1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

27677 Commits

Author SHA1 Message Date
Stefan Metzmacher
10fdc9ad68 s4:torture/smb2: avoid '//' comments
The compiler on openindiana doesn't like them.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct  8 08:56:10 CEST 2011 on sn-devel-104
2011-10-08 08:56:10 +02:00
Stefan Metzmacher
627f930100 s4:torture/drs: avoid '//' comments
The compiler on openindiana doesn't like them.

metze
2011-10-08 07:24:15 +02:00
Stefan Metzmacher
f007f68f70 s4:lib/wmi: avoid '//' comments
The compiler on openindiana doesn't like them.

metze
2011-10-08 07:24:14 +02:00
Andrew Bartlett
078db8f6c9 build: build wbinfo only once in the waf build
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct  8 04:52:03 CEST 2011 on sn-devel-104
2011-10-08 04:52:03 +02:00
Stefan Metzmacher
f0cd3f62d0 selftest: run dfs tests on plugin_s4_dc
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct  8 03:18:54 CEST 2011 on sn-devel-104
2011-10-08 03:18:54 +02:00
Stefan Metzmacher
cc17ac9bba s4:smb_server: implement dfs referral handing on top of dfs_server_ad_get_referrals()
metze
2011-10-08 01:43:38 +02:00
Stefan Metzmacher
bcb02129c3 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct  7 15:28:13 CEST 2011 on sn-devel-104
2011-10-07 15:28:13 +02:00
Stefan Metzmacher
c180feb16c s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK
metze
2011-10-07 12:20:49 +02:00
Stefan Metzmacher
ff1ce6521b s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h
This makes clear that struct dsdb_control_password_change
belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID.

metze
2011-10-07 12:20:45 +02:00
Andrew Bartlett
556ef6ac90 s4-param copy print_parameter and equal_parameter in from source3
This will allow these functions to be put into lib/param shortly.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct  7 10:17:01 CEST 2011 on sn-devel-104
2011-10-07 10:17:00 +02:00
Andrew Bartlett
80e439453d param: Use a bool to hold boolean parameters
All three-state parameters invoking Auto (2) are already declared as integers, not
booleans.

Andrew Bartlett
2011-10-07 17:45:20 +11:00
Andrew Tridgell
83f0dc44a7 s4-dsdb: special case for deleted objects one way link
we show wellknown links to the deleted objects container

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct  7 07:58:08 CEST 2011 on sn-devel-104
2011-10-07 07:58:08 +02:00
Andrew Tridgell
9b981ff1e8 s4-dsdb: don't display links to deleted objects
unless the user asks for the display of deactivated links, we should
not display DNs that link to deleted objects

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-07 13:20:44 +11:00
Andrew Tridgell
a729dbb269 s4-dsdb: fixed one_way_link calculation
we need to check for the other end of the link, not the current linkID

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-07 13:20:44 +11:00
Andrew Tridgell
a5f311d469 s4-dsdb: fixed behaviour of show_deleted and show_recycled control
to correctly implement the show_deleted and show_recycled control we
need to know if the recyclebin is enabled. When not enabled, the
isRecycled attribute is ignored, and only isDeleted is used.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-07 13:20:44 +11:00
Andrew Tridgell
365f705345 s4-dsdb: fixed the check_optional_feature() call
the dsdb_check_optional_feature() call should look on our own NTDS DN
for the enabled feature. This should work for all features, not just
for forest wide fetaures.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-07 13:20:44 +11:00
Andrew Bartlett
f6b7bd4a01 lib/util: consolidate module loading
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Oct  6 08:52:30 CEST 2011 on sn-devel-104
2011-10-06 08:52:30 +02:00
Andrew Bartlett
7d33ec3dfe lib/util: consolidate module loading into common code
This creates a samba-modules private libary that handles the details.

Andrew Bartlett
2011-10-06 07:18:07 +02:00
Andrew Tridgell
3fca66e2b3 samba-tool: add support for fixing broken backlinks in dbcheck
this allows dangling backlinks to be removed

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct  6 07:08:35 CEST 2011 on sn-devel-104
2011-10-06 07:08:35 +02:00
Andrew Tridgell
d7f617e2e1 s4-dsdb: allow deletion of backlinks if DSDB_CONTROL_DBCHECK given
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:22 +11:00
Andrew Tridgell
c2d70af1a7 s4-dsdb: added DSDB_CONTROL_DBCHECK
this will be used for overrides by the dbcheck validator

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:22 +11:00
Andrew Tridgell
2d63789e48 s4-dsdb: allow groupType update on deleted objects
this allows dbcheck to fix groupType on objects that have been deleted

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:21 +11:00
Andrew Tridgell
8976e1d50d s4-rodc: use the rodc_replica flag on the partition
this sets DSDB_REPL_FLAG_PARTIAL_REPLICA when replicating a RODC
partition, which tells the replication code to map instanceType to
remove the INSTANCE_TYPE_WRITE bit

