (21:28 +0200)]
Revert "Add option for generating coverage data from python tests."
This reverts commit
43c0fdfff02021caef2d8f73d6bfdc4b051a65ef.
(This used to be commit
696f30fff249656409f2efcc81b86a421d0c6880)
Simo Sorce [Fri, 12 Sep 2008 17:57:50 +0000 (13:57 -0400)]
Remove ancient remains of first experimentations about
supporting a schema
(This used to be commit
53b57300c799a079b4d64815243fe6120e0a9fa2)
Simo Sorce [Fri, 12 Sep 2008 17:26:45 +0000 (13:26 -0400)]
Fix spellings and file names
(This used to be commit
baddefd0a6fa430af1a3001064149127e0d29361)
Stefan Metzmacher [Fri, 12 Sep 2008 09:51:08 +0000 (11:51 +0200)]
rename packaging => packaging4
metze
(This used to be commit
42fffd1d1c7303afb4139734cdc0c909f81154b2)
Stefan Metzmacher [Thu, 11 Sep 2008 14:50:49 +0000 (16:50 +0200)]
add '4' to the end of some filesnames
metze
(This used to be commit
48578bd4925a675bf30d4f2452f147c3ee11154f)
Stefan Metzmacher [Thu, 11 Sep 2008 14:47:45 +0000 (16:47 +0200)]
rename swat => swat2, so that we don't conflict with samba3
metze
(This used to be commit
bf852a3dbeee8900fa36978f08a5cdceabcbd926)
Andrew Bartlett [Thu, 11 Sep 2008 21:45:28 +0000 (07:45 +1000)]
Fix failure to load the schema on read-only DB.
This also tries to simplify the logic in the schema -> @ATTRIBUTES and
@INDEXES code.
Andrew Bartlett
(This used to be commit
a383b8bf88a5681f9c9c6839ba645c872a735051)
Andrew Bartlett [Thu, 11 Sep 2008 10:51:26 +0000 (20:51 +1000)]
Remove the complexity of transactions from the attributes-setting code.
I think it is just too complex and error prone to init and cancel
transactions during the module init code. Instead, this isn't prone
to races as it will always achieve a steady state (eventually), and
most cases will never do the write.
Andrew Bartlett
(This used to be commit
d60977cc7f89f89f34187f310c91d1ab7db6ccf2)
Andrew Bartlett [Thu, 11 Sep 2008 02:36:58 +0000 (12:36 +1000)]
Make cn=aggregate output less pretty, by more like Win2008.
I'm not sure if this fixes bug #5713, as this is not consistantly
reproducably on my equipment.
Andrew Bartlett
(This used to be commit
02d6645efc84179efd652dd29ab32f62ae310147)
Andrew Bartlett [Thu, 11 Sep 2008 01:49:24 +0000 (11:49 +1000)]
Fix failures in the winbind struct-based test.
Don't try to pass the 'privileged' socket directory around for expected value testing - it is just too hard...
A better test (once we unify the winbind protocol with Samba3) would
be a operation to see if you are on the priv pipe, and that will give
acutal end-to-end testing.
Andrew Bartlett
(This used to be commit
2d4103518ab8a7286e65347b8b9b0ccb660e69f6)
Jeremy Allison [Wed, 10 Sep 2008 04:25:03 +0000 (21:25 -0700)]
Merge branch 'v4-0-test' of ssh://jra@git.samba.org/data/git/samba into v4-0-test
(This used to be commit
7cd0977a28e9973ff71e9e0146fef6e6771a72b5)
Jeremy Allison [Wed, 10 Sep 2008 04:24:34 +0000 (21:24 -0700)]
A truncate write must be a smbcli_smbwrite, not a
smbcli_write.
Jeremy.
(This used to be commit
8cebd4d36c862dcdc6551dc6bf4dda2342dfede7)
Andrew Bartlett [Wed, 10 Sep 2008 04:09:07 +0000 (14:09 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit
ed26195d0eda6dd1ca14508cfd31a48dde79d44f)
Andrew Bartlett [Wed, 10 Sep 2008 04:08:40 +0000 (14:08 +1000)]
Return the same privilaged winbindd socket as we actually use.
