sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
58,881 Commits 60 Branches 1,144 Tags 452 MiB
09d947f77c
Commit Graph

20955 Commits

Author SHA1 Message Date
Stefan Metzmacher
24ecd19b30 s4:dsdb/resolve_oids: also resolve oid in search attribute list 
metze
 2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa s4:dsdb/schema_load: add a TODO about schema reloading 
metze
 2010-01-13 16:03:53 +01:00
Stefan Metzmacher
7d41afece7 s4:ldb/tests: do a "schemaUpdateNow" after creating a new attribute in ldap_schema.py 
It seems that windows doesn't need that.

And we should think about a check for reloading the schema
at the start of each "write" operation.

metze
 2010-01-13 16:03:52 +01:00
Stefan Metzmacher
92b87eb474 s4:dsdb/repl: reorder dreplsrv_op_notify* functions 
This make the whole async dreplsrv_op_notify_send/recv()
readable.

metze
 2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240 s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req 
metze
 2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation. 
In lsa_BinaryString length and size are byte counts!

TODO: we may need to do byte order conversion in this functions too...

metze
 2010-01-13 14:52:00 +01:00
Stefan Metzmacher
ca9bc96b96 s4:ldb_msg: first try to decode integers as signed and then fallback to unsigned 
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.

metze
 2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204 s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int() 
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".

metze
 2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0 s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64() 
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".

metze
 2010-01-13 14:51:59 +01:00
Stefan Metzmacher
8d4b913ce2 s4:ldb: be more strict in parsing ldb time strings 
metze
 2010-01-13 14:51:59 +01:00
Andreas Schneider
129c15c083 s4-ntp_signd: Migrate to tsocket. 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-01-13 14:51:58 +01:00
Nadezhda Ivanova
a4eaa11134 Fixed a problem with incorrect default SD owner/group. 2010-01-13 15:16:38 +02:00
Zahari Zahariev
5d1aa4c5b7 Comparison tool for LDAP servers (using Ldb) 
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).

Added functionality for two sets of credentials.
 2010-01-13 12:06:17 +02:00
Simo Sorce
3d184399a5 Strip trailing spaces 2010-01-12 13:50:24 -05:00
Günther Deschner
3b82254903 s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4. 
Seems like account lockout is not implemented at all yet.

Guenther
 2010-01-12 12:34:55 +01:00
Günther Deschner
13dad38930 s4-smbtorture: fix GetAliasMembership test in RPC-SAMR. 
Guenther
 2010-01-12 12:12:05 +01:00
Günther Deschner
a744dbcf2b s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test. 
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.

Michael, please check. This should help verifiying Bug #4347.

Guenther
 2010-01-12 12:09:47 +01:00
Günther Deschner
c9e84ad397 s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests. 
Guenther
 2010-01-12 12:09:25 +01:00
Simo Sorce
e0e255fb24 Fix comment/debug messages 2010-01-11 11:55:28 -05:00
Andrew Bartlett
c32b0b6b02 Merge remote branch 'origin/master' into alpha11release 2010-01-11 17:10:32 +11:00
Andrew Bartlett
f6b10596ca and we move on towards Samba4 alpha12! 2010-01-11 17:05:06 +11:00
Andrew Bartlett
1a76c80466 This is Samba4 alpha11! 2010-01-11 14:58:11 +11:00
Steven Danneman
5323fe99c3 s4/torture: Parameterize output in LOCK tests based off server support 
Two new torture parameters:

* smbexit_pdu_support: if the Server supports the Exit command

* range_not_locked_on_file_close: whether the server returns the
  NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
  pending lock request.  Windows returns this error, though per the
  spec, this error should only be returned to an unlock request.
 2010-01-10 16:12:44 -08:00
Andrew Tridgell
73422e7dd8 Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode" 
This reverts commit 5c174c68cc.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now" 
This reverts commit 61dfd3dc1d.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group" 
This reverts commit 9ee895fcf6.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a Revert "s4:provision_users.ldif - Add objects for IIS" 
This reverts commit 91e2100287.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
2cedefabc9 s4:upgradeprovision - fix up the script regarding linked attributes 
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.

The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.

