Andrew Bartlett [Mon, 8 Sep 2008 05:09:06 +0000 (15:09 +1000)]
Make it clear that the MMR password can differ from the admin passsword
In the future, we might simply randomly generate this, or allow the
admin to specify it seperate to the admin password. However, both are
highly sensitive, as they imply read access to the krbtgt.
Andrew Bartlett
(This used to be commit
57d19ad002c523fb9a09694e6710ab7f588d44ec)
Oliver Liebel [Mon, 8 Sep 2008 04:39:54 +0000 (14:39 +1000)]
Use DIGEST-MD5 authentication for OpenLDAP replication
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit
67373c143a1d8a9f310fd116dbf81c1dd123b75f)
Andrew Bartlett [Mon, 8 Sep 2008 04:33:05 +0000 (14:33 +1000)]
Add definition for SYSTEM_FLAG_ATTR_IS_RDN
(This used to be commit
36f727c4a73ffc8634692b0c5645343cb414de93)
Andrew Bartlett [Mon, 8 Sep 2008 04:18:04 +0000 (14:18 +1000)]
Move blackbox.smbclient to test against the member server.
The DC is now using smb signing, so testing for the old SMB versions
won't work.
Add a new test script to check 'net join' independent of
blackbox.smbclient.
Andrew Bartlett
(This used to be commit
44ff392ffea52e89a3ac096a6d381ae540d3473c)
Andrew Bartlett [Mon, 8 Sep 2008 02:54:13 +0000 (12:54 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into trusted-domains
(This used to be commit
a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
Andrew Bartlett [Mon, 8 Sep 2008 02:46:04 +0000 (12:46 +1000)]
Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.
(This used to be commit
07cb8db799cc22685af4bb63285fa10115790ce1)
Andrew Bartlett [Mon, 8 Sep 2008 01:10:24 +0000 (11:10 +1000)]
Try to implement the right logic for systemFlags
The MS-ADTS document has quite detailed instrucitons on how these
flags should be processed. This change also causes the correct
sign-wrapping to occour, as these are declared as signed integers.
Andrew Bartlett
(This used to be commit
5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
Andrew Bartlett [Mon, 8 Sep 2008 01:09:02 +0000 (11:09 +1000)]
Don't expose passwords, even to the administrator.
This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.
Andrew Bartlett
(This used to be commit
fa3f3bab33001770a9d7e33875bf212636f6c128)
Andrew Bartlett [Mon, 8 Sep 2008 00:55:34 +0000 (10:55 +1000)]
More work towards trusted domains support in Samba4's LSA
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit
d87b655e20b7c38756774cec2e5898af38c46786)
Stefan Metzmacher [Wed, 20 Aug 2008 20:12:51 +0000 (22:12 +0200)]
ndr_compression: add XPRESS compression support
metze
(This used to be commit
1432a96d37e367d9d97d48b69c6f16351a9ad066)
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
lzxpress: Import of lzxpress compression
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit
fd84c5a08f7e8d6402e5f68eede546eb092d22aa)
Stefan Metzmacher [Sun, 7 Sep 2008 16:52:29 +0000 (18:52 +0200)]
ndr_compression: fix the build after lzxpress_decompress() prototype change
metze
(This used to be commit
b36056aac3f55587d2b3e7b66feea8173dbc67f0)
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
lzxpress: fix for decompression...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit
ee505df3742dac0af8eec8b9b27d1e1f5ef54ca9)
Simo Sorce [Sat, 6 Sep 2008 16:31:50 +0000 (12:31 -0400)]
Always free tmp contexts before returning
(This used to be commit
40b71bbd718f6dee70c0611e527f55c56623dea6)
Stefan Metzmacher [Sat, 6 Sep 2008 10:04:00 +0000 (12:04 +0200)]
zlib: we require zlib-1.2.3 or higher
metze
(This used to be commit
3f4eb091f0dcc53acbfdc63a8d82a5a0f28954a6)
Stefan Metzmacher [Sat, 6 Sep 2008 08:58:53 +0000 (10:58 +0200)]
Revert "zlib: add inflateReset2()..."
