summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* s4-torture: use names for r.in.logon_level of netlogon samlogon requests.Günther Deschner2012-12-096-10/+10
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: remove trailing whitespace in smbtorture remote_pac test.Günther Deschner2012-12-091-41/+41
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner2012-12-091-1/+6
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: add AES support for netr_ServerPasswordSet2 tests.Günther Deschner2012-12-091-6/+29
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests.Günther Deschner2012-12-091-4/+12
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: remove trailing whitespace from netlogon test.Günther Deschner2012-12-091-105/+105
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool processes: Make the output a bit neaterRicky Nance2012-12-081-5/+5
| | | | | | | Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
* s4:dsdb/descriptor: fix replication of NC headsStefan Metzmacher2012-12-071-2/+2
| | | | | | | | | | | | The sub NC heads maybe replicated with the parent partition, if we don't need to recalculate the nTSecurityDescriptor attribute in that case, the replication of the of the sub partition should handle that. This fixes error messages like this: descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=s40dom,DC=base not found under DC=s40dom,DC=base Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: improve debugging for fatal errorStefan Metzmacher2012-12-071-3/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470)Stefan Metzmacher2012-12-071-0/+5
| | | | | | | Some modules might not allocate values on the correct memory context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to ↵Stefan Metzmacher2012-12-071-6/+18
| | | | | | | | | msg->elements[i].values (bug #9470) We should keep the talloc hierarchy sane. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/schema: fix dsdb_schema_set_el_from_ldb_msg() (bug #9470)Stefan Metzmacher2012-12-071-7/+7
| | | | | | | We should always update the ts_last_change. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/password_hash: Honor password complexity settings.Stefan Metzmacher2012-12-061-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | Honor password complexity settings when creating new users. Without this patch, you could set simple passwords although the complexity settings were enabled. This was an issue with 'samba-tool user add' and also when adding new users via Windows' "Active Directory Users and Computers" MMC Snap-In. The following scenarios were tested successfully after applying the patch: -'samba-tool user add' against s4 -'samba-tool user add -H' against a Windows DC -Adding a new user on a s4 DC using Windows' "Active Directory Users and Computers" MMC Snap-In. Please note that this bug was caused by a mistake in the documentation. Fix bug #9414 - 'samba-tool user add' ignores password complexity settings. Pair-programmed-with: Karolin Seeger <kseeger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 6 05:11:43 CET 2012 on sn-devel-104
* scripting: Handle missing LDAP entries in samba-tool domain classicupgradeAndrew Bartlett2012-12-061-0/+6
| | | | Reported-by: Thomas Simmons <twsnnva@gmail.com>
* wsgi: Serve '500 Internal Server Error' page when errors occur.Jelmer Vernooij2012-12-051-0/+19
| | | | | Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Dec 5 18:40:25 CET 2012 on sn-devel-104
* web_server: Make second argument to websrv_output const.Jelmer Vernooij2012-12-052-2/+2
|
* wsgi: When encountering error in Python code, print traceback to logs.Jelmer Vernooij2012-12-051-9/+52
| | | | Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
* docs: Merge both samba.8 manpages.Karolin Seeger2012-12-032-182/+0
| | | | | | | | | | | | | Remove source4/smbd/samba.8.xml and add the additional content to docs-xml/samba.8.xml to be able to build this manpage with the autoconf build also. Karolin Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 16:28:32 CET 2012 on sn-devel-104
* ntlm_auth4: Use new samba_getpass() function.Andreas Schneider2012-12-031-1/+7
| | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* cmdline: Use new samba_getpass() function.Andreas Schneider2012-12-031-5/+9
| | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()Stefan Metzmacher2012-12-031-1/+4
| | | | | | | | This allows the caller to ask for a security.descriptor instead of sddl by passing 'as_sddl=False'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:python/ntacl: allow string or objects for sd/sid in setntacl()Stefan Metzmacher2012-12-031-3/+14
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba-tool/gpo: fix the operation order when creating gposStefan Metzmacher2012-12-031-13/+20
| | | | | | | | | | | | | | We should do it like the windows GUI. 1. create the LDAP objects 2. query the security_descriptor of the groupPolicyContainer 3. create the gPCFileSysPath via smb 4. set the security_descriptor of gPCFileSysPath 5. copy the files and directories into gPCFileSysPath 6. modify the groupPolicyContainer and link gPCFileSysPath Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gposStefan Metzmacher2012-12-031-4/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba-tool/gpo: use the dns_domain from the server when creating gposStefan Metzmacher2012-12-031-2/+14
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:libcli/finddcs_cldap: allow io->in.server_address as hostnameStefan Metzmacher2012-12-021-3/+58
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:libcli/finddcs_cldap: try all NBT#1C addressesStefan Metzmacher2012-12-021-12/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flagsStefan Metzmacher2012-12-021-0/+44
| | | | | | | | | | | | | A client can send a full security_descriptor while just passing sd_flags of SECINFO_DACL. We need to NULL out elements which will be ignored depending on the sd_flags and may set the old owner/group sids. Otherwise the calculation of the DACL/SACL can replace CREATOR_OWNER with the wrong sid. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/tests: add SdAutoInheritTestsStefan Metzmacher2012-11-301-1/+83
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 30 18:59:50 CET 2012 on sn-devel-104
* s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for ↵Stefan Metzmacher2012-11-301-2/+70
| | | | | | | | | replicated changes We only do so if the replicated object is not deleted. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)Stefan Metzmacher2012-11-301-3/+17
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621)Stefan Metzmacher2012-11-301-1/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()Stefan Metzmacher2012-11-301-0/+29
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2012-11-301-8/+395
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2012-11-302-0/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2012-11-301-5/+67
| | | | | | | | This can only be triggered by ourself, that's why we expect control->data == module. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modifyStefan Metzmacher2012-11-301-0/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modifyStefan Metzmacher2012-11-301-0/+16
| | | | | | | | The propagation of nTSecurityDescriptor doesn't change the replProperyMetaData. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modifyStefan Metzmacher2012-11-301-0/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2012-11-302-0/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711)Stefan Metzmacher2012-11-301-0/+19
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711)Stefan Metzmacher2012-11-301-3/+11
| | | | | | | | | | | Now that the acl module checks for SEC_ADS_DELETE_TREE, we can do the recursive delete AS_SYSTEM. We need to pass the TRUSTED flags as we operate from the TOP module. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/subtree_delete: do an early return and avoid some nestingStefan Metzmacher2012-11-301-24/+28
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/objectclass: do not pass the callers controls on helper searchesStefan Metzmacher2012-11-301-1/+1
| | | | | | | | | | We add AS_SYSTEM and SHOW_RECYCLED to the helper search, don't let the caller specify additional controls. This also fixes a problem when the caller also specified AS_SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given ↵Stefan Metzmacher2012-11-301-0/+12
| | | | | | | (bug #7711) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/dirsync: remove unused 'deletedattr' variableStefan Metzmacher2012-11-301-2/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACLStefan Metzmacher2012-11-301-0/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to ↵Stefan Metzmacher2012-11-301-0/+2
| | | | | | | | | DSDB_SECRET_ATTRIBUTES_EX See [MS-ADTS] 3.1.1.4.4 Extended Access Checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributesStefan Metzmacher2012-11-301-5/+36
| | | | | | | The @KLUDGEACL record might not be uptodate. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on ↵Stefan Metzmacher2012-11-301-0/+3
| | | | | | | modify Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
View Lorry Controller Status