sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
139,744 Commits 60 Branches 1,144 Tags 452 MiB
5f365e71c1
Commit Graph

382 Commits

Author SHA1 Message Date
Anatoliy Atanasov
5d807107bb s4/fsmo: Naming master support added 
Test suite for fsmo is extended with a test case for naming master too.
 2010-09-19 12:16:04 -07:00
Kamen Mazdrashki
d76bb4ac40 s4-drs: Check for schema changes only in case we are *not* applying Schema replica 
This fixes the problem when we fail to replicate with
a partner DC that has a newer Schema with attributeSchema
objects with OIDs that we don't have in our local prefixMap.
 2010-09-18 15:09:47 +03:00
Andrew Tridgell
e5cd023a41 s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls 2010-09-16 16:08:46 +10:00
Andrew Tridgell
3b87e3e951 s4-repl: if we are an RODC don't set WRIT_REP in replication 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
05ec123b3b s4-repl: add partial attribute set to getncchanges calls for RODCs 
when we are a RODC we must supply a partial attribute set in the
getncchanges call

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
520252c8d2 s4-repl: added min_usn to extended replication call 
the repl_secret code needs to set it to avoid too many duplicate
attributes

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
1da147e6fa s4-repl: added repl_secret handling 
initiate a repl secret extended op when requested

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
d5673b5501 s4-repl: cleanup the extended op calls in repl server 
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
e18c0030e0 s4-pyjoin: fill in the dns name in the python replication method 
this is needed to get the repsFrom DNS entry right

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
f89f3cf30f s4-repl: split out the extended op handling 
this is not part of the rid allocation logic

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:00 +10:00
Andrew Tridgell
54b5370474 s4-repl: cleanup getncchanges extended op calls 
Multiple calls are allowed to run in parallel as long as they don't
conflict.

This also cleans up the variable names in the extended op calls.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:00 +10:00
Anatoliy Atanasov
2eeba94c9c s4/fsmo: Handle infrastructure, pdc and rid extended ops 
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa

Conflicts:

	source4/dsdb/repl/drepl_ridalloc.c
 2010-09-15 14:00:28 +03:00
Andrew Tridgell
6c45eeb944 s4-repl: use consistent API calls for getting DN GUID 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
13a8745cae s4-rodc: add a trigger message for REPL_SECRET to auth_sam 
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:34 +10:00
Anatoliy Atanasov
788bfc8a25 s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole 
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
 2010-09-10 13:44:20 +03:00
Anatoliy Atanasov
0ad22777ec s4/fsmo: Fix callback declaration 2010-09-10 13:29:38 +03:00
Kamen Mazdrashki
d08439d42b s4-dreplsrv: fix 'dn' for partition object being created 2010-09-10 13:08:23 +03:00
Kamen Mazdrashki
750300aedf s4-drs-fsmo: try to dispatch ops in queue as soon as possible 
In most cases this will transfer of schema master role to
look like a synchronous operation.
 2010-09-10 13:08:22 +03:00
Andrew Tridgell
c34cae81fe s4-fsmo: update FSMO changes for recent IRPC work 
the IRPC API has changed

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-10 13:08:20 +03:00
Anatoliy Atanasov
ab01ce6e96 s4/drs: update repsFrom only when we are not in getncchanges extended op 2010-09-10 13:08:20 +03:00
Nadezhda Ivanova
0229ac455d s4-irpc: Added internal rpc call DREPL_TAKEFSMOROLE 
It schedules a getncchanges with extended op 6, to be used when a modify request on
becomeROLEMaster atteibute on rootDSE is received.
 2010-09-10 13:08:18 +03:00
Nadezhda Ivanova
657b7039c3 s4-drs: Implementation of GetNCChanges extended op 6 - fsmo role transfer 
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to
become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute
in its database with the new owner, and replicates the change to the candidate, who then becomes the
owner.
The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who
kindly helped to debug it.
 2010-09-10 13:08:17 +03:00
Nadezhda Ivanova
c8794d2625 s4-drs: Refactored drepl_service and send_ridalloc_request so that the structures can be used for other extended ops 2010-09-10 13:08:16 +03:00
Kamen Mazdrashki
3593298c7e s4-dreplsrv: Call dreplsrv_out_operation::callback in case we fail to even run the operation 
Operation was scheduled already, so we need to call
the callback function for it to be able to do its job.