This reverts commit
2a4fb661d7e3d601a5eb9ccecb4d4f2b07073097.
(we don't need inflateReset2 anymore)
metze
(This used to be commit
ac43081b93966b545928230f7af8654b942432da)
Stefan Metzmacher [Sat, 6 Sep 2008 08:57:33 +0000 (10:57 +0200)]
Revert "zlib: we don't need the inflateReset2 prototype twice"
This reverts commit
0dbbc287f65a51330c5309df5a96b3acd4d044d5.
(we don't need inflateReset2 anymore)
metze
(This used to be commit
426d129dfff1e2d3750884abb68089ff1850e640)
Stefan Metzmacher [Sat, 6 Sep 2008 08:55:04 +0000 (10:55 +0200)]
ndr_compression: change debug levels
metze
(This used to be commit
83446e22dd1eda958ef62bbe998da0a47b9ff8ef)
Stefan Metzmacher [Sat, 6 Sep 2008 14:16:00 +0000 (16:16 +0200)]
ndr_compression: use deflateReset() together with defalteSetDictionary()
metze
(This used to be commit
dcc57512b030995d9b186c7a6cb3b304d5680867)
Stefan Metzmacher [Fri, 5 Sep 2008 18:18:07 +0000 (20:18 +0200)]
ndr_compression: use inflateReset() and inflateSetDictionary() instead of inflateReset2()
Now we can use an unmodified system zlib-1.2.3
metze
(This used to be commit
d68e36b485239cbaf99a6dce3f3bf52b4abcd06d)
Jeremy Allison [Sat, 6 Sep 2008 04:47:06 +0000 (21:47 -0700)]
Don't compare identity, it'll never be different.
Jeremy.
(This used to be commit
840369b5534eee21818b9d3677404b0fc60a0219)
Oliver Liebel [Sat, 6 Sep 2008 03:12:19 +0000 (13:12 +1000)]
Remove <tab> in OpenLDAP MMR config
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit
80f31c3272b8bc803629c27357033fd325529db1)
Andrew Bartlett [Fri, 5 Sep 2008 23:07:41 +0000 (09:07 +1000)]
Make SMB signing work with Windows 2008 and kerberos.
Pinched from
b53e6387e30010509034835acf88b91b380ff44a by metze.
Andrew Bartlett
(This used to be commit
d55602e23e7947462cb402b20b2d354b96aa7ba3)
Jeremy Allison [Fri, 5 Sep 2008 21:24:36 +0000 (14:24 -0700)]
Added tests that show that write time update is immediate
when changing file size using SMBwrite of size zero,
SET_END_OF_FILE, or SET_ALLOCATION_SIZE - no 2 second
delay in these cases.
Jeremy.
(This used to be commit
3aa7523d7750fe30d1e6bb5a75ac42b681b9e493)
Andrew Bartlett [Fri, 5 Sep 2008 06:46:12 +0000 (16:46 +1000)]
Add a new error code
(This used to be commit
b52fba5b2c63a24acbfc7e3e989c16b691d98162)
Andrew Bartlett [Fri, 5 Sep 2008 06:45:58 +0000 (16:45 +1000)]
Update copyright
(This used to be commit
edea162a0e11f03b4b6069388abbca099f097386)
Andrew Bartlett [Fri, 5 Sep 2008 06:45:37 +0000 (16:45 +1000)]
Update copyright, I've been working here many long years...
(This used to be commit
842ab594124198453fc88f46ab83b712a7d34dc1)
Andrew Bartlett [Fri, 5 Sep 2008 06:45:10 +0000 (16:45 +1000)]
Move our DC to implement mandetory signing.
(this does not change the file server role, and only really changes
what 'server signing = auto' means)
Optional signing really isn't any benifit to network security.
In doing so, allow anonymous clients (if permitted by policy) to log
in without signing, as Samba3 does not sign these connections (which
would use an all-zero key, so pointless).
