sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
68,444 Commits 60 Branches 1,145 Tags 452 MiB
4a08b2d172
Commit Graph

2421 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
10e1de3e06 s4:samdb_msg_add_int* - use "ldb_msg_add_string" rather than "samdb_msg_add_string" 
"ldb_msg_add_string" is safe here since the integer has already been converted
to a string which is "talloc"ed on "mem_ctx".

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Oct 15 09:11:49 UTC 2010 on sn-devel-104
 2010-10-15 09:11:49 +00:00
Matthieu Patou
34f12d541b s4 dsdb: fix sign problem on PPC and x86 
In LDAP we used signed intege and groups have the highest bit set (ie.
0x80000002). So it will result with values that are > 2^31 when these
value are used on some plateforms (x86 and PPC 64bits in this case) it
causes problem with strtol.
 2010-10-15 11:34:24 +04:00
Matthias Dieter Wallnöfer
b647b2d5b3 s4:samldb LDB module - cosmetic - use "ldb" variable rather than "ldb_module_get_ctx" 2010-10-15 08:45:14 +02:00
Matthias Dieter Wallnöfer
9310da1e2b s4:samdb_create_foreign_security_principal - proof error code of "samdb_msg_add_string" 2010-10-15 08:45:14 +02:00
Matthias Dieter Wallnöfer
9e69b22e70 s4:dsdb/common/util.c - samdb_msg_add_* calls - proof for more OOM conditions 2010-10-15 08:45:14 +02:00
Matthias Dieter Wallnöfer
06ec5d0177 s4:dsdb/common/util.c - samdb_msg_add_string - the attribute name doesn't need to be duplicated 
This is done internally by the LDB library - look at "ldb_msg_add_empty".
 2010-10-15 08:45:01 +02:00
Matthias Dieter Wallnöfer
9bc57e19e6 s4:dsdb - remove "samdb_msg_add_value" 
This can be substituted by "ldb_msg_add_value".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
 2010-10-15 00:21:53 +00:00
Matthias Dieter Wallnöfer
a0e9814c0d s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", "samdb_result_uint64" and "samdb_result_string" 
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-15 08:36:01 +11:00
Matthias Dieter Wallnöfer
9a3810fbb2 s4:samldb LDB module - attempt to fix integer handling on big-endian platforms 
And beside this it's also nicer to use standard LDB functions for type
conversions.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct 14 08:26:53 UTC 2010 on sn-devel-104
 2010-10-14 08:26:53 +00:00
Matthias Dieter Wallnöfer
8c21a45e5c s4:samldb LDB module - cosmetic fixups 
- Update the module description
- Fix indentation

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 20:55:18 UTC 2010 on sn-devel-104
 2010-10-13 20:55:18 +00:00
Jelmer Vernooij
01d14b4c57 samdb: Set soname. 2010-10-13 17:32:20 +00:00
Matthias Dieter Wallnöfer
bf657db3c4 s4:sam.py - tests for "userAccountControl" attribute 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 17:31:29 UTC 2010 on sn-devel-104
 2010-10-13 17:31:29 +00:00
Matthias Dieter Wallnöfer
3411e71c76 s4:samldb LDB module - deny creation of temporary duplicate accounts 2010-10-13 18:46:13 +02:00
Matthias Dieter Wallnöfer
ed68189c5f s4:samldb LDB module - proof the account type also on LDB modify operations 2010-10-13 18:37:20 +02:00
Matthias Dieter Wallnöfer
36c1ed215d s4:sam.py - add a test for the group type changing behaviour 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 13 14:17:31 UTC 2010 on sn-devel-104
 2010-10-13 14:17:31 +00:00
Matthias Dieter Wallnöfer
826496ce55 s4:samldb LDB module - support the group type changing properly 
This is exactly that what Windows allows. It was proven by a blackbox test.