For instance, if we are blocking an rpc call until an
operation is completed and there is no memory, then
client will be blocked without knowing what is going on
with the server.
 2010-09-09 18:26:51 +03:00
Kamen Mazdrashki
7ee34182df s4-dsdb/repl/drepl_out_pull.c: Remove unused code 2010-09-09 18:26:50 +03:00
Kamen Mazdrashki
ef56945d0e s4-drepl_service.c: Update (C) 
and remove few trailing white spaces
 2010-09-09 18:26:50 +03:00
Kamen Mazdrashki
3fa3bc7eba s4-drepsrv: Dump more info when drepl_replica_sync() fails 
There are many spots where this function may fail
and I find it very useful to know where exactly function
fails and what are the input parameters during testing.

REPLICA_SYNC_FAIL() macro now dumps an error message
so we may remove extra DEBUG() dump in implementation.
 2010-09-09 18:26:50 +03:00
Kamen Mazdrashki
e64e398568 s4-dreplsrv: Run NC replication synchronously if requested 2010-09-07 17:09:35 +03:00
Kamen Mazdrashki
dea5c7b948 s4-idl: redefine dreplsrv_refresh() to be alike other RPC function definitions 
Sorry for the 'custom' definition first time
 2010-09-05 23:34:28 +03:00
Kamen Mazdrashki
65b21c0562 s4-dreplsrv: Refactor drepl_replica_sync() to behave as described in MS-DRSR 
see: MS-DRSR - 4.1.23.2

Note: Synchronious replication not implemented yet.
 2010-09-03 13:23:48 +03:00
Kamen Mazdrashki
715743b38d s4-dreplsrv: Helpers to locate source DSA in a partition by GUID or DNS name 2010-09-03 13:23:48 +03:00
Kamen Mazdrashki
3691e6c97b s4-dreplsrv: Helper to find NC by DN or GUID or SID 2010-09-03 13:23:48 +03:00
Kamen Mazdrashki
5685fb64e4 s4-dreplsrv: Add caller-specific data parameter for dreplsrv_fsmo_callback_t 
It is to be used when we need to preserve a state
to be used in tha callback when dreplsrv_out_operation is completed
 2010-09-03 13:23:47 +03:00
Kamen Mazdrashki
b954834ad1 s4-dreplsrv: Implement irpc stub to be used to force dreplsrv to update internal cache 
This IRPC calls is to be used whenever repsFrom/repsTo are
changed by administrative tool or KCC (i.e. Topology changes).

At present, only KCC may change topology.
 2010-08-28 23:38:59 +03:00
Kamen Mazdrashki
53551a76c5 s4-dreplsrv: Move partition cache update before scheduling another set of replications 2010-08-28 23:38:59 +03:00
Andrew Tridgell
cb0f8f0ee0 s4-repl: load RODC partitions using msDS-hasFullReplicaNCs 
we mark these as incoming_only

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion 
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-16 18:24:27 +10:00
Stefan Metzmacher
1caa8b06f7 s4:drepl_notify: hide some bugs from the make test output 
It's useless to get messages like this every few seconds:

dreplsrv_notify: Failed to send DsReplicaSync to
edbf4745-2966-49a7-8653-99200f1c9430._msdcs.samba2003.example.com for
CN=Configuration,DC=samba2003,DC=example,DC=com -
NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE

We have a non bug regarding non-linked DN attributes
and changes of the target DN.

metze
 2010-07-09 16:43:17 +02:00
Stefan Metzmacher
538bb9b3ec s4:dsdb/repl: expose drsuapi_DsExtendedError to the caller (e.g. the ridalloc client) 
metze
 2010-07-09 09:27:16 +02:00
Stefan Metzmacher
49deed5a77 s4:drepl_out_helpers: don't return NT_STATUS_OK, if an extended operation doesn't return success 
metze
 2010-07-09 09:27:16 +02:00
Stefan Metzmacher
658a0f9ef8 s4:drepl_ridalloc: only ask the rid master for a new rid pool if we need to. 
if we are at least half-exhausted then ask for a new pool.

This fixes a bug where we're sending unintialized alloc_pool
variable as exop->fsmo_info to the rid master and get back
DRSUAPI_EXOP_ERR_PARAM_ERROR.

metze
 2010-07-09 09:27:15 +02:00
Andrew Tridgell
87df785a68 s4-dsdb: use ldb_operr() in the dsdb code 
this replaces "return LDB_ERR_OPERATIONS_ERROR" with "return ldb_operr(ldb)"
in places in the dsdb code where we don't already explicitly set an
error string. This should make is much easier to track down dsdb
module bugs that result in an operations error.
 2010-07-07 20:14:55 +10:00
Kamen Mazdrashki
163ed44903 s4/drs: DsReplicaSync should search partition to Sync 
by any valid DSName attribute given, be it - partition DN,
partition GUID or partition SID
 2010-06-25 04:51:59 +03:00
Andrew Bartlett
8d8678fcfd s4:dsdb Allow calling dsdb_convert_object_ex() directly 
This will allow the libnet_vampire code to manually convert individual
schema objects.

