1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

1077 Commits

Author SHA1 Message Date
Andrew Tridgell
bb3bdb3a62 s4-ldb: added a bunch more debug for DC join
These additional debug messages were added to help us track down
w2k8->s4 domain join
2009-09-22 17:10:06 -07:00
Andrew Tridgell
9b752399c1 s4-ldbmodules: allow instanceType to be specified by clients
This is needed for the WSPP ADS testsuite
2009-09-22 17:10:05 -07:00
Nadezhda Ivanova
f54ef5f20f s4:dsdb Fix of double addition of SD-s
Also add error strings in descriptor module
2009-09-21 20:50:34 -07:00
Andrew Bartlett
399c7160d5 s4:ldb Add 'single-value' support to LDB.
This is currently only triggered via Samba4's schema code.
2009-09-21 20:50:26 -07:00
Nadezhda Ivanova
9e85192e64 Merge branch 'master' of git://git.samba.org/samba 2009-09-21 17:29:28 -07:00
Nadezhda Ivanova
10c6f3f71a Initial Implementation of the DS objects access checks.
Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified.
2009-09-21 17:27:50 -07:00
Andrew Bartlett
bc53052d38 s4:dsdb Run the new 'descriptor' module by default.
This code was derived from the objectclass module, and we need the new
code in the default provision, or else no ACL is set on each object.

Andrew Bartlett
2009-09-21 16:33:47 -07:00
Andrew Tridgell
ac56fed2f4 s4-schema: don't trace the schema load (too verbose) 2009-09-21 15:27:05 -07:00
Andrew Tridgell
5b684bbfd7 s4-ldap: default edn type is 0 2009-09-21 15:26:32 -07:00
Andrew Tridgell
2fda203230 s4-ldb: add support for extended DNs in the rootDSE
W2K8 join as a DC relies on being able to ask for the sid component of
extended DNs from the rootDSE DNs
2009-09-21 15:26:32 -07:00
Andrew Tridgell
dd7f94a9e2 s4-dsdb: fixed a printf format warning 2009-09-21 15:26:31 -07:00
Andrew Bartlett
1afc7c453c s4:kerberos Fix the salt to match Windows 2008.
The previous commit changed the wrong end - we must fix our server,
not our client.

Andrew Bartlett
2009-09-21 12:28:38 -07:00
Stefan Metzmacher
f917044ec0 s4:dsdb/resolve_oids: add fast pathes for the common operations without oids
metze
2009-09-21 05:52:32 +02:00
Stefan Metzmacher
5656c22bea s4:dsdb/resolve_oids: check return values in recursion
metze
2009-09-21 05:51:58 +02:00
Matthias Dieter Wallnöfer
257ea8f96f Merge branch 'master' of git://git.samba.org/samba 2009-09-21 00:03:42 +02:00
Matthias Dieter Wallnöfer
500fc020b2 s4:samba3sam.py test - remove the primary group ID attribute here
This shouldn't be specified on creation time (Windows Server doesn't allow that).
Hope this also fixes the test (see buildfarm).
2009-09-20 23:27:47 +02:00
Nadezhda Ivanova
ae56b0f2f9 Disable descriptor module unless enabled in smb.conf
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
2009-09-20 14:07:16 -07:00
Matthias Dieter Wallnöfer
6ec69f3e77 s4:dsdb/common/util - Check for the right forest/domain function level
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
2009-09-20 22:53:45 +02:00
Stefan Metzmacher
7fbd18a9dd dsdb/samdb: add resolve_oids module
Windows Servers allow OID strings to be used instead of
attribute/class names.

For now we only resolve the OIDs in the search expressions,
the rest will follow.

