summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Bump version number up to 4.0.0.samba-4.0.0Karolin Seeger2012-12-111-2/+2
| | | | | | And disable git snapshots. Karolin
* WHATSNEW: Update changes since rc6.Karolin Seeger2012-12-111-0/+2
| | | | Karolin
* selftest: skip the samba4.rpc.samr.passwords test in ncacn_np(dc) and ↵Michael Adam2012-12-111-0/+2
| | | | | | | | | | | | s4member environments These currently fail in a corner case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Karolin Seeger <kseeger@samba.org> The last 9 patches address bug #9414 - 'samba-tool user add' ignores password complexity settings.
* s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3()Michael Adam2012-12-111-2/+2
| | | | | | | | | The min_password_age field is the negative of the age. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUserMichael Adam2012-12-111-8/+16
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam2012-12-111-47/+65
| | | | | | | | | This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/password_hash: do the min password age checks firstMichael Adam2012-12-111-11/+13
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if requiredStefan Metzmacher2012-12-111-7/+11
| | | | | | | | This should give the password_hash module a chance to detect if the called was the cleartext password or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* callsMichael Adam2012-12-111-1/+106
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/password_hash: Honor password complexity settings.Stefan Metzmacher2012-12-111-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | Honor password complexity settings when creating new users. Without this patch, you could set simple passwords although the complexity settings were enabled. This was an issue with 'samba-tool user add' and also when adding new users via Windows' "Active Directory Users and Computers" MMC Snap-In. The following scenarios were tested successfully after applying the patch: -'samba-tool user add' against s4 -'samba-tool user add -H' against a Windows DC -Adding a new user on a s4 DC using Windows' "Active Directory Users and Computers" MMC Snap-In. Please note that this bug was caused by a mistake in the documentation. Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. Pair-programmed-with: Karolin Seeger <kseeger@samba.org> Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* WHATSNEW: Fix typo.Karolin Seeger2012-12-111-1/+1
| | | | Karolin
* WHATSNEW: Add link to the whitepaper.Karolin Seeger2012-12-111-8/+12
| | | | Karolin
* WHATSNEW: Move AD stuff to the corresponding paragraph.Karolin Seeger2012-12-111-3/+5
| | | | Karolin
* WHATSNEW: Update release notes.Karolin Seeger2012-12-111-21/+1
| | | | | | | Apply changes provided by Andrew Bartlett. Thanks! Karolin
* WHATSNEW: Update release notes.Karolin Seeger2012-12-111-11/+8
| | | | Karolin
* WHATSNEW: Update changes since rc6.Karolin Seeger2012-12-111-0/+1
| | | | | | | Karolin Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-0-test): Tue Dec 11 10:49:36 CET 2012 on sn-devel-104
* s4:provision: set the correct nTSecurityDescriptor on CN=Domain ↵Stefan Metzmacher2012-12-113-0/+16
| | | | | | | | | | | Controllers,... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104 (cherry picked from commit 914a61d9e5b7a182592f3afe60f4dad1cd342fc4)
* s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)Stefan Metzmacher2012-12-113-1/+19
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 8eb359c23c6379be1ccc32e27fd2316d77a7c7b3)
* s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug ↵Stefan Metzmacher2012-12-113-1/+20
| | | | | | | | #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 19b03834f08c2a6645a31fe18121534c692c18d1)
* s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)Stefan Metzmacher2012-12-113-0/+61
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit e1301fef735b305736db0b6db335c37aa9fea832)
* s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... ↵Stefan Metzmacher2012-12-113-2/+15
| | | | | | | | (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit ebb0a88722d416ad470497fd6ffa7b26abfe58bc)
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-113-0/+19
| | | | | | | | CN=Sites,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 999c068113af6158355634eb9a9c4b5a4d3066d8)
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-113-0/+21
| | | | | | | | CN=Partitions,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 649fb5b61492562f1400996a6ccf33af17af5b6b)
* s4:dsdb/descriptor: pass object_list to create_security_descriptor()Stefan Metzmacher2012-12-111-2/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit a97b5f219678e409a851d9caf8317a6ef130c12f)
* libcli/security: calculate the correct inherited_object GUIDStefan Metzmacher2012-12-111-1/+7
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit d20c46a520a7e39dd87476cd81edab56b5543892)
* libcli/security: implement object_in_list()Stefan Metzmacher2012-12-111-2/+23
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 75729e6703c5b5dff7feefed590086898fc03c74)
* WHATSNEW: Update release notes for Samba 4.0.0.Karolin Seeger2012-12-111-125/+144
| | | | Karolin
* s3:auth: fix create_token_from_sid() to not fail in the winbindd caseMichael Adam2012-12-111-2/+10
| | | | | | | | | | | | | | | | | | | | Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104 (cherry picked from commit c5b150b33fc54ed97dbd0736cc6f4c15977d6e70)
* s3:auth: fix function header comment for user_sid_in_group_sid()Michael Adam2012-12-111-1/+1
| | | | | | | | | | | | This is embarrassing: the commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8 which intended to fix an earlier copy'n'paste error, contained another typo, fixed with this commit... Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104 (cherry picked from commit 1d949cb0e51a086006612271d6f08305b68aa09c)
* s3:auth: fix header comment for user_sid_in_group_sid()Michael Adam2012-12-111-2/+2
| | | | | | | | | This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8)
* s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher2012-12-111-0/+7
| | | | | | | | | | | | | | | working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104 (cherry picked from commit 53b736444d55c4eed3abbc34974b655cc2607cd6) The last 13 patches address bug #9470 - MMC crashes.
