1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

21195 Commits

Author SHA1 Message Date
Matthieu Patou
10995d9256 s4-python: add unit test for ntacls manipulation in python 2010-01-21 07:11:16 +13:00
Matthieu Patou
3789ba2654 s4-python: add more unit tests for xattr manipulation in python 2010-01-21 07:11:16 +13:00
Matthieu Patou
f0954c7372 s4: update setntacl and getntacl to select the adaquate backend (fs/tdb) for storing xattr 2010-01-21 07:11:15 +13:00
Matthieu Patou
c442b2534f s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that do not depend on pvfs objects
Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without
  having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
2010-01-21 07:11:15 +13:00
Matthieu Patou
e78626dc2e s4: Set acls correctly on all sysvol and scripts shares 2010-01-21 07:11:15 +13:00
Matthieu Patou
9b70979bc9 s4: Make unixid optional
Make unixid optional, if value not supplied next id from id pool will be used.
  Create a function to get next id in id pool.
2010-01-21 07:11:15 +13:00
Matthieu Patou
028c9b1c15 s4: regroup gpo modification in one function, set acl on files accordingly with ACL in LDAP 2010-01-21 07:11:14 +13:00
Matthieu Patou
08c59c38a2 s4: Create unit tests for python "samba.xattr" module 2010-01-21 07:11:14 +13:00
Matthieu Patou
c80ecd9964 s4: add python bindings for wrap_(s|g)etxattr 2010-01-21 07:11:13 +13:00
Michael Adam
45465cb7da s4:selftest: add the samr-passwords-lockout test to knownfail
This is not implemented completely yet.
Needs fixing in the future.

Michael
2010-01-20 17:32:58 +01:00
Michael Adam
9764db806f torture: add new test RPC-SAMR-PASSWORDS-LOCKOUT
This tests account lockout features.
Windows 2003r2 and Windows 2008r2 survice this test.

Note: Windows does not set the ACB_AUTOLOCK account flag when it
locks out an account.
One thing that could/should be added to this test is a check of
the lockout time property.

Michael
2010-01-20 17:32:58 +01:00
Jelmer Vernooij
18943bba9c selftest: Use SUBUNIT_FORMATTER command, if set in the environment. 2010-01-20 11:05:04 +13:00
Wilco Baan Hofman
8067bf629c Fix unintentional free of the last value when adding a new value to a key.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-01-20 09:59:18 +13:00
Günther Deschner
f8314c27b3 s4-smbtorture: remove unneeded ncaclrpc dir setup from RPC-SPOOLSS-NOTIFY.
Guenther
2010-01-19 17:17:29 +01:00
Günther Deschner
40d3408dd3 s4-smbtorture: also configure check smbc_setOptionCaseSensitive for LIBSMBCLIENT testsuite.
Guenther
2010-01-19 16:24:35 +01:00
Günther Deschner
f5bba4034b s4-smbtorture: support spoolss_ReplyClosePrinter server call in RPC-SPOOLSS-NOTIFY.
A handle obtained with spoolss_ReplyOpenPrinter will be closed with
spoolss_ReplyClosePrinter when we call spoolss_ClosePrinter on the remote side.