And we also need to deny add operations of builtin groups.
 2010-10-13 13:35:21 +00:00
Matthias Dieter Wallnöfer
09ce56d957 s4:ldap.py - test the "isCriticalSystemObject" behaviour 2010-10-13 13:35:21 +00:00
Matthias Dieter Wallnöfer
9bcb656bba s4:samldb LDB module - deny also the direct modification of "isCriticalSystemObject" on modify operations 2010-10-13 13:35:21 +00:00
Matthias Dieter Wallnöfer
4638bd11b5 s4:objectclass LDB module - deny the creation of "isCriticalSystemObject" entries 
They're only allowed to be created with the RELAX control specified.
 2010-10-13 13:35:21 +00:00
Matthias Dieter Wallnöfer
8806008024 s4:samldb LDB module - first implementation of the samldb primary group trigger 
This was done according to MS-SAMR 3.1.1.8.2

But do use it only for add operations at the moment.
 2010-10-13 13:35:21 +00:00
Matthias Dieter Wallnöfer
635996e97c s4:samldb LDB module - use the new "objectclass_trigger" for add operations 
Additionally clean up "samldb_fill_object" which is now much easier to
comprehend.
 2010-10-13 13:35:21 +00:00
Matthias Dieter Wallnöfer
2b6cbf2eb0 s4:samldb LDB module - first implementation of the samldb objectclass trigger 
This was done according to MS-SAMR 3.1.1.8.1

I need to perform some RELAX checks since otherwise the provision wouldn't work
anymore.
 2010-10-13 13:35:21 +00:00
Jelmer Vernooij
ffb71f8ee3 dsdb/schema_data: Build as shared object. 2010-10-13 14:10:38 +02:00
Jelmer Vernooij
4313f0fbb5 dsdb/schema_load: Build as shared object. 2010-10-13 14:10:34 +02:00
Jelmer Vernooij
e07ca6f8e1 samdb: Build as library. 2010-10-13 14:10:27 +02:00
Andrew Tridgell
549c044b9f s4-schema: don't name variables after standard libc functions 2010-10-13 11:00:04 +00:00
Jelmer Vernooij
1229935aa9 torture/becomedc: Add test for global schema, use samdb_connect(). 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Oct 12 18:35:33 UTC 2010 on sn-devel-104
 2010-10-12 18:35:33 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h 
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
 2010-10-12 05:54:10 +00:00
Andrew Bartlett
5742f5115c libcli/security Use common security.h 
This includes dom_sid.h and security_token.h and will be moved
to the top level shortly.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
 2010-10-12 03:35:36 +00:00
Andrew Bartlett
8beaa29242 s4-libcli/security Use seperate subsystem for session related functions 
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.

Andrew Bartlett
 2010-10-12 02:54:16 +00:00
Andrew Bartlett
0487ef0a70 libcli/security Add debug class to security_token_debug() et al 
This will allow it to replace functions in source3 that use debug classes.

Andrew Bartlett
 2010-10-12 02:54:16 +00:00
Jelmer Vernooij
4ad64408c5 dsdb: Build more modules as shared objects. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Oct 12 02:12:29 UTC 2010 on sn-devel-104
 2010-10-12 02:12:29 +00:00
Jelmer Vernooij
44a4b677fe dsdb: Build some more modules as shared objects. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 23:22:33 UTC 2010 on sn-devel-104
 2010-10-11 23:22:33 +00:00
Jelmer Vernooij
cfeb5cc91f dsdb: Build some more modules as shared object files. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 21:13:25 UTC 2010 on sn-devel-104
 2010-10-11 21:13:25 +00:00
Jelmer Vernooij
ab9d459b61 dsdb: Build some more modules as .so files. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 19:14:58 UTC 2010 on sn-devel-104
 2010-10-11 19:14:58 +00:00
Jelmer Vernooij
484939db0f samdb_common, ntlm: Add missing dependency on libsamba-hostconfig. 2010-10-11 15:13:16 +00:00
Andrew Bartlett
42127cdbb0 s4-credentials Add explicit event context handling to Kerberos calls (only) 
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()

This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()

Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.

