sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
68,230 Commits 60 Branches 1,145 Tags 452 MiB
0fc2427224
Commit Graph

2378 Commits

Author SHA1 Message Date
Jelmer Vernooij
e2f3e10b1a ldb-samba: Rename samdb_relative_path to ldb_relative_path, as it's not samdb-specific. 2010-10-10 23:45:23 +02:00
Jelmer Vernooij
33c4b85058 dsdb: Move attr_in_list to SAMDB_COMMON to avoid circular dependency between SAMDB_COMMON and DSDB_MODULE_HELPERS. 2010-10-10 23:39:47 +02:00
Jelmer Vernooij
c1884f31ea ldb-samba: Add ldb_wrap_add, remove last schema reference from ldb_wrap. 2010-10-10 23:25:38 +02:00
Jelmer Vernooij
93126b3315 samdb: Add flags argument to samdb_connect(). 2010-10-10 23:08:49 +02:00
Jelmer Vernooij
6280725b47 samdb: Handle schema setup in samdb, not in more generic ldbsamba. 2010-10-10 23:08:45 +02:00
Kamen Mazdrashki
20029aac31 s4-dsdb-repl: Print what the error code for failure is 2010-10-10 12:58:32 +03:00
Kamen Mazdrashki
81e5e23683 s4-dsdb: Make dsdb_setup_sorted_accessors() public 
We are going to need it while converting DRS schema.
 2010-10-10 12:58:32 +03:00
Matthias Dieter Wallnöfer
584ac76a4f s4:ldap.py - split it up and move SAM related stuff to sam.py 
ldap.py would still need some additional split-up but it's a start.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Oct  8 14:05:18 UTC 2010 on sn-devel-104
 2010-10-08 14:05:17 +00:00
Matthias Dieter Wallnöfer
ea36245ebe s4:dsdb/common/util_samr.c - use an LDB constant for result checking 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct  7 07:40:31 UTC 2010 on sn-devel-104
 2010-10-07 07:40:31 +00:00
Matthias Dieter Wallnöfer
c9da3122c8 s4:dsdb/common/util.c - provide message set functions for integer types 
They will be used by the samldb LDB module
 2010-10-07 08:59:28 +02:00
Matthias Dieter Wallnöfer
8e5f8d71f2 s4:samldb LDB module - remove "type" parameter of "samldb_fill_object" 
It's a bit redundant given that we have the "type" variable on "ac".

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct  6 10:20:45 UTC 2010 on sn-devel-104
 2010-10-06 10:20:45 +00:00
Matthias Dieter Wallnöfer
aabfb7162c s4:subtree_delete LDB module - remove the DN from an error message 
It may looks funny but the DN output prevents older ADUC versions (tested with
release 2000) to perform subtree deletes properly. Version 2008 has this fixed.

Additionally some smaller changes ("%u" for printing unsigned integers,
module name prefix, nicer line-wrap).

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct  5 16:48:19 UTC 2010 on sn-devel-104
 2010-10-05 16:48:19 +00:00
Matthias Dieter Wallnöfer
af5308ef9c s4:samldb LDB module - simplify/unify the message handling on add and modify operations 
- Perform only shallow copies (should be enough)
- Perform only one copy per operation (also on modifications)
- Build a new request on modify operations if needed ("modified" flag) - this
  makes it look cleaner
- Fix an important bug: the "el" pointers could have changed after
  modifications. Therefore we have to refresh them on the FLAG_DELETE checks

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct  5 09:24:57 UTC 2010 on sn-devel-104
 2010-10-05 09:24:57 +00:00
Matthias Dieter Wallnöfer
ca035b35fe s4:samldb LDB module - assign better memory contexts on two places 2010-10-05 08:43:19 +00:00
Jelmer Vernooij
5548d3d41e Add missing dependencies for com_err. 2010-10-05 00:38:35 +02:00
Jelmer Vernooij
9eab95bd08 heimdal: Fix name of hx509 library. 2010-10-05 00:38:34 +02:00
Matthias Dieter Wallnöfer
6320cface9 s4:dsdb/common/util.c - change the usage of the RECYCLED control 
Use it only in conjunction with the DELETE one to allow the functions to work
also against Windows < 2008R2. This is really important for the vampire
operation.

