1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1916 Commits

Author SHA1 Message Date
Andrew Tridgell
a31c711ba7 s4-drs: allow getncchanges requests to non WRIT_REP partitions for extended ops
Needed for RID allocation

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26 19:06:07 +10:00
Andrew Tridgell
159de40b0b s4-drepl: don't send an UpdateRefs unless its a plain replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26 19:06:06 +10:00
Andrew Tridgell
267e0b3616 s4-drs: make links to foreign partitions non-fatal
DN links outside the set of partitions we are replication should be
allowed.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26 19:06:06 +10:00
Matthieu Patou
c88b83b7c1 s4 dns: Allow to specify static grant entries to be added to the dynamicaly generated named.conf.update
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-04-24 14:09:10 +02:00
Andrew Tridgell
bb1ba4ff76 s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22 19:36:16 +10:00
Andrew Tridgell
1f92df90fd s4-drs: removed dsdb_validate_client_flags()
This test is in the wrong place. We end up validating our own flags.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22 19:36:16 +10:00
Andrew Tridgell
0d3823b152 s4-dsdb: removed an unused variable 2010-04-22 19:36:16 +10:00
Andrew Tridgell
a06b537cc3 s4-dsdb: added dsdb_validate_invocation_id()
this validates that a invocationID matches an account sid

This will be used to ensure that we don't allow DRS replication
from someone a non-DC or administrator

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22 19:36:16 +10:00
Andrew Tridgell
1ecefd74a2 s4-dsdb: added dsdb_get_extended_dn_sid()
This will be used by the RODC code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22 19:36:15 +10:00
Andrew Tridgell
70cc9fd5c6 s4-dsdb: moved rodc schema validation to samldb.c
This means we are only doing the checks for schema changes

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
73513fb7e7 s4-drs: Use new samdb_rodc() function in s4 code
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
59aa0a07d2 s40-drs: Do not send GetNCChanges messages to RODCs
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
fbdbd67c76 s4-drs: dsdb_validate_client_flags() function
This function is intended to check if some client is not lying about
his flags. At this moment, it only checks for RODC flags.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
57bcdf008f s4-drs: samdb_is_rodc() function and new samdb_rodc() function
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
c023fc217e s4-drs: Do not allow system-critical attributes to be RODC filtered
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:14 +10:00
Andrew Bartlett
47e7e48746 s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs
The SIDs in some queries were not being passed as binary, but as
strings in comparison with the securityIdentifer object.  We need to
recognise that these are SIDs in the simple_ldap_map.

Andrew Bartlett
2010-04-22 18:37:19 +10:00
Andrew Bartlett
cbb818222a s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
This is rather than rdn_name, which tries to do the job on the client
side.  We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).

Andrew Bartlett
2010-04-22 18:37:18 +10:00
Andrew Bartlett
9eacde808e s4:dsdb Revert accidentilly commited change for LDAP backends
In the future, LDAP backends will be resposible for maintaining the
'name' attributes.

Andrew Bartlett
2010-04-22 18:37:18 +10:00
Andrew Tridgell
2dcc84432e s4-schema: allow revision numbers of zero
w2k8r2 sends a revision of zero in the initial schema replication
during a net vampire

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21 13:35:56 +10:00
Andrew Bartlett
ea5cf7ce05 s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.

Andrew Bartlett
2010-04-20 12:11:18 +10:00
Matthias Dieter Wallnöfer
e0d6f1a6da s4:dsdb/dns/dns_update.c - fix a typo 2010-04-17 20:42:37 +02:00
Nadezhda Ivanova
eef184301a s4:Replaced dsdb_get_dom_sid_from_ldb_message() with samdb_result_dom_sid() 2010-04-16 14:28:35 +03:00
Stefan Metzmacher
a7f8c197ad s4:rootdse: only return "tokenGroups", when the client asked for them
metze
2010-04-15 19:02:26 +02:00
Jelmer Vernooij
13bbfa3fca pydsdb: Fix memory leak on invalid parameters, formatting, trivial
typos.
2010-04-15 18:45:41 +02:00
Matthieu Patou
d784ecec55 s4 python: Add a function to get the oid of an attribute when the attid is known
This function is mainly to help decoding replPropertyMetaData in python

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-04-15 18:45:41 +02:00
Matthias Dieter Wallnöfer
34ff1c6944 s4:samdb_server_site_name - fix indentation 2010-04-13 15:40:43 +02:00
Matthias Dieter Wallnöfer
a894d6cc37 s4:acl/descriptor LDB module - distinguish between root and default basedn
The first is the forest base DN, the second the domain base DN. At the moment
we assume that they are both the same but it hasn't to be so.

Nadia, I would invite you to fix the outstanding parts regarding this (I added
comments).
2010-04-13 09:32:34 +02:00
Matthias Dieter Wallnöfer
719a46913b s4:dsdb/common/util.c - add a call which determines centrally the forest DNS domainname 2010-04-13 09:32:33 +02:00
Matthias Dieter Wallnöfer
c116d80053 s4:remove "samdb_root_dn", "samdb_base_dn", "samdb_config_dn" and "samdb_schema_dn"
They aren't needed anymore.
2010-04-13 08:57:07 +02:00
Matthias Dieter Wallnöfer
ad9e407357 Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
2010-04-13 08:55:15 +02:00
Matthias Dieter Wallnöfer
8e4c34880a s4:objectclass LDB module - remove a unneeded newline 2010-04-13 08:24:09 +02:00
Matthias Dieter Wallnöfer
98ce053efd s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions
Purely cosmetic change.
2010-04-12 18:49:01 +02:00
Jelmer Vernooij
3a34b5f35e subunit: Remove more test output that could be interpreted by subunit. 2010-04-11 20:57:33 +02:00
Jelmer Vernooij
7da94cc4a6 subunit: Support formatting compatible with upstream subunit, for consistency.
Upstream subunit makes a ":" after commands optional, so I've fixed any
places where we might trigger commands accidently. I've filed a bug
about this in subunit.
2010-04-11 20:57:33 +02:00
Matthias Dieter Wallnöfer
568ca2433d s4:samdb_server_site_dn - free unused DNs in the right way 2010-04-11 13:20:44 +02:00
Andrew Bartlett
77267733ed s4:dsdb Don't use the permissive modify control on schemaInfo updates
The use of 'replace' is enough to wipe out the old value, whatever it
is, we don't need to set 'permissive modify' too.