I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
 2010-01-10 22:48:06 +01:00
Matthias Dieter Wallnöfer
e0d6b0977e s4:upgradeprovision - Reformat comments 
Make them break at line 80 (better readability).
 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
601ea3a442 s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
91e2100287 s4:provision_users.ldif - Add objects for IIS 
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6 s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now 
This belongs to the AD IIS stuff where I don't know yet if we should import it.
 2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode 
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
 2010-01-10 10:50:46 +01:00
Andrew Tridgell
a3e089db19 s4-ldb: display security descriptors with correct SDL for known SIDs 
This makes it much easier to compare SDs
 2010-01-10 13:23:38 +11:00
Andrew Tridgell
d5091a1dd9 s4-dsdb: added samdb_domain_sid_cache_only() 2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d s4-drs: instanceType is always sent, regardless of UDV values 2010-01-09 22:08:36 +11:00
Andrew Tridgell
a894eeab77 s4-debug: lower the verbosity of a couple of common log messages 2010-01-09 21:59:34 +11:00
Andrew Tridgell
93fefefea8 s4-samldb: fixed primaryGroupID when promoting a machine to a DC 
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
 2010-01-09 21:59:33 +11:00
Andrew Tridgell
8a09dc1266 s4-schema: fixed the SDDL for the schema root security descriptor 
This was preventing a DCPROMO client from allowing outgoing
replication
 2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC 
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
 2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06 s4-drs: give DN of failed replication partition 2010-01-09 21:59:32 +11:00
Andrew Tridgell
04e82370db s4-drs: base is_nc_prefix on instanceType 
for extended operations comparing to the ncRoot_dn is not correct
 2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c s4-drs: having no SPNs to change is not an error 2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356 s4-drs: fixed writespn to ignore add/delete errors 
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
 2010-01-09 18:56:30 +11:00
Andrew Tridgell
8c2d7ae19e s4-dsdb: added samdb_ldb_val_case_cmp() 2010-01-09 18:56:29 +11:00
Andrew Tridgell
acf33e0d58 s4-drs: moved the DsWriteAccountSpn call to its own file 2010-01-09 18:56:29 +11:00
Andrew Tridgell
8ccedc3ac7 s4-libnet: dsdb_wellknown_dn() in vampire code 2010-01-09 18:56:29 +11:00
Andrew Tridgell
1158c13861 s4-drs: need to set the getncchanges extended_ret on success too 2010-01-09 18:56:29 +11:00
Andrew Tridgell
7010fad4ea s4-drs: calculate and send a uptodateness_vector with replication requests 
This stops us getting objects changes twice if they came via an
indirect path.
 2010-01-09 18:56:29 +11:00
Andrew Tridgell
39730ac302 s4-drs: be less verbose when we filter objects by UDV 2010-01-09 18:56:28 +11:00
Andrew Tridgell
349f7ba09c s4-drs: added filtering by udv in getncchanges 
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
 2010-01-09 13:11:27 +11:00
Andrew Tridgell
9e6eb22f7f s4-drs: fixed the NC in the getncchanges RID alloc reply 
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
 2010-01-09 10:15:14 +11:00
Andrew Tridgell
651ddb720a s4-messaging: remove only usage of debug_ctx() 2010-01-09 10:15:13 +11:00
Andrew Tridgell
6a36799d30 s4-messaging: fixed a memory leak in messaging_path() 
It is a bit convoluted to fix, as cluster_id_string() may return a
const string.
 2010-01-09 10:15:12 +11:00
Andrew Tridgell
196cb6b359 s4-drs: fixed usage of ldb_dn_new() 2010-01-09 10:15:12 +11:00
Andrew Tridgell
39a4e2a38d s4-ldb: validate the type of the ldb argument to ldb_dn_new() 
It has been a common bug to get the first two arguments the wrong way
around
 2010-01-09 10:15:12 +11:00
Simo Sorce
7eee8e053b Fix comment 2010-01-08 17:01:02 -05:00
Matthias Dieter Wallnöfer
fca0c4de2a s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs 2010-01-08 18:18:21 +01:00
Andreas Schneider
0588f34467 s4-kdc: Migrate tcp connections to tsocket. 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-01-08 14:38:35 +01:00
Stefan Metzmacher
42c34cdafa s4:kdc: use LIBSAMBA_TSOCKET 
metze
 2010-01-08 14:36:49 +01:00
Stefan Metzmacher
d97562b382 s4:kdc: the ->process function returns "bool" 
metze
 2010-01-08 14:36:49 +01:00
Stefan Metzmacher
bbaec01b37 libcli/util: add tstream_read_pdu_blob_send/recv 
This will take the some full_request callback function
as the Samba4 packet code.

metze
 2010-01-08 14:36:43 +01:00
Andrew Tridgell
8d87c0a0c3 s4-drs: added two more SPNs in addentry 
w2k8r2 wants these after a DCPROMO

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:54 +11:00
Andrew Tridgell
ad11deb9bd s4-schema: fixes for W2K8-R2 schema 
The schema from WSPP had a number of typos that prevented it from
working. These changes allow it to work with Samba, and allow w2k8r2
to run DCPROMO against Samba successfully

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:54 +11:00
Andrew Tridgell
ebec49965b s4-schema: added msDS-NcType to schema container 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:53 +11:00
Andrew Tridgell
ce21151d22 s4-schema: fixed attributes of aggregate schema 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:53 +11:00
Andrew Tridgell
38909a4ae5 s4-schema: switch to W2K8-R2 schema 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:53 +11:00
Andrew Tridgell
d371b0eabe s4-schema: added adminDisplayName and adminDescription 
These are missing from the WSPP schemas