Guenther
2010-01-19 14:14:30 +01:00
Günther Deschner
2b68215a22 s4-smbtorture: restructure spoolss server implementations in RPC-SPOOLSS-NOTIFY.
Guenther
2010-01-19 14:14:30 +01:00
Günther Deschner
e0660ed1bc s4-smbtorture: skip ReplyOpenPrinter test in RPC-SPOOLSS-NOTIFY while testing s3.
Guenther
2010-01-19 14:14:30 +01:00
Günther Deschner
7d1c1e0083 s4-smbtorture: strip trailing whitespace.
Guenther
2010-01-19 14:14:30 +01:00
Andrew Tridgell
f461a72ec3 idl: switched to using the WSPP names for the 'neighbour' DRS options
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
2010-01-18 07:25:18 +11:00
Andrew Tridgell
dde836adbd s4-drs: allow for security bypass for DsReplicaGetInfo
Use --option=drs:disable_sec_check=true until the group membership bug
with the PAC is fixed.
2010-01-17 10:52:31 +11:00
Andrew Tridgell
2985aeb8c9 s4-dsdb: isGlobalCatalogReady should be shown by default
This caused repadmin.exe to crash. Thanks to Hongwei for tracking this
down for us.
2010-01-17 10:52:31 +11:00
Jelmer Vernooij
aa1fce645a ldap: Fix test failure that seemed to go unreported previously. 2010-01-17 12:35:26 +13:00
Jelmer Vernooij
a18889fd77 ldap.py: Remove unused imports. 2010-01-17 12:26:53 +13:00
Kai Blin
791a2df656 s4 selftest: Fix and reenable WINBIND-STRUCT.NETBIOS_NAME test 2010-01-16 12:38:12 +01:00
Andrew Tridgell
29d08bfe26 s4-kerberos: raise the general kerberos debug level to 3
level 2 for every krb request is a bit much
2010-01-16 18:30:22 +11:00
Jelmer Vernooij
28577aae92 Import testtools as well, required for subunit. 2010-01-16 19:53:49 +13:00
Jelmer Vernooij
b6b46b4978 subunit: Import new version. 2010-01-16 19:53:49 +13:00
Jelmer Vernooij
53d7c4c7a2 Fix permissions - net subcommand modules don't need to be executable. 2010-01-16 19:53:48 +13:00
Andrew Tridgell
4e0090c917 s4-torture: fixed DsReplicaGetInfo elements 2010-01-16 14:45:33 +11:00
Andrew Tridgell
ee736083c0 s4-kcc: added DsReplicaGetInfo pending ops call
Just return 0 pending ops for now
2010-01-16 14:10:45 +11:00
Andrew Tridgell
84b47d3334 s4-provision: added w2k8r2 ldap capabilities 2010-01-16 14:10:44 +11:00
Andrew Tridgell
637d50b5d0 s4-devel: added rebuild_zone.sh
This rebuilds a DNS zone file, including all DCs from sam.ldb
2010-01-16 14:10:44 +11:00
Andrew Tridgell
a9808ae83d s4-provision: added "check-names ignore;" to allow for _msdcs A records 2010-01-16 14:10:44 +11:00
Andrew Tridgell
473345f800 s4-kcc: added DsReplicaGetInfo CURSORS2 level 2010-01-16 14:10:44 +11:00
Andrew Tridgell
93531a52f0 s4-idl: in DsReplicaGetInfo unknown2 is actually an enumeration_context 2010-01-16 14:10:44 +11:00
Andrew Tridgell
c22973d88d s4-kcc: added support for CURSORS info level in DsReplicaGetInfo 2010-01-16 14:10:44 +11:00
Andrew Tridgell
8342d08f5c s4-dsdb: take advantage of local cursor and sort
in getncchanges and repl task we don't need the extra load and sort
any more.
2010-01-16 14:10:43 +11:00
Andrew Tridgell
db7eba7080 s4-dsdb: add our local cursor and sort in dsdb_load_udv_*()
This makes things much simpler for the callers
2010-01-16 14:10:43 +11:00
Andrew Tridgell
0bba44094a s4-drs: use dsdb_load_udv_v2() in getncchanges code 2010-01-16 14:10:43 +11:00
Andrew Tridgell
09d947f77c s4-dsdb: use dsdb_load_udv_v2() in repl task 2010-01-16 14:10:43 +11:00
Andrew Tridgell
4cef7427ec s4-dsdb: added dsdb_load_udv_v2() and dsdb_load_udv_v1() 2010-01-16 14:10:43 +11:00
Andrew Tridgell
3ff3612e29 s4-kcc: simplify the ReplicaGetInfo implementation a bit 2010-01-16 14:10:43 +11:00
Andrew Tridgell
900fea322c s4-kcc: squash a warning 2010-01-16 14:10:42 +11:00
Andrew Tridgell
3a9b33b487 s4-drs: better debug info when security checks fail
show the security token of the user at debug level 2
2010-01-16 14:10:42 +11:00
Andrew Tridgell
5efff3ad6a s4-dsdb: require admin access for DsReplicaGetInfo 2010-01-16 14:10:42 +11:00
Andrew Tridgell
5bfeed89da s4-drs: framework for DsGetReplInfo(), includes the DS_REPL_INFO_NEIGHBORS infoType.
This patch includes the framework for the implementation of all infoTypes of
the DsGetReplInfo() call, and includes the implementation for the first one,
the DS_REPL_INFO_NEIGHBORS.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-16 14:10:42 +11:00
Andrew Tridgell
22d92157e3 s4-drs: give better debug info on unsupported DRS calls 2010-01-16 14:10:41 +11:00
Erick Nogueira do Nascimento
48bdf3e608 s4-drs: torture test for DsGetReplInfo() (RPC-DSGETINFO test).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-16 14:10:41 +11:00
Andrew Tridgell
51bf383c26 s4-dsdb: added isGlobalCatalogReady
needed for dcdiag.exe
2010-01-16 14:10:41 +11:00
Andrew Tridgell
a56ede9027 s4-ldb: cope with bad ptr alignment in ldb_index.c
We can't assume that a rec_ptr will come back from a tdb traverse with
alignment sufficient for a pointer.
2010-01-16 09:34:27 +11:00
Kai Blin
5c016ad88e s4 selftest: Ignore more winbind test known to fail 2010-01-15 02:09:05 +01:00
Günther Deschner
9d881f4cfb s4-smbtorture: add setup_schannel_netlogon_pipe() function.
Guenther
2010-01-15 00:53:16 +01:00
Andreas Schneider
33a4739090 s4-torture: Migrate ntp_signd test to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-14 21:37:48 +01:00
Günther Deschner
d95ad11bc5 s4-smbtorture: add rather simple libsmbclient torture testsuite.
Guenther
2010-01-14 19:48:29 +01:00
Kai Blin
cf38a1f850 s3 test: Fix WINBINDD-STRUCT tests
The struct-based tests are working in make selftest, make them work in plain
"make test" as well.
2010-01-14 15:18:35 +01:00
Kai Blin
89e6eac290 s3 selftest: Fix LOOKUP_SID test.
WINBINDD_LIST_USERS does not give a domain name if we're a DC and the user is
from our domain.
2010-01-14 15:18:35 +01:00
Kai Blin
e95c04f0f1 s3 selftest: Fix WINBINDD_LIST_GROUPS test
If there's no groups in the database, there are no entries in extra_data. This
caused WINBINDD_LIST_GROUPS test to fail. Use the fact that
WINBINDD_LIST_GROUPS now reports the number of groups in data.num_entries to
identify the "no groups" case.
2010-01-14 15:18:35 +01:00
Kai Blin
a4f21d5dc8 s3 selftest: Allow the enumeration of users and groups
This fixes the WINBINDD_GETPWENT test.
2010-01-14 15:18:34 +01:00
Kai Blin
a6015a858d s3 selftest: Fix the WINBINDD_GETDCNAMEe test.
The WINBINDD_GETDCNAME test expected an NSS_STATUS_SUCCESS return from all
calls. However, this does not apply for BUILTIN and the DC's own domain.
Make the test work again by skipping those two.
2010-01-14 15:18:34 +01:00
Matthias Dieter Wallnöfer
b1d2bb3e51 s4:provision_users.ldif - Add a comment that some objects under "Users" are now located elsewhere
This is needed due to the new RID/SID distribution system
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
face5d3030 s4:provision_users.ldif - Add objects for IIS
Some WSPP locations point out that beginning with Windows Server 2008 they're
also per default present.