* s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher2012-12-111-0/+116
| | | | | | | | | | interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit e617a3fecb797031cf5a6545d51d7e116716ab52)
* s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attributeStefan Metzmacher2012-12-111-2/+12
| | | | | | | | | | | | If the sd_flags control is specified, we should return nTSecurityDescriptor only if the client asked for all attributes. If there's a list of only explicit attribute names, we should ignore the sd_flags control. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 6bc2caed8b3f153f92af013275f39c803f886a22)
* s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags ↵Stefan Metzmacher2012-12-111-2/+9
| | | | | | | | | | control is given (bug #9470) Not returning the nTSecurityDescriptor causes a lot of problems. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 22bb2fd868b8df2244b801aeaa515a8a4036bce8)
* s4:dsdb/acl_read: give some variables a better nameStefan Metzmacher2012-12-111-10/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 4f8558ffaf4c9fb9e350ec528ec1ce60de5f2e24)
* s4:dsdb/acl_read: fix the calculation of the attribute array for the sub searchStefan Metzmacher2012-12-111-14/+19
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit db15fcfa899e1fe4d6994f68ceb299921b8aa6f1)
* s4:dsdb/acl_read: check the ldb_attr_list_copy_add() resultStefan Metzmacher2012-12-111-0/+12
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit e2181617a00d7982e4e6ced1c51aa2ee8a40df26)
* s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)Stefan Metzmacher2012-12-111-3/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 6bcafceb750d5c4d24e2ddbef35b411bebccd66f)
* s4:dsdb/descriptor: fix replication of NC headsStefan Metzmacher2012-12-111-2/+2
| | | | | | | | | | | | | The sub NC heads maybe replicated with the parent partition, if we don't need to recalculate the nTSecurityDescriptor attribute in that case, the replication of the of the sub partition should handle that. This fixes error messages like this: descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=s40dom,DC=base not found under DC=s40dom,DC=base Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 734d14b54834a4d03e67bcaece4f4e3cf1d10925)
* s4:dsdb/acl_read: improve debugging for fatal errorStefan Metzmacher2012-12-111-3/+18
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 802124789513ef207a154ee950dc03e66a80e0b1)
* s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470)Stefan Metzmacher2012-12-111-0/+5
| | | | | | | | Some modules might not allocate values on the correct memory context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 14b5b729049d92c30ba518adb82c9396fdddd09f)
* s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to ↵Stefan Metzmacher2012-12-111-6/+18
| | | | | | | | | | msg->elements[i].values (bug #9470) We should keep the talloc hierarchy sane. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 3535f8effefef6a68d2b686abe2769d797531dd9)
* s4:dsdb/schema: fix dsdb_schema_set_el_from_ldb_msg() (bug #9470)Stefan Metzmacher2012-12-111-7/+7
| | | | | | | | We should always update the ts_last_change. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 944b6863a71efc48ccc8cd9ae8ad1a3081bc1805)
* WHATSNEW: Update changes since rc6.Karolin Seeger2012-12-101-0/+5
| | | | | | | Karolin Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-0-test): Mon Dec 10 11:56:00 CET 2012 on sn-devel-104
* s4-torture: call the s4u2self tests with arcfour and aes.Günther Deschner2012-12-101-12/+47
| | | | | | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104 (cherry picked from commit ade5bfd304cc806758a58f04b35834cd730dd9ba) The last 28 patches address bug #9438 - netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken.
* s4-torture: precalculate expected session keys from samlogon in schannel test.Günther Deschner2012-12-101-7/+111
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d0bad6c3350698b26ba009bb0c91d0265cc22f60)
* libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().Günther Deschner2012-12-101-0/+14
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f6cb8049b2fe62054d254a006b8a39f000d1d1d5)
* libcli/auth: remove trailing whitespace.Günther Deschner2012-12-101-38/+38
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit be296a21fc509cacaedb5aad0c3ca4ccd44b4a62)
* s3-auth: remove crypto from serverinfo_to_SamInfoX calls.Günther Deschner2012-12-105-34/+30
| | | | | | | | | | All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f2d9589b178c0e3374e1c1ad363639b9e2bdce5f)
* s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.Günther Deschner2012-12-101-24/+3
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c1fb595081c2b0bf66bce06c09750f53e8031311)
View Lorry Controller Status