sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-06-23 11:17:06 +03:00
Code
68,397 Commits 62 Branches 1,161 Tags
Commit Graph

112 Commits

Author SHA1 Message Date
Andrew Tridgell
8342d08f5c s4-dsdb: take advantage of local cursor and sort 
in getncchanges and repl task we don't need the extra load and sort
any more.
 2010-01-16 14:10:43 +11:00
Andrew Tridgell
0bba44094a s4-drs: use dsdb_load_udv_v2() in getncchanges code 2010-01-16 14:10:43 +11:00
Andrew Tridgell
2008d24e91 s4-drs: switch the DRS server to the generic DRS options flags 2010-01-14 15:37:59 +11:00
Andrew Tridgell
04e82370db s4-drs: base is_nc_prefix on instanceType 
for extended operations comparing to the ncRoot_dn is not correct
 2010-01-09 18:56:30 +11:00
Andrew Tridgell
1158c13861 s4-drs: need to set the getncchanges extended_ret on success too 2010-01-09 18:56:29 +11:00
Andrew Tridgell
39730ac302 s4-drs: be less verbose when we filter objects by UDV 2010-01-09 18:56:28 +11:00
Andrew Tridgell
349f7ba09c s4-drs: added filtering by udv in getncchanges 
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
 2010-01-09 13:11:27 +11:00
Andrew Tridgell
9e6eb22f7f s4-drs: fixed the NC in the getncchanges RID alloc reply 
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
 2010-01-09 10:15:14 +11:00
Andrew Tridgell
196cb6b359 s4-drs: fixed usage of ldb_dn_new() 2010-01-09 10:15:12 +11:00
Andrew Tridgell
5803253362 s4-drs: we need to wrap extended operations in transactions 2010-01-08 13:03:05 +11:00
Andrew Tridgell
ac5d426062 s4-drs: added some debug messages 
It is nice to see when a RID Alloc is successful
 2010-01-08 13:03:02 +11:00
Andrew Tridgell
f254091957 s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC 
This allocates a RID pool for the client DC when we are the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:02 +11:00
Andrew Tridgell
00b39c70f5 s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs 
This allows for more flags in the future
 2010-01-02 08:16:57 +11:00
Andrew Tridgell
e3cf818c27 s4-drs: sort linked attributes 
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
 2010-01-02 08:16:55 +11:00
Andrew Tridgell
38160deac4 s4-drs: use dsdb linked attribute parse functions 
This makes the code considerably more readable
 2010-01-02 08:16:54 +11:00
Andrew Tridgell
0c2afdd5a9 s4-drs: update highwatermark after successfully encoding the object 2010-01-02 08:16:52 +11:00
Andrew Tridgell
ff6dd4a67f s4-drs: send all linked attributes at the end of a replication cycle 
This ensures that a link is not seen before the object it points to
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
5bf257fa9b s4-drs: use the extended linearized form for DRS replication 
We were sending zero GUIDs. Not good!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
7653f56bd4 s4-drs: implemented sorting functions based on replication flags 
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
340d7e807b s4-drs: fixed the UDV return in getncchanges 
We should overwrite an existing entry if found
 2010-01-02 08:16:51 +11:00
Andrew Tridgell
bcc952d19d s4-drs: some useful debugging options for getncchanges 
Added two debugging parametric options

  drs:max object sync = 
  drs:extra filter =
 2010-01-02 08:16:51 +11:00
Andrew Tridgell
225bcfa4e6 s4-drs: handle mixtures of old and new style links in getncchanges 
We need to send non-upgraded links using the old format
 2010-01-02 08:16:51 +11:00
Andrew Tridgell
fde3f64373 s4-drs: added linked attribute replication to getncchanges 2010-01-02 08:16:50 +11:00
Matthias Dieter Wallnöfer
e22e336f41 s4:drsuapi/getncchanges.c - Update the list of operational attributes 
- Reorder them as specified in "operational.c"
- Add also the lan manager hash password attribute
 2009-12-16 09:45:22 +01:00
Andrew Tridgell
732c701c52 s4-drs: ensure we fill in ncRoot_dn in getncchanges 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-09 18:18:26 +11:00
Andrew Tridgell
16eb25b35b s4-drs: use parentGUID attribute in getncchanges 
Now that parentGUID is reliable again, use it instead
of building our own

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-09 18:18:25 +11:00
Andrew Tridgell
8d7a43fed7 s4-drs: fixed UDV and overlapping sync calls in DRS 
When windows abandons a DRS sync, it will sometimes re-use the same bind handle for
a new sync. This means we need to check the DN of the sync and blank the getnc_state
if the DN has changed.