Additionally, this seems to be causing trouble for the OpenLDAP backend

Andrew Bartlett
2010-04-10 21:41:57 +10:00
Andrew Bartlett
5ebeab3794 s4:dsdb Don't return operational attributes on special DNs 2010-04-10 21:41:02 +10:00
Andrew Bartlett
6ef167c37b s4:rootdse Implement "tokenGroups" in the rootDSE
This returns the currently connected user's full token.  This is very
useful for debugging, and should be used in ACL tests.

Andrew Bartlett
2010-04-10 21:41:02 +10:00
Andrew Bartlett
944dc2cb0b s4:dsdb Improve error message in extended_dn_in
This error occours when an extended DN cannot be resolved, so it's
most helpful to print the problematic extended DN.

Andrew Bartlett
2010-04-10 21:41:01 +10:00
Andrew Bartlett
4074739fe7 s4:schema Try to fix OpenLDAP backend after schema reload support.
If we can't get @REPLCHANGED, default to a value of 0.

Andrew Bartlett
2010-04-10 21:40:59 +10:00
Kamen Mazdrashki
8149094edd s4/dsdb: Set schemaInfo attribute value during provisioning
After provisioning new Forest, schemaInfo should be set
to a value with revision=1 and current invocation_id
2010-04-09 12:21:34 +03:00
Kamen Mazdrashki
4ba2ac073d s4/dsdb: split writing of schemaInfo blob in two parts
ldb_msg preparation is moved into separate function
so that it can be used for implementing schemaInfo
updates both on module stack (dsdb_module_... functions)
and directly on ldb_context
2010-04-09 12:21:33 +03:00
Kamen Mazdrashki
fbef33fb73 s4/dsdb: Let caller to control if valid invocationId is critical or zero-guid is acceptable 2010-04-09 12:21:33 +03:00
Kamen Mazdrashki
5363b6e68b s4/dsdb: Use dsdb_schema_info object to create default schemaInfo values 2010-04-09 12:21:32 +03:00
Kamen Mazdrashki
c3d7798991 s4/dsdb: Use dsdb_schema_info object to verify schema_info blobs 2010-04-09 12:21:31 +03:00
Kamen Mazdrashki
15921b669e s4/waf: add new files to WAF build 2010-04-09 12:21:31 +03:00
Kamen Mazdrashki
6d439afbf7 s4/samldb: schemaInfo attribute must be updated when adding new Schema object 2010-04-09 12:21:30 +03:00
Kamen Mazdrashki
9d1f8bcca9 s4/dsdb: dsdb_schema_info object implementation 2010-04-09 12:21:26 +03:00
Kamen Mazdrashki
37a6b66344 s4/dsdb: Define dsdb representation for schemaInfo attribute 2010-04-09 12:21:25 +03:00
Jelmer Vernooij
57ac0a6042 s4-python: Move load_partition_usn to dsdb module. 2010-04-08 23:20:36 +02:00
Endi S. Dewata
5d5fc92c69 s4:dsdb - Handle INVALID_DN_SYNTAX from OpenLDAP in dsdb_module_load_partition_usn().
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-04-08 22:59:10 +02:00
Jelmer Vernooij
2578072541 s4-python: Move set_global_schema to pydsdb. 2010-04-08 12:21:35 +02:00
Jelmer Vernooij
21ab06f8a2 s4-python: Move samdb_ntds_objectGUID to pydsdb. 2010-04-07 17:39:59 +02:00
Jelmer Vernooij
ae97613499 s4-python: Move set_opaque_integer to pyldb. 2010-04-06 13:12:43 +02:00
Andrew Tridgell
7d34210772 s4-waf: added python_dsdb from merge with master 2010-04-06 20:27:26 +10:00
Andrew Tridgell
553324bc10 s4-waf: move to a universal method of recursing into subdirs
This works with both standalone lib builds and bundled builds
2010-04-06 20:27:25 +10:00
Andrew Tridgell
b690fedef5 s4-waf: removed the AUTOGENERATED markers
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
01682f797f s4-waf: fixed some deps now we don't auto-include tevent and replace
this is preparation for being able to use system versions of these
libraries
2010-04-06 20:27:12 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
844acb2260 build: waf quicktest nearly works
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00
Andrew Tridgell
8f1b809d2c build: nearly there on samba4 build 2010-04-06 20:26:47 +10:00
Andrew Tridgell
9129c3b3b6 build: fixes from ita 2010-04-06 20:26:40 +10:00
Andrew Tridgell
c7ea3e6fbf build: source= is clearer for source lists 2010-04-06 20:26:39 +10:00
Andrew Tridgell
07eeed33f6 build: heimdal_build waf support
heimdal now mostly builds
2010-04-06 20:26:38 +10:00
Jelmer Vernooij
55aeb682ba s4-python: Move dsdb_convert_schema_to_openldap to dsdb. 2010-04-04 00:42:52 +02:00
Jelmer Vernooij
2a67eda98f s4-python: Move set_opaque_integer -> dsdb. 2010-04-04 00:40:01 +02:00
Jelmer Vernooij
8afd52a641 s4-python: Move samdb_server_site_name to dsdb module. 2010-04-04 00:21:09 +02:00
Jelmer Vernooij
31a517e172 s4-python: Move dsdb constants to a separate python module. 2010-04-04 00:14:23 +02:00
Eduardo Lima
af807758e8 s4-drs: replmd_delete with the 3 stage deletion recycle bin 2010-03-26 16:50:48 +11:00
Fernando J V da Silva
8e1d947787 s4-drs: If we are a RODC then do not send DSReplicaSync messages 2010-03-25 15:02:19 +11:00
Matthias Dieter Wallnöfer
6a63c38c12 s4:ldb_modules/util.c - fix two counter variables to be "unsigned" 2010-03-23 00:16:18 +01:00
Andrew Bartlett
f8019ff793 s4:dsdb Add a shortcut sequence number for schema reloads
This uses the ldb sequence number, in a hope to detect an unchanged
schema quicker.