Compared against Windows Server 2008
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
9ac39b659f s4:provision_users.ldif - Add additional BUILTIN objects
Compared against Windows Server 2008
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
2a05dd6fcc s4:provision_users.ldif - add the restant part of the objects needing for RODC support
RODC = Read Only Domain Controllers

Compared against Windows Server 2008
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
71357053bb s4:provision_users.ldif - Fix up errors on existing entries
Compared against Windows Server 2008
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
81053e9124 s4:provision_users.ldif - Simple reordering
Sorted according the SID - easier for later enhancements.
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
a0d7f3e344 s4:provision_users.ldif - Remove system objects from the wrong place
Objects like the "Cryptographic Operators", "Event Log Readers" don't belong
here but into the builtin domain.
2010-01-14 10:58:06 +01:00
Matthias Dieter Wallnöfer
40bc48dfa9 s4:SAMR RPC - Fix the criteria for group searches
This should match the MS-SAMR documentation (section 3.1.5.5.1.1)
2010-01-14 10:58:06 +01:00
Andrew Tridgell
74a5719614 s4-torture: switch smbtorture to the generic DRS options 2010-01-14 15:37:59 +11:00
Andrew Tridgell
2008d24e91 s4-drs: switch the DRS server to the generic DRS options flags 2010-01-14 15:37:59 +11:00
Andrew Tridgell
a5d6117065 s4-torture: switch to generic DRS options flags 2010-01-14 15:37:59 +11:00
Andrew Tridgell
88ec10b757 s4-drepl: switch drepl over to using the generic DRS options flags
WSPP uses a single set of flags for all these DRS operations.
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
6f806b7079 s4-drs: Uses dsdb_load_partition_usn() with urgent_uSN in s4 code
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
e30d009965 s4-drs: Store uSNUrgent for Urgent Replication
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:58 +11:00
Stefan Metzmacher
204e4b26ae s4:dsdb: use validate_update module
metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
1f2efef214 s4:dsdb/schema: add dsdb_syntax_OID_validate_ldb()
This is a very heavy weight way of checking this syntax,
but it's very complex and using the existing function
should be ok for now. We can optimize it later.

metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
f0fed6cadd s4:dsdb/schema: add dsdb_syntax_DN_STRING_validate_ldb()
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
83baa44c67 s4:dsdb/schema: add dsdb_syntax_DN_BINARY_validate_ldb()
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
39dda462cd s4:dsdb/schema: add dsdb_syntax_DN_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
4fa2bf8184 s4:dsdb/schema: add dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
ba8a930d0e s4:dsdb/schema: add dsdb_syntax_UNICODE_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
674e8350b6 s4:dsdb/schema: add dsdb_syntax_DATA_BLOB_validate_ldb()
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
e2b9454d36 s4:dsdb/schema: add dsdb_syntax_NTTIME_validate_ldb()
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
eb261a9fda s4:dsdb/schema: add dsdb_syntax_NTTIME_UTC_validate_ldb()
metze
2010-01-13 16:06:37 +01:00
Stefan Metzmacher
5f13a16295 s4:dsdb/schema: add dsdb_syntax_INT64_validate_ldb()
metze
2010-01-13 16:03:55 +01:00
Stefan Metzmacher
ece3defd15 s4:dsdb/schema: add dsdb_syntax_INT32_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
a0f2a49b8a s4:dsdb/schema: add dsdb_syntax_BOOL_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
bf1f067b0c s4:dsdb: add validate_update module
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
b20707c11a s4:dsdb/schema: add inftrastructure for dsdb_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
61589085c4 s4:dsdb/schema: add dsdb_syntax_DN_STRING_* wrappers
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
24ecd19b30 s4:dsdb/resolve_oids: also resolve oid in search attribute list
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa s4:dsdb/schema_load: add a TODO about schema reloading
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
7d41afece7 s4:ldb/tests: do a "schemaUpdateNow" after creating a new attribute in ldap_schema.py
It seems that windows doesn't need that.

