1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

21195 Commits

Author SHA1 Message Date
Andrew Tridgell
a56ede9027 s4-ldb: cope with bad ptr alignment in ldb_index.c
We can't assume that a rec_ptr will come back from a tdb traverse with
alignment sufficient for a pointer.
2010-01-16 09:34:27 +11:00
Kai Blin
5c016ad88e s4 selftest: Ignore more winbind test known to fail 2010-01-15 02:09:05 +01:00
Günther Deschner
9d881f4cfb s4-smbtorture: add setup_schannel_netlogon_pipe() function.
Guenther
2010-01-15 00:53:16 +01:00
Andreas Schneider
33a4739090 s4-torture: Migrate ntp_signd test to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-14 21:37:48 +01:00
Günther Deschner
d95ad11bc5 s4-smbtorture: add rather simple libsmbclient torture testsuite.
Guenther
2010-01-14 19:48:29 +01:00
Kai Blin
cf38a1f850 s3 test: Fix WINBINDD-STRUCT tests
The struct-based tests are working in make selftest, make them work in plain
"make test" as well.
2010-01-14 15:18:35 +01:00
Kai Blin
89e6eac290 s3 selftest: Fix LOOKUP_SID test.
WINBINDD_LIST_USERS does not give a domain name if we're a DC and the user is
from our domain.
2010-01-14 15:18:35 +01:00
Kai Blin
e95c04f0f1 s3 selftest: Fix WINBINDD_LIST_GROUPS test
If there's no groups in the database, there are no entries in extra_data. This
caused WINBINDD_LIST_GROUPS test to fail. Use the fact that
WINBINDD_LIST_GROUPS now reports the number of groups in data.num_entries to
identify the "no groups" case.
2010-01-14 15:18:35 +01:00
Kai Blin
a4f21d5dc8 s3 selftest: Allow the enumeration of users and groups
This fixes the WINBINDD_GETPWENT test.
2010-01-14 15:18:34 +01:00
Kai Blin
a6015a858d s3 selftest: Fix the WINBINDD_GETDCNAMEe test.
The WINBINDD_GETDCNAME test expected an NSS_STATUS_SUCCESS return from all
calls. However, this does not apply for BUILTIN and the DC's own domain.
Make the test work again by skipping those two.
2010-01-14 15:18:34 +01:00
Matthias Dieter Wallnöfer
b1d2bb3e51 s4:provision_users.ldif - Add a comment that some objects under "Users" are now located elsewhere
This is needed due to the new RID/SID distribution system
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
face5d3030 s4:provision_users.ldif - Add objects for IIS
Some WSPP locations point out that beginning with Windows Server 2008 they're
also per default present.

Compared against Windows Server 2008
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
9ac39b659f s4:provision_users.ldif - Add additional BUILTIN objects
Compared against Windows Server 2008
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
2a05dd6fcc s4:provision_users.ldif - add the restant part of the objects needing for RODC support
RODC = Read Only Domain Controllers

Compared against Windows Server 2008
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
71357053bb s4:provision_users.ldif - Fix up errors on existing entries
Compared against Windows Server 2008
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
81053e9124 s4:provision_users.ldif - Simple reordering
Sorted according the SID - easier for later enhancements.
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
a0d7f3e344 s4:provision_users.ldif - Remove system objects from the wrong place
Objects like the "Cryptographic Operators", "Event Log Readers" don't belong
here but into the builtin domain.
2010-01-14 10:58:06 +01:00
Matthias Dieter Wallnöfer
40bc48dfa9 s4:SAMR RPC - Fix the criteria for group searches
This should match the MS-SAMR documentation (section 3.1.5.5.1.1)
2010-01-14 10:58:06 +01:00
Andrew Tridgell
74a5719614 s4-torture: switch smbtorture to the generic DRS options 2010-01-14 15:37:59 +11:00
Andrew Tridgell
2008d24e91 s4-drs: switch the DRS server to the generic DRS options flags 2010-01-14 15:37:59 +11:00
Andrew Tridgell
a5d6117065 s4-torture: switch to generic DRS options flags 2010-01-14 15:37:59 +11:00
Andrew Tridgell
88ec10b757 s4-drepl: switch drepl over to using the generic DRS options flags
WSPP uses a single set of flags for all these DRS operations.
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
6f806b7079 s4-drs: Uses dsdb_load_partition_usn() with urgent_uSN in s4 code
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
e30d009965 s4-drs: Store uSNUrgent for Urgent Replication
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:58 +11:00
Stefan Metzmacher
204e4b26ae s4:dsdb: use validate_update module
metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
1f2efef214 s4:dsdb/schema: add dsdb_syntax_OID_validate_ldb()
This is a very heavy weight way of checking this syntax,
but it's very complex and using the existing function
should be ok for now. We can optimize it later.

metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
f0fed6cadd s4:dsdb/schema: add dsdb_syntax_DN_STRING_validate_ldb()
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
83baa44c67 s4:dsdb/schema: add dsdb_syntax_DN_BINARY_validate_ldb()
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
39dda462cd s4:dsdb/schema: add dsdb_syntax_DN_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
4fa2bf8184 s4:dsdb/schema: add dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
ba8a930d0e s4:dsdb/schema: add dsdb_syntax_UNICODE_validate_ldb()
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
674e8350b6 s4:dsdb/schema: add dsdb_syntax_DATA_BLOB_validate_ldb()
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
e2b9454d36 s4:dsdb/schema: add dsdb_syntax_NTTIME_validate_ldb()
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
eb261a9fda s4:dsdb/schema: add dsdb_syntax_NTTIME_UTC_validate_ldb()
metze
2010-01-13 16:06:37 +01:00
Stefan Metzmacher
5f13a16295 s4:dsdb/schema: add dsdb_syntax_INT64_validate_ldb()
metze
2010-01-13 16:03:55 +01:00
Stefan Metzmacher
ece3defd15 s4:dsdb/schema: add dsdb_syntax_INT32_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
a0f2a49b8a s4:dsdb/schema: add dsdb_syntax_BOOL_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
bf1f067b0c s4:dsdb: add validate_update module
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
b20707c11a s4:dsdb/schema: add inftrastructure for dsdb_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
61589085c4 s4:dsdb/schema: add dsdb_syntax_DN_STRING_* wrappers
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
24ecd19b30 s4:dsdb/resolve_oids: also resolve oid in search attribute list
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa s4:dsdb/schema_load: add a TODO about schema reloading
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
7d41afece7 s4:ldb/tests: do a "schemaUpdateNow" after creating a new attribute in ldap_schema.py
It seems that windows doesn't need that.

And we should think about a check for reloading the schema
at the start of each "write" operation.

metze
2010-01-13 16:03:52 +01:00
Stefan Metzmacher
92b87eb474 s4:dsdb/repl: reorder dreplsrv_op_notify* functions
This make the whole async dreplsrv_op_notify_send/recv()
readable.

metze
2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240 s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation.
In lsa_BinaryString length and size are byte counts!

TODO: we may need to do byte order conversion in this functions too...

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
ca9bc96b96 s4:ldb_msg: first try to decode integers as signed and then fallback to unsigned
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204 s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int()
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0 s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64()
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
8d4b913ce2 s4:ldb: be more strict in parsing ldb time strings
metze
2010-01-13 14:51:59 +01:00
Andreas Schneider
129c15c083 s4-ntp_signd: Migrate to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-13 14:51:58 +01:00
Nadezhda Ivanova
a4eaa11134 Fixed a problem with incorrect default SD owner/group. 2010-01-13 15:16:38 +02:00
Zahari Zahariev
5d1aa4c5b7 Comparison tool for LDAP servers (using Ldb)
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).

Added functionality for two sets of credentials.
2010-01-13 12:06:17 +02:00
Simo Sorce
3d184399a5 Strip trailing spaces 2010-01-12 13:50:24 -05:00
Günther Deschner
3b82254903 s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4.
Seems like account lockout is not implemented at all yet.

Guenther
2010-01-12 12:34:55 +01:00
Günther Deschner
13dad38930 s4-smbtorture: fix GetAliasMembership test in RPC-SAMR.
Guenther
2010-01-12 12:12:05 +01:00
Günther Deschner
a744dbcf2b s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test.
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.

Michael, please check. This should help verifiying Bug #4347.

Guenther
2010-01-12 12:09:47 +01:00
Günther Deschner
c9e84ad397 s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests.
Guenther
2010-01-12 12:09:25 +01:00
Simo Sorce
e0e255fb24 Fix comment/debug messages 2010-01-11 11:55:28 -05:00
Andrew Bartlett
c32b0b6b02 Merge remote branch 'origin/master' into alpha11release 2010-01-11 17:10:32 +11:00
Andrew Bartlett