Andrew Bartlett
(This used to be commit
2209787812fd9224d104f332e25d8ce64ef9ee95)
Matthias Dieter Wallnöfer [Tue, 9 Sep 2008 22:09:28 +0000 (00:09 +0200)]
Fix uninstalling of binaries.
(This used to be commit
6ad94d10f79f206fcdeb23cf71595e38c7a77855)
Jelmer Vernooij [Tue, 9 Sep 2008 22:05:37 +0000 (00:05 +0200)]
Merge branch 'v4-0-regClient' of git://repo.or.cz/Samba/mdw into manpage
(This used to be commit
6ac32d0a10a9a27abceca362fcab04bcfc55c33f)
Jelmer Vernooij [Tue, 9 Sep 2008 21:49:07 +0000 (23:49 +0200)]
Only try with -LPYTHONDIR/lib when python-config output didn't work.
(This used to be commit
62d76356c10b4223236425c4db32c2fc5105d155)
Volker Lendecke [Tue, 9 Sep 2008 21:35:17 +0000 (23:35 +0200)]
Attempt to correctly find python on host sunx
(This used to be commit
59b62280d27a9e0a72241e4b60022be07e4cbce2)
Jelmer Vernooij [Tue, 9 Sep 2008 19:56:57 +0000 (21:56 +0200)]
Remove unused scripts for installing binaries.
(This used to be commit
677179234ecaa6980dedc2bb6f77c525b56b532f)
Matthias Dieter Wallnöfer [Tue, 9 Sep 2008 16:03:54 +0000 (18:03 +0200)]
Fix up the "reg_common_open_remote" call
This fixes up the "reg_common_open_remote" call because it didn't work anymore without the event context.
(This used to be commit
42ab865fc937a625d1eece45abe96bf354ddff8b)
Matthias Dieter Wallnöfer [Tue, 9 Sep 2008 16:01:20 +0000 (18:01 +0200)]
Two useful "regshell" improvements
This patch corrects the "change key" command (Follow up isn't supported yet) and adds a newline in a error message.
(This used to be commit
d1052dc42ef591208cfbf7059b28a078f6d4f0bf)
Jelmer Vernooij [Tue, 9 Sep 2008 14:01:37 +0000 (16:01 +0200)]
Remove calls to unused uninstallbin.sh
(This used to be commit
69956a5597b0339b7c0ee3f394d649421f037f03)
Jelmer Vernooij [Tue, 9 Sep 2008 13:55:10 +0000 (15:55 +0200)]
Add option for generating coverage data from python tests.
(This used to be commit
43c0fdfff02021caef2d8f73d6bfdc4b051a65ef)
Stefan Metzmacher [Tue, 9 Sep 2008 11:01:34 +0000 (13:01 +0200)]
UNIX-WHOAMI: fix compiler warnings
metze
(This used to be commit
ec5d8ddadb76ff0d2cb72872e4d145a7527f0ec6)
Stefan Metzmacher [Tue, 9 Sep 2008 09:27:03 +0000 (11:27 +0200)]
drsblobs.idl: add parser for ExtendedErrorInfo see [MS-EERR]: ExtendedError Remote Data Structure
metze
(This used to be commit
3edbbb12bda8e19a9f5a72849bc79e0fad7976f8)
Andrew Bartlett [Tue, 9 Sep 2008 08:02:05 +0000 (18:02 +1000)]
Fix reversed test trying to fix bug #5713
(It instead ensured that only 'top' had a SUP keyword)
This clearly shows that
937b466266256d26d02cf8d48e72a26272fe8627 was
not a full or correct fix, but despite this I can no longer reproduce
the issue. Further investigation is required.
Andrew Bartlett
(This used to be commit
95a9e9b6b84866cd300b1d19915627c6718b4dde)
Andrew Bartlett [Tue, 9 Sep 2008 06:18:27 +0000 (16:18 +1000)]
Fix bug #5713 by correcting the generated schema.