Andrew Bartlett
(This used to be commit
468bf839c500ed1a26ab9a358ee64a4c0a695797)
Andrew Bartlett [Fri, 5 Sep 2008 06:24:44 +0000 (16:24 +1000)]
With a windows 2008 client, even anonymous requires signing...
Andrew Bartlett
(This used to be commit
a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
Andrew Bartlett [Thu, 4 Sep 2008 06:06:38 +0000 (16:06 +1000)]
More work to implement LSA CreateTrustedDomainEx2
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit
99a3abda09716c064b3e9a37c4a79a8f62444eca)
Andrew Tridgell [Thu, 4 Sep 2008 02:49:29 +0000 (12:49 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
(This used to be commit
c273d63f94c430a4f553085efb0d6e31a99e5853)
Andrew Bartlett [Thu, 4 Sep 2008 01:32:32 +0000 (11:32 +1000)]
Merge commit 'origin/v4-0-test' into trusted-domains
(This used to be commit
b599b83a13db90b50a5422ff73daa63648b1e8cd)
Jelmer Vernooij [Wed, 3 Sep 2008 20:55:24 +0000 (22:55 +0200)]
Regenerate SWIG file.
(This used to be commit
e8ba65c4db986fcedf7008d05d8f8846f78a98f1)
Jelmer Vernooij [Wed, 3 Sep 2008 20:29:53 +0000 (22:29 +0200)]
Avoid using version call for version string.
(This used to be commit
1897cef508c8bea817c510bd9023d794cb983864)
Jelmer Vernooij [Wed, 3 Sep 2008 20:26:02 +0000 (22:26 +0200)]
Allow overriding shared library policy using environment variable.
(This used to be commit
d5c61f470d7aa6dd0e5a22e8718d53a69cbbc239)
Jelmer Vernooij [Wed, 3 Sep 2008 12:10:35 +0000 (14:10 +0200)]
Fix embedding of Samba 4.
(This used to be commit
3862f3132549332e0a44fad65d7c49a27e1dbd4a)
Andrew Bartlett [Wed, 3 Sep 2008 05:34:44 +0000 (15:34 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit
9590805bcbdd1924eda5a69978ffac7ec7603451)
Andrew Bartlett [Wed, 3 Sep 2008 05:30:17 +0000 (15:30 +1000)]
Implement NETLOGON PAC verfication on the server-side
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit
82fcd7941f5c54da2d994c8bd99dd8d86299a296)
Andrew Bartlett [Wed, 3 Sep 2008 04:20:30 +0000 (14:20 +1000)]
Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719
(This used to be commit
cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
Andrew Bartlett [Wed, 3 Sep 2008 04:19:16 +0000 (14:19 +1000)]
Test a few more error cases in RPC-PAC
(This used to be commit
50502b3b8faf89cf5ad396102f4fe80eaa213908)
Andrew Bartlett [Tue, 2 Sep 2008 01:31:46 +0000 (11:31 +1000)]
Start testing CreateTrustedDomainEx2
Andrew Bartlett
(This used to be commit
91ae8dca254aa8c032daf0c87fa2a47760d32586)
Andrew Bartlett [Tue, 2 Sep 2008 01:31:17 +0000 (11:31 +1000)]
Share IDL between the LSA and drsblob representations of trusts
(This used to be commit
e5520706c88911c66b3ce5817e371900212ca083)
Andrew Bartlett [Mon, 1 Sep 2008 04:43:00 +0000 (14:43 +1000)]
Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit
b55a1b63cc2f7de889f046e975e3414bc5000613)
Andrew Tridgell [Fri, 29 Aug 2008 21:38:02 +0000 (07:38 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
(This used to be commit
f008c3b6ee324056fd9b63f6151ad6849640c959)
Andrew Tridgell [Fri, 29 Aug 2008 21:32:44 +0000 (07:32 +1000)]
Add a setexpiry operation in samdb.py
This makes it easy to set the expiry (or no expiry) for a samdb user
(This used to be commit
25171f18a4b242b5a731f4ac1eefc51cc82efd74)
Andrew Tridgell [Fri, 29 Aug 2008 21:23:06 +0000 (07:23 +1000)]
added a simple script for setting password expiry
(This used to be commit
cf37126ac7b833a3a739b151157c296afc0c979c)
Andrew Bartlett [Fri, 29 Aug 2008 08:05:06 +0000 (18:05 +1000)]
Start implementing the server-sde NETLOGON PAC verification.