Andrew Bartlett
2010-03-22 20:24:41 +11:00
Andrew Bartlett
fe3e1af901 s4:dsdb Rework schema loading and add schema reloading
This commit reworks Samba4's schema loading code to detect when it
needs to reload the schema.  This is done by watching the @REPLCHANGED
special DN.

The reload happens by means of a callback, which is only set when the
schema is loaded from the ldb - not when loaded from an LDIF file or
DRS.

We also rework the global schema handling - instead of storing the
pointer to the global schema in each ldb, we store a flag indicating
that the global schema should be returned at run time.  This makes it
much easier to switch to a new global schema.

Andrew Bartlett
2010-03-22 20:24:41 +11:00
Andrew Bartlett
d0b54476fc s4:dsdb Move dsdb_save_partition_usn() to be a module helper function
This function should not traverse the module stack again, but instead
run from this point.  Also add a matching
dsdb_module_load_partition_usn() and change repl_meta_data to match.

Andrew Bartlett
2010-03-22 20:24:41 +11:00
Andrew Bartlett
639728a298 s4:schema Expand the schema structure
We now store the location of the schema in the schema, and provide
hooks for a future schema reloading mechanism.

Andrew Bartlett
2010-03-22 20:24:41 +11:00
Andrew Bartlett
7fc94eb9a7 s4:dsdb Add 'const' to some struct dsdb_schema variables
We don't currently require this, but we may move this way in future.
2010-03-22 20:24:40 +11:00
Andrew Bartlett
fc5a507a86 s4:dsdb Don't load the schema unconditionally
Schema loads now come at a price, so avoid doing them if we don't have
to (such as when doing an @REPLCHANGED or other special DN based
search).

Andrew Bartlett
2010-03-22 20:24:40 +11:00
Andrew Bartlett
6de83ef627 s4:dsdb Move rdn_name down the stack
This is done so that it can be (in future) removed when the OpenLDAP
backend is in use and the rdn_val module is used, while keeping as
similar semantics as possible between the module stacks.

Andrew Bartlett
2010-03-18 22:05:38 +11:00
Matthias Dieter Wallnöfer
c3509d88a4 s4:resolve_oids LDB module - not really a change but a nicer method to call "talloc_reference" 2010-03-16 15:01:45 +01:00
Matthias Dieter Wallnöfer
d7de3fa799 s4:dsdb - fix up warnings 2010-03-16 09:50:39 +01:00
Andrew Bartlett
e3cb626c61 s4:dsdb Show more detail in failure to compute the aggregate DN.
Andrew Bartlett
2010-03-16 19:26:09 +11:00
Andrew Bartlett
2de07761e0 s4:dsdb Change dsdb_get_schema() callers to use new talloc argument
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.

Andrew Bartlett
2010-03-16 19:26:03 +11:00
Andrew Bartlett
bf0b4d7ee3 s4:dsdb Fix warnings in DEBUG() by casting to unsigned long int 2010-03-16 19:26:02 +11:00
Andrew Bartlett
a7ec946ced s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context
dsdb_get_schema() isn't a very cheap call, due to the use of LDB
opaque pointers.  We need to call it less, and instead pass it as a
parameter where possible.

This also changes to the new API with a talloc context.

Andrew Bartlett
2010-03-16 19:25:55 +11:00
Andrew Bartlett
1e6fee4185 s4:dsdb Add a memory context for dsdb_get_schema()
When specified, we talloc_reference onto this context to ensure that
pointers found in it are valid for the life of the objects they are
placed into.  (Such as the string form of LDAP attributes).

Andrew Bartlett
2010-03-16 19:25:14 +11:00
Andrew Bartlett
c874b9f42e s4:dsdb Don't error out if we can't get the Aggregate schema DN yet
It's easier to just set it up when we can, then to deal with the
ordering issues in ldb startup.  As long as we have it ready if a real
client ever asks for it, then we should be happy.

Andrew Bartlett
2010-03-16 19:25:14 +11:00
Matthias Dieter Wallnöfer
559575fe40 s4:dsdb/kcc/*.c - fix up wrong typed counters 2010-03-16 08:49:22 +01:00
Erick Nogueira do Nascimento
81932f9148 s4-drs: DsGetReplInfo(), infoType = DS_REPL_INFO_METADATA_2_FOR_OBJ
Implementation of the DS_REPL_INFO_METADATA_2_FOR_OBJ infoType for DsGetReplInfo()