This bug is entitled 'Schema patch breaks interoperability with
Microsoft MMC consoles.', and it does so very spectacularly.
The issue is that we would include an entry:
objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT..
The MMC Active Directory Users and Computers snap in presumably
objected to the 'loop' this would present. The fixed entry is:
objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT
Thanks to Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> for his
persistance in getting me to look at this.
Andrew Bartlett
(This used to be commit
937b466266256d26d02cf8d48e72a26272fe8627)
Jeremy Allison [Mon, 8 Sep 2008 21:58:58 +0000 (14:58 -0700)]
Make it easier to see when tests start/end.
Jeremy.
(This used to be commit
6f89e728272ca14f0ed9557485e21647c0731ef2)
Stefan Metzmacher [Mon, 8 Sep 2008 12:11:17 +0000 (14:11 +0200)]
BASE-DELAYWRITE: test behavior of SMBwrite truncate, writeX, SMBwrite truncate and writeX again
metze
(This used to be commit
66b8c8d80e1c8e45ab6ca38cabebea07aa122c40)
Stefan Metzmacher [Mon, 8 Sep 2008 11:59:51 +0000 (13:59 +0200)]
BASE-DELAYWRITE: test behavior of writeX, SMBwrite truncate, writeX and SMBwrite again
metze
(This used to be commit
051164ba0a69d54aa706ffa876059e8dbbeacb36)
Stefan Metzmacher [Mon, 8 Sep 2008 10:27:43 +0000 (12:27 +0200)]
BASE-DELAYWRITE: demonstrate that a truncate write doesn't update the write time after SET_FILE_INFO
metze
(This used to be commit
f81014db9d5afbf9e0b1c007bc56fc1d3a201309)
Stefan Metzmacher [Mon, 8 Sep 2008 10:12:25 +0000 (12:12 +0200)]
BASE-DELAYWRITE: demonstrate that the time between the open and the first write doesn't matter
metze
(This used to be commit
13d051cd633f4a4152d360453fe5297ad53cc7b5)
Stefan Metzmacher [Mon, 8 Sep 2008 06:31:34 +0000 (08:31 +0200)]
BASE-DELAYWRITE: test more details of the truncate write time update behavior
metze
(This used to be commit
39367ef15fabbb52cd2c05be7ca59b25dc4aff71)
Andrew Bartlett [Mon, 8 Sep 2008 05:09:06 +0000 (15:09 +1000)]
Make it clear that the MMR password can differ from the admin passsword
In the future, we might simply randomly generate this, or allow the
admin to specify it seperate to the admin password. However, both are
highly sensitive, as they imply read access to the krbtgt.
Andrew Bartlett
(This used to be commit
57d19ad002c523fb9a09694e6710ab7f588d44ec)
Oliver Liebel [Mon, 8 Sep 2008 04:39:54 +0000 (14:39 +1000)]
Use DIGEST-MD5 authentication for OpenLDAP replication
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit
67373c143a1d8a9f310fd116dbf81c1dd123b75f)
Andrew Bartlett [Mon, 8 Sep 2008 04:33:05 +0000 (14:33 +1000)]
Add definition for SYSTEM_FLAG_ATTR_IS_RDN
(This used to be commit
36f727c4a73ffc8634692b0c5645343cb414de93)
Andrew Bartlett [Mon, 8 Sep 2008 04:18:04 +0000 (14:18 +1000)]
Move blackbox.smbclient to test against the member server.
The DC is now using smb signing, so testing for the old SMB versions
won't work.
Add a new test script to check 'net join' independent of
blackbox.smbclient.
Andrew Bartlett
(This used to be commit
44ff392ffea52e89a3ac096a6d381ae540d3473c)
Andrew Bartlett [Mon, 8 Sep 2008 02:54:13 +0000 (12:54 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into trusted-domains
(This used to be commit
a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
Andrew Bartlett [Mon, 8 Sep 2008 02:46:04 +0000 (12:46 +1000)]
Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.