This also fixes the UDV to use the highest uSN for the partition, not for
the whole SAM.
 2009-12-03 10:27:59 +11:00
Andrew Tridgell
92eff41ca5 s4-dsdb: some more attribuutes that we should only give if asked for 2009-11-20 15:19:35 +11:00
Andrew Tridgell
18cacc506e s4-drs: we need to specifically ask for ntSecurityDescriptor 
ntSecurityDescriptor is no longer included by default
 2009-11-20 14:57:04 +11:00
Andrew Tridgell
95e895d880 s4: ran minimal_includes.pl on source4/rpc_server 2009-10-20 16:04:56 +11:00
Andrew Tridgell
d1784e7ca9 s4-drs: support DRSUAPI_DRS_ADD_REF flag 
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs
call on behalf of the client after the DsGetNCChanges call. The lack
of support for this option may explain why the repsTo attribute was
not being created for w2k8-r2 replication partners.
 2009-10-15 08:20:37 +11:00
Andrew Tridgell
f1bf262497 drs: improved error checking 
Check the validity of the requested options in DsGetNCChanges
 2009-10-15 08:20:37 +11:00
Andrew Tridgell
4423173b08 s4-repl: check that a DsGetNCChanges is a continuation, and fix sorting 
When we indicate that a getncchanges request is not complete, we set
the more_data flag to true in the response. The client usually then
asks for the next block of data. If the client decides it wants to
skip that replication and do a different replication then we need to
make sure that the next call is in fact a continuation of the existing
call, and not a new call.

This relies on returning the results sorted by uSNChanged, as the
client uses the tmp_highest_usn in each result to see if progress is
being made.
 2009-10-13 13:09:07 +11:00
Andrew Tridgell
0285d568c5 s4-drs: take advantage of system session auth in dsbind 
Now that the bind opens samdb with the right credentials, we no longer
need the re-open in updaterefs and getncchanges
 2009-10-06 18:59:30 +11:00
Andrew Tridgell
0d810fceaf s4-drs: removed debug code that replicated a maximum of 10 objects at a time 2009-09-28 10:24:58 +10:00
Andrew Tridgell
11efdc3ee2 s4-dsruapi: plugfest updates 
- always fetch parentGUID from databases, don't rely on parentGUID in
  attributes

- re-fetch nc root mesages to avoid the problem of dual messages for
  roots

- support returning messages a chunk at a time, using max_object_count
  from request
 2009-09-28 10:24:45 +10:00
Anatoliy Atanasov
4f9de0e995 s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges 
When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0
 2009-09-23 17:10:27 -07:00
Anatoliy Atanasov
23e4470c31 s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchanges 
When this flag is specified in the request we should return
for ncRoot only and so scope of search is LDB_SCOPE_BASE.
 2009-09-23 17:10:21 -07:00
Anatoliy Atanasov
97a9ae15b5 s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchanges 
When this flag is specified in the request we shouldn't use the
uptodateness vector in the request.
 2009-09-23 17:10:12 -07:00
Anatoliy Atanasov
c9dc6506e6 s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchanges 2009-09-23 15:50:51 -07:00
Andrew Tridgell
10f86114de s4-drs: fill in more guids and SIDs, plus filter rDN 
In DsGetNCChanges we need to fill in the parentGUID and objectGUID of
each object, plus we need to filter out the rDN from the meta data,
and always send the instanceType
 2009-09-23 14:01:30 -07:00
Andrew Tridgell
ee4f7f1209 s4-drsserver: sort by DN to give tree order 
This might help the windows client with ordered requests. Later we
need to support the "ancestors" mode flag.
 2009-09-22 17:10:06 -07:00
Anatoliy Atanasov
0b68967096 Move replmd_drsuapi_DsReplicaCursor2_compare to a common place. 2009-09-19 15:42:00 -07:00
Anatoliy Atanasov
6e56261eb7 Add drs_security_level_check for dcesrv calls security checks 
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
 2009-09-19 15:39:40 -07:00
Andrew Tridgell
1261d694f0 more include minimisation 2009-09-19 14:12:01 -07:00
Andrew Tridgell
5d2dfd12cf s4-drs: lock down key DRS calls 
The key DRS calls should only be allowed by administrators or domain
controllers
 2009-09-15 19:52:25 -07:00
Andrew Tridgell
9e0b1a3a1f s4-drs: filter based on local_usn 
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
 2009-09-15 18:45:42 -07:00
Andrew Tridgell
b9ce122ff2 s4-drs: allow replication of renames 
a rename may have no attribute changes
 2009-09-14 13:12:32 -07:00
Andrew Tridgell
348efd5cbb s4-drs: fixed search expression 
At least on the command line the braces are needed. Strange.
 2009-09-13 16:40:00 -07:00
Andrew Tridgell
1820f4bdaf s4-drs: change debug level 
It's useful seeing the object count without as much detail
 2009-09-12 15:23:30 +10:00