Andrew Bartlett [Tue, 16 Nov 2010 03:12:17 +0000 (14:12 +1100)]
s4-kdc use 'flags' to only create the 'admin data' elements when requested
This avoids setting these values when the caller simply does not care
Andrew Bartlett
Andrew Bartlett [Tue, 16 Nov 2010 03:07:18 +0000 (14:07 +1100)]
s4-kdc Add 'flags' parameter to db fetch calls
This will allow these calls to honour the flags passed in from the KDC
Andrew Bartlett
Andrew Tridgell [Tue, 16 Nov 2010 01:05:14 +0000 (12:05 +1100)]
waf: added --git-local-changes configure option
if you use --git-local-changes then the version number that waf
extracts from git will have a '+' on the end if you have local
changes, as determined by running 'git diff'.
This used to be the default, but unfortunately it is far too slow on
some systems. On a NFS build system I was using the first line of
configure took about 2 minutes.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 16 01:51:54 UTC 2010 on sn-devel-104
Andrew Bartlett [Mon, 15 Nov 2010 22:33:05 +0000 (09:33 +1100)]
s4-kdc Don't regenerate the PAC for cross-realm tickets
We should never get a cross-realm ticket that was not issued by a full
DC, but if someone claims to have such a thing, reject it rather than
segfaulting on the NULL client pointer.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 23:59:34 UTC 2010 on sn-devel-104
Andrew Bartlett [Mon, 15 Nov 2010 22:30:55 +0000 (09:30 +1100)]
s4-kdc Don't always regenerate the PAC
The PAC was being regenerated on all normal DCs, because they don't
have a msDS-SecondaryKrbTgtNumber attribute. Instead we need to check
if it's set and not equal to our RODC number, allowing RODCs to trust
the full DCs and itself, but not other RODCs.
Andrew Bartlett
Andrew Bartlett [Mon, 15 Nov 2010 22:29:18 +0000 (09:29 +1100)]
heimdal Fetch the client before the PAC check, but after obtaining krbtgt_out
By checking the client principal here, we compare the realm based on
the normalised realm, but do so early enough to validate the PAC (and
regenerate it if required).
Andrew Bartlett
Andrew Bartlett [Mon, 15 Nov 2010 22:28:21 +0000 (09:28 +1100)]
s4-gensec Indicate if GENSEC is in client or server mode in the debug
Matthias Dieter Wallnöfer [Mon, 15 Nov 2010 21:42:22 +0000 (22:42 +0100)]
s4:heimdal - fix the return code of a non-void function
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 15 23:14:57 UTC 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Mon, 15 Nov 2010 21:38:09 +0000 (22:38 +0100)]
s4:torture/basic/base.c - fix output warnings regarding "time_t"
"time_t" is generally "long int".
Matthias Dieter Wallnöfer [Mon, 15 Nov 2010 21:30:16 +0000 (22:30 +0100)]
s4:objectclass LDB module - improve the default name context checking on modifications
Pointed out by abartlet
Andrew Tridgell [Mon, 15 Nov 2010 20:41:54 +0000 (07:41 +1100)]
s4-join: not all versions of w2003 have msDS-SupportedEncryptionTypes
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 22:28:16 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 15 Nov 2010 11:57:00 +0000 (22:57 +1100)]
s4-devel: a script to test the Samba4 HOWTO
This provides a script that allows testing of most of the steps of the
Samba4 HOWTO. The big difference between this and 'make test' is that
it test against windows, using pexpect to control windows boxes via
telnet.
The info about VMs and other parameters are in separate conf
files. I've included a sample config file that I use on my laptop.
André Hentschel [Sun, 14 Nov 2010 22:09:03 +0000 (23:09 +0100)]
net: Add and fix some German translation
typo spotted by Michael Wood
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Mon Nov 15 21:44:39 UTC 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Mon, 15 Nov 2010 12:00:58 +0000 (13:00 +0100)]
s4:objectclass LDB module - implement the "objectClass" change restrictions on Windows 2000 forest function level
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
Jelmer Vernooij [Mon, 15 Nov 2010 11:42:14 +0000 (12:42 +0100)]
heimdal_base: Fix include path so heim_threads.h can be found.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 12:26:53 UTC 2010 on sn-devel-104
Jelmer Vernooij [Mon, 15 Nov 2010 11:41:58 +0000 (12:41 +0100)]
smb_server: Build as shared module.
Jelmer Vernooij [Mon, 15 Nov 2010 11:24:45 +0000 (12:24 +0100)]
heimdal_base: Add missing dependency on replace.