Andrew Bartlett
 2010-10-11 13:02:16 +00:00
Jelmer Vernooij
d74e0adb30 credentials: Split up into several subsystems. 2010-10-11 02:06:03 +00:00
Jelmer Vernooij
2bff55f5de dsdb/modules: Split up helpers a bit to prevent recursive dependencies. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 23:47:54 UTC 2010 on sn-devel-104
 2010-10-10 23:47:54 +00:00
Jelmer Vernooij
3b19993561 dsdb/schema: Move some dsdb_dn functions that are schema-specific. 2010-10-11 01:06:35 +02:00
Jelmer Vernooij
1f73f3b1ca dsdb modules: Split ridalloc out of common helpers, because of dependency loops. 2010-10-11 01:06:35 +02:00
Jelmer Vernooij
fd718c96f0 samdb: Remove dependency on unknown subsystem. 2010-10-10 23:59:04 +02:00
Jelmer Vernooij
aa6d7ccc44 dsdb: add missing dependency on samba_socket. 2010-10-10 23:50:34 +02:00
Jelmer Vernooij
e2f3e10b1a ldb-samba: Rename samdb_relative_path to ldb_relative_path, as it's not samdb-specific. 2010-10-10 23:45:23 +02:00
Jelmer Vernooij
33c4b85058 dsdb: Move attr_in_list to SAMDB_COMMON to avoid circular dependency between SAMDB_COMMON and DSDB_MODULE_HELPERS. 2010-10-10 23:39:47 +02:00
Jelmer Vernooij
c1884f31ea ldb-samba: Add ldb_wrap_add, remove last schema reference from ldb_wrap. 2010-10-10 23:25:38 +02:00
Jelmer Vernooij
93126b3315 samdb: Add flags argument to samdb_connect(). 2010-10-10 23:08:49 +02:00
Jelmer Vernooij
6280725b47 samdb: Handle schema setup in samdb, not in more generic ldbsamba. 2010-10-10 23:08:45 +02:00
Kamen Mazdrashki
20029aac31 s4-dsdb-repl: Print what the error code for failure is 2010-10-10 12:58:32 +03:00
Kamen Mazdrashki
81e5e23683 s4-dsdb: Make dsdb_setup_sorted_accessors() public 
We are going to need it while converting DRS schema.
 2010-10-10 12:58:32 +03:00
Matthias Dieter Wallnöfer
584ac76a4f s4:ldap.py - split it up and move SAM related stuff to sam.py 
ldap.py would still need some additional split-up but it's a start.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Oct  8 14:05:18 UTC 2010 on sn-devel-104
 2010-10-08 14:05:17 +00:00
Matthias Dieter Wallnöfer
ea36245ebe s4:dsdb/common/util_samr.c - use an LDB constant for result checking 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct  7 07:40:31 UTC 2010 on sn-devel-104
 2010-10-07 07:40:31 +00:00
Matthias Dieter Wallnöfer
c9da3122c8 s4:dsdb/common/util.c - provide message set functions for integer types 
They will be used by the samldb LDB module
 2010-10-07 08:59:28 +02:00
Matthias Dieter Wallnöfer
8e5f8d71f2 s4:samldb LDB module - remove "type" parameter of "samldb_fill_object" 
It's a bit redundant given that we have the "type" variable on "ac".

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct  6 10:20:45 UTC 2010 on sn-devel-104
 2010-10-06 10:20:45 +00:00
Matthias Dieter Wallnöfer
aabfb7162c s4:subtree_delete LDB module - remove the DN from an error message 
It may looks funny but the DN output prevents older ADUC versions (tested with
release 2000) to perform subtree deletes properly. Version 2008 has this fixed.

Additionally some smaller changes ("%u" for printing unsigned integers,
module name prefix, nicer line-wrap).