Andrew Bartlett
 2010-06-12 11:19:19 +10:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Matthieu Patou
f45cbb0a0d s4: Do not display by default the message Failed to send DsReplicaSync is other host is just unreachable 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-13 19:13:30 +02:00
Andrew Tridgell
7e2b3ab14f s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errors 
The 0xc0002104/WERR_DS_DRA_NO_REPLICA seems to be spurious, and can be
avoided by setting DRSUAPI_DRS_SYNC_ALL in the DsReplicaSync request.

We need to investigate this further, and find out from MS why this is
sometimes being sent, even when the target DC has the right repsFrom
entries
 2010-04-27 15:24:40 +10:00
Andrew Tridgell
8aa30f9580 s4-repl: on a failed request, clear the current ptr 
this prevents the queue being stuck on failure
 2010-04-27 10:38:58 +10:00
Andrew Tridgell
9b18b339c0 s4-repl: end repl request when not doing an UpdateRefs 
otherwise the queue is stuck forever
 2010-04-27 10:38:58 +10:00
Andrew Tridgell
5fb60bc311 s4-repl: don't delete repsTo entry on DsReplicaSync 
we rely on the highestUSN counters instead. W2K8 does not resend
DsUpdateRefs each time, and the WSPP docs do not indicate that repsTo
should be deleted
 2010-04-27 10:38:58 +10:00
Andrew Tridgell
a31c711ba7 s4-drs: allow getncchanges requests to non WRIT_REP partitions for extended ops 
Needed for RID allocation

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-26 19:06:07 +10:00
Andrew Tridgell
159de40b0b s4-drepl: don't send an UpdateRefs unless its a plain replication 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-26 19:06:06 +10:00
Andrew Tridgell
1f92df90fd s4-drs: removed dsdb_validate_client_flags() 
This test is in the wrong place. We end up validating our own flags.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-22 19:36:16 +10:00
Fernando J V da Silva
59aa0a07d2 s40-drs: Do not send GetNCChanges messages to RODCs 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-22 19:36:15 +10:00
Fernando J V da Silva
57bcdf008f s4-drs: samdb_is_rodc() function and new samdb_rodc() function 
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-22 19:36:15 +10:00
Matthias Dieter Wallnöfer
ad9e407357 Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions" 
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
 2010-04-13 08:55:15 +02:00
Fernando J V da Silva
8e1d947787 s4-drs: If we are a RODC then do not send DSReplicaSync messages 2010-03-25 15:02:19 +11:00
Andrew Bartlett
2de07761e0 s4:dsdb Change dsdb_get_schema() callers to use new talloc argument 
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.

Andrew Bartlett
 2010-03-16 19:26:03 +11:00
Stefan Metzmacher
77fb700e20 s4:dsdb/repl: make use of use tevent_req based dcerpc_binding_handle stubs 
metze
 2010-03-12 15:25:41 +01:00
Kamen Mazdrashki
9f21787131 s4/drs: DsGetNCChanges - Propagating IDL changes to source code 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-03-10 17:11:57 +01:00
Matthias Dieter Wallnöfer
3ec4c643a4 s4:repl - change also here the counter variables to "unsigned" 
I changed also some "uint32_t" to "unsigned" since the LDB interface doesn't
specify the bitlength of the unsigned type.
 2010-03-05 18:28:35 +01:00
Stefan Metzmacher
0547af244a s4:drepl_out_helpers: don't look at the internals of 'struct rpc_request' 
metze
 2010-03-01 16:11:56 +01:00
Stefan Metzmacher
1955cde46c s4:drepl_notify: don't look at the internals of 'struct rpc_request' 
metze
 2010-03-01 16:11:56 +01:00
Stefan Metzmacher
c4e72add67 s4:dsdb/repl: make use of explicit dcerpc_*_recv functions 
metze
 2010-03-01 16:11:54 +01:00
Anatoliy Atanasov
b73437fbaa s4/rodc: Implement samdb_rodc with ldb context 2010-03-01 14:17:32 +02:00
Kamen Mazdrashki
99db858b15 s4/drs: Propagate drsuapi_DsReplicaSync changes in source base 2010-02-24 14:14:07 +02:00
Kamen Mazdrashki
8823a549ca s4/drs: propagate DRS_ extension flags in code base 2010-02-05 10:51:57 +01:00
Fernando J V da Silva
28420fe68a s4-drs: Reads uSNUrgent and sets Urgent Replication Bit for DS_ReplicaSync when necessary 
If an urgent replication is necessary, so the uSNUrgent stored is equal to the
uSNHighest stored, then when sending the DS_ReplicaSync message it sets the
DRSUAPI_DRS_SYNC_URGENT bit on DRS_OPTIONS.

