summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* midltests: improve NDR64 downgradeStefan Metzmacher2010-09-291-4/+21
| | | | metze
* midltests: revert to a simple default midltests.idlStefan Metzmacher2010-09-291-248/+3
| | | | metze
* s3-waf: add basic make test infrastructure, not able to test yet.Günther Deschner2010-09-293-0/+158
| | | | Guenther
* s3-waf: clean up socket-wrapper and nss-wrapper a little.Günther Deschner2010-09-291-15/+5
| | | | Guenther
* s3-waf: add vlp binary.Günther Deschner2010-09-291-0/+5
| | | | Guenther
* s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS callAndrew Tridgell2010-09-291-10/+57
| | | | | we can't do SPN updates via sam writes and replication, as the sam is read-only
* s4-drsutils: expose DsBind() call in drs_utils.pyAndrew Tridgell2010-09-291-37/+38
| | | | this will be used by samba_spnupdate
* s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpersAndrew Tridgell2010-09-292-0/+12
| | | | | | | | | | | Our helper scripts can fail on Fedora with the PDT timezone (Western USA). This is the same issue we found with Heimdal earlier today, the 24 second difference between GMT and UTC, but this time in MIT Kerberos as linked into bind9. By forcing TZ=GMT in these scripts we avoid the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-rodc: RODC should not accept requests for role transferNadezhda Ivanova2010-09-291-0/+12
| | | | | A RODC cannot assume a role, and unwillingToPerform must be returned if such request is sent via LDAP
* s4-provision: simplify our generated krb5.confAndrew Tridgell2010-09-281-14/+1
| | | | | | | | we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc: RODC DCs should be able to produce forwardable ticketsAndrew Tridgell2010-09-281-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal: fixed timegm UTC/GMT bugAndrew Tridgell2010-09-281-15/+6
| | | | | | | | | | | This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell2010-09-281-4/+4
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb-dn: don't crash on NULL in ldb_binary_encode_string()Andrew Tridgell2010-09-281-0/+3
| | | | Thanks to Nadya for finding this one!
* s4-kdc Ensure that an RODC may act as a server (needed to fillAndrew Bartlett2010-09-281-5/+24
| | | | | | the krbtgt role). Andrew Bartlett
* heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett2010-09-283-1/+35
| | | | | | | If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
* midltests/todo: add some random idl files I had tested month agoStefan Metzmacher2010-09-298-0/+1014
| | | | metze
* midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl exampleStefan Metzmacher2010-09-293-3/+682
| | | | metze
* midltests: add some usefull defines to midltests.idlStefan Metzmacher2010-09-291-0/+24
| | | | metze
* midltests: make it possible to allow downgrades to NDR32Stefan Metzmacher2010-09-291-4/+8
| | | | metze
* midltests: add a midltests_tcp.exe toolStefan Metzmacher2010-09-295-5/+611
| | | | | | | | | This uses a man in the middle approach in order to dump the request and response pdus. It also tests NDR32 and NDR64. metze
* midltests: move the current implementation to midltests_simple.exeStefan Metzmacher2010-09-293-22/+34
| | | | metze
* testprogs/win32: add vs2010-metze.cmdStefan Metzmacher2010-09-291-0/+24
| | | | metze
* s3-printing: skip metadata entry when traversing printerlist.Günther Deschner2010-09-291-0/+5
| | | | | | | | | We were creating a new printer (with a very broken name) out of the lasttimestamp entry all the time. Simo, please check. Guenther
* pidl: add support for pointers in typedefsStefan Metzmacher2010-09-284-249/+270
| | | | metze
* pidl:NDR/Parser: remove unused code for array element indexStefan Metzmacher2010-09-281-6/+0
| | | | metze
* pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags()Stefan Metzmacher2010-09-281-6/+4
| | | | metze
* pidl:NDR/Client: make the generated code look a bit nicerStefan Metzmacher2010-09-281-1/+1
| | | | metze
* librpc/ndr: remove 'async' from ndr_interface_callStefan Metzmacher2010-09-281-1/+0
| | | | metze
* pidl: remove unused async property handlingStefan Metzmacher2010-09-282-7/+1
| | | | metze
* pidl/Python: use has_property($d, "noopnum") helper functionStefan Metzmacher2010-09-281-1/+1
| | | | metze
* pidl:NDR/Client.pm: remove unreached codeStefan Metzmacher2010-09-281-3/+0
| | | | metze
* pidl/Python: remove todo handling from PythonFunction(), it's done by the callerStefan Metzmacher2010-09-281-15/+6
| | | | metze
* pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH caseStefan Metzmacher2010-09-281-0/+1
| | | | metze
* s3-waf: add in a little hack to deal with the ECHO rpc module for ↵Günther Deschner2010-09-281-0/+4
| | | | | | | | non-developer builds. This will be removed once we have the rpc modules subsystem in place. Guenther
* autobuild: use git notes for autobuild messagesAndrew Tridgell2010-09-281-1/+1
| | | | | | | This avoids changing the commit ID when we add a note that the autobuild has passed thanks to Jelmer for this suggestion!
* selftest: enable FAIL_IMMEDIATELY in autobuild make testAndrew Tridgell2010-09-281-2/+2
| | | | | | | this should reduce the time we wait for previous failing builds. Right now this will only work for s4, as we need a makefile change for s3 support
* s4-drs: added support for DRSUAPI_EXOP_REPL_OBJAndrew Tridgell2010-09-281-1/+32
| | | | this extended getncchanges operation replicates a single object
* ldb-tdb: ignore failure to register control on rootdseAndrew Tridgell2010-09-281-4/+1
| | | | this is expected for non-sam LDBs
* s4-drs: use drs_ObjectIdentifier_*() calls in getncchangesAndrew Tridgell2010-09-281-14/+16
| | | | this allows for replication by GUID or SID
* s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell2010-09-282-44/+42
| | | | | | | this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
* waf: we don't need the preprocessor recursion limit any moreAndrew Tridgell2010-09-282-6/+0
| | | | thanks to ita for this
* s4-drs: Added check for drs-manage-topology to updateRefs.Nadezhda Ivanova2010-09-281-7/+9
|
* s4-drs: Added drs_security_access_check functionNadezhda Ivanova2010-09-282-0/+64
| | | | | It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
* s4-dsdb: adapted check_access_on_dn for use in drs.Nadezhda Ivanova2010-09-281-9/+10
|
* heimdal Fix DNS name qualification to not mangle IP addressesAndrew Bartlett2010-09-291-5/+23
| | | | | | | | | If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett
* s4-kdc Handle the case where we may be given a ticket from an RODC in db layerAndrew Bartlett2010-09-296-37/+83
| | | | | | | | This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett
* heimdal Add an error code for use in the RODCAndrew Bartlett2010-09-291-0/+1
| | | | | | | | | | In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett
* heimdal Add support for extracting a particular KVNO from the databaseAndrew Bartlett2010-09-297-19/+54
| | | | | | | | | This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett
* s4-kdc Add common setup, handle RODC setup caseAndrew Bartlett2010-09-295-73/+156
| | | | | | | | | | This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett
View Lorry Controller Status