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct  5 16:48:19 UTC 2010 on sn-devel-104
 2010-10-05 16:48:19 +00:00
Matthias Dieter Wallnöfer
af5308ef9c s4:samldb LDB module - simplify/unify the message handling on add and modify operations 
- Perform only shallow copies (should be enough)
- Perform only one copy per operation (also on modifications)
- Build a new request on modify operations if needed ("modified" flag) - this
  makes it look cleaner
- Fix an important bug: the "el" pointers could have changed after
  modifications. Therefore we have to refresh them on the FLAG_DELETE checks

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct  5 09:24:57 UTC 2010 on sn-devel-104
 2010-10-05 09:24:57 +00:00
Matthias Dieter Wallnöfer
ca035b35fe s4:samldb LDB module - assign better memory contexts on two places 2010-10-05 08:43:19 +00:00
Jelmer Vernooij
5548d3d41e Add missing dependencies for com_err. 2010-10-05 00:38:35 +02:00
Jelmer Vernooij
9eab95bd08 heimdal: Fix name of hx509 library. 2010-10-05 00:38:34 +02:00
Matthias Dieter Wallnöfer
6320cface9 s4:dsdb/common/util.c - change the usage of the RECYCLED control 
Use it only in conjunction with the DELETE one to allow the functions to work
also against Windows < 2008R2. This is really important for the vampire
operation.

Also mark the RECYCLED control as non-critical (so that it's simply ignored by
older Windows'es).

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct  4 16:10:11 UTC 2010 on sn-devel-104
 2010-10-04 16:10:11 +00:00
Matthias Dieter Wallnöfer
24282adb9a s4:ldap.py - test allowed system flags restriction 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
ca08cde150 s4:objectclass LDB module - introduce allowed system flags restriction 
Let us do the distinction by real use and provision by the RELAX flag

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
4e8206eb4c s4:urgent_replication.py - fix up the system flags handling 
And relax some more object creations due to the enforced system flags rules.
 2010-10-03 16:50:06 +00:00
Matthias Dieter Wallnöfer
a095a08e25 s4:deletetest.py - enhance the tests 
- Integrate the ldap.py delete protection testing code and enhance it
- Demonstrate the DISALLOW_MOVE_ON_DELETE system flag

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:19 +00:00
Matthias Dieter Wallnöfer
b2385e3725 s4:ldap.py - remove the delete tests 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:19 +00:00
Matthias Dieter Wallnöfer
e3081b92c1 s4:dsdb - substitute the "show_deleted" with the "show_recycled" control 
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.

As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
46282da011 s4:dsdb/common/util.c - introduce "DSDB_SEARCH_SHOW_RECYCLED" flag 
This is needed since starting with 2008_R2 function level we get another type
of hidden objects which aren't seen by the "show_deleted" control: recycled
objects.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
779b97325a s4:subtree_rename LDB module - also already deleted objects have to be renamed 
This is needed if the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag was specified
and the parent is renamed.

To be able to do this we also need to relax the constraint checks (using the
"isDeleted" proof).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
69b7a87e98 s4:show_deleted LDB module - also support the "show_recycled" control 
MS-ADTS 3.1.1.3.4.1 and MS-ADTS 3.1.1.5.5

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
e1509ec623 s4:repl_meta_data LDB module - consider the SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE flag 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
2b4f652899 s4:subtree_delete LDB module - it is only responsible for non-deleted objects 
The deleted objects (tombstones, recycled & deleted objects) are handled by
"repl_meta_data".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
4768280614 s4:objectclass LDB module - fix the "crossRef" delete protection 
This is what Windows does