(This used to be commit
07cb8db799cc22685af4bb63285fa10115790ce1)
Andrew Bartlett [Mon, 8 Sep 2008 01:10:24 +0000 (11:10 +1000)]
Try to implement the right logic for systemFlags
The MS-ADTS document has quite detailed instrucitons on how these
flags should be processed. This change also causes the correct
sign-wrapping to occour, as these are declared as signed integers.
Andrew Bartlett
(This used to be commit
5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
Andrew Bartlett [Mon, 8 Sep 2008 01:09:02 +0000 (11:09 +1000)]
Don't expose passwords, even to the administrator.
This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.
Andrew Bartlett
(This used to be commit
fa3f3bab33001770a9d7e33875bf212636f6c128)
Andrew Bartlett [Mon, 8 Sep 2008 00:55:34 +0000 (10:55 +1000)]
More work towards trusted domains support in Samba4's LSA
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit
d87b655e20b7c38756774cec2e5898af38c46786)
Stefan Metzmacher [Wed, 20 Aug 2008 20:12:51 +0000 (22:12 +0200)]
ndr_compression: add XPRESS compression support
metze
(This used to be commit
1432a96d37e367d9d97d48b69c6f16351a9ad066)
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
lzxpress: Import of lzxpress compression
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit
fd84c5a08f7e8d6402e5f68eede546eb092d22aa)
Stefan Metzmacher [Sun, 7 Sep 2008 16:52:29 +0000 (18:52 +0200)]
ndr_compression: fix the build after lzxpress_decompress() prototype change
metze
(This used to be commit
b36056aac3f55587d2b3e7b66feea8173dbc67f0)
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
lzxpress: fix for decompression...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit
ee505df3742dac0af8eec8b9b27d1e1f5ef54ca9)
Simo Sorce [Sat, 6 Sep 2008 16:31:50 +0000 (12:31 -0400)]
Always free tmp contexts before returning
(This used to be commit
40b71bbd718f6dee70c0611e527f55c56623dea6)
Stefan Metzmacher [Sat, 6 Sep 2008 10:04:00 +0000 (12:04 +0200)]
zlib: we require zlib-1.2.3 or higher
metze
(This used to be commit
3f4eb091f0dcc53acbfdc63a8d82a5a0f28954a6)
Stefan Metzmacher [Sat, 6 Sep 2008 08:58:53 +0000 (10:58 +0200)]
Revert "zlib: add inflateReset2()..."
This reverts commit
2a4fb661d7e3d601a5eb9ccecb4d4f2b07073097.
(we don't need inflateReset2 anymore)
metze
(This used to be commit
ac43081b93966b545928230f7af8654b942432da)
Stefan Metzmacher [Sat, 6 Sep 2008 08:57:33 +0000 (10:57 +0200)]
Revert "zlib: we don't need the inflateReset2 prototype twice"
This reverts commit
0dbbc287f65a51330c5309df5a96b3acd4d044d5.
(we don't need inflateReset2 anymore)
metze
(This used to be commit
426d129dfff1e2d3750884abb68089ff1850e640)
Stefan Metzmacher [Sat, 6 Sep 2008 08:55:04 +0000 (10:55 +0200)]
ndr_compression: change debug levels
metze
(This used to be commit
83446e22dd1eda958ef62bbe998da0a47b9ff8ef)
Stefan Metzmacher [Sat, 6 Sep 2008 14:16:00 +0000 (16:16 +0200)]
ndr_compression: use deflateReset() together with defalteSetDictionary()
metze
(This used to be commit
dcc57512b030995d9b186c7a6cb3b304d5680867)
Stefan Metzmacher [Fri, 5 Sep 2008 18:18:07 +0000 (20:18 +0200)]
ndr_compression: use inflateReset() and inflateSetDictionary() instead of inflateReset2()
Now we can use an unmodified system zlib-1.2.3
metze
(This used to be commit
d68e36b485239cbaf99a6dce3f3bf52b4abcd06d)
Jeremy Allison [Sat, 6 Sep 2008 04:47:06 +0000 (21:47 -0700)]
Don't compare identity, it'll never be different.