Signed-off-by: Fernando J V da Silva <fernandojvsilva@yahoo.com.br>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-01-28 17:21:41 +11:00
Andrew Tridgell
8342d08f5c s4-dsdb: take advantage of local cursor and sort 
in getncchanges and repl task we don't need the extra load and sort
any more.
 2010-01-16 14:10:43 +11:00
Andrew Tridgell
09d947f77c s4-dsdb: use dsdb_load_udv_v2() in repl task 2010-01-16 14:10:43 +11:00
Andrew Tridgell
88ec10b757 s4-drepl: switch drepl over to using the generic DRS options flags 
WSPP uses a single set of flags for all these DRS operations.
 2010-01-14 15:37:59 +11:00
Fernando J V da Silva
6f806b7079 s4-drs: Uses dsdb_load_partition_usn() with urgent_uSN in s4 code 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-01-14 15:37:59 +11:00
Fernando J V da Silva
e30d009965 s4-drs: Store uSNUrgent for Urgent Replication 
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-01-14 15:37:58 +11:00
Stefan Metzmacher
92b87eb474 s4:dsdb/repl: reorder dreplsrv_op_notify* functions 
This make the whole async dreplsrv_op_notify_send/recv()
readable.

metze
 2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240 s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req 
metze
 2010-01-13 14:52:00 +01:00
Andrew Tridgell
45f49d0a58 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC 
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
 2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06 s4-drs: give DN of failed replication partition 2010-01-09 21:59:32 +11:00
Andrew Tridgell
7010fad4ea s4-drs: calculate and send a uptodateness_vector with replication requests 
This stops us getting objects changes twice if they came via an
indirect path.
 2010-01-09 18:56:29 +11:00
Stefan Metzmacher
501dd4a3b5 s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req 
metze

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-01-08 13:03:05 +11:00
Andrew Tridgell
2590b7795d s4-repl: implement MSG_DREPL_ALLOCATE_RID 
When the repl server gets MSG_DREPL_ALLOCATE_RID it contacts the RID
Manager to ask for another RID pool. We use a callback on completion
of the operation to make sure that we don't have two RID allocation
requests in flight at once

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:01 +11:00
Andrew Tridgell
cc7967b1c0 s4-repl: allow for callbacks when a repl operation completes 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:01 +11:00
Andrew Tridgell
19e515aac7 s4-repl: added request for RID allocation in drepl task 
The drepl task now checks to see if our rIDAllocationPool is
exhausted, and if it is then we queue a extended operation
DsGetNCChanges call to ask the RID Manager to give us a new allocation
pool.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:00 +11:00
Stefan Metzmacher
f04e10f4c0 s4:dsdb/repl: convert dreplsrv_out_drsuapi_send/recv to tevent_req 
metze
 2010-01-04 09:36:25 +01:00
Kamen Mazdrashki
14bac3a3e6 Revert "s4-drs: cope with bogus empty attributes from w2k8-r2" 
This reverts commit 1287c1d115.

Next patch should fix the "not recognized ATTIDs" problem

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-21 23:44:19 +11:00
Andrew Tridgell
452fc0d6f4 s4-repl: give a reason why the prepare commit failed 2009-12-21 23:41:09 +11:00
Andrew Tridgell
60acce584b s4-repl: only try to replicate for NCs that we are a master for 2009-12-21 23:41:09 +11:00
Andrew Tridgell
2a4a159a84 s4-repl: lower debug level of a common message 2009-12-21 23:41:07 +11:00
Andrew Tridgell
261ba40e77 s4-dsdb: use GUID_to_ndr_blob() 2009-12-10 17:51:29 +11:00
Andrew Tridgell
1287c1d115 s4-drs: cope with bogus empty attributes from w2k8-r2 
w2k8-r2 sometimes sends empty attributes with completely bogus attrid
values in a DRS replication response. This allows us to continue with
the vampire operation despite these broken elements.
 2009-11-28 13:28:34 +11:00
Matthias Dieter Wallnöfer
e853dd763b Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayName" generator" 
This reverts commit df95d5c292.

abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.
 2009-11-16 17:01:43 +01:00
Matthias Dieter Wallnöfer
df95d5c292 s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayName" generator 
Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.
 2009-11-15 14:26:41 +01:00
Andrew Bartlett
df7546ac16 s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS import 
This will allow us in future to do tests on the LDB values we generate
from the DRS replication.

Andrew Bartlett
 2009-11-12 16:34:10 +11:00
Kamen Mazdrashki
ddab9d1fe7 s4/drs: dsdb_verify_oid_mappings_drsuapi() replaced by dsdb_schema_pfm_contains_drsuapi_pfm() 
dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented
prefixMap interface.