(This used to be commit
8741e8fee619cccd84f2f10e00426df1d4f34074)
Andrew Bartlett [Fri, 29 Aug 2008 05:06:30 +0000 (15:06 +1000)]
It turns out that the Netlogon PAC verification is encrypted.
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit
c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
Andrew Bartlett [Fri, 29 Aug 2008 03:01:52 +0000 (13:01 +1000)]
Update packaging per suggestions on the review
Also make the build more C++ friendly with a patch from Brad Hards.
Andrew Bartlett
(This used to be commit
1367b94c8fb421dd517e7e8044af7606a4693365)
Andrew Bartlett [Thu, 28 Aug 2008 06:30:17 +0000 (16:30 +1000)]
Further rework the RPC-PAC test.
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit
acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
Andrew Bartlett [Thu, 28 Aug 2008 06:28:47 +0000 (16:28 +1000)]
Heimdal provides Kerberos PAC parsing routines. Use them.
This uses Heimdal's PAC parsing code in the:
- LOCAL-PAC test
- gensec_gssapi server
- KDC (where is was already used, the support code refactored from here)
In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.
Andrew Bartlett
(This used to be commit
418b440a7b8cdb53035045f3981d47b078be6c1e)
Andrew Bartlett [Thu, 28 Aug 2008 06:19:16 +0000 (16:19 +1000)]
Don't wipe the PAC checksums, the caller may actually need them.
(This used to be commit
9db5a966fce0b71a0d2167b4aff70cc081abc1cc)
Andrew Bartlett [Wed, 27 Aug 2008 12:26:25 +0000 (22:26 +1000)]
Add missing file - netlogon.h
This file allows the remote_pac.c code to call into netlogon.c's setup
credentials code.
Andrew Bartlett
(This used to be commit
0343987cf18c1287d98ae542d397ab1fab0a04b7)
Andrew Bartlett [Wed, 27 Aug 2008 11:36:27 +0000 (21:36 +1000)]
Add a test to explore Netlogon PAC validation
However, I have still not figured out this protocol yet, and the docs
are rather unclear... :-(
Andrew Bartlett
(This used to be commit
d878643071a1477435a267e2944461d367cdfa79)
Andrew Bartlett [Wed, 27 Aug 2008 06:24:05 +0000 (16:24 +1000)]
Put the internal gensec_gssapi state into a header.
This will allow a torture suite to inspect some otherwise internal
details.
Andrew Bartlett
(This used to be commit
9701149ef75f9771f42000e2b6f44963abfee938)
Andrew Bartlett [Wed, 27 Aug 2008 06:22:45 +0000 (16:22 +1000)]
Fix the build on Win32, and use NEGOTIATE security (to allow kerberos)
(This used to be commit
f0bde093d76fe9d17a0709cf01fa7b70f1985c6b)
Andrew Bartlett [Wed, 27 Aug 2008 01:01:55 +0000 (11:01 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
(This used to be commit
32143287c7eb452c6ed9ccd15e8cd4e5a907b437)
Andrew Bartlett [Wed, 27 Aug 2008 00:29:54 +0000 (10:29 +1000)]
Add definition for NT_STATUS_DOWNGRADE_DETECTED
(This used to be commit
f6e227b72bb56d12cb270d76f7f458136c4ca160)
Stefan Metzmacher [Tue, 26 Aug 2008 19:36:09 +0000 (21:36 +0200)]
heimdal: add missing heimdal/lib/hcrypto/{evp-aes-cts.c,evp-hcrypto.c}, sorry...