Jelmer Vernooij [Mon, 15 Nov 2010 11:23:46 +0000 (12:23 +0100)]
nbtd: Build service as shared module.
Andrew Tridgell [Mon, 15 Nov 2010 10:45:42 +0000 (21:45 +1100)]
waf: fixed configure again on RHEL5
the fancier cmd_output() broke git versioning
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 11:33:41 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 15 Nov 2010 08:09:14 +0000 (19:09 +1100)]
s4-dns: added --fail-immediately option to samba_dnsupdate
this is useful for manual testing
Andrew Tridgell [Sun, 14 Nov 2010 23:54:50 +0000 (10:54 +1100)]
s4-dns: fixed registration of multiple IPs in samba_dnsupdate
bitten by python object references again!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 15 Nov 2010 07:43:51 +0000 (18:43 +1100)]
heimdal Fix handling of backwards cross-realm detection for Samba4
Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components.
The easy way to keep this test passing is to consider also what we
need to do to get the krbtgt account for the PAC signing - and to use
krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use
that resutl for realm comparion.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104
Andrew Bartlett [Mon, 15 Nov 2010 02:30:03 +0000 (13:30 +1100)]
s4-kdc Fix realm handling in our KDC
we should reset the realm part of the principal, but not the lowercase
realm embedded in the 'krbtgt/realm@REALM'.
Andrew Bartlett
Jelmer Vernooij [Mon, 15 Nov 2010 02:19:44 +0000 (03:19 +0100)]
s4: Build ldap and samba3_smb services as shared modules.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
Jelmer Vernooij [Mon, 15 Nov 2010 02:14:16 +0000 (03:14 +0100)]
cldap: Build as shared module.
Jelmer Vernooij [Sun, 14 Nov 2010 23:46:12 +0000 (00:46 +0100)]
kdc: Build as shared module by default.
Jelmer Vernooij [Sun, 14 Nov 2010 23:45:48 +0000 (00:45 +0100)]
auth/ntlm: Use name consistent with other service names.
Andrew Bartlett [Mon, 15 Nov 2010 01:10:33 +0000 (12:10 +1100)]
auth/gensec Handle incorrect username or password in Kerberos client code
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
Andrew Bartlett [Sun, 14 Nov 2010 22:08:43 +0000 (09:08 +1100)]
s4-kdc update startup routines after heimdal update
We should check the errors from krb5_kdc_windc_init and we now need to
additionally run krb5_kdc_pkinit_config()
Andrew Bartlett
Andrew Bartlett [Fri, 12 Nov 2010 04:37:07 +0000 (15:37 +1100)]
s4-kdc Remove use of heimdal private headers in kpasswd server.
This remains an abuse, because it relies on setting into the krb5_principal
structure, but at least it causes less trouble for the server.
Andrew Bartlett
Andrew Bartlett [Fri, 12 Nov 2010 04:27:43 +0000 (15:27 +1100)]
heimdal Extra files required for merge up to current heimdal
Andrew Bartlett [Fri, 12 Nov 2010 02:15:57 +0000 (13:15 +1100)]
heimdal regenate lex and yacc files
Andrew Bartlett [Fri, 12 Nov 2010 02:14:00 +0000 (13:14 +1100)]
Add attribute macros for Heimdal to use
Heimdal uses HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE,
and we need to provide a link between these and Samba's function
attribute handling.
Andrew Bartlett
Andrew Bartlett [Thu, 11 Nov 2010 00:27:33 +0000 (11:27 +1100)]
Jelmer Vernooij [Sun, 14 Nov 2010 23:44:30 +0000 (00:44 +0100)]
s4/dns: Build as shared module.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 00:57:27 UTC 2010 on sn-devel-104
Andrew Tridgell [Sun, 14 Nov 2010 21:41:16 +0000 (08:41 +1100)]
s4-kdc: if "bind interfaces only" is false, then also listen on wildcard
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
Andrew Tridgell [Sun, 14 Nov 2010 23:12:22 +0000 (10:12 +1100)]
s4-server: make server sockets a child of the task context
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.
Making them a child of the task allows the task to terminate and take
all its sockets with it.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 14 Nov 2010 21:27:04 +0000 (08:27 +1100)]
samba-tool: fixed crash in "samba-tool drs showrepl"
the source_dsa_obj_dn can be NULL
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sun, 14 Nov 2010 16:36:51 +0000 (17:36 +0100)]
web_server: Build as module.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Nov 14 17:58:05 UTC 2010 on sn-devel-104
Jelmer Vernooij [Sun, 14 Nov 2010 16:31:26 +0000 (17:31 +0100)]
kcc/drepl: Build as service.