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-03-16 13:31:08 +11:00
Matthias Dieter Wallnöfer
b3f727e6a5 s4:util.c - "dsdb_check_optional_feature" - counter should be "unsigned" 2010-03-12 18:56:44 +01:00
Stefan Metzmacher
77fb700e20 s4:dsdb/repl: make use of use tevent_req based dcerpc_binding_handle stubs
metze
2010-03-12 15:25:41 +01:00
Crístian Deives
a0527dd790 use unsigned instead of uint32_t for LDB counters.
the attribute num_values of the struct ldb_message_element is defined as
an unsigned int, so the counters of that variable should be of the same
type.
2010-03-12 16:31:20 +11:00
Crístian Deives
208e2801b4 nTDSConnection creation
create nTDSConnection objects to "imply" the minimum-cost spanning tree edges
for which no nTDSConnection objects yet exist. it also adds a test function in
kcc_connection so the kcctpl functions can be called. this patch is in accord
with the sections [MS-ADTS] 7.2.2.3.4.2 and 7.2.2.3.4.5.
2010-03-12 16:31:20 +11:00
Crístian Deives
6e20906f42 spanning tree computation
calculate the spanning tree for the intersite connection. this patch is in
accord with the section [MS-ADTS] 7.2.2.3.4.4.
2010-03-12 16:31:20 +11:00
Crístian Deives
b70df94f62 new function kcctpl_color_vertices
besides the new function implemented, some minor bugs were also fixed.  this
patch is in accord with the section [MS-ADTS] 7.2.2.3.4.3.
2010-03-12 16:31:20 +11:00
Eduardo Lima
7b20ad99d6 s4-drs: check if an optional feature is enabled 2010-03-12 16:31:20 +11:00
Nadezhda Ivanova
be79f572ed Split the dsdb_access_check_on_dn.
Split the dsdb_access_check_on_dn so it can be reused for checks
from both within the module stack and outside it.
2010-03-12 03:13:51 +02:00
Nadezhda Ivanova
4b256c6d8e Fixed ACL module to use dsdb_module_* API. 2010-03-12 02:21:16 +02:00
Nadezhda Ivanova
222b955237 Moved access_check_on_dn from acl module as an utility.
Made this an utility function so it can be used for access checking
outside of the acl ldb module, such as checking validated writes and
control access rights in other protocols (e. g drs)
2010-03-12 00:20:15 +02:00
Kamen Mazdrashki
9f21787131 s4/drs: DsGetNCChanges - Propagating IDL changes to source code
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-10 17:11:57 +01:00
Nadezhda Ivanova
deebbe7cfa A helper function to get the Infrastructure DN. 2010-03-09 14:56:46 +02:00
Nadezhda Ivanova
f742623b7b Added a check for permissions to modify the RDN attribute on rename.
Necessary because rdn module will be moved lower than acl in the stack.
2010-03-09 13:07:18 +02:00
Stefan Metzmacher
ec53a0ca5a s4:dsdb/dns: change callers of samba_runcmd()
metze
2010-03-09 21:49:45 +11:00
Matthias Dieter Wallnöfer
85598be1f9 s4:extended_dn_out LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 20:18:10 +01:00
Matthias Dieter Wallnöfer
632adf7328 s4:repl_meta_data LDB module - change counter variables to "unsigned" where appropriate
I used "unsigned int" counters where we count LDB objects (LDB specification
prescribes to use "unsigned" index variables).
But on DSDB replication object counters I used "uint32_t" typed variables as it
is suggested.
If a counter variable counts both types of objects I used "unsigned int" since
size(unsigned int) >= size(uint32_t), but on most platforms equal.
2010-03-07 20:18:10 +01:00
Matthias Dieter Wallnöfer
3bb3667b43 s4:local_password LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 20:18:10 +01:00
Matthias Dieter Wallnöfer
6997185e36 s4:ranged_results LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:20:05 +01:00
Matthias Dieter Wallnöfer
a973d9eedb s4:objectguid LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:20:04 +01:00
Matthias Dieter Wallnöfer
cd43dd04af s4:objectclass LDB module - change counter variabls to "unsigned" where appropriate 2010-03-07 19:20:03 +01:00
Matthias Dieter Wallnöfer
2932df57ae s4:anr LDB module - change counter variable to "unsigned" 2010-03-07 19:20:03 +01:00
Matthias Dieter Wallnöfer
77e1497a7b s4:acl LDB module - change counter variable to "unsigned" 2010-03-07 19:20:02 +01:00
Matthias Dieter Wallnöfer
f9f7199250 s4:linked_attributes LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:20:01 +01:00
Matthias Dieter Wallnöfer
049f9d3c1a s4:kludge_acl LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:19:50 +01:00
Matthias Dieter Wallnöfer
4ad912d2da s4:proxy LDB module - Change counter variables to "unsigned" where appropriate
Use "size_t" when counting string index positions.
2010-03-07 19:19:26 +01:00
Matthias Dieter Wallnöfer
90e236544f s4:schema_data LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:12:30 +01:00
Matthias Dieter Wallnöfer
ad7dd1cf71 s4:resolve_oids LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:11:48 +01:00
Matthias Dieter Wallnöfer
b85b9b364f s4:rootdse LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:11:03 +01:00
Matthias Dieter Wallnöfer
d1dd0a560c s4:partition LDB module - change counter variables to "unsigned" where appropriate 2010-03-07 19:10:00 +01:00
Matthias Dieter Wallnöfer
5a54b204c3 s4:schema - Change also here counters to "unsigned" where needed
Counters which are used in the way  "for (i = 0; array[i] != NULL; i++)" I
modified to "unsigned" since for sure we don't want to have negative array
indexes there.
2010-03-07 19:01:15 +01:00
Matthias Dieter Wallnöfer
bd5f08f3d1 s4:schema_syntax.c - Change also here counters to "unsigned" where needed
Counters which are used in the way  "for (i = 0; array[i] != NULL; i++)" I
modified to "unsigned" since for sure we don't want to have negative array
indexes there.