And we should think about a check for reloading the schema
at the start of each "write" operation.

metze
2010-01-13 16:03:52 +01:00
Stefan Metzmacher
92b87eb474 s4:dsdb/repl: reorder dreplsrv_op_notify* functions
This make the whole async dreplsrv_op_notify_send/recv()
readable.

metze
2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240 s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation.
In lsa_BinaryString length and size are byte counts!

TODO: we may need to do byte order conversion in this functions too...

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
ca9bc96b96 s4:ldb_msg: first try to decode integers as signed and then fallback to unsigned
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204 s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int()
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0 s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64()
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
8d4b913ce2 s4:ldb: be more strict in parsing ldb time strings
metze
2010-01-13 14:51:59 +01:00
Andreas Schneider
129c15c083 s4-ntp_signd: Migrate to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-13 14:51:58 +01:00
Nadezhda Ivanova
a4eaa11134 Fixed a problem with incorrect default SD owner/group. 2010-01-13 15:16:38 +02:00
Zahari Zahariev
5d1aa4c5b7 Comparison tool for LDAP servers (using Ldb)
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).

Added functionality for two sets of credentials.
2010-01-13 12:06:17 +02:00
Simo Sorce
3d184399a5 Strip trailing spaces 2010-01-12 13:50:24 -05:00
Günther Deschner
3b82254903 s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4.
Seems like account lockout is not implemented at all yet.

Guenther
2010-01-12 12:34:55 +01:00
Günther Deschner
13dad38930 s4-smbtorture: fix GetAliasMembership test in RPC-SAMR.
Guenther
2010-01-12 12:12:05 +01:00
Günther Deschner
a744dbcf2b s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test.
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.

Michael, please check. This should help verifiying Bug #4347.

Guenther
2010-01-12 12:09:47 +01:00
Günther Deschner
c9e84ad397 s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests.
Guenther
2010-01-12 12:09:25 +01:00
Simo Sorce
e0e255fb24 Fix comment/debug messages 2010-01-11 11:55:28 -05:00
Andrew Bartlett
c32b0b6b02 Merge remote branch 'origin/master' into alpha11release 2010-01-11 17:10:32 +11:00
Andrew Bartlett
f6b10596ca and we move on towards Samba4 alpha12! 2010-01-11 17:05:06 +11:00
Andrew Bartlett
1a76c80466 This is Samba4 alpha11! 2010-01-11 14:58:11 +11:00
Steven Danneman
5323fe99c3 s4/torture: Parameterize output in LOCK tests based off server support
Two new torture parameters:

* smbexit_pdu_support: if the Server supports the Exit command

* range_not_locked_on_file_close: whether the server returns the
  NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
  pending lock request.  Windows returns this error, though per the
  spec, this error should only be returned to an unlock request.
2010-01-10 16:12:44 -08:00
Andrew Tridgell
73422e7dd8 Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
This reverts commit 5c174c68cc.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
This reverts commit 61dfd3dc1d.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
This reverts commit 9ee895fcf6.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a Revert "s4:provision_users.ldif - Add objects for IIS"
This reverts commit 91e2100287.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
2cedefabc9 s4:upgradeprovision - fix up the script regarding linked attributes
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.

The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.