Jelmer Vernooij [Sun, 14 Nov 2010 16:26:29 +0000 (17:26 +0100)]
winbind: Build as shared module.
Jelmer Vernooij [Sun, 14 Nov 2010 16:09:34 +0000 (17:09 +0100)]
Build wrepl server as service by default.
Jelmer Vernooij [Sun, 14 Nov 2010 13:49:03 +0000 (14:49 +0100)]
Add myself as maintainer for pytevent, pytalloc, pytdb and pyldb.
Jelmer Vernooij [Sun, 14 Nov 2010 13:32:13 +0000 (14:32 +0100)]
Re-enable ldb-cmdline for the moment, as it is used by oLschema2ldif.
Jelmer Vernooij [Sun, 14 Nov 2010 12:40:58 +0000 (13:40 +0100)]
Don't build ldb tools when there is a system provided ldb.
Volker Lendecke [Sun, 14 Nov 2010 14:15:52 +0000 (15:15 +0100)]
s3: string_to_sid does thorough syntax checking
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Nov 14 14:07:29 UTC 2010 on sn-devel-104
Volker Lendecke [Sun, 14 Nov 2010 13:11:24 +0000 (14:11 +0100)]
s3: Avoid two calls cli_errstr
Volker Lendecke [Thu, 11 Nov 2010 15:29:33 +0000 (16:29 +0100)]
s3: Convert cli_get_posix_fs_info() to cli_trans()
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Nov 14 10:24:02 UTC 2010 on sn-devel-104
Jeremy Allison [Sun, 14 Nov 2010 04:32:36 +0000 (20:32 -0800)]
Fix the unexpected.tdb database problem. Change nmbd to store the
transaction id of packets it was requested to send via a client, and
only store replies that match these ids. On the client side change
clients to always attempt to ask nmbd first for name_query and
node_status calls, and then fall back to doing socket calls if
we can't talk to nmbd (either nmbd is not running, or we're not
root and cannot open the messaging tdb's). Fix readers of unexpected.tdb
to delete packets they've successfully read.
This should fix a long standing problem of unexpected.tdb
growing out of control in noisy NetBIOS envioronments with
lots of bradcasts, yet still allow unprivileged client apps
to work mostly as well as they already did (nmblookup for
example) in an environment when nmbd isn't running.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
Jeremy Allison [Sun, 14 Nov 2010 04:28:41 +0000 (20:28 -0800)]
Move error reporting of messaging context creation fail into
the daemons themselves. Allows client utilities to silently
fail to create a messaging context due to access denied on the
messaging tdb (which I need for the following patch).
Jeremy.
Andrew Tridgell [Sun, 14 Nov 2010 03:26:06 +0000 (14:26 +1100)]
s4-auth: fixed infinite loop in krb5 auth
we were continually trying the first address returned, instead of
moving to the next address
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Nov 14 04:11:28 UTC 2010 on sn-devel-104
Andrew Tridgell [Sun, 14 Nov 2010 02:40:02 +0000 (13:40 +1100)]
s4-auth: fixed crash in krb5 auth
remote_addr was used after free
Björn Jacke [Sat, 13 Nov 2010 15:58:41 +0000 (16:58 +0100)]
s3/doc: add missing documentation for vfs_time_audit
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Sat Nov 13 17:13:24 UTC 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sat, 13 Nov 2010 11:47:53 +0000 (12:47 +0100)]
s4:password_hash LDB module - return "ERR_CONSTRAINT_VIOLATION" on password conversion errors
This errors can happen also on a regular basis - then we shouldn't return
ERR_OPERATIONS_ERROR (this error code is reserved for very serious failures).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 13 12:37:36 UTC 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sat, 13 Nov 2010 11:33:26 +0000 (12:33 +0100)]
s4:upgradeprovision - why not directly use "provision:0"?
Matthias Dieter Wallnöfer [Sat, 13 Nov 2010 11:25:40 +0000 (12:25 +0100)]
s4:objectclass LDB module - multiple "objectClass" change elements are unfortunately still allowed
The test message has been compressed - therefore I've now used "modify_ldif".