Also mark the RECYCLED control as non-critical (so that it's simply ignored by
older Windows'es).

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct  4 16:10:11 UTC 2010 on sn-devel-104
 2010-10-04 16:10:11 +00:00
Matthias Dieter Wallnöfer
24282adb9a s4:ldap.py - test allowed system flags restriction 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
ca08cde150 s4:objectclass LDB module - introduce allowed system flags restriction 
Let us do the distinction by real use and provision by the RELAX flag

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
4e8206eb4c s4:urgent_replication.py - fix up the system flags handling 
And relax some more object creations due to the enforced system flags rules.
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
a095a08e25 s4:deletetest.py - enhance the tests 
- Integrate the ldap.py delete protection testing code and enhance it
- Demonstrate the DISALLOW_MOVE_ON_DELETE system flag

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:19 +00:00
Matthias Dieter Wallnöfer
b2385e3725 s4:ldap.py - remove the delete tests 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:19 +00:00
Matthias Dieter Wallnöfer
e3081b92c1 s4:dsdb - substitute the "show_deleted" with the "show_recycled" control 
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.

As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
46282da011 s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flag 
This is needed since starting with 2008_R2 function level we get another type
of hidden objects which aren't seen by the "show_deleted" control: recycled
objects.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
779b97325a s4:subtree_rename LDB module - also already deleted objects have to be renamed 
This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified
and the parent is renamed.

To be able to do this we also need to relax the constraint checks (using the
"isDeleted" proof).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
69b7a87e98 s4:show_deleted LDB module - also support the "show_recycled" control 
MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
e1509ec623 s4:repl_meta_data LDB module - consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
2b4f652899 s4:subtree_delete LDB module - it is only responsible for non-deleted objects 
The deleted objects (tombstones, recycled & deleted objects) are handled by
"repl_meta_data".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
4768280614 s4:objectclass LDB module - fix the "crossRef" delete protection 
This is what Windows does

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
6c9b25ea5c s4:objectclass LDB module - fix the delete behaviour of server containers 
A typo prevented the right behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
64be07bc70 s4:dsdb_dn_val_rmd_flags - memmem - scan the whole string for occourences 
Do this as in "dsdb_dn_is_upgraded_link_val". There is really no reason to
truncate before search.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct  3 10:45:39 UTC 2010 on sn-devel-104
 2010-10-03 10:45:39 +00:00
Matthias Dieter Wallnöfer
bb81760e82 s4:ldap.py - delete the right object after test completition 2010-10-03 12:05:13 +02:00
Matthias Dieter Wallnöfer
f9244a15c7 s4:ldap.py - fix "system only" test 
A part was missing
 2010-10-03 12:05:13 +02:00
Matthias Dieter Wallnöfer
14c660da32 s4:acl_read LDB module - fix counter type 2010-10-03 12:05:13 +02:00
Andrew Tridgell
32ec1b36e0 s4-kcc: silence "Testing kcctpl_create_intersite_connections" message 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Oct  3 04:51:44 UTC 2010 on sn-devel-104
 2010-10-03 04:51:44 +00:00
Kamen Mazdrashki
657d4d8812 s4-test-dsdb_schema_info.py: Get rid of global module variables 2010-10-03 01:24:57 +03:00
Kamen Mazdrashki
83a15155eb s4-test-dsdb_schema_info.py: Simplify connection SamDB 
by using samba.tests.connect_samdb() helper
 2010-10-03 01:24:57 +03:00
Andrew Tridgell
eadd28233d s4-repl: use the GC principal name for DRS replication connection 
this is required when talking to RODCs (for notify calls), and is good
practice for all DCs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 22:31:58 -07:00
Andrew Tridgell
ee15dc9692 s4-dsdb: added dsdb_search_by_dn_guid() 
this is more efficient than first searching for the DN, then doing a
search. We should look at using this in lots of existing code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 21:09:51 -07:00
Andrew Tridgell
23a8fad22b s4-drs: fixed comparison login in replicated renames 
we need to ensure we only ever compare USNs from the same originating
invocation ID.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Oct  2 01:45:19 UTC 2010 on sn-devel-104
 2010-10-02 01:45:19 +00:00
Andrew Tridgell
6e846ca1f3 s4-kcc: remove stale repsTo entries in the KCC 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-02 01:04:17 +00:00
Andrew Tridgell
f6bc4c08b1 s4-rpmd: fixed a use after realloc bug 
we could use old_el after the base message had been re allocated, due
to adding timestamps. We need to re-find the element before using it