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
6c9b25ea5c s4:objectclass LDB module - fix the delete behaviour of server containers 
A typo prevented the right behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
64be07bc70 s4:dsdb_dn_val_rmd_flags - memmem - scan the whole string for occourences 
Do this as in "dsdb_dn_is_upgraded_link_val". There is really no reason to
truncate before search.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct  3 10:45:39 UTC 2010 on sn-devel-104
 2010-10-03 10:45:39 +00:00
Matthias Dieter Wallnöfer
bb81760e82 s4:ldap.py - delete the right object after test completition 2010-10-03 12:05:13 +02:00
Matthias Dieter Wallnöfer
f9244a15c7 s4:ldap.py - fix "system only" test 
A part was missing
 2010-10-03 12:05:13 +02:00
Matthias Dieter Wallnöfer
14c660da32 s4:acl_read LDB module - fix counter type 2010-10-03 12:05:13 +02:00
Andrew Tridgell
32ec1b36e0 s4-kcc: silence "Testing kcctpl_create_intersite_connections" message 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Oct  3 04:51:44 UTC 2010 on sn-devel-104
 2010-10-03 04:51:44 +00:00
Kamen Mazdrashki
657d4d8812 s4-test-dsdb_schema_info.py: Get rid of global module variables 2010-10-03 01:24:57 +03:00
Kamen Mazdrashki
83a15155eb s4-test-dsdb_schema_info.py: Simplify connection SamDB 
by using samba.tests.connect_samdb() helper
 2010-10-03 01:24:57 +03:00
Andrew Tridgell
eadd28233d s4-repl: use the GC principal name for DRS replication connection 
this is required when talking to RODCs (for notify calls), and is good
practice for all DCs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 22:31:58 -07:00
Andrew Tridgell
ee15dc9692 s4-dsdb: added dsdb_search_by_dn_guid() 
this is more efficient than first searching for the DN, then doing a
search. We should look at using this in lots of existing code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 21:09:51 -07:00
Andrew Tridgell
23a8fad22b s4-drs: fixed comparison login in replicated renames 
we need to ensure we only ever compare USNs from the same originating
invocation ID.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Oct  2 01:45:19 UTC 2010 on sn-devel-104
 2010-10-02 01:45:19 +00:00
Andrew Tridgell
6e846ca1f3 s4-kcc: remove stale repsTo entries in the KCC 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-02 01:04:17 +00:00
Andrew Tridgell
f6bc4c08b1 s4-rpmd: fixed a use after realloc bug 
we could use old_el after the base message had been re allocated, due
to adding timestamps. We need to re-find the element before using it

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 10:44:24 -07:00
Andrew Tridgell
4beff4d7ba s4-dsdb: fail the transaction instead of asserting on error 
It is more useful to fail the transaction and give the user an error
message than to assert when we have an error in the repl_meta_data
module

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-01 10:44:24 -07:00
Andrew Tridgell
c03d02d28e s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET 
otherwise we don't get the secrets!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-30 20:11:15 -07:00
Andrew Tridgell
57f67701a6 s4-dsdb: silence the domainFunctionality not setup warning 2010-09-30 14:36:11 -07:00
Andrew Tridgell
1a9f5b45f8 s4-drepl: don't call UpdateRefs on a RODC 
we use the ADD_REF bit in getncchanges instead

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 22:12:57 -07:00
Andrew Tridgell
287e35f4cf s4-drepl: fixed the checking of replica_flags in the drepl server 
we were incorrectly avoiding a getncchanges when WRIT_REP was not set

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 22:12:57 -07:00
Andrew Tridgell
4d551753d6 s4-kcc: fixed the replica_flags in repsFrom in the kcc 
if our calculated replica_flags doesn't match the ones in our repsFrom
then update it

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 22:12:57 -07:00
Andrew Tridgell
1f3f75f747 s4-samldb: also set a password on the krbtgt_NNNN account 
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-29 16:36:23 -07:00
Nadezhda Ivanova
3b0d6fda38 s4-rodc: RODC should not accept requests for role transfer 
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
 2010-09-29 03:09:15 +00:00
Andrew Tridgell
d4939ce4fc s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c 
this will be used outside of the drs server.

This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
6caa512815 s4-dsdb: adapted check_access_on_dn for use in drs. 2010-09-28 11:36:40 -07:00
Andrew Bartlett
88abf441d0 s4-dsdb Add ldb_reset_err_string() when we set error codes. 
If we don't we could show an old, incrorrect error
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
063b61289d s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY 
This simplifies the function.  While doing so, also change the error
string setting to set a really clear error string for the failure to find
and failure to parse cases.