I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
2010-01-10 22:48:06 +01:00
Matthias Dieter Wallnöfer
e0d6b0977e s4:upgradeprovision - Reformat comments
Make them break at line 80 (better readability).
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
601ea3a442 s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
91e2100287 s4:provision_users.ldif - Add objects for IIS
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6 s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
2010-01-10 10:50:46 +01:00
Andrew Tridgell
a3e089db19 s4-ldb: display security descriptors with correct SDL for known SIDs
This makes it much easier to compare SDs
2010-01-10 13:23:38 +11:00
Andrew Tridgell
d5091a1dd9 s4-dsdb: added samdb_domain_sid_cache_only() 2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d s4-drs: instanceType is always sent, regardless of UDV values 2010-01-09 22:08:36 +11:00
Andrew Tridgell
a894eeab77 s4-debug: lower the verbosity of a couple of common log messages 2010-01-09 21:59:34 +11:00
Andrew Tridgell
93fefefea8 s4-samldb: fixed primaryGroupID when promoting a machine to a DC
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
8a09dc1266 s4-schema: fixed the SDDL for the schema root security descriptor
This was preventing a DCPROMO client from allowing outgoing
replication
2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06 s4-drs: give DN of failed replication partition 2010-01-09 21:59:32 +11:00
Andrew Tridgell
04e82370db s4-drs: base is_nc_prefix on instanceType
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c s4-drs: having no SPNs to change is not an error 2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356 s4-drs: fixed writespn to ignore add/delete errors
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
2010-01-09 18:56:30 +11:00
Andrew Tridgell
8c2d7ae19e s4-dsdb: added samdb_ldb_val_case_cmp() 2010-01-09 18:56:29 +11:00
Andrew Tridgell
acf33e0d58 s4-drs: moved the DsWriteAccountSpn call to its own file 2010-01-09 18:56:29 +11:00
Andrew Tridgell
8ccedc3ac7 s4-libnet: dsdb_wellknown_dn() in vampire code 2010-01-09 18:56:29 +11:00
Andrew Tridgell
1158c13861 s4-drs: need to set the getncchanges extended_ret on success too 2010-01-09 18:56:29 +11:00
Andrew Tridgell
7010fad4ea s4-drs: calculate and send a uptodateness_vector with replication requests
This stops us getting objects changes twice if they came via an
indirect path.
2010-01-09 18:56:29 +11:00
Andrew Tridgell
39730ac302 s4-drs: be less verbose when we filter objects by UDV 2010-01-09 18:56:28 +11:00
Andrew Tridgell
349f7ba09c s4-drs: added filtering by udv in getncchanges
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
2010-01-09 13:11:27 +11:00
Andrew Tridgell
9e6eb22f7f s4-drs: fixed the NC in the getncchanges RID alloc reply
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
2010-01-09 10:15:14 +11:00
Andrew Tridgell
651ddb720a s4-messaging: remove only usage of debug_ctx() 2010-01-09 10:15:13 +11:00
Andrew Tridgell
6a36799d30 s4-messaging: fixed a memory leak in messaging_path()
It is a bit convoluted to fix, as cluster_id_string() may return a
const string.
2010-01-09 10:15:12 +11:00
Andrew Tridgell
196cb6b359 s4-drs: fixed usage of ldb_dn_new() 2010-01-09 10:15:12 +11:00
Andrew Tridgell
39a4e2a38d s4-ldb: validate the type of the ldb argument to ldb_dn_new()
It has been a common bug to get the first two arguments the wrong way
around
2010-01-09 10:15:12 +11:00
Simo Sorce
7eee8e053b Fix comment 2010-01-08 17:01:02 -05:00
Matthias Dieter Wallnöfer
fca0c4de2a s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs 2010-01-08 18:18:21 +01:00
Andreas Schneider
0588f34467 s4-kdc: Migrate tcp connections to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-08 14:38:35 +01:00
Stefan Metzmacher
42c34cdafa s4:kdc: use LIBSAMBA_TSOCKET
metze
2010-01-08 14:36:49 +01:00
Stefan Metzmacher
d97562b382 s4:kdc: the ->process function returns "bool"
metze
2010-01-08 14:36:49 +01:00
Stefan Metzmacher
bbaec01b37 libcli/util: add tstream_read_pdu_blob_send/recv
This will take the some full_request callback function
as the Samba4 packet code.

metze
2010-01-08 14:36:43 +01:00
Andrew Tridgell
8d87c0a0c3 s4-drs: added two more SPNs in addentry
w2k8r2 wants these after a DCPROMO

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:54 +11:00
Andrew Tridgell
ad11deb9bd s4-schema: fixes for W2K8-R2 schema
The schema from WSPP had a number of typos that prevented it from
working. These changes allow it to work with Samba, and allow w2k8r2
to run DCPROMO against Samba successfully

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:54 +11:00
Andrew Tridgell
ebec49965b s4-schema: added msDS-NcType to schema container
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
ce21151d22 s4-schema: fixed attributes of aggregate schema
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
38909a4ae5 s4-schema: switch to W2K8-R2 schema
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
d371b0eabe s4-schema: added adminDisplayName and adminDescription
These are missing from the WSPP schemas

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
c93a182a0d s4-schema: added some debug for bad attributes 2010-01-08 18:24:53 +11:00
Andrew Tridgell
9d296e6776 s4-provision: added W2K8-R2 schema as provided by WSPP 2010-01-08 18:24:52 +11:00
Andrew Tridgell
5ccf8ae373 s4-samba3samtest: we need to force netbios name as well
needed for when run in CLIENT context
2010-01-08 13:03:08 +11:00
Andrew Tridgell
dde2b66341 s4-samba3sid: fixed error returns when res->count != 1 and oom 2010-01-08 13:03:08 +11:00
Andrew Tridgell
9aed099362 s4-samba3samtest: force workgroup so the domain is right
the samba3sid backend looks at lp_sam_name() which is based on the
workgroup
2010-01-08 13:03:07 +11:00
Andrew Tridgell
f68c43e803 s4-samba3sid: the sambaNextRid attribute is actually the previous RID
Not well named .... though same mistake that MS made with rIDNextRid
2010-01-08 13:03:07 +11:00
Andrew Tridgell
d6f92db456 s4-samba3sam: use samba3sid module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
dd61336165 s4-dsdb: added a samba3sid module
This module allocates SIDs using the Samba3 algorithm, for use with
the samba3sam module.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
66f161dee1 s4-acl: fixed acl.py test to use correct ldif
same problem as sec_descriptor.py
2010-01-08 13:03:07 +11:00
Andrew Tridgell
81c0b01585 s4-secdesc: fixed the sec_descriptor.py test
The test was using a "changetype: add" to try and add a member to a
group, where it should use a "changetype: modify" with a "add: member"