metze
(This used to be commit
0c4227e45d6b8e31a0219358042318e9d2a0b36d)
Stefan Metzmacher [Tue, 26 Aug 2008 09:31:57 +0000 (11:31 +0200)]
heimdal_build: include heimdal's new EVP code to fix the build
metze
(This used to be commit
f454342d48e1dce7dff0bcff246c7237bed94fd5)
Stefan Metzmacher [Tue, 26 Aug 2008 17:35:52 +0000 (19:35 +0200)]
heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patches
This is based on
f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo.
metze
(This used to be commit
467a1f2163a63cdf1a4c83a69473db50e8794f53)
Stefan Metzmacher [Tue, 26 Aug 2008 17:33:23 +0000 (19:33 +0200)]
heimdal_build: fix parse.h lex.c dependencies
metze
(This used to be commit
dbfbd1b018f7c29dde2e291cbb7bb54bf147a10e)
Stefan Metzmacher [Tue, 26 Aug 2008 09:20:54 +0000 (11:20 +0200)]
heimdal_build: autogenerate the heimdal private/proto headers
Now it's possible to just use a plain heimdal tree in source/heimdal/
without any pregenerated files.
metze
(This used to be commit
da333ca7113f78eeacab4f93b401f075114c7d88)
Stefan Metzmacher [Tue, 26 Aug 2008 09:22:17 +0000 (11:22 +0200)]
heimdal_build: autogenerate table files in heimdal/lib/wind/
metze
(This used to be commit
f4cfba26aebb18fecdb50478bec9c07d4910ab3b)
Stefan Metzmacher [Tue, 26 Aug 2008 08:49:40 +0000 (10:49 +0200)]
heimdal_build: autogenerate heimdal/lib/roken/roken.h
metze
(This used to be commit
3ab59dc66fe2d40533a66ff786d0b2373eea1ab8)
Stefan Metzmacher [Tue, 26 Aug 2008 09:29:33 +0000 (11:29 +0200)]
heimdal_build: add fallback for AC_WARNING_ENABLE()
metze
(This used to be commit
8d6d96898dcc948aa0ee004eaeb48dc847946361)
Stefan Metzmacher [Tue, 26 Aug 2008 09:25:10 +0000 (11:25 +0200)]
heimdal: remove unused old files
metze
(This used to be commit
94cef56212d7d7c1150aea760dba24bda7190442)
Stefan Metzmacher [Tue, 26 Aug 2008 13:30:18 +0000 (15:30 +0200)]
heimdal_build: split heimdal/lib/asn1 file lists
metze
(This used to be commit
d3e939bf75fb85cf0eb3551856e161e3e58c0031)
Stefan Metzmacher [Tue, 26 Aug 2008 09:57:29 +0000 (11:57 +0200)]
heimdal_build: split handwritten and generated hx509 file lists
metze
(This used to be commit
848067033c40c3a4681f196ac5da289cd488d962)
Stefan Metzmacher [Tue, 26 Aug 2008 09:56:37 +0000 (11:56 +0200)]
heimdal_build: split out gssapi_spnego and gssapi_krb5 file lists
metze
(This used to be commit
95135ade447e04329afa7581c66c4df8de63ca24)
Stefan Metzmacher [Tue, 26 Aug 2008 10:19:52 +0000 (12:19 +0200)]
heimdal_build: add a fake sqlite keytab implementation
This remove a difference against lorikeet-heimdal.
metze
(This used to be commit
4314df3561dfe60228db0af220549300b0137c85)
Stefan Metzmacher [Tue, 26 Aug 2008 09:42:13 +0000 (11:42 +0200)]
heimdal_build: split glue.c into krb5 and gssapi parts
metze
(This used to be commit
1c7bb21bd85900206e9ad831bc4795c1f765a9aa)
Stefan Metzmacher [Mon, 25 Aug 2008 14:12:42 +0000 (16:12 +0200)]
kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.h
metze
(This used to be commit
65057f17b0d9e83f1b775afdeb7ea91ce0e52cd1)
Stefan Metzmacher [Tue, 26 Aug 2008 10:25:54 +0000 (12:25 +0200)]
Revert "gsskrb5: add support for DCE_STYLE and des and des3 keys"
This reverts commit
86848dd0f217774faed81af8fbf68618013e20a1.