Andrew Bartlett
 2010-09-29 04:23:07 +10:00
Andrew Bartlett
8b57482fa8 s4-dsdb Fix segfault in error case in rootdse module 2010-09-29 04:23:07 +10:00
Andrew Tridgell
0bbbfa04f6 s4-dns: implemented RODC DNS update in dns update task 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-27 22:55:05 -07:00
Andrew Tridgell
1587b46fa0 s4-ldb: removed an unused variable 2010-09-27 22:55:04 -07:00
Andrew Tridgell
17aa2b3294 s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs 2010-09-27 22:55:04 -07:00
Andrew Tridgell
e313667983 s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer() 
these will be used by the new RODC dns update code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-27 22:55:04 -07:00
Andrew Tridgell
396cdd6343 s4-kcc: don't print "Testing kcctpl_create_intersite_connections" 
log level 0 is excessive for this!
 2010-09-27 23:18:23 +00:00
Nadezhda Ivanova
aeedd29d39 s4-ldb: Added ldb_request_replace_control 
It is the same as ldb_request_add_control, except it will replace
an existing control.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
 2010-09-27 19:00:38 +00:00
Nadezhda Ivanova
99ac4e92ff s4-ldbmodules: Added new module aclread to handle access checks on LDAP search 
It is currently enabled only if the request comes from the LDAP server, and is
disabled  by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
93ba17285d s4-tests: Added tests for search checks on attributes 
The ACL reach tests are in the knowfail because aclread module is not
enabled by default
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3e08965369 s4-tests: Removed search tests with anonymous credentials as they fail againts Windows 
These tests will fail in make test as well if the acl_read module is enabled.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
dc9991ab0e s4-dsdb: Added a function to check access on a particular object by its guid 
Similar to dsdb_check_access_on_dn, only it searches by guid.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
4d3f528411 s4-dsdb: A helper to determine if an attribute is part of the search filter 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
b77edca7f8 s4-dsdb: Moved some helper functions to a separate file 
We need these to be accessible to the aclread module as well.
 2010-09-26 15:36:09 -07:00
Nadezhda Ivanova
3d0e36bc87 s4-ldap: Added a control to apply the access checks on read via LDAP 2010-09-26 15:36:09 -07:00
Andrew Tridgell
7dbfeb0dc0 s4-auth: fixed the SID list for DCs in the PAC 
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
 2010-09-26 07:09:08 +00:00
Kamen Mazdrashki
f1b3c4dd38 s4-possibleinferiors.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:13 +03:00
Kamen Mazdrashki
04826b65f6 s4-sec_descriptor.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:12 +03:00
Kamen Mazdrashki
7a7068f2ed s4-ldap_schema.py: Remove unused LDB connection to GC port 2010-09-26 02:25:11 +03:00
Kamen Mazdrashki
8780d2934b s4-dsdb_schema_info.py: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:11 +03:00
Andrew Tridgell
85ba79063f ldb: mark the location of a lot more ldb requests 2010-09-25 10:38:45 -07:00
Andrew Tridgell
5568fcd88b s4-dsdb: added tagging of requests in dsdb modules 
this allows you to call dsdb_req_chain_debug() in gdb or when writing
debug code to see the request chain
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
bd228f9858 s4-repl: don't store repsFrom on DNs other than NC heads 
we don't want a refsFrom on the Rid Manage$ DN 

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-25 10:38:45 -07:00
Andrew Tridgell
a1d52540a3 s4-repl: use namingContexts from rootDSE to initialise partition list 
this is preferable to looking for the hasMasterNCs attribute on
nTDSDSA objects.
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
370446769d s4-repl: force on WRIT_REP when we are a writable replica 
this ensures we always mark ourselves as writeable when we are not
an RODC
 2010-09-25 10:38:44 -07:00
Andrew Tridgell
3aea12d0ab s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsa 
this avoids a list walk in the calling code
 2010-09-25 10:38:44 -07:00
Nadezhda Ivanova
99f0891944 s4-dsdb: Fixed a call to the wrong ops function in dsdb_module_search_dn. 2010-09-25 10:19:11 -07:00
Andrew Bartlett
c9b19d9b69 s4-kerberos Rework keytab handling to export servicePrincipalName entries 
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.