Also fixed the recovery when the test fails part way through (delete
the test users at the start as well as the end)

Nadya, please check!
2010-01-08 13:03:07 +11:00
Andrew Tridgell
43a815c67a s4-samba3samtest: use system credentials for creating users 2010-01-08 13:03:07 +11:00
Andrew Tridgell
8b8bb15a54 s4-dsdb: fixed const misuse in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
baa8793a94 s4-dsdb: use dsdb_module_am_system() in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
595fad2b34 s4-dsdb: allow specification of a SID if we are system
needed for samba3sam test
2010-01-08 13:03:06 +11:00
Andrew Tridgell
f118f54ee7 s4-dsdb: added dsdb_module_am_system()
better than each module inventing their own
2010-01-08 13:03:06 +11:00
Andrew Tridgell
d22a9e5d3b s4-dsdb: squash some unknown structure warnings 2010-01-08 13:03:06 +11:00
Andrew Tridgell
5d6032eb4b s4-partition: fixed selection of partitions on exact match
When a search is on the root of a partition on the global catalog,
don't search partitions above that one.
2010-01-08 13:03:06 +11:00
Andrew Tridgell
59f314d321 s4-scripting: we need to use a base search for the NTDS GUID
now we have nTDSConnections structures we can get more than 1 reply
2010-01-08 13:03:06 +11:00
Stefan Metzmacher
501dd4a3b5 s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req
metze

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-08 13:03:05 +11:00
Andrew Tridgell
278d2f75ba s4-smbd: setup the default event contexts for other process models 2010-01-08 13:03:05 +11:00
Andrew Tridgell
5803253362 s4-drs: we need to wrap extended operations in transactions 2010-01-08 13:03:05 +11:00
Andrew Tridgell
2d10f3a841 s4-dsdb: poke the RID Manager when completely out of RIDs too 2010-01-08 13:03:05 +11:00
Andrew Tridgell
a65823e33c s4-dsdb: ensure we will in all the attributes for RID Set
We need to go to the top of the module stack so that all the extra
attributes get filled in
2010-01-08 13:03:05 +11:00
Andrew Tridgell
308a4798b8 s4-dsdb: added DSDB_FLAG_TOP_MODULE
This is used when you want the dsdb_module_*() functions to go to the
top of the stack.
2010-01-08 13:03:05 +11:00
Andrew Tridgell
5f36f0352e s4-dsdb: no longer need special invocationID handling for standalone servers
They now work the same way as a DC
2010-01-08 13:03:05 +11:00
Andrew Tridgell
a7fffe8da0 s4-provision: do a self join for all server types
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
2010-01-08 13:03:05 +11:00
Andrew Tridgell
f6cf895951 s4-schema: added generic attributeID conversion functions
When we get one we haven't seen before, we can work out the right type
automatically in most cases.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Andrew Tridgell
f7517e6256 s4-schema: added dsdb_attribute_by_lDAPDisplayName_ldb_val
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Andrew Tridgell
cd65ce8a18 s4-schema: make ldb_val to string comparison safer with nul termination
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
3352e5d7ba s4/dsdb_schema: Load msDS-IntId value separately when loading from LDB
This way we have consistent behavior when loading from DRSUAPI
and from LDB.
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
25238110df Revert "s4-schema: Set ATTID in schema cache from "msDS-IntId""
This reverts commit 4e8ad284f5.
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
6247a135c6 s4/schema: Do not assign msDS-IntId value if LDB_CONTROL_RELAX_OID is passed
This way msDS-IntId should not be assigned during provisioning,
which is how Windows works
2010-01-08 13:03:04 +11:00
Andrew Tridgell
73838b353a s4-libnet: better error messages in libnet_vampire.c 2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
9871f52bd3 s4/dsdb_schema: use msDS-IntId value for attribute look-up 2010-01-08 13:03:03 +11:00
Kamen Mazdrashki
a44ae10c77 s4/dsdb_schema: fetch msDS-IntId value during SCHEMA replication 2010-01-08 13:03:03 +11:00
Kamen Mazdrashki
a7b3891fb5 s4/dsdb_schema: GET_UINT32_DS() macro to use supplied default value instead of 0 2010-01-08 13:03:03 +11:00
Andrew Tridgell
f7756c87bb s4-partition: don't ignore errors from other modules
if we get an error code from a lower module, we don't want to ignore
it just because something also succeeded
2010-01-08 13:03:03 +11:00
Andrew Tridgell
9672a3d1cc s4-devel: a useful script to setup bin/ and st/ as tmpfs filesystems
this makes building and testing s4 as a developer much faster, if you
have enough memory!
2010-01-08 13:03:03 +11:00
Andrew Tridgell
1f25d0a5ad s4-provision: re-open sam.ldb after creating the schema
This enables the full schema during the rest of the provision, which
means indexing is enabled (along with index error checking, such as
duplicate SIDs)
2010-01-08 13:03:03 +11:00
Andrew Tridgell
42f0bdae69 s4-provision: RID 1000 is consumed by the machine account 2010-01-08 13:03:03 +11:00
Andrew Tridgell
fdf12a607d s4-ldb: improve error handling in indexing code
When we get an indexing failure we want a clear error message
2010-01-08 13:03:03 +11:00
Andrew Tridgell
c4fa4d1162 s4-dsdb: improve error messages in schema and pdc_fsmo modules
We want to incorporate the error messages from the modules further
down the stack.
2010-01-08 13:03:03 +11:00
Andrew Tridgell
ac5d426062 s4-drs: added some debug messages
It is nice to see when a RID Alloc is successful
2010-01-08 13:03:02 +11:00
Andrew Tridgell
dcbba583d9 s4-event: added s4_event_context_set_default()
we're still not weaned off event_context_find()
2010-01-08 13:03:02 +11:00
Andrew Tridgell
f254091957 s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC
This allocates a RID pool for the client DC when we are the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:02 +11:00
Andrew Tridgell
b1f97b7e60 s4-dsdb: added an extended operation for allocating a new RID pool
This will be called by getncchanges when a client asks for a
DRSUAPI_EXOP_FSMO_RID_ALLOC operation