There were many counter variables typed "uint32_t". This isn't fully correct
since those count LDB objects. The amount is saved in a "num_*" variable which
is "unsigned" without a bitlength specification. Therefore change also these
counters to be plain "unsigned".
2010-03-07 19:00:32 +01:00
Matthias Dieter Wallnöfer
61ae4be256 s4:dsdb/util - Change also here counters to "unsigned"
No need to have "signed" counters at those places.
2010-03-05 18:30:08 +01:00
Matthias Dieter Wallnöfer
3ec4c643a4 s4:repl - change also here the counter variables to "unsigned"
I changed also some "uint32_t" to "unsigned" since the LDB interface doesn't
specify the bitlength of the unsigned type.
2010-03-05 18:28:35 +01:00
Matthias Dieter Wallnöfer
6f11818923 s4:kcc - Change some counter variables to be unsigned
The upper limits are unsigned variables therefore also the counter variables
need to be like that.
2010-03-05 13:38:01 +01:00
Matthias Dieter Wallnöfer
82c2448573 s4:samdb_privilege.c - Change two counter variables to unsigned
Also here in both cases the unsigned counter fits better than the signed one.
2010-03-05 13:38:00 +01:00
Matthias Dieter Wallnöfer
c695ce729b s4:cracknames - Change two counter variables to unsigned
In both cases the unsigned counter fits better:
- in the first one since we are counting LDB objects starting from 0
- in the second since we are counting an array starting from 0
2010-03-05 13:38:00 +01:00
Matthias Dieter Wallnöfer
8297302e98 s4:operational LDB - don't accidentally "ate" search helper attributes if we need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
2010-03-04 18:16:24 +01:00
Matthias Dieter Wallnöfer
ffa03820f1 s4:operational LDB module - make the counters unsigned
No need to have signed counters here.
2010-03-04 18:16:23 +01:00
Matthias Dieter Wallnöfer
bf94d68df8 s4:operational LDB - implement the "tokenGroups" constructed attribute
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.

References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
2010-03-04 18:16:23 +01:00
Matthias Dieter Wallnöfer
e34ee26169 s4:operational LDB module - use right memory context int "construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
2010-03-04 18:16:21 +01:00
Matthias Dieter Wallnöfer
fd00867e85 s4:samdb.c - Make it signed-safe
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
2010-03-03 20:15:25 +01:00
Stefan Metzmacher
0547af244a s4:drepl_out_helpers: don't look at the internals of 'struct rpc_request'
metze
2010-03-01 16:11:56 +01:00
Stefan Metzmacher
1955cde46c s4:drepl_notify: don't look at the internals of 'struct rpc_request'
metze
2010-03-01 16:11:56 +01:00
Stefan Metzmacher
c4e72add67 s4:dsdb/repl: make use of explicit dcerpc_*_recv functions
metze
2010-03-01 16:11:54 +01:00
Anatoliy Atanasov
b73437fbaa s4/rodc: Implement samdb_rodc with ldb context 2010-03-01 14:17:32 +02:00
Stefan Metzmacher
4bad696f9e s4:dsdb/schema: fix validation of DNs
ldb_dn_extended_filter() removes all but the listed components,
I didn't noticed that when writting the code.
Doing a ldb_dn_remove_extended_components(dn2) is wrong.

This was hidden by some bugs in the ldb_dn code.

metze
2010-02-26 23:26:32 +01:00
Andrew Tridgell
b0b857d6ca s4-dns: use a loadparm list for samba_runcmd() commands
This allows commands with multiple arguments and quoting to be used,
while still avoiding running a shell (and this having shell expansion
problems)
2010-02-26 18:19:27 +11:00
Andrew Tridgell
64911507a0 s4-dsdb: fixed the fetch of the server site name
when the ntds objects were moved by a recent change it broke the
calculation of the server site

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-26 13:22:12 +11:00
Matthias Dieter Wallnöfer
fc4c839bc8 s4:DNS update - change "i" to be unsigned
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:17:12 +11:00
Matthias Dieter Wallnöfer
0be57c7478 s4:partition DSDB module - Generate basic referrals
This is a first, very basic implementation of the referrals (more informations
at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12).

To have the full referral support (and to always point to the right host) the
full implementation using DNS will be needed (at the moment we always point to
the main DC which is referenceable through the DNS domainname).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:17:06 +11:00
Matthias Dieter Wallnöfer
cd5b542878 s4:partition DSDB module - change the search and domain scope control handling
The domain scope control is always removed, from the search one only the two
interesting flags (which are handled) and it is marked as non-critical.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:17:00 +11:00
Matthias Dieter Wallnöfer
0efa8f4fbb s4:SAMLDB module - ignore referrals
They don't cause any harm to our functionality - so ignore them were not needed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:16:46 +11:00
Matthieu Patou
00aeca7d7f dsdb: Add a more explicit error message for constructed attributes
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-24 14:50:30 +01:00
Kamen Mazdrashki
30ac3caade s4/drs: Propagate drsuapi_DsReplicaGetInfoRequest... changes into source code 2010-02-24 14:14:08 +02:00
Kamen Mazdrashki
99db858b15 s4/drs: Propagate drsuapi_DsReplicaSync changes in source base 2010-02-24 14:14:07 +02:00
Kamen Mazdrashki
fffdce62fc s4/schema: Move msDS-IntId implementation to samldb.c module
msDS-IntId attribute should be replicated, so it must be
implemented in a module that is before repl_meta_data module
(thanks abartlet for pointing this out).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-24 12:01:51 +11:00
Andrew Tridgell
7593b6d03b s4-dns: improved logging, and run name check at startup 2010-02-23 13:48:21 +01:00
Andrew Tridgell
61af327e5d s4-dns: call out to the dns update command every 10 minutes
This periodically calls samba_dnsupdate to update our DNS entries if
needed
2010-02-23 13:48:20 +01:00
Matthias Dieter Wallnöfer
280a8a70fd s4:operational LDB module - enable support for passing referrals through it 2010-02-21 21:44:39 +01:00
Matthias Dieter Wallnöfer
c16d4fb76d s4:partition DSDB module - Cosmetic fixups 2010-02-21 21:44:24 +01:00
Matthias Dieter Wallnöfer
461987bc26 s4:password_hash - Fix up request message pointers
For add requests we need the add request messages, for modify requests we need
the modify request messages.
2010-02-21 21:43:48 +01:00
Matthias Dieter Wallnöfer
eca8697d61 s4:dsdb/util.c - Use LDB result constants in some more helper functions
Always better to rely on the standards rather than on custom results.
2010-02-21 21:43:47 +01:00
Andrew Bartlett
a9d9447d5a s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.