Jeremy.
(This used to be commit
840369b5534eee21818b9d3677404b0fc60a0219)
Oliver Liebel [Sat, 6 Sep 2008 03:12:19 +0000 (13:12 +1000)]
Remove <tab> in OpenLDAP MMR config
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit
80f31c3272b8bc803629c27357033fd325529db1)
Andrew Bartlett [Fri, 5 Sep 2008 23:07:41 +0000 (09:07 +1000)]
Make SMB signing work with Windows 2008 and kerberos.
Pinched from
b53e6387e30010509034835acf88b91b380ff44a by metze.
Andrew Bartlett
(This used to be commit
d55602e23e7947462cb402b20b2d354b96aa7ba3)
Jeremy Allison [Fri, 5 Sep 2008 21:24:36 +0000 (14:24 -0700)]
Added tests that show that write time update is immediate
when changing file size using SMBwrite of size zero,
SET_END_OF_FILE, or SET_ALLOCATION_SIZE - no 2 second
delay in these cases.
Jeremy.
(This used to be commit
3aa7523d7750fe30d1e6bb5a75ac42b681b9e493)
Andrew Bartlett [Fri, 5 Sep 2008 06:46:12 +0000 (16:46 +1000)]
Add a new error code
(This used to be commit
b52fba5b2c63a24acbfc7e3e989c16b691d98162)
Andrew Bartlett [Fri, 5 Sep 2008 06:45:58 +0000 (16:45 +1000)]
Update copyright
(This used to be commit
edea162a0e11f03b4b6069388abbca099f097386)
Andrew Bartlett [Fri, 5 Sep 2008 06:45:37 +0000 (16:45 +1000)]
Update copyright, I've been working here many long years...
(This used to be commit
842ab594124198453fc88f46ab83b712a7d34dc1)
Andrew Bartlett [Fri, 5 Sep 2008 06:45:10 +0000 (16:45 +1000)]
Move our DC to implement mandetory signing.
(this does not change the file server role, and only really changes
what 'server signing = auto' means)
Optional signing really isn't any benifit to network security.
In doing so, allow anonymous clients (if permitted by policy) to log
in without signing, as Samba3 does not sign these connections (which
would use an all-zero key, so pointless).
Andrew Bartlett
(This used to be commit
468bf839c500ed1a26ab9a358ee64a4c0a695797)
Andrew Bartlett [Fri, 5 Sep 2008 06:24:44 +0000 (16:24 +1000)]
With a windows 2008 client, even anonymous requires signing...
Andrew Bartlett
(This used to be commit
a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
Andrew Bartlett [Thu, 4 Sep 2008 06:06:38 +0000 (16:06 +1000)]
More work to implement LSA CreateTrustedDomainEx2
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit
99a3abda09716c064b3e9a37c4a79a8f62444eca)
Andrew Tridgell [Thu, 4 Sep 2008 02:49:29 +0000 (12:49 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
(This used to be commit
c273d63f94c430a4f553085efb0d6e31a99e5853)
Andrew Bartlett [Thu, 4 Sep 2008 01:32:32 +0000 (11:32 +1000)]
Merge commit 'origin/v4-0-test' into trusted-domains
(This used to be commit
b599b83a13db90b50a5422ff73daa63648b1e8cd)
Jelmer Vernooij [Wed, 3 Sep 2008 20:55:24 +0000 (22:55 +0200)]
Regenerate SWIG file.
(This used to be commit
e8ba65c4db986fcedf7008d05d8f8846f78a98f1)
Jelmer Vernooij [Wed, 3 Sep 2008 20:29:53 +0000 (22:29 +0200)]
Avoid using version call for version string.
(This used to be commit
1897cef508c8bea817c510bd9023d794cb983864)
Jelmer Vernooij [Wed, 3 Sep 2008 20:26:02 +0000 (22:26 +0200)]
Allow overriding shared library policy using environment variable.