Andrew Tridgell [Sat, 13 Nov 2010 08:08:45 +0000 (19:08 +1100)]
s4-drs: fixed a crash in writspn
sam_ctx_system may be NULL for non-privileged users
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
Andrew Tridgell [Sat, 13 Nov 2010 01:18:19 +0000 (12:18 +1100)]
s4-test: we need to import testtools before subunit/python
subunit/python depends on testtools
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 13 02:02:45 UTC 2010 on sn-devel-104
Matthieu Patou [Tue, 19 Oct 2010 13:24:27 +0000 (17:24 +0400)]
ktpass: also use userPrincipalName for locating the principal
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Nov 12 20:24:23 UTC 2010 on sn-devel-104
Matthieu Patou [Tue, 19 Oct 2010 13:23:57 +0000 (17:23 +0400)]
ktpass: fix the search path for when running in samba's source dir
Matthieu Patou [Fri, 12 Nov 2010 17:45:07 +0000 (20:45 +0300)]
python: use the ldbMessage + modify notation instead of modify_ldif that we try to avoid
Matthieu Patou [Mon, 8 Nov 2010 11:09:04 +0000 (14:09 +0300)]
Fix typo
Matthieu Patou [Tue, 26 Oct 2010 12:38:42 +0000 (16:38 +0400)]
unit tests: add testing for dns account password change
Matthieu Patou [Fri, 12 Nov 2010 17:00:57 +0000 (20:00 +0300)]
upgradeprovision: use relaxed control while adding missing object container
Matthieu Patou [Tue, 26 Oct 2010 12:37:50 +0000 (16:37 +0400)]
upgradeprovision: fix pb with dns-hostname, regenerate a correct keytab
Matthieu Patou [Sat, 23 Oct 2010 18:01:30 +0000 (22:01 +0400)]
upgradeprovision: use the relax/(upgrade)provision when modifying object
For certain attribute we use the relax/provision control so that we
try to respect checks as this is not a good idea to always force
unwanted behavior.
Matthieu Patou [Sat, 23 Oct 2010 18:00:04 +0000 (22:00 +0400)]
upgradeprovision: use the (upgrade)provision control also
Matthieu Patou [Sat, 23 Oct 2010 17:57:16 +0000 (21:57 +0400)]
upgradeprovision: update revision for forestupdate and domainupdate objects
Matthieu Patou [Fri, 12 Nov 2010 16:58:09 +0000 (19:58 +0300)]
samldb: relax groupType modification checks
Allow programs with the PROVISION control to bypass groupType checks.
This is needed by upgradeprovision for older alpha (11, 10 ...)
Matthieu Patou [Fri, 22 Oct 2010 09:37:32 +0000 (13:37 +0400)]
Update WHATSNEW4 to add information related to samba_backup
Matthieu Patou [Fri, 22 Oct 2010 09:28:40 +0000 (13:28 +0400)]
Add a script to make backup of samba provision
Matthias Dieter Wallnöfer [Fri, 12 Nov 2010 18:49:47 +0000 (19:49 +0100)]
s4:objectclass LDB module - we should not simply ignore additional "objectClass" attribute changes
There first one we perform all other tentatives are terminated with
ERR_ATTRIBUTE_OR_VALUE_EXISTS (tested against Windows).
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 12 19:39:07 UTC 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Fri, 12 Nov 2010 18:28:48 +0000 (19:28 +0100)]
s4:repl_meta_data LDB module - convert two debug messages into error messages
These regarding "objectGUID".
Matthias Dieter Wallnöfer [Fri, 12 Nov 2010 17:57:57 +0000 (18:57 +0100)]
s4:samldb/objectclass_attrs LDB modules - move "description" logic from "objectclass_attrs" into "samldb"
This according to an answer from dochelp is SAM specific behaviour.
Jelmer Vernooij [Fri, 12 Nov 2010 17:27:46 +0000 (18:27 +0100)]
waf/samba_version: Simplify git show command.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Nov 12 18:38:21 UTC 2010 on sn-devel-104
Jelmer Vernooij [Fri, 12 Nov 2010 17:20:02 +0000 (18:20 +0100)]
samba_version: Make COMMIT_IS_CLEAN an int rather than a string.
Jelmer Vernooij [Fri, 12 Nov 2010 17:19:00 +0000 (18:19 +0100)]
samba_version: Simplify dirty tree detection.
Jelmer Vernooij [Fri, 12 Nov 2010 17:06:43 +0000 (18:06 +0100)]
waf/samba_version: Support integer defines.
Jelmer Vernooij [Fri, 12 Nov 2010 17:06:20 +0000 (18:06 +0100)]
s3: Rename GIT_COMMIT_{TIME,DATE} to COMMIT_{TIME,DATE}.
This avoids some special casing in the waf code.