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:53 +11:00
Andrew Tridgell
c93a182a0d s4-schema: added some debug for bad attributes 2010-01-08 18:24:53 +11:00
Andrew Tridgell
9d296e6776 s4-provision: added W2K8-R2 schema as provided by WSPP 2010-01-08 18:24:52 +11:00
Andrew Tridgell
5ccf8ae373 s4-samba3samtest: we need to force netbios name as well 
needed for when run in CLIENT context
 2010-01-08 13:03:08 +11:00
Andrew Tridgell
dde2b66341 s4-samba3sid: fixed error returns when res->count != 1 and oom 2010-01-08 13:03:08 +11:00
Andrew Tridgell
9aed099362 s4-samba3samtest: force workgroup so the domain is right 
the samba3sid backend looks at lp_sam_name() which is based on the
workgroup
 2010-01-08 13:03:07 +11:00
Andrew Tridgell
f68c43e803 s4-samba3sid: the sambaNextRid attribute is actually the previous RID 
Not well named .... though same mistake that MS made with rIDNextRid
 2010-01-08 13:03:07 +11:00
Andrew Tridgell
d6f92db456 s4-samba3sam: use samba3sid module 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:07 +11:00
Andrew Tridgell
dd61336165 s4-dsdb: added a samba3sid module 
This module allocates SIDs using the Samba3 algorithm, for use with
the samba3sam module.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:07 +11:00
Andrew Tridgell
66f161dee1 s4-acl: fixed acl.py test to use correct ldif 
same problem as sec_descriptor.py
 2010-01-08 13:03:07 +11:00
Andrew Tridgell
81c0b01585 s4-secdesc: fixed the sec_descriptor.py test 
The test was using a "changetype: add" to try and add a member to a
group, where it should use a "changetype: modify" with a "add: member"

Also fixed the recovery when the test fails part way through (delete
the test users at the start as well as the end)

Nadya, please check!
 2010-01-08 13:03:07 +11:00
Andrew Tridgell
43a815c67a s4-samba3samtest: use system credentials for creating users 2010-01-08 13:03:07 +11:00
Andrew Tridgell
8b8bb15a54 s4-dsdb: fixed const misuse in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
baa8793a94 s4-dsdb: use dsdb_module_am_system() in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
595fad2b34 s4-dsdb: allow specification of a SID if we are system 
needed for samba3sam test
 2010-01-08 13:03:06 +11:00
Andrew Tridgell
f118f54ee7 s4-dsdb: added dsdb_module_am_system() 
better than each module inventing their own
 2010-01-08 13:03:06 +11:00
Andrew Tridgell
d22a9e5d3b s4-dsdb: squash some unknown structure warnings 2010-01-08 13:03:06 +11:00
Andrew Tridgell
5d6032eb4b s4-partition: fixed selection of partitions on exact match 
When a search is on the root of a partition on the global catalog,
don't search partitions above that one.
 2010-01-08 13:03:06 +11:00
Andrew Tridgell
59f314d321 s4-scripting: we need to use a base search for the NTDS GUID 
now we have nTDSConnections structures we can get more than 1 reply
 2010-01-08 13:03:06 +11:00
Stefan Metzmacher
501dd4a3b5 s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req 
metze

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-01-08 13:03:05 +11:00
Andrew Tridgell
278d2f75ba s4-smbd: setup the default event contexts for other process models 2010-01-08 13:03:05 +11:00
Andrew Tridgell
5803253362 s4-drs: we need to wrap extended operations in transactions 2010-01-08 13:03:05 +11:00
Andrew Tridgell
2d10f3a841 s4-dsdb: poke the RID Manager when completely out of RIDs too 2010-01-08 13:03:05 +11:00
Andrew Tridgell
a65823e33c s4-dsdb: ensure we will in all the attributes for RID Set 
We need to go to the top of the module stack so that all the extra
attributes get filled in
 2010-01-08 13:03:05 +11:00
Andrew Tridgell
308a4798b8 s4-dsdb: added DSDB_FLAG_TOP_MODULE 
This is used when you want the dsdb_module_*() functions to go to the
top of the stack.
 2010-01-08 13:03:05 +11:00
Andrew Tridgell
5f36f0352e s4-dsdb: no longer need special invocationID handling for standalone servers 
They now work the same way as a DC
 2010-01-08 13:03:05 +11:00
Andrew Tridgell
a7fffe8da0 s4-provision: do a self join for all server types 
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
 2010-01-08 13:03:05 +11:00
Andrew Tridgell
f6cf895951 s4-schema: added generic attributeID conversion functions 
When we get one we haven't seen before, we can work out the right type
automatically in most cases.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:04 +11:00
Andrew Tridgell
f7517e6256 s4-schema: added dsdb_attribute_by_lDAPDisplayName_ldb_val 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:04 +11:00
Andrew Tridgell
cd65ce8a18 s4-schema: make ldb_val to string comparison safer with nul termination 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
3352e5d7ba s4/dsdb_schema: Load msDS-IntId value separately when loading from LDB 
This way we have consistent behavior when loading from DRSUAPI
and from LDB.
 2010-01-08 13:03:04 +11:00