(This used to be commit
d5c61f470d7aa6dd0e5a22e8718d53a69cbbc239)
Jelmer Vernooij [Wed, 3 Sep 2008 12:10:35 +0000 (14:10 +0200)]
Fix embedding of Samba 4.
(This used to be commit
3862f3132549332e0a44fad65d7c49a27e1dbd4a)
Andrew Bartlett [Wed, 3 Sep 2008 05:34:44 +0000 (15:34 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit
9590805bcbdd1924eda5a69978ffac7ec7603451)
Andrew Bartlett [Wed, 3 Sep 2008 05:30:17 +0000 (15:30 +1000)]
Implement NETLOGON PAC verfication on the server-side
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit
82fcd7941f5c54da2d994c8bd99dd8d86299a296)
Andrew Bartlett [Wed, 3 Sep 2008 04:20:30 +0000 (14:20 +1000)]
Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719
(This used to be commit
cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
Andrew Bartlett [Wed, 3 Sep 2008 04:19:16 +0000 (14:19 +1000)]
Test a few more error cases in RPC-PAC
(This used to be commit
50502b3b8faf89cf5ad396102f4fe80eaa213908)
Andrew Bartlett [Tue, 2 Sep 2008 01:31:46 +0000 (11:31 +1000)]
Start testing CreateTrustedDomainEx2
Andrew Bartlett
(This used to be commit
91ae8dca254aa8c032daf0c87fa2a47760d32586)
Andrew Bartlett [Tue, 2 Sep 2008 01:31:17 +0000 (11:31 +1000)]
Share IDL between the LSA and drsblob representations of trusts
(This used to be commit
e5520706c88911c66b3ce5817e371900212ca083)
Andrew Bartlett [Mon, 1 Sep 2008 04:43:00 +0000 (14:43 +1000)]
Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit
b55a1b63cc2f7de889f046e975e3414bc5000613)
Andrew Tridgell [Fri, 29 Aug 2008 21:38:02 +0000 (07:38 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
(This used to be commit
f008c3b6ee324056fd9b63f6151ad6849640c959)
Andrew Tridgell [Fri, 29 Aug 2008 21:32:44 +0000 (07:32 +1000)]
Add a setexpiry operation in samdb.py
This makes it easy to set the expiry (or no expiry) for a samdb user
(This used to be commit
25171f18a4b242b5a731f4ac1eefc51cc82efd74)
Andrew Tridgell [Fri, 29 Aug 2008 21:23:06 +0000 (07:23 +1000)]
added a simple script for setting password expiry
(This used to be commit
cf37126ac7b833a3a739b151157c296afc0c979c)
Andrew Bartlett [Fri, 29 Aug 2008 08:05:06 +0000 (18:05 +1000)]
Start implementing the server-sde NETLOGON PAC verification.
(This used to be commit
8741e8fee619cccd84f2f10e00426df1d4f34074)
Andrew Bartlett [Fri, 29 Aug 2008 05:06:30 +0000 (15:06 +1000)]
It turns out that the Netlogon PAC verification is encrypted.
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit
c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
Andrew Bartlett [Fri, 29 Aug 2008 03:01:52 +0000 (13:01 +1000)]
Update packaging per suggestions on the review
Also make the build more C++ friendly with a patch from Brad Hards.
Andrew Bartlett
(This used to be commit
1367b94c8fb421dd517e7e8044af7606a4693365)
Andrew Bartlett [Thu, 28 Aug 2008 06:30:17 +0000 (16:30 +1000)]
Further rework the RPC-PAC test.
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit
acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
Andrew Bartlett [Thu, 28 Aug 2008 06:28:47 +0000 (16:28 +1000)]
Heimdal provides Kerberos PAC parsing routines. Use them.
This uses Heimdal's PAC parsing code in the:
- LOCAL-PAC test
- gensec_gssapi server
- KDC (where is was already used, the support code refactored from here)
In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.
Andrew Bartlett
(This used to be commit
418b440a7b8cdb53035045f3981d47b078be6c1e)