This name was choosen to clearly show, that this a week verification
in case we want to determine if remote schema is changed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2009-11-06 14:05:42 +01:00
Andrew Tridgell
54bd30f706 s4-samdb: reduce the number of samdb opens at startup 
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
 2009-10-25 17:19:03 +11:00
Andrew Tridgell
94897d7a7c s4-dsdb: added samdb_rodc() and samdb_ntds_options() 
Later we will need to make samdb_rodc() look in the database, but for
now we should at least have the function in a central place
 2009-10-15 08:20:37 +11:00
Matthias Dieter Wallnöfer
e9686985cb s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed 
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
 2009-10-14 10:50:43 +02:00
Andrew Tridgell
b3377ef2ea s4-drs: fixed a memory error introduced yesterday 
ids is retrurned via _ids, so it needs to be on the passed in mem_ctx
 2009-10-07 16:20:16 +11:00
Andrew Tridgell
b43479741a s4-repl: added RELAX control and fix transactions 
Added the RELAX control to dsdb_origin_objects_commit(), as it needs
to modify system objects. This patch also fixes the use of ldb
transactions in that function, and fixes a memory leak.
 2009-10-06 18:55:14 +11:00
Andrew Tridgell
bb3bdb3a62 s4-ldb: added a bunch more debug for DC join 
These additional debug messages were added to help us track down
w2k8->s4 domain join
 2009-09-22 17:10:06 -07:00
Andrew Bartlett
5cec86ec27 s4:dsdb Print the partition we failed to suggest replication for 2009-09-19 14:36:14 -07:00
Andrew Tridgell
e9a589feac s4-server: kill main daemon if a task fails to initialise 
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
 2009-09-18 18:05:55 -07:00
Andrew Tridgell
c405d721c1 s4-repl: raise a debug level 2009-09-16 03:57:56 -07:00
Andrew Tridgell
30d13288e5 s4-repl: take advantage of async RPC forwarding 
This uses async RPC forwarding for the DsReplicaSync call
 2009-09-15 20:51:10 -07:00
Andrew Tridgell
458dda1f15 s4-repl: don't do double replication 
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
 2009-09-15 18:45:43 -07:00
Andrew Tridgell
089dc64cbb s4-repl: add a debug to make it easier to monitor replication 2009-09-15 18:45:41 -07:00
Andrew Tridgell
3cf73dfdbd s4-repl: fall back to repsFrom if repsTo not set 
Windows does not seem to be always setting up repsTo using
DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo
is empty. This is almost certainly incorrect, but it does get
notification based replication working with both w2k3 and w2k8.
 2009-09-14 09:41:52 -07:00
Andrew Tridgell
55a9ea2b33 s4-repl: added a preiodic notification check to the repl task 
The dreplsrv_notify code checks the partition uSN values every N
seconds, and if one has changed then it sends a DsReplicaSync to all
the replication partners listed in the repsTo attribute for the
partition.
 2009-09-13 16:40:37 -07:00
Andrew Tridgell
ca6e15f2f9 s4-repl: fixed memory leaks 
These memory leaks were mostly caused by the fact that
refresh_partitions is now called periodically
 2009-09-12 15:22:26 +10:00
Andrew Tridgell
bd7cf6988e s4-repl: refresh the partitions on each cycle 
The KCC might have changed repsFrom, which is stored in the partitions
structure
 2009-09-11 22:47:11 +10:00
Andrew Tridgell
741fe9d6a1 s4-repl: don't add the RDN if it is already there 2009-09-11 18:02:04 +10:00
Andrew Tridgell
88e2fbaf95 s4-drs: add the magic DRS SPNs on AddEntry 
When a DsAddEntry is used to create a nTDSDSA object we need to also
create the SPNs for the NTDS GUID in the servers machine account.
 2009-09-11 15:15:39 +10:00
Andrew Tridgell
25b68701c1 s4/repl: give a useful error message if we can't decode an object 2009-09-10 17:42:36 +10:00
Andrew Tridgell
8640293fab s4/repl: implement DsReplicaSync 
This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.

This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.
 2009-09-09 18:04:07 +10:00
Andrew Tridgell
939b936d1a s4/repl: added refresh of repsTo 
I've found that w2k3 deletes the repsTo records we carefully created
in the vampire join if we don't refresh them frequently. After about
30mins all 3 repsTo records are gone.