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:21 +11:00
Andrew Tridgell
2a2deeb3b4 s4-rodc: ensure we load replicated partitions for RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:21 +11:00
Andrew Bartlett
e717af0301 s4-dsdb: Do not assume that all deleted objects have an objectCategory and sAMAccountType
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Oct  6 03:43:13 CEST 2011 on sn-devel-104
2011-10-06 03:43:13 +02:00
Andrew Bartlett
f55328a295 dsdb: Do not attempt to resolve conflicts on an RODC 2011-10-06 02:11:34 +02:00
Andrew Bartlett
55054182b2 dsdb: fix double-free in replication failure case on RODC 2011-10-06 02:11:34 +02:00
Andrew Bartlett
5c5d869975 s4-dsdb Allow repl server to start even when no master NCs are present 2011-10-06 02:11:34 +02:00
Andrew Tridgell
63319c169f s4-auth: fixed formatting of some DEBUG() lines
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Oct  5 09:45:15 CEST 2011 on sn-devel-104
2011-10-05 09:45:15 +02:00
Andrew Tridgell
6b5d8e02f7 s4-subdomain: create trust record with forest root DC
when we create a sub-subdomain we need to use the forest naming master
to setup the partition changes for the new subdomain. We also need to
setup the trust with the forest root, as that allows us to create the
needed _msdcs DNS entries in the forest

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct  4 07:40:59 CEST 2011 on sn-devel-104
2011-10-04 07:40:59 +02:00
Andrew Tridgell
8905344bad s4-dsdb: fixed re-join of subdomain
if we repeat the join of a subdomain then we try to re-create the NC
for the subdomain during a DsAddEntry(). This allows that re-creation
to succeed if the NC already exists
2011-10-04 15:08:58 +11:00
Andrew Tridgell
28a6881d4f s4-lsa: fixed set of trust password with old password
the calculation of add_incoming and add_outgoing was not correct when
a trust was already in place

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:58 +11:00
Andrew Tridgell
e9758ef94d s4-dns: add all forest DCs to named.conf.update
this allows all DCs to update DNS entries
2011-10-04 15:08:58 +11:00
Andrew Tridgell
7244e254cc s4-ldap: added DSDB_CONTROL_NO_GLOBAL_CATALOG to ldap encoding list
also remove all the duplicated comments

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:58 +11:00
Andrew Tridgell
0ef8dca9fb s4-kdc: fixed handling of previous vs current trust password
This sorts out the correct handling for the 'kvno=255'
problem. Windows will use the previous trust password for 1 hour after
a password set, and indicates that the previous password is being used
by sending current_kvno-1. That maps to 255 if the trust password has
not actually been changed, so the initial trust password is being
used.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
71f3a25ff7 s4-auth: rework map_user_info() to use cracknames
to properly support multi-domain forests we need to determine if an
incoming username is part of a known forest domain or not. To do this
for all possible SPN forms, we need to use CrackNames.

This changes map_user_info() to use CrackNames if a SAM context is
available, and asks the CrackNames services to parse the incoming
username and domain into a NT4 form, which can then be used in the
SAM.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
0c944d07dc s4-sam: don't look in GC NCs for user accounts
We need to exclude GC partial replica naming contexts from SAM lookups

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
aee896ad98 s4-kdc: don't look at global catalog NCs in the kdc
the kdc should not be looking for users in GC partial replicas, as
these users do not have all of the attributes needed for the KDC to
operate

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
5717da34b9 s4-kdc: treat a kvno of 255 as unspecified
windows sometimes sends us a kvno of 255 for inter-domain trusts. We
don't yet know why it does this, but it seems that we need to treat
this as an unspecified kvno

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
6356f4c255 s4-kcc: if we are a GC, auto-add partial replicas
when we are a global catalog server, the KCC needs to add partial
replicas for all domain partitions that we don't have copies of
2011-10-04 15:08:57 +11:00
Andrew Tridgell
278e44cf9f s4-dsdb: simplify samdb_is_gc()
we already have a function for returning the NTDS options
2011-10-04 15:08:57 +11:00
Andrew Tridgell
f469369fdf s4-dsdb: add the DSDB_CONTROL_PARTIAL_REPLICA when needed
when we are adding an object via DRS, we need to add the
DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial
replica, so ensure the partition module creates new NCs as partial
replicas
2011-10-04 15:08:57 +11:00
Andrew Tridgell
6b69ecd029 heimdal: handle referrals for 3 part DRSUAPI SPNs
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).

We use the 3rd part of the SPN directly as the realm name in the
referral.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
b930b1e1fc s4-repl: try harder to find the right SPN in replication server
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC.  We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
60cbc98051 s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Andrew Tridgell
fb937afbec s4-join: enable cleanup on failed join
if a join fails, then cleanup the old records
2011-10-04 15:08:57 +11:00
Andrew Tridgell
efb3f45a81 s4-drs: added DSDB_REPL_FLAG_ADD_NCNAME to DsAddEntry call
we want new NCs to be created
2011-10-04 15:08:57 +11:00
Andrew Tridgell
1870fc49dd s4-dsdb: added DSDB_REPL_FLAG_ADD_NCNAME flag 2011-10-04 15:08:57 +11:00
Andrew Tridgell
50d6a76a14 s4-dsdb: fixed formatting of a debug message
another missing newline
2011-10-04 15:08:57 +11:00
Andrew Tridgell
d12309dc1a s4-partition: allow creation of uninstantiated partitions
this is needed for a subdomain join by a new NC. The NC is initially
uninstantiated
2011-10-04 15:08:56 +11:00