Jelmer Vernooij [Fri, 12 Nov 2010 16:59:07 +0000 (17:59 +0100)]
s4: Remove obsolete mkversion.sh
Jelmer Vernooij [Fri, 12 Nov 2010 16:54:41 +0000 (17:54 +0100)]
samba_version: When working from git checkout, display git revision SHA1 rather
than Bazaar revision ids.
Jelmer Vernooij [Fri, 12 Nov 2010 16:26:06 +0000 (17:26 +0100)]
samba_version: Support retrieving snapshot identity from bzr.
Jelmer Vernooij [Fri, 12 Nov 2010 16:18:30 +0000 (17:18 +0100)]
samba_version: Cope with building snapshots in directories without git checkout.
Error out when run in a git checkout in which git fails.
Jelmer Vernooij [Fri, 12 Nov 2010 16:13:37 +0000 (17:13 +0100)]
Put git tree finding into a separate function.
Jelmer Vernooij [Fri, 12 Nov 2010 16:08:09 +0000 (17:08 +0100)]
sambaversion.py: Some cleanups, make less git-specific.
Jelmer Vernooij [Fri, 12 Nov 2010 16:00:42 +0000 (17:00 +0100)]
wafsamba: Support make dist from bzr checkout.
Jelmer Vernooij [Fri, 12 Nov 2010 15:23:03 +0000 (16:23 +0100)]
torture: Only add in tests for socket_wrapper/nss_wrapper when they have been enabled.
Jelmer Vernooij [Fri, 12 Nov 2010 15:22:43 +0000 (16:22 +0100)]
unix_privs: Add missing dependency on libreplace.
Jelmer Vernooij [Fri, 12 Nov 2010 15:22:16 +0000 (16:22 +0100)]
socket_wrapper: Only add as global dependency when enabled.
Jelmer Vernooij [Fri, 12 Nov 2010 15:12:14 +0000 (16:12 +0100)]
heimdal_build: Add missing dependency on replace, necessary because replace.h is included.
Jelmer Vernooij [Fri, 12 Nov 2010 11:55:14 +0000 (12:55 +0100)]
s4-waf: Only enable various wrappers if they're actually used.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Nov 12 14:33:34 UTC 2010 on sn-devel-104
Jelmer Vernooij [Fri, 12 Nov 2010 11:17:45 +0000 (12:17 +0100)]
Lowercase DNS_UPDATE_SRV name.
Stefan Metzmacher [Thu, 11 Nov 2010 08:36:25 +0000 (09:36 +0100)]
tdb: set tdb->name early, as it's needed for tdb_name()
tdb_name() might be used within the given log function,
which might be called from within tdb_open_ex().
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Nov 12 11:22:21 UTC 2010 on sn-devel-104
Andrew Tridgell [Fri, 12 Nov 2010 06:23:34 +0000 (17:23 +1100)]
s4-kdc: added proxying of kdc requests for RODCs
when we are an RODC and we get a request for a principal that we don't
have the right secrets for, we need to proxy the request to a
writeable DC. This happens for both TCP and UDP requests, for both
krb5 and kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
Andrew Bartlett [Fri, 12 Nov 2010 01:32:50 +0000 (12:32 +1100)]
s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODC
This means that when we are an RODC, and an account does not have the
password attributes, we can now indicate to the kdc code that it
should forward the request to a real DC.
(The proxy code itself is not in this commit).
Andrew Bartlett
Andrew Bartlett [Fri, 12 Nov 2010 01:31:33 +0000 (12:31 +1100)]
heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller
This means that no reply packet should be generated, but that instead
the user of the libkdc API should forward the packet to a real KDC,
that has a full database.
Andrew Bartlett
Andrew Tridgell [Thu, 11 Nov 2010 03:22:40 +0000 (14:22 +1100)]
s4-kdc: split the kdc process return into a tri-state
this is in preparation for doing forwarding of packets for RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 11 Nov 2010 03:13:01 +0000 (14:13 +1100)]
s4-kdc: we don't need the special include handling now
the special handling was to cope with the conflict with the kdc.h
header
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 11 Nov 2010 03:09:41 +0000 (14:09 +1100)]
s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.h
kdc.h conflicts with a heimdal header name
Kamen Mazdrashki [Wed, 10 Nov 2010 04:14:20 +0000 (06:14 +0200)]
s4-tests: Make repl_schema.py test part of Samba4 test suite
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Thu Nov 11 19:38:18 UTC 2010 on sn-devel-104
git.samba.org / kai / samba.git / log