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 10:44:24 -07:00
Andrew Tridgell
4beff4d7ba s4-dsdb: fail the transaction instead of asserting on error 
It is more useful to fail the transaction and give the user an error
message than to assert when we have an error in the repl_meta_data
module

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 10:44:24 -07:00
Andrew Tridgell
c03d02d28e s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET 
otherwise we don't get the secrets!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-30 20:11:15 -07:00
Andrew Tridgell
57f67701a6 s4-dsdb: silence the domainFunctionality not setup warning 2010-09-30 14:36:11 -07:00
Andrew Tridgell
1a9f5b45f8 s4-drepl: don't call UpdateRefs on a RODC 
we use the ADD_REF bit in getncchanges instead

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 22:12:57 -07:00
Andrew Tridgell
287e35f4cf s4-drepl: fixed the checking of replica_flags in the drepl server 
we were incorrectly avoiding a getncchanges when WRIT_REP was not set

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 22:12:57 -07:00
Andrew Tridgell
4d551753d6 s4-kcc: fixed the replica_flags in repsFrom in the kcc 
if our calculated replica_flags doesn't match the ones in our repsFrom
then update it

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 22:12:57 -07:00
Andrew Tridgell
1f3f75f747 s4-samldb: also set a password on the krbtgt_NNNN account 
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-29 16:36:23 -07:00
Nadezhda Ivanova
3b0d6fda38 s4-rodc: RODC should not accept requests for role transfer 
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
 2010-09-29 03:09:15 +00:00
Andrew Tridgell
d4939ce4fc s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c 
this will be used outside of the drs server.

This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
6caa512815 s4-dsdb: adapted check_access_on_dn for use in drs. 2010-09-28 11:36:40 -07:00
Andrew Bartlett
88abf441d0 s4-dsdb Add ldb_reset_err_string() when we set error codes. 
If we don't we could show an old, incrorrect error
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
063b61289d s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY 
This simplifies the function.  While doing so, also change the error
string setting to set a really clear error string for the failure to find
and failure to parse cases.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
8b57482fa8 s4-dsdb Fix segfault in error case in rootdse module 2010-09-29 04:23:07 +10:00
Andrew Tridgell
0bbbfa04f6 s4-dns: implemented RODC DNS update in dns update task 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-27 22:55:05 -07:00
Andrew Tridgell
1587b46fa0 s4-ldb: removed an unused variable 2010-09-27 22:55:04 -07:00
Andrew Tridgell
17aa2b3294 s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs 2010-09-27 22:55:04 -07:00
Andrew Tridgell
e313667983 s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer() 
these will be used by the new RODC dns update code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-27 22:55:04 -07:00
Andrew Tridgell
396cdd6343 s4-kcc: don't print "Testing kcctpl_create_intersite_connections" 
log level 0 is excessive for this!
 2010-09-27 23:18:23 +00:00
Nadezhda Ivanova
aeedd29d39 s4-ldb: Added ldb_request_replace_control 
It is the same as ldb_request_add_control, except it will replace
an existing control.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
 2010-09-27 19:00:38 +00:00
Nadezhda Ivanova
99ac4e92ff s4-ldbmodules: Added new module aclread to handle access checks on LDAP search 
It is currently enabled only if the request comes from the LDAP server, and is
disabled  by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
93ba17285d s4-tests: Added tests for search checks on attributes 
The ACL reach tests are in the knowfail because aclread module is not
enabled by default
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3e08965369 s4-tests: Removed search tests with anonymous credentials as they fail againts Windows 
These tests will fail in make test as well if the acl_read module is enabled.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
dc9991ab0e s4-dsdb: Added a function to check access on a particular object by its guid 
Similar to dsdb_check_access_on_dn, only it searches by guid.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
4d3f528411 s4-dsdb: A helper to determine if an attribute is part of the search filter 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
b77edca7f8 s4-dsdb: Moved some helper functions to a separate file 
We need these to be accessible to the aclread module as well.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3d0e36bc87 s4-ldap: Added a control to apply the access checks on read via LDAP 2010-09-26 15:36:09 -07:00
Andrew Tridgell
7dbfeb0dc0 s4-auth: fixed the SID list for DCs in the PAC 
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
 2010-09-26 07:09:08 +00:00
Kamen Mazdrashki
f1b3c4dd38 s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:13 +03:00
Kamen Mazdrashki
04826b65f6 s4-sec_descriptor.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:12 +03:00
Kamen Mazdrashki
7a7068f2ed s4-ldap_schema.py: Remove unused LDB connection to GC port 2010-09-26 02:25:11 +03:00
Kamen Mazdrashki
8780d2934b s4-dsdb_schema_info.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:11 +03:00
Andrew Tridgell
85ba79063f ldb: mark the location of a lot more ldb requests 2010-09-25 10:38:45 -07:00
Andrew Tridgell
5568fcd88b s4-dsdb: added tagging of requests in dsdb modules 
this allows you to call dsdb_req_chain_debug() in gdb or when writing
debug code to see the request chain
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
bd228f9858 s4-repl: don't store repsFrom on DNs other than NC heads 
we don't want a refsFrom on the Rid Manage$ DN 