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:02 +11:00
Andrew Tridgell
2590b7795d s4-repl: implement MSG_DREPL_ALLOCATE_RID
When the repl server gets MSG_DREPL_ALLOCATE_RID it contacts the RID
Manager to ask for another RID pool. We use a callback on completion
of the operation to make sure that we don't have two RID allocation
requests in flight at once

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
cc7967b1c0 s4-repl: allow for callbacks when a repl operation completes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
7a40cacbde s4-dsdb: the dsdb ldb modules now need messagiing
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
dc11414f98 s4-dsdb: send a message to the drepl task when we need another RID pool
We send the message when the current pool is half gone. We don't wait
for a reply.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
805ab0ef15 s4-messaging: added a new msg type MSG_DREPL_ALLOCATE_RID
This will be used to ask the drepl task for a new RID pool

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
19e515aac7 s4-repl: added request for RID allocation in drepl task
The drepl task now checks to see if our rIDAllocationPool is
exhausted, and if it is then we queue a extended operation
DsGetNCChanges call to ask the RID Manager to give us a new allocation
pool.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
8cd2bedee7 s4-dsdb: added dsdb_find_guid_attr_by_dn()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
37340d5a2e s4-ridalloc: copy with missing rIDNextRid and rIDAllocationPool
The attributes rIDNextRid and rIDAllocationPool are not replicated, so
their initial value when we first get a RID Set from the RID Manager
is blank.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
45550f83f0 s4-dsdb: added dsdb_module_set_integer()
This will be used by ridalloc.c

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
c12b9ab2f2 s4-dsdb: clarify who is responsible for each attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
dd8cb3c7ed s4-dsdb: fixed usage of rIDAllocationPool and rIDPreviousAllocationPool
These are very badly named attributes! See the comments in ridalloc.c
for a explanation of what they really seem to mean

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
5136438ad6 s4-dsdb: implement refresh of RID Set pool for a local RID Manager
when we run out of RIDs in our RID Set pool then grab a new one from
the RID Manager object

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
53d10d139e s4-provision: don't hard wire the creation of the RID Set object
We now create it automatically in the samldb module when the first
user is created. 

The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
1053ce529d s4-dsdb: implement creation of the RID Set object
when we are the RID Manager we can create our own RID Set object when
the first user is created
2010-01-08 13:02:59 +11:00
Andrew Tridgell
439ee5aaae s4-dsdb: use dsdb_next_callback()
We can't just use the callers callback directly otherwise the
ldb_module_done() is never called on the parent request, as the child
request is passed to the callback.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
d0bd6e7ea5 s4-dsdb: added dsdb_next_callback()
This should be used when you create a sub request and just want the
parent requests callback to be called when done.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
e6f14ac2c4 s4-dsdb: added dsdb_module_constrainted_update_integer()
This provides a convenient way to update a integer attribute with a
constrained delete/add

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
f24011059b s4-dsdb: added dsdb_module_reference_dn()
This adds a module callable version of samdb_reference_dn(), which
finds a DN via a reference link

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
f137f93e09 s4-dsdb: added dsdb_module_add()
added a ldb add function for modules

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
fcfb5d7b63 s4-provision: allow provision modifies to add records
we need to recognise a changetype of 'add'
2010-01-08 13:02:59 +11:00
Andrew Tridgell
226460d543 s4-dsdb: move the RID allocation logic into ridalloc.c
This will end up having the RID Manager logic as well, so all the RID
pool allocation logic is in one spot