The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.

Andrew Bartlett
2010-02-20 17:58:07 +11:00
Anatoliy Atanasov
0e8fe821c9 s4/drs:kccdrs_replica_get_info_obj_metadata implementation
Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl
The get_info_obj_metadata implementation is ported from implementation
i developed and tested at the samba io lab 2009
2010-02-17 18:03:31 +02:00
Andrew Tridgell
fd2556317f s4-dnsupdate: use samba_runcmd() in the dns update task
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-17 19:43:32 +11:00
Andrew Tridgell
eda16f2410 s4-kcc: remove a qsort() that snuck into the new topology code 2010-02-16 22:42:59 +11:00
Andrew Tridgell
018fb2d1ae s4-dsdb: return LDB_ERR_CONSTRAINT_VIOLATION on num_recs != 1
In a single record search, LDB_ERR_CONSTRAINT_VIOLATION is more useful
than the generic LDB_ERR_OPERATIONS_ERROR

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:52 +11:00
Andrew Tridgell
86f8ddf754 s4-samdb: use dsdb_search() in cracknames
greatly simplifies some of the cracknames code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:52 +11:00
Andrew Tridgell
6d65f4c647 s4-kcc: remove search_onelevel_with_deleted() in kcc
Use dsdb_search() instead

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:51 +11:00
Andrew Tridgell
b630530730 s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()
dsdb_find_dn_by_guid() now takes a struct GUID instead of a
guid_string. All the callers in fact wanted a struct GUID, so we now
avoid the extra conversion.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:51 +11:00
Andrew Tridgell
8f4a34272e s4-dsdb: replace dsdb_find_dn_by_guid() with a dsdb_search() call
much simpler code by using dsdb_flags

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:51 +11:00
Andrew Tridgell
e9be1fc41d s4-dsdb: change dsdb_search_dn_with_deleted() to dsdb_search_dn() with dsdb_flags
Allows for arbitrary controls
2010-02-16 21:10:51 +11:00
Andrew Tridgell
90203f87e7 s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags
This allows for controls to be added easily where they are needed.
2010-02-16 21:10:50 +11:00
Andrew Tridgell
c6d85d67f9 s4-dsdb: replace dsdb_modify_permissive() with dsdb_modify() and dsdb_flags 2010-02-16 21:10:50 +11:00
Andrew Tridgell
67950c27e4 s4-dsdb: move dsdb_request_add_controls() into dsdb/common/util.c
This will be used to allow the flag based ldb functions to work on
both a ldb or a module, thus saving a lot of specialist functions.
2010-02-16 21:10:50 +11:00
Erick Nogueira do Nascimento
23d1dd5189 s4-drs: DsGetReplInfo() refactoring 2010-02-16 08:34:28 +11:00
Erick Nogueira do Nascimento
3e2a8676c3 s4-drs: DsReplGetInfo() for DS_REPL_INFO_REPSTO infoType
Implements the DS_REPL_INFO_REPSTO infoType of DsReplGetInfo().
2010-02-16 08:34:28 +11:00
Andrew Tridgell
595982a475 s4-rootdse: we don't need DSDB_FLAG_OWN_MODULE here 2010-02-16 00:12:09 +11:00
Eduardo Lima
9c46f425a2 s4-drs: enable the recyclebin optional feature
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-16 00:12:09 +11:00
Andrew Tridgell
aba73767c0 s4-kcc: remove C++ comment 2010-02-15 23:22:48 +11:00
Crístian Deives
0cf4e8aae6 s4-kcc: initial code for the topology algorithm
this patch contains the data structures declarations and the functions to
setup the graph.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-15 23:22:48 +11:00
Andrew Tridgell
4edbb25599 s4-dsdb: don't change replPropertyMetaData if the value hasn't changed
When updating replPropertyMetaData, check if the value being stored is
the same as the current value, and skip the update if it is.

This is based on a patch by Fernando J V da Silva <fernandojvsilva@yahoo.com.br>
2010-02-15 23:22:48 +11:00
Fernando J V da Silva
5aa42f8010 s4-drs: Fixes bugs regarding Urgent Replication on wrong situations
It fixes the bug which causes an urgent replication to be enabled
incorrectly when an object is modified, but it should happen only
when it was created. This patch also fixes the bug that enable an
urgent replication when an object is deleted, but it should happen
only when it was modified and fixes the bug that does not enable
an urgent replication when an object is deleted and it should happen
only when it is deleted (not when it is modified).