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
a1d52540a3 s4-repl: use namingContexts from rootDSE to initialise partition list 
this is preferable to looking for the hasMasterNCs attribute on
nTDSDSA objects.
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
370446769d s4-repl: force on WRIT_REP when we are a writable replica 
this ensures we always mark ourselves as writeable when we are not
an RODC
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
3aea12d0ab s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsa 
this avoids a list walk in the calling code
 2010-09-25 10:38:44 -07:00
Nadezhda Ivanova
99f0891944 s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn. 2010-09-25 10:19:11 -07:00
Andrew Bartlett
c9b19d9b69 s4-kerberos Rework keytab handling to export servicePrincipalName entries 
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.

Andrew Bartlett
 2010-09-24 15:07:56 +10:00
Andrew Bartlett
f03913e2cc s4-kerberos Move 'set key into keytab' code out of credentials. 
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.

Andrew Bartlett
 2010-09-24 09:25:44 +10:00
Matthias Dieter Wallnöfer
964f992779 s4:repl_meta_data - also on delete operations the new RDN attribute has to be casefolded correctly 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
30afa65785 s4:lazy_commit LDB module - the "show_deleted" control is initialised by the "show_deleted" LDB module 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
29e3806b0e s4:rootdse LDB module - make use of "dsdb_forest_functional_level" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
9123bcbf77 s4:ldap.py - add tests for the "dsServiceName", "serverName", "dnsHostName" and "ldapServiceName" rootDSE attributes 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
1d9a348144 s4:rootdse LDB module - introduce dynamic "ldapServiceName" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
681106af4f s4:rootdse LDB module - introduce dynamic "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5fd7bc8564 s4:rootdse LDB module - make "serverName" dynamic 
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a
simple way since it's already needed on LDB initialisation time.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
e446ef1c3f s4:rootdse LDB module - remove "priv" checks where not needed 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f1535694f7 s4:rootdse LDB module - better that the "edn" control handling is done last 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
679eb33e79 s4:samldb LDB module - it isn't allowed to create user/computer accounts with a primary group specified 
It can only be changed afterwards. We allow a "relax"ed exception for the
provision state since we need this for the guest account.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
2e913994f2 s4:dsdb/common/util_samr.c - remove the primary group specifications 
Now also the primary group detection/change on modify operations does work

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
c03ec03212 s4:ldap.py - test default primary groups on modify operations 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f46c6233e7 s4:samldb LDB module - support the "userAccountControl" -> "primaryGroupID" detection also on modify operations 
Also requested by MS-SAMR 3.1.1.8.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
72bb8c3fb3 s4:ldap.py - enhance SAM user/groups behaviour test regarding default primary groups 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f84724cebc s4:rootdse LDB module - make more use of LDB result constants 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
08298457d4 s4:rootdse LDB module - fix comment typo 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
7a1a0cde2e s4:password_hash LDB module - don't assign "lp_ctx" twice 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
e59cdaf40e s4:rootdse LDB module - fix counter types 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
1a1be71eb8 s4:extended_dn_in LDB module - fix a counter type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
6c349d479f s4:drepl_out_helpers.c - fix a counter type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Anatoliy Atanasov
67b6252eed s4/dsdb:kcc: cleanup and improve readability 2010-09-23 08:41:05 -07:00
Stefan Metzmacher
519180c341 s4:dsdb/kcc: we don't need to manually allocate [out,ref] pointers anymore 
metze