Andrew Bartlett
 2010-09-24 15:07:56 +10:00
Andrew Bartlett
f03913e2cc s4-kerberos Move 'set key into keytab' code out of credentials. 
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.

Andrew Bartlett
 2010-09-24 09:25:44 +10:00
Matthias Dieter Wallnöfer
964f992779 s4:repl_meta_data - also on delete operations the new RDN attribute has to be casefolded correctly 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
30afa65785 s4:lazy_commit LDB module - the "show_deleted" control is initialised by the "show_deleted" LDB module 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
29e3806b0e s4:rootdse LDB module - make use of "dsdb_forest_functional_level" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
9123bcbf77 s4:ldap.py - add tests for the "dsServiceName", "serverName", "dnsHostName" and "ldapServiceName" rootDSE attributes 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
1d9a348144 s4:rootdse LDB module - introduce dynamic "ldapServiceName" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
681106af4f s4:rootdse LDB module - introduce dynamic "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5fd7bc8564 s4:rootdse LDB module - make "serverName" dynamic 
This helps to fix bug #7347. "dsServiceName" cannot be made dynamic in such a
simple way since it's already needed on LDB initialisation time.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
e446ef1c3f s4:rootdse LDB module - remove "priv" checks where not needed 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f1535694f7 s4:rootdse LDB module - better that the "edn" control handling is done last 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
679eb33e79 s4:samldb LDB module - it isn't allowed to create user/computer accounts with a primary group specified 
It can only be changed afterwards. We allow a "relax"ed exception for the
provision state since we need this for the guest account.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
2e913994f2 s4:dsdb/common/util_samr.c - remove the primary group specifications 
Now also the primary group detection/change on modify operations does work

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
c03ec03212 s4:ldap.py - test default primary groups on modify operations 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f46c6233e7 s4:samldb LDB module - support the "userAccountControl" -> "primaryGroupID" detection also on modify operations 
Also requested by MS-SAMR 3.1.1.8.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
72bb8c3fb3 s4:ldap.py - enhance SAM user/groups behaviour test regarding default primary groups 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f84724cebc s4:rootdse LDB module - make more use of LDB result constants 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
08298457d4 s4:rootdse LDB module - fix comment typo 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
7a1a0cde2e s4:password_hash LDB module - don't assign "lp_ctx" twice 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
e59cdaf40e s4:rootdse LDB module - fix counter types 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
1a1be71eb8 s4:extended_dn_in LDB module - fix a counter type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Matthias Dieter Wallnöfer
6c349d479f s4:drepl_out_helpers.c - fix a counter type 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Anatoliy Atanasov
67b6252eed s4/dsdb:kcc: cleanup and improve readability 2010-09-23 08:41:05 -07:00
Stefan Metzmacher
519180c341 s4:dsdb/kcc: we don't need to manually allocate [out,ref] pointers anymore 
metze

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-23 08:41:05 -07:00
Andrew Tridgell
d2008fbbb9 s4-kcc: the kcc should not be setting the repsTo attribute 
repsTo is set by other DCs, when they ask to be notified about changes
in a partition
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
d1cbd68bb1 s4-kcc: added service->am_rodc 
use a rodc flag on the service instead of calling samdb_rodc each time
 2010-09-23 07:17:57 +00:00
Andrew Tridgell
c166b44b47 s4-kcc: pass the service context into the kcc connection code 
this will be used for the RODC changes needed for the kcc
 2010-09-23 07:17:56 +00:00