This patch adds automatic refresh of the repsTo by calling
DSReplicaUpdateRefs every time we do a sync cycle with the server
 2009-09-09 17:04:16 +10:00
Stefan Metzmacher
5ef601e5eb s4:drsuapi: add an incomplete DsAddEntry implementation 
metze
 2009-09-08 22:05:56 +02:00
Andrew Tridgell
e6257d94de add the the linked attributes elements to the repl structure 
This exposes the linked_attributes to the repl_meta_data module
 2009-09-03 18:36:08 +10:00
Andrew Tridgell
95fd3c8ee0 tell the server that we support linked attribute replication 2009-09-03 18:36:08 +10:00
Andrew Tridgell
a19ad21033 Wrap DRS changes in a transaction 
We should always apply a whole set of DRS changes or none of them. See
[MS-DRSR] 3.3.2
 2009-09-02 18:19:55 +10:00
Matthias Dieter Wallnöfer
df270cd796 s4: Correct renamed constants 2009-07-31 18:15:39 +02:00
Andrew Tridgell
0aec87454b decrypt all objects in a DRS record, not just the first one 
We found this as an object came across from w2k3 with zero values,
which caused a segv when we tried to decrypt the first value
 2009-07-02 15:33:01 +10:00
Andrew Bartlett
872cb0257c Move DRSUAPI per-attribute decryption into a common file 
This file (contining metze's decryption routines) is now also be used by
Samba3's DRSUAPI implementation

Andrew Bartlett
 2009-04-14 14:19:39 +10:00
Stefan Metzmacher
1441e87e24 s4:service_task: s/private/private_data 
metze
 2009-02-02 13:08:59 +01:00
Simo Sorce
380874ef86 Fix the mess with ldb includes. 
Separate again the public from the private headers.

Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
 2009-01-30 01:02:03 -05:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs 
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
 2008-12-29 20:46:40 +01:00
Andrew Bartlett
6488afaafe Now store the GUID and SID from a DN over DRSUAPI into ldb. 
Until the extended DN work was compleated, there was no way to store
the additional metadata.

Andrew Bartlett
 2008-12-20 14:44:39 +11:00
Günther Deschner
dd49f7483b s4-drsuapi: merge drsuapi_DsGetNCChanges from s3 drsuapi idl. 
Guenther
 2008-10-18 23:06:39 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. 
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
 2008-09-23 18:17:46 -04:00
Stefan Metzmacher
75f594b285 drsuapi: fix samba4 callers after drsuapi.idl changes 
metze
(This used to be commit 4b054cee51)
 2008-08-20 15:22:05 +02:00
Stefan Metzmacher
8275d511bc drsuapi: fix callers after idl change 
metze
(This used to be commit 7dee6fb62d)
 2008-08-07 19:15:58 +02:00
Michael Adam
f9e6197924 dsdb: teach dreplsrv_out_drsuapi_bind_recv() knowledge of DsBindInfo48. 
To make it work against w2k8.

Michael
(This used to be commit a8aea92741)
 2008-07-23 15:36:13 +02:00
Michael Adam
7fba6c649b Change occurrences of the u1 member of DsBindInfo* to pid after idl change. 
Michael
(This used to be commit b91bbc5fe4)
 2008-07-22 15:35:23 +02:00
Stefan Metzmacher
f0e44c35af drsuapi: make use of the 'more_data' field in DsGetNCChangesCtr[1|6] 
metze
(This used to be commit 35c7fa470a)
 2008-07-16 14:42:11 +02:00
Stefan Metzmacher
f3fae86549 drsuapi: check ctr6->drs_error 
metze
(This used to be commit 511847f5f5)
 2008-07-16 14:42:11 +02:00
Stefan Metzmacher
a24fb2b537 drsuapi: get ctr6 out of xpress compressed level 
metze
(This used to be commit 4e0708148a)
 2008-07-16 14:42:06 +02:00
Stefan Metzmacher
c88ec856bd drsuapi.idl: remove some unknows from DsGetNCChanges() (update samba4 callers) 
metze
(This used to be commit d41b3dd6ff)
 2008-06-30 17:40:01 +02:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly. 
(This used to be commit b4e1ae07a2)
 2008-04-17 12:23:44 +02:00
Andrew Bartlett
0f8eeb81ec Remove useless layer of indirection, where every service called 
task_service_init() manually.  Now this is called from service.c for
all services.

Andrew Bartlett
(This used to be commit 9c9a4731ca)
 2008-02-04 21:58:29 +11:00
Andrew Bartlett
23d681caf9 Rework service init functions to pass down service name. This is 
needed to change prefork behaviour based on what service is being
started.