metze
2009-09-20 06:44:17 +02:00
Anatoliy Atanasov
663fe5530f Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.c 2009-09-19 15:42:44 -07:00
Anatoliy Atanasov
0b68967096 Move replmd_drsuapi_DsReplicaCursor2_compare to a common place. 2009-09-19 15:42:00 -07:00
Andrew Bartlett
5cec86ec27 s4:dsdb Print the partition we failed to suggest replication for 2009-09-19 14:36:14 -07:00
Andrew Tridgell
e9a589feac s4-server: kill main daemon if a task fails to initialise
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
2009-09-18 18:05:55 -07:00
Andrew Tridgell
c2139e8e56 s4-drs: cope with dupliate linked attributes
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS
which are duplicates of entries that we already have. We need to cope
with this by using a remove/add pair in the ldb_modify() to avoid a
"entry already exists" error
2009-09-18 14:11:30 -07:00
Matthias Dieter Wallnöfer
c2055de162 s4:descriptor module - Revert and const fixups
- Revert a change introduced by me since I didn't understood the meaning of the
  version check
- Added some "const" to suppress compiler warnings
2009-09-17 18:37:46 +02:00
Matthias Dieter Wallnöfer
813f9dacbd s4:descriptor - cosmetic 2009-09-17 18:27:32 +02:00
Matthias Dieter Wallnöfer
0c202e403f s4/domain behaviour flags: Fix them up in various locations
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
  version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
  needed: ACL owner groups (not owner user) are supported since Windows 2000
  Server (first AD edition)
  - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-17 12:40:33 +02:00
Nadezhda Ivanova
d70e171719 Owner and group defaulting.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16 07:52:05 -07:00
Andrew Tridgell
45cebf7f11 s4-repl: raise a debug level 2009-09-16 03:58:17 -07:00
Andrew Tridgell
98f2a3b6a3 s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist
When a partition is first created it still needs a uSNHighest value
2009-09-16 03:58:17 -07:00
Andrew Tridgell
30d13288e5 s4-repl: take advantage of async RPC forwarding
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15 20:51:10 -07:00
Andrew Tridgell
458dda1f15 s4-repl: don't do double replication
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
2009-09-15 18:45:43 -07:00
Andrew Tridgell
bc3bbae6d2 s4-repl: make sure we marshal the replPropertyMetaData after the last change
we were setting local_usn after the marshall, so it wasn't going into
the object
2009-09-15 18:45:42 -07:00
Andrew Tridgell
ff8ad222cd s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
2009-09-15 18:45:42 -07:00
Andrew Tridgell
089dc64cbb s4-repl: add a debug to make it easier to monitor replication 2009-09-15 18:45:41 -07:00
Andrew Bartlett
9a209ac252 s4:schema Add code to provide an index into the subClass tree
In time, this should avoid the astounding (order) complexity of the
objectclass sorting in objectclass.c eventually.

Andrew Bartlett
2009-09-15 10:38:52 -07:00
Andrew Tridgell
3dd404abad s4-repl: handle rename in repl_meta_data
On a rename we need to update uSNChanged, and the max uSN for the
partition
2009-09-14 13:13:12 -07:00
Andrew Tridgell
33160b1a5b s4-repl: fixed a memory error handling linked attributes
We could get a double free with multiple linked attributes in a
message
2009-09-14 09:41:52 -07:00
Andrew Tridgell
3cf73dfdbd s4-repl: fall back to repsFrom if repsTo not set
Windows does not seem to be always setting up repsTo using
DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo
is empty. This is almost certainly incorrect, but it does get
notification based replication working with both w2k3 and w2k8.
2009-09-14 09:41:52 -07:00
Michael Adam
aa089b80de dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least)
Michael
2009-09-14 14:51:21 +02:00
Andrew Tridgell
55a9ea2b33 s4-repl: added a preiodic notification check to the repl task
The dreplsrv_notify code checks the partition uSN values every N
seconds, and if one has changed then it sends a DsReplicaSync to all
the replication partners listed in the repsTo attribute for the
partition.
2009-09-13 16:40:37 -07:00
Andrew Tridgell
02c9a7e4b6 s4-repl: use the new dsdb partition uSN helper fns 2009-09-13 16:40:00 -07:00
Andrew Tridgell
424d1c580a s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usn
These are used to load/save the per-partition uSN values managed by
the repl_meta_data module
2009-09-13 16:40:00 -07:00
Andrew Tridgell
80c575923f s4-sam: allow a search to specify a partition
You can now attach a partition control to searches to search within a
specific partition. This is used to get at the per-partition
@REPLCHANGED object
2009-09-13 16:40:00 -07:00
Andrew Tridgell
73e380deec s4-repl: keep a @REPLCHANGED object on each partition
This object tracks the highest uSN in each partition. It will be used
to allow us to efficiently detect changes in a partition for sending
DsReplicaSync messages to our replication partners.
2009-09-13 16:39:59 -07:00
Stefan Metzmacher
db26c00c55 s4:repl_meta_data: increment the attribute version with each change
metze
2009-09-12 10:39:52 +02:00
Andrew Tridgell
5c0cf012a7 s4-samdb: make it possible to ask for the sequence number of a partition
The partition module normally makes the sequence number extended op
operate across all partitions. It will be useful in the repl task to
be able to ask for the sequence number of one partition
2009-09-12 15:24:31 +10:00
Andrew Tridgell
ca6e15f2f9 s4-repl: fixed memory leaks
These memory leaks were mostly caused by the fact that
refresh_partitions is now called periodically
2009-09-12 15:22:26 +10:00
Andrew Tridgell
b00518cf7a s4-repl: don't be too eager to allocate new sequence numbers
we only need to allocate a new sequence number when
replPropertyMetaData is changing or being created on an object
2009-09-12 12:07:06 +10:00
Andrew Tridgell
733fa19bc1 s4-samdb: internal s4 ldb modules should be GPL not LGPL
I think these modules ended up LGPL because someone based the module
on an existing LGPL module in the core ldb, and it spread from
there. Certainly there is no reason for the ldb modules that are not
distributed as part of ldb to be LGPL.
2009-09-12 11:21:21 +10:00