This should come back via a merge from heimdal's trunk later.
metze
(This used to be commit
585e5360e2d9f722e80850eb86c3d4253530e8ba)
Stefan Metzmacher [Tue, 26 Aug 2008 10:23:13 +0000 (12:23 +0200)]
Revert "gsskrb5: always return an acceptor subkey"
This reverts commit
6a8b07c39558f240b89e833ecba15d8b9fc020e8.
This isn't strictly needed and will come back in the next merge
from heimdal's trunk.
metze
(This used to be commit
8ed040c8c4bed082ab74ab267090b35bb57db3f3)
Stefan Metzmacher [Tue, 26 Aug 2008 08:32:28 +0000 (10:32 +0200)]
build: generate :: rules for automatic dependencies
metze
(This used to be commit
66d8da17a4c3543e133452f9a87702a2a8fb609c)
Andrew Bartlett [Tue, 26 Aug 2008 06:28:59 +0000 (16:28 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
(This used to be commit
2a1adaa759d9201670519b3938109e13c0476a83)
Andrew Bartlett [Tue, 26 Aug 2008 06:27:10 +0000 (16:27 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit
d7db5fe161429163a19d18c7e3045939897b9b2a)
Andrew Bartlett [Tue, 26 Aug 2008 06:26:46 +0000 (16:26 +1000)]
Don't use lsa_Delete any more, as smbd now refuses it.
(This used to be commit
8e1285a1ee60e3d3b7352ab7269d535c41916b46)
Andrew Bartlett [Tue, 26 Aug 2008 06:26:08 +0000 (16:26 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
(This used to be commit
b706708210a05d6f10474a3cd2bbc550704d4356)
Andrew Bartlett [Tue, 26 Aug 2008 02:18:26 +0000 (12:18 +1000)]
More LSA server and testuite work.
- Implement QueryDomainInformationPolicy in Samba4
- Allow RPC-LSA to pass against Windows 2008 (which does not allow
the Audit privilage to be removed)
Andrew Bartlett
(This used to be commit
d94c7bbcd6eee6d975eac32a1d172f4164c97137)
Andrew Bartlett [Tue, 26 Aug 2008 00:56:16 +0000 (10:56 +1000)]
Make RPC-LSA test deterministic with an msleep(200).
(This used to be commit
914e1865aa9fba417f74a3abdd8b4b2659feb001)
Andrew Bartlett [Tue, 26 Aug 2008 00:33:41 +0000 (10:33 +1000)]
Implement matching logic to Windows 2008 on handling of secrets.
This is enforced by the new RPC-LSA test.
Andrew Bartlett
(This used to be commit
da200ac64485fd9531b1aa048570c682b680b012)
Andrew Bartlett [Tue, 26 Aug 2008 00:32:49 +0000 (10:32 +1000)]
Fix LSA server to pass more of RPC-LSA and match Windows 2008
This fixes some info levels in the QueryTrustedDomainInfo call, and
changes from implementing lsa_Delete to lsa_DeleteObject (which has an
explicit close and reutrns a NULL handle).
Andrew Bartlett
(This used to be commit
1f12c368b2566b378a6c521c389b8b1bafbcf916)
Andrew Bartlett [Tue, 26 Aug 2008 00:27:00 +0000 (10:27 +1000)]
Only allow the trust in the correct direction (per the flags).
(This used to be commit
2c7195429411d68bc66f4100659c622df4f5a20a)
Andrew Bartlett [Mon, 25 Aug 2008 23:49:54 +0000 (09:49 +1000)]
Update RPC-LSA to (almost) pass against Windows 2008.