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
7f90a05c66 s4-samldb: use RID Set to allocate user/group RIDs
This is the first step towards DRS-friendly RID allocation. We now get
the next rid from the RID Set object

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
5eb3b919c5 s4-provision: the DC object itself needs a fixed objectSID
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
2bad107aa1 s4-dsdb: added samdb_rid_set_dn()
This returns the DN of our RID Set object

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
a1362492ab s4-provision: added an initial RID Set
We will allocate RIDs from this set

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
bd6d0e9379 s4-ldb: added nice ldif display of 64 bit ranges for RIDs 2010-01-08 13:02:58 +11:00
Andrew Tridgell
fbc3a0fe62 s4-dsdb: added samdb_reference_dn()
This returns a 'reference' DN, which is a link to a DN, from the
specified object. It is then used by samdb_server_reference_dn() which
returns the serverReference DN, and samdb_rid_manager_dn() which
returns the rIDManagerReference DN.
2010-01-08 13:02:58 +11:00
Jelmer Vernooij
c915bd8718 linked_attributes: Fix missing dependency on util. 2010-01-08 01:31:21 +01:00
Tim Prouty
57be1d07af s4 torture: Add RAW-OPEN-NTCREATEDIR to test error checking for open directories as files 2010-01-07 15:32:27 -08:00
Steven Danneman
71a40d7e2c s4/torture: fix small bug in lock test
Cleanup path should unlock, not cancel existing locked range.
2010-01-06 18:48:10 -08:00
Steven Danneman
655bdb19bd s4/torture: add more lock cancellation tests
* Test the SMB1 behavior when multiple lock ranges are requested, pend,
  and then are cancelled.  The entire LockingAndX request fails.
2010-01-06 18:48:10 -08:00
Günther Deschner
3dbe8603d9 s4-smbtorture: add test_ChangeID to RPC-SPOOLSS.
This tests ChangeID consistency between spoolss_GetPrinterData,
spoolss_GetPrinterDataEx and spoolss_GetPrinter (level 0).

Guenther
2010-01-06 22:09:37 +01:00
Günther Deschner
7568f49134 s4-smbtorture: add test_SetPrinter to RPC-SPOOLSS.
Guenther
2010-01-06 22:09:36 +01:00
Günther Deschner
0457cf915b s4-smbtorture: refactor test_GetPrinter in RPC-SPOOLSS.
Guenther
2010-01-06 22:09:36 +01:00
Kamen Mazdrashki
a2044b9a61 s4: Fix result check for getaddrinfo()
I think this completes commit 50feca550e.
Now result should be handled correctly both for systems that
support EAI_NODATA but returns EAI_NONAME (as my Ubuntu 9.x)
and systems that doesn't support EAI_NODATA at all.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-06 14:26:32 +01:00
Matthias Dieter Wallnöfer
a08a0ffd37 s4:SAMLDB LDB module - Fix trailing whitespaces 2010-01-05 20:55:47 +01:00
Matthias Dieter Wallnöfer
77ce33c419 s4:SAMLDB LDB module - Rework to allow checks for wrong "defaultObjectCategory" attributes
This allows a stricter check for "defaultObjectCategory" attributes which is
performed when the "relax" control isn't specified.
Additional note: As the added comment points out this isn't complete.
And I personally think that moving this at some point to the "objectclass"
module is a better idea to make this fully work (since there we have direct
access to the schema). If someone has a good idea how to do this please inform
me.

Anyway, the SAMLDB module does require some restructure since at the moment it's
very overloaded and therefore a bit a mess. In the meantime I started to work
on a new approach to realise it in a better way.
2010-01-05 20:55:47 +01:00
Matthias Dieter Wallnöfer
c051008540 s4:schema_load.c - Typo 2010-01-05 20:55:46 +01:00
Matthias Dieter Wallnöfer
bbf9885013 s4:ldap_schema.py - add an additional check for validity of "defaultObjectCategory" 2010-01-05 20:55:45 +01:00
Matthias Dieter Wallnöfer
d8ca002a8c s4:ldap_schema.py - Move generated attributes check
Make more clear that they're created before the "schemaUpdateNow".
2010-01-05 20:55:32 +01:00
Jeremy Allison
2a66db8f93 Fix the merged build. Probably not strictly correct but allows us to "make test".
Jeremy.
2010-01-04 13:27:48 -08:00
Stefan Metzmacher
f04e10f4c0 s4:dsdb/repl: convert dreplsrv_out_drsuapi_send/recv to tevent_req
metze
2010-01-04 09:36:25 +01:00
Stefan Metzmacher
a06e5cdb99 s4: Happy New Year 2010
metze
2010-01-04 08:42:49 +01:00
Andrew Tridgell
504754856e s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
w2k8-r2 gives a "schema mismatch" error if the revision is not set to
REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.

Nadya, please check this!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 17:28:36 +11:00