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-15 21:57:07 +11:00
Andrew Tridgell
4694b4677a s4-dsdb: added dsdb_modify_permissive()
This will be used in the drsuapi server
2010-02-15 18:58:40 +11:00
Matthias Dieter Wallnöfer
415c615dbf s4:util.c - Corrected the location of the "Directory Service" object
I wonder why nobody noticed this since for sure this "tombstone" functionality
was broken till now.
2010-02-13 18:24:45 +01:00
Andrew Tridgell
3ae75a4248 s4: use LDB_TYPESAFE_QSORT() instead of ldb_qsort() 2010-02-13 22:36:12 +11:00
Andrew Tridgell
5549190b37 s4-dsdb: use TYPESAFE_QSORT() in dsdb code 2010-02-13 22:36:12 +11:00
Andrew Tridgell
2cf97c403f s4-dns: don't leave behind a tmp file
If the dns update file doesn't need updating we need to delete the tmp
file
2010-02-11 21:04:16 +11:00
Andrew Tridgell
89b6a80e72 s4-dns: added a dns update task
This task watches for changes in the list of DCs, and creates a bind9
formatted file that grants update permission to all DCs, plus to the
administration, and machines update for their own names.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-11 21:04:14 +11:00
Andrew Tridgell
32809bd8c1 util: rewrite dlinklist.h so that DLIST_ADD_END() is O(1)
This changes the meaning of the ->prev pointer in our doubly linked
lists to point at the end of the list from the front of the list. That
allows us to implement DLIST_ADD_END() and related functions in O(1)
time, which can be a huge saving in many places in Samba.

This also means that the 'type' argument to various DLIST_*() macros
is no longer needed, but I have left it in for now to keep the
patchset small, which will make it easier to revert if any problems
are found. In the future we should remove the 'type' arguments.

(jra. Move the one use of DLIST_TAIL over to the new macros).
2010-02-10 15:53:58 -08:00
Jeremy Allison
f017edc59f s4-dsdb: update repl_meta_data.c to use new DLIST_ macros 2010-02-10 15:35:38 -08:00
Matthias Dieter Wallnöfer
a8d6549ccc s4:subtree_delete - "NULL" as format string isn't allowed on FreeBSD
I changed the format string into "(objectClass=*)" which should be an
equivalent expression for choosing all available objects.

Consider bug 7115 for the issue.
2010-02-08 12:08:36 +01:00
Kamen Mazdrashki
8823a549ca s4/drs: propagate DRS_ extension flags in code base 2010-02-05 10:51:57 +01:00
Matthias Dieter Wallnöfer
259ba3ab87 s4:mark the SYSTEM control always as non-critical
It is needed to not break the various LDAP backends. For reference look at
bug #7040.
2010-02-04 11:08:58 +01:00
Matt Kraai
d8071e7ed7 Change uint_t to unsigned int in source4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:18 +01:00
Fernando J V da Silva
28420fe68a s4-drs: Reads uSNUrgent and sets Urgent Replication Bit for DS_ReplicaSync when necessary
If an urgent replication is necessary, so the uSNUrgent stored is equal to the
uSNHighest stored, then when sending the DS_ReplicaSync message it sets the
DRSUAPI_DRS_SYNC_URGENT bit on DRS_OPTIONS.

Signed-off-by: Fernando J V da Silva <fernandojvsilva@yahoo.com.br>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-28 17:21:41 +11:00
Andrew Tridgell
f461a72ec3 idl: switched to using the WSPP names for the 'neighbour' DRS options
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
2010-01-18 07:25:18 +11:00
Andrew Tridgell
2985aeb8c9 s4-dsdb: isGlobalCatalogReady should be shown by default
This caused repadmin.exe to crash. Thanks to Hongwei for tracking this
down for us.
2010-01-17 10:52:31 +11:00
Andrew Tridgell
ee736083c0 s4-kcc: added DsReplicaGetInfo pending ops call
Just return 0 pending ops for now
2010-01-16 14:10:45 +11:00
Andrew Tridgell
473345f800 s4-kcc: added DsReplicaGetInfo CURSORS2 level 2010-01-16 14:10:44 +11:00
Andrew Tridgell
93531a52f0 s4-idl: in DsReplicaGetInfo unknown2 is actually an enumeration_context 2010-01-16 14:10:44 +11:00
Andrew Tridgell
c22973d88d s4-kcc: added support for CURSORS info level in DsReplicaGetInfo 2010-01-16 14:10:44 +11:00
Andrew Tridgell
8342d08f5c s4-dsdb: take advantage of local cursor and sort
in getncchanges and repl task we don't need the extra load and sort
any more.
2010-01-16 14:10:43 +11:00
Andrew Tridgell
db7eba7080 s4-dsdb: add our local cursor and sort in dsdb_load_udv_*()
This makes things much simpler for the callers
2010-01-16 14:10:43 +11:00
Andrew Tridgell
09d947f77c s4-dsdb: use dsdb_load_udv_v2() in repl task 2010-01-16 14:10:43 +11:00
Andrew Tridgell
4cef7427ec s4-dsdb: added dsdb_load_udv_v2() and dsdb_load_udv_v1() 2010-01-16 14:10:43 +11:00
Andrew Tridgell
3ff3612e29 s4-kcc: simplify the ReplicaGetInfo implementation a bit 2010-01-16 14:10:43 +11:00
Andrew Tridgell
900fea322c s4-kcc: squash a warning 2010-01-16 14:10:42 +11:00
Andrew Tridgell
5bfeed89da s4-drs: framework for DsGetReplInfo(), includes the DS_REPL_INFO_NEIGHBORS infoType.
This patch includes the framework for the implementation of all infoTypes of
the DsGetReplInfo() call, and includes the implementation for the first one,
the DS_REPL_INFO_NEIGHBORS.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-16 14:10:42 +11:00
Andrew Tridgell
51bf383c26 s4-dsdb: added isGlobalCatalogReady
needed for dcdiag.exe
2010-01-16 14:10:41 +11:00
Andrew Tridgell
88ec10b757 s4-drepl: switch drepl over to using the generic DRS options flags
WSPP uses a single set of flags for all these DRS operations.
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
6f806b7079 s4-drs: Uses dsdb_load_partition_usn() with urgent_uSN in s4 code
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
e30d009965 s4-drs: Store uSNUrgent for Urgent Replication
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:58 +11:00
Stefan Metzmacher
204e4b26ae s4:dsdb: use validate_update module
metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
1f2efef214 s4:dsdb/schema: add dsdb_syntax_OID_validate_ldb()
This is a very heavy weight way of checking this syntax,
but it's very complex and using the existing function
should be ok for now. We can optimize it later.

metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
f0fed6cadd s4:dsdb/schema: add dsdb_syntax_DN_STRING_validate_ldb()
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
83baa44c67 s4:dsdb/schema: add dsdb_syntax_DN_BINARY_validate_ldb()
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
39dda462cd s4:dsdb/schema: add dsdb_syntax_DN_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
4fa2bf8184 s4:dsdb/schema: add dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
ba8a930d0e s4:dsdb/schema: add dsdb_syntax_UNICODE_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
674e8350b6 s4:dsdb/schema: add dsdb_syntax_DATA_BLOB_validate_ldb()
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
e2b9454d36 s4:dsdb/schema: add dsdb_syntax_NTTIME_validate_ldb()
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
eb261a9fda s4:dsdb/schema: add dsdb_syntax_NTTIME_UTC_validate_ldb()
metze
2010-01-13 16:06:37 +01:00
Stefan Metzmacher
5f13a16295 s4:dsdb/schema: add dsdb_syntax_INT64_validate_ldb()
metze
2010-01-13 16:03:55 +01:00
Stefan Metzmacher
ece3defd15 s4:dsdb/schema: add dsdb_syntax_INT32_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
a0f2a49b8a s4:dsdb/schema: add dsdb_syntax_BOOL_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
bf1f067b0c s4:dsdb: add validate_update module
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
b20707c11a s4:dsdb/schema: add inftrastructure for dsdb_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
61589085c4 s4:dsdb/schema: add dsdb_syntax_DN_STRING_* wrappers
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
24ecd19b30 s4:dsdb/resolve_oids: also resolve oid in search attribute list
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa s4:dsdb/schema_load: add a TODO about schema reloading
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
92b87eb474 s4:dsdb/repl: reorder dreplsrv_op_notify* functions
This make the whole async dreplsrv_op_notify_send/recv()
readable.

metze
2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240 s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation.
In lsa_BinaryString length and size are byte counts!

TODO: we may need to do byte order conversion in this functions too...

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204 s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int()
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0 s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64()
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".

metze
2010-01-13 14:51:59 +01:00
Matthias Dieter Wallnöfer
601ea3a442 s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable 2010-01-10 22:48:05 +01:00
Andrew Tridgell
d5091a1dd9 s4-dsdb: added samdb_domain_sid_cache_only() 2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d s4-drs: instanceType is always sent, regardless of UDV values 2010-01-09 22:08:36 +11:00
Andrew Tridgell
93fefefea8 s4-samldb: fixed primaryGroupID when promoting a machine to a DC
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06 s4-drs: give DN of failed replication partition 2010-01-09 21:59:32 +11:00
Andrew Tridgell
8c2d7ae19e s4-dsdb: added samdb_ldb_val_case_cmp() 2010-01-09 18:56:29 +11:00
Andrew Tridgell
7010fad4ea s4-drs: calculate and send a uptodateness_vector with replication requests
This stops us getting objects changes twice if they came via an
indirect path.
2010-01-09 18:56:29 +11:00
Andrew Tridgell
349f7ba09c s4-drs: added filtering by udv in getncchanges
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
2010-01-09 13:11:27 +11:00
Andrew Tridgell
c93a182a0d s4-schema: added some debug for bad attributes 2010-01-08 18:24:53 +11:00
Andrew Tridgell
5ccf8ae373 s4-samba3samtest: we need to force netbios name as well
needed for when run in CLIENT context
2010-01-08 13:03:08 +11:00
Andrew Tridgell
dde2b66341 s4-samba3sid: fixed error returns when res->count != 1 and oom 2010-01-08 13:03:08 +11:00
Andrew Tridgell
9aed099362 s4-samba3samtest: force workgroup so the domain is right
the samba3sid backend looks at lp_sam_name() which is based on the
workgroup
2010-01-08 13:03:07 +11:00
Andrew Tridgell
f68c43e803 s4-samba3sid: the sambaNextRid attribute is actually the previous RID
Not well named .... though same mistake that MS made with rIDNextRid
2010-01-08 13:03:07 +11:00
Andrew Tridgell
d6f92db456 s4-samba3sam: use samba3sid module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
dd61336165 s4-dsdb: added a samba3sid module
This module allocates SIDs using the Samba3 algorithm, for use with
the samba3sam module.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
43a815c67a s4-samba3samtest: use system credentials for creating users 2010-01-08 13:03:07 +11:00
Andrew Tridgell
8b8bb15a54 s4-dsdb: fixed const misuse in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
baa8793a94 s4-dsdb: use dsdb_module_am_system() in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
595fad2b34 s4-dsdb: allow specification of a SID if we are system
needed for samba3sam test
2010-01-08 13:03:06 +11:00
Andrew Tridgell
f118f54ee7 s4-dsdb: added dsdb_module_am_system()
better than each module inventing their own
2010-01-08 13:03:06 +11:00
Andrew Tridgell
d22a9e5d3b s4-dsdb: squash some unknown structure warnings 2010-01-08 13:03:06 +11:00
Andrew Tridgell
5d6032eb4b s4-partition: fixed selection of partitions on exact match
When a search is on the root of a partition on the global catalog,
don't search partitions above that one.
2010-01-08 13:03:06 +11:00
Stefan Metzmacher
501dd4a3b5 s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req
metze

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-08 13:03:05 +11:00
Andrew Tridgell
2d10f3a841 s4-dsdb: poke the RID Manager when completely out of RIDs too 2010-01-08 13:03:05 +11:00