(This used to be commit
a17cb558c23142e522de3ed56d65c7694477395f)
Andrew Bartlett [Sun, 24 Aug 2008 22:27:06 +0000 (08:27 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit
a555334db67527b57bc6172e3d08f65caf1e6760)
Andrew Tridgell [Sun, 24 Aug 2008 07:42:29 +0000 (17:42 +1000)]
fixed the data in SAVEFILE op in RAW-OFFLINE
(This used to be commit
3441ea5df5b750442d17b90de73d392d2d802ab1)
Andrew Tridgell [Sun, 24 Aug 2008 07:38:43 +0000 (17:38 +1000)]
show the bad data in RAW-OFFLINE
also show the worst case latencies so far, matching tsm_torture
(This used to be commit
5859bb337ce2ec5091425ebd02cad14c4da40457)
Andrew Tridgell [Sat, 23 Aug 2008 01:54:02 +0000 (11:54 +1000)]
don't use zero data for the first file in RAW-OFFLINE
the most likely bugs in HSM involve zero data, due to the
dm_punch_hole() request
(This used to be commit
330ab956ea7e0b344450eee60b1357d854fbef28)
Andrew Tridgell [Fri, 22 Aug 2008 11:54:21 +0000 (21:54 +1000)]
disable the anr== tests until they are understood
(This used to be commit
6028404a9a9db64d4025ef6e685ee13c4aadca2e)
Andrew Tridgell [Fri, 22 Aug 2008 11:26:32 +0000 (21:26 +1000)]
now that ldap integers are 32 bit, we need to put the right 32 bit
value in for group type to avoid sign extension, otherwise we don't
find the builtin groups
(This used to be commit
9b558639395bd8209313bb7ed2e04821c83975a4)
Andrew Tridgell [Fri, 22 Aug 2008 10:50:07 +0000 (20:50 +1000)]
fixed the DomainDNS searches in the netlogon code
(This used to be commit
7dce38f9897df02073132f18b1021e0d0636590c)
Andrew Tridgell [Fri, 22 Aug 2008 08:39:52 +0000 (18:39 +1000)]
Merge commit 'origin/v4-0-test' into v4-0-test
(This used to be commit
93cf0b3c7e6d8a4758c44519de51e51be89f76c7)
Andrew Tridgell [Fri, 22 Aug 2008 08:37:34 +0000 (18:37 +1000)]
fixed the GUID and objectSID canonicalisation functions
(This used to be commit
115053ea7e70b067e7873668ed83f1f10908287d)
Andrew Tridgell [Fri, 22 Aug 2008 08:37:11 +0000 (18:37 +1000)]
fixed a speellling erra
(This used to be commit
3c058f50cc3b91d540feb51fb698d90565b2b7c9)
Andrew Tridgell [Fri, 22 Aug 2008 07:37:43 +0000 (17:37 +1000)]
Merge branch 'abartlet-4-0-local' into v4-0-test
(This used to be commit
469fac2669991b130dec219e1a109a8b2ce224be)
Andrew Tridgell [Fri, 22 Aug 2008 07:36:56 +0000 (17:36 +1000)]
fixed a problem with length limited ldap values
The core ldb code for string matching assumed NULL terminated strings,
whereas the anr module used data_blob_const() to effectively truncate
a ldb_val by changing its length. The ldb code is supposed to be based
around length limited blobs, not NULL terminated strings, so the
correct fix was to change the string comparison functions to be length
limited
(This used to be commit
26c6aa5a80ffaf06fc33f30a6533f8f16ef538bc)
Andrew Tridgell [Fri, 22 Aug 2008 04:32:27 +0000 (14:32 +1000)]
fixed error handling in ANR code
when we can't process an ANR request we need to continue with the
parse tree we were given, not a NULL tree
(This used to be commit
ed66feb80aac7432049fe9fd86a9232984587e17)
Stefan Metzmacher [Wed, 20 Aug 2008 13:48:00 +0000 (15:48 +0200)]
ndr_compression: implement mszip compression based on deflate()
The output doesn't match the output from windows servers,
but it's a start...
metze
(This used to be commit
8a2f9688275aa150b739b5525e738df15c5e25cc)