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-23 08:41:05 -07:00
Andrew Tridgell
d2008fbbb9 s4-kcc: the kcc should not be setting the repsTo attribute 
repsTo is set by other DCs, when they ask to be notified about changes
in a partition
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
d1cbd68bb1 s4-kcc: added service->am_rodc 
use a rodc flag on the service instead of calling samdb_rodc each time
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
c166b44b47 s4-kcc: pass the service context into the kcc connection code 
this will be used for the RODC changes needed for the kcc
 2010-09-23 07:17:56 +00:00
Jelmer Vernooij
cc5b673e18 s4-selftest: Move samba3sam test to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
1716cdbef3 dsdb: Use short path for ldb_handlers.h, in case ldb is installed in the 
system.
 2010-09-22 17:48:24 -07:00
Nadezhda Ivanova
aa57fd8224 s4-ldap: Fixed a problem with NC's having a parentGUID attribute 
NC's other than default NC had a parentGUID, due to an incorrect check of whether
the object has a parent. Fixed by checking object's instanceType instead.
 2010-09-21 09:10:54 -07:00
Andrew Tridgell
7ffcf90bb9 s4-drepl: use the partition UDV and hwm for extended getncchanges ops 
we find the NC root then load the uptodateness vector and highwater
mark, if available, from there
 2010-09-20 21:51:08 -07:00
Andrew Tridgell
3fe8e97a72 s4-rodc: fixed repsFrom store on RODC 
We were disallowing repsFrom store as a RODC on the basis that it is a
write to the directory. It should be allowed, as its is a
non-replicated attribute.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-20 15:27:45 -07:00
Andrew Tridgell
59951163be s4-kcc: a bit more debug info on repsFrom creation 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-20 15:27:45 -07:00
Kamen Mazdrashki
f06d98764a s4-dsdb-schema_prefixmap: return WERR_DS_NO_ATTRIBUTE_OR_VALUE when ATTID is not found 
rather than WERR_INTERNAL_ERROR - it is not internal error!
 2010-09-21 00:15:24 +03:00
Kamen Mazdrashki
395b09c1b6 s4-dsdb-schema_prefixmap: Print debug message when internal failure occurs 2010-09-21 00:15:24 +03:00
Anatoliy Atanasov
b4eba4268d s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test 2010-09-20 09:46:10 -07:00
Anatoliy Atanasov
7250cb3e73 s4/fsmo: Create separate function for retrieving fsmo role dn and owner dn. 
This functionality is needed for DsCrackNames ListRoles command also.
 2010-09-20 09:44:19 -07:00
Anatoliy Atanasov
faeeb5c8e7 s4/drs: use type enum drsuapi_DsNameFormat in DsCrackNames code 2010-09-20 09:41:00 -07:00
Andrew Tridgell
34f47a33df s4-rootdse: mark registered controls as non-critical 
this is needed for clients that may include unnecessary controls in
requests and mark them as non-critical
 2010-09-19 19:20:48 -07:00
Anatoliy Atanasov
5d807107bb s4/fsmo: Naming master support added 
Test suite for fsmo is extended with a test case for naming master too.
 2010-09-19 12:16:04 -07:00
Andrew Tridgell
e72a1e2055 s4-pydsdb: added am_rodc() method on samdb 2010-09-19 11:29:32 -07:00
Kamen Mazdrashki
d76bb4ac40 s4-drs: Check for schema changes only in case we are *not* applying Schema replica 
This fixes the problem when we fail to replicate with
a partner DC that has a newer Schema with attributeSchema
objects with OIDs that we don't have in our local prefixMap.
 2010-09-18 15:09:47 +03:00
Kamen Mazdrashki
9256b5f226 s4-schema: Helper func to compare schemaInfo signitures 2010-09-17 13:53:03 +03:00
Kamen Mazdrashki
1295da92f9 s4-schema: use dsdb_schema_info_blob_is_valid() to verify schemaInfo blob 
instead of parsing it.
 2010-09-17 13:53:03 +03:00
Kamen Mazdrashki
aedefd3e99 s4-prefixMap: use dsdb_schema_info_blob_is_valid() for schemaInfo blob validation 
This fixes a leaking dsdb_schema_info object also.
 2010-09-17 13:53:03 +03:00
Kamen Mazdrashki
e691b1fd27 s4-dsdb: Add dsdb_schema_info_blob_is_valid() to verify schemaInfo blobls 2010-09-17 13:53:03 +03:00
Andrew Tridgell
e5cd023a41 s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls 2010-09-16 16:08:46 +10:00
Andrew Tridgell
3b87e3e951 s4-repl: if we are an RODC don't set WRIT_REP in replication 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
05ec123b3b s4-repl: add partial attribute set to getncchanges calls for RODCs 
when we are a RODC we must supply a partial attribute set in the
getncchanges call