Andrew Bartlett and David Disseldorp
(This used to be commit 0d830580e3)
 2008-02-04 17:48:51 +11:00
Andrew Bartlett
dc08079d81 Get more information from ldb when reporting a failed replication. 
Andrew Bartlett
(This used to be commit 948ee9b7ac)
 2008-01-23 15:44:02 +11:00
Jelmer Vernooij
df408d056e r26672: Janitorial: Remove uses of global_loadparm. 
(This used to be commit 18cd08623e)
 2008-01-05 13:06:03 -06:00
Jelmer Vernooij
9d136bc0a3 r26640: Janitorial: Remove some more uses of global_loadparm. 
(This used to be commit c863f4ebde)
 2008-01-01 19:57:01 -06:00
Jelmer Vernooij
7d5f0e0893 r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange. 
(This used to be commit 2f29f80e07)
 2008-01-01 16:12:15 -06:00
Jelmer Vernooij
86dc05e99f r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob(). 
(This used to be commit 61ad78ac98)
 2008-01-01 16:12:11 -06:00
Jelmer Vernooij
0500b87092 r26540: Revert my previous commit after concerns raised by Andrew. 
(This used to be commit 6ac86f8be7)
 2007-12-21 05:52:06 +01:00
Jelmer Vernooij
3e75f222bc r26539: Remove unnecessary statics. 
(This used to be commit e53e79eebe)
 2007-12-21 05:52:05 +01:00
Jelmer Vernooij
4c4323009f r26327: Explicit loadparm_context for RPC client functions. 
(This used to be commit eeb2251d22)
 2007-12-21 05:48:41 +01:00
Jelmer Vernooij
da0f222f43 r26271: Remove some more uses of global_loadparm. 
(This used to be commit e9875fcd56)
 2007-12-21 05:47:53 +01:00
Jelmer Vernooij
43696d2752 r26252: Specify loadparm_context explicitly when creating sessions. 
(This used to be commit 7280c1e941)
 2007-12-21 05:47:29 +01:00
Jelmer Vernooij
291ddf4336 r26237: Add loadparm context to the server service interface. 
(This used to be commit 1386c5c925)
 2007-12-21 05:47:15 +01:00
Jelmer Vernooij
51db4c3f3d r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack. 
(This used to be commit ba75f1613a)
 2007-12-21 05:47:05 +01:00
Jelmer Vernooij
f4a1083cf9 r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack. 
(This used to be commit 0721a07aad)
 2007-12-21 05:47:04 +01:00
Stefan Metzmacher
529763a9aa r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers) 
lib/messaging/
lib/registry/
lib/ldb-samba/
librpc/rpc/
auth/auth_winbind.c
auth/gensec/
auth/kerberos/
dsdb/repl/
dsdb/samdb/
dsdb/schema/
torture/
cluster/ctdb/
kdc/
ntvfs/ipc/
torture/rap/
ntvfs/
utils/getntacl.c
ntptr/
smb_server/
libcli/wrepl/
wrepl_server/
libcli/cldap/
libcli/dgram/
libcli/ldap/
libcli/raw/
libcli/nbt/
libnet/
winbind/
rpc_server/

metze
(This used to be commit 6223c7fddc)
 2007-12-21 05:45:02 +01:00
Jelmer Vernooij
60a1046c5c r25430: Add the loadparm context to all parametric options. 
(This used to be commit fd697d77c9)
 2007-10-10 15:07:31 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions. 
(This used to be commit 3fcc960839)
 2007-10-10 15:07:25 -05:00
Jelmer Vernooij
98b57d5eb6 r25035: Fix some more warnings, use service pointer rather than service number in more places. 
(This used to be commit df9cebcb97)
 2007-10-10 15:05:43 -05:00
Jelmer Vernooij
ffeee68e4b r25026: Move param/param.h out of includes.h 
(This used to be commit abe8349f9b)
 2007-10-10 15:05:38 -05:00
Stefan Metzmacher
f14bd1a90a r24557: rename 'dcerpc_table_' -> 'ndr_table_' 
metze
(This used to be commit 84651aee81)
 2007-10-10 15:02:15 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3 
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
 2007-10-10 14:59:12 -05:00
Stefan Metzmacher
40cd2d7780 r22944: fix bug #4618: 
rename private -> private_data

metze
(This used to be commit 58551f2f28)
 2007-10-10 14:52:30 -05:00
Stefan Metzmacher
5d2f325f83 r22508: at option for the startup delay 
metze
(This used to be commit 09da9f6490)
 2007-10-10 14:51:35 -05:00
Stefan Metzmacher
023e245187 r22472: Commit the start of the DRSUAPI pull replication service. 
It doesn't work completely yet because we aren't able to
resolve DNS SRV records. And also we also need a kdc locator
plugin...