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
520252c8d2 s4-repl: added min_usn to extended replication call 
the repl_secret code needs to set it to avoid too many duplicate
attributes

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
1da147e6fa s4-repl: added repl_secret handling 
initiate a repl secret extended op when requested

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
d5673b5501 s4-repl: cleanup the extended op calls in repl server 
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
e18c0030e0 s4-pyjoin: fill in the dns name in the python replication method 
this is needed to get the repsFrom DNS entry right

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
f89f3cf30f s4-repl: split out the extended op handling 
this is not part of the rid allocation logic

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:00 +10:00
Andrew Tridgell
54b5370474 s4-repl: cleanup getncchanges extended op calls 
Multiple calls are allowed to run in parallel as long as they don't
conflict.

This also cleans up the variable names in the extended op calls.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:00 +10:00
Anatoliy Atanasov
2eeba94c9c s4/fsmo: Handle infrastructure, pdc and rid extended ops 
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa

Conflicts:

	source4/dsdb/repl/drepl_ridalloc.c
 2010-09-15 14:00:28 +03:00
Andrew Tridgell
6c45eeb944 s4-repl: use consistent API calls for getting DN GUID 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
ce2004d631 s4: fixed some printf format errors 2010-09-15 15:39:35 +10:00
Andrew Tridgell
13a8745cae s4-rodc: add a trigger message for REPL_SECRET to auth_sam 
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
b9393e4896 s4-kcc: removed redundent loop check 
el has already been checked for NULL
 2010-09-15 15:39:34 +10:00
Andrew Tridgell
a17da70785 s4-dsdb: check for invalid backend type 2010-09-15 15:39:34 +10:00
Andrew Tridgell
3e88f3cf33 s4-rootdse: setup length after NULL check 2010-09-15 15:39:34 +10:00
Andrew Tridgell
d00cb8b3d3 s4-dsdb: fixed use after free for RODC 2010-09-15 15:39:33 +10:00
Andrew Tridgell
597372df34 s4-dsdb: free right context on failure 
down_req is not initialised yet
 2010-09-15 15:39:33 +10:00
Andrew Tridgell
cbd8297b4d s4-dsdb: defer ac->msg after check for NULL ac 2010-09-15 15:39:33 +10:00
Andrew Tridgell
5a4a11cb98 s4-anr: check for allocation failure before use 2010-09-15 15:39:33 +10:00
Jelmer Vernooij
8209198998 waf: work around circular dependency finder erroneously removing dependency of gensec on dcerpc. 2010-09-14 17:24:05 +02:00
Matthias Dieter Wallnöfer
6e720ecd25 s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for LDAP filters 
This makes also lookups through special backends as "samba3sam" work.
 2010-09-13 22:41:06 +02:00
Matthias Dieter Wallnöfer
a4b7fac86d s4:cosmetic - the SID attribute is called objectSid - not objectSID 2010-09-13 22:39:50 +02:00
Matthias Dieter Wallnöfer
fe958c009b Revert "s4:samldb LDB module - simplify the message handling on add and modify operations" 
This reverts commit 1d94bb3ad4.

This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this.

I will rework this further.
 2010-09-13 10:39:39 +02:00