But with some hacks the pull replication works fine

metze
(This used to be commit 0dc78f7439)
 2007-10-10 14:51:30 -05:00
Stefan Metzmacher
f19637f957 r21859: add a comment why we remove the rid_crypt obfuscation 
metze
(This used to be commit e44b6df138)
 2007-10-10 14:49:37 -05:00
Stefan Metzmacher
41c5453507 r21839: add my email address 
metze
(This used to be commit e3be33c1d9)
 2007-10-10 14:49:35 -05:00
Stefan Metzmacher
3e697d5110 r21773: fix typo orginating -> originating 
and use the struct member names in all cases

metze
(This used to be commit c543ee5745)
 2007-10-10 14:49:24 -05:00
Stefan Metzmacher
e4d2c67467 r21359: remove the rid encryption before storing the password hashes 
We decided to store them plain in our ldb

metze
(This used to be commit ff13b21102)
 2007-10-10 14:48:19 -05:00
Stefan Metzmacher
42598ada22 r21296: remove the session specific encryption from the attributes 
before storing them.

metze
(This used to be commit 7146e265a4)
 2007-10-10 14:48:04 -05:00
Stefan Metzmacher
9bdb49455a r21282: we only need one for loop... 
metze
(This used to be commit 181b3a031f)
 2007-10-10 14:44:59 -05:00
Stefan Metzmacher
e38fad186f r21281: move constinancy checks to the beginning of the function 
metze
(This used to be commit f2af44d204)
 2007-10-10 14:44:58 -05:00
Stefan Metzmacher
ea57190d25 r20978: 300 seconds as interval is ok, when we do nothing 
metze
(This used to be commit 4d6629c683)
 2007-10-10 14:44:16 -05:00
Stefan Metzmacher
9142a00cb7 r20977: start the 'drepl' service, which currently does nothing by default, 
but make it less verbose

metze
(This used to be commit f7e82a0c94)
 2007-10-10 14:44:16 -05:00
Stefan Metzmacher
faa9c2374c r20974: add basic infrastructure for a DSDB replication service 
not activated yet...

it will handle inbound pull replication and outbound change notification

metze
(This used to be commit 15eae968b8)
 2007-10-10 14:44:06 -05:00
Stefan Metzmacher
abeb80b77f r20767: don't pass a dsdb_schema to dsdb_extended_replicated_objects_commit() 
anymore it should use the dsdb_schema attached to the ldb_context
via dsdb_get_schema()

metze
(This used to be commit efa31bbc37)
 2007-10-10 14:40:49 -05:00
Stefan Metzmacher
43063d5b14 r20733: add a function to load the oid mappings from ldb_val's 
metze
(This used to be commit b7f681a8a1)
 2007-10-10 14:40:34 -05:00
Stefan Metzmacher
21729fff11 r20729: add a version number to struct dsdb_extended_replicated_objects 
metze
(This used to be commit 2e79863d54)
 2007-10-10 14:40:33 -05:00
Stefan Metzmacher
7ff19c935d r20726: - only add the rdn attribute and it's meta_data when the 'name' attribute is there 
- add the values for objectGUID and whenChanged inside the ldb module,
  so that the ldb module has only replicated attributes as input

metze
(This used to be commit 0ecb07e052)
 2007-10-10 14:40:32 -05:00
Stefan Metzmacher
18f8180469 r20709: pass a repsFromTo1 struct down as it contains all needed info for the source dsa 
and the highwater mark vector

metze
(This used to be commit a31e017e53)
 2007-10-10 14:40:29 -05:00
Stefan Metzmacher
ffa259f4a4 r20705: store the "replUpToDateVector" attribute in DSDB_EXTENDED_REPLICATED_OBJECTS 
metze
(This used to be commit c9e7a58f6a)
 2007-10-10 14:40:28 -05:00
Stefan Metzmacher
fbba1b39d4 r20682: make the dsdb_extended_replicated_objects_commit() interface a bit more useful, 
so that we can apply the schema partition objects with one call

metze
(This used to be commit 165ff94b8a)
 2007-10-10 14:40:21 -05:00
Stefan Metzmacher
513a43fc23 r20680: prepare the helper functions for applying replicated objects 
to pass all needed info to the repl_meta_data module

metze
(This used to be commit d5db31cde2)
 2007-10-10 14:40:21 -05:00
Stefan Metzmacher
eccb2d16df r20629: add a wrapper function for ldb_extended(ldb, DSDB_EXTENDED_REPLICATED_OBJECTS_OID, out, &ext_res); 
which prepares the replicated objects, the repl_meta_data ldb module
will then add the uSNCreated, uSNChanged and some other things and will apply
the objects to the partition specific ldb

metze
(This used to be commit 48d568a75b)
 2007-10-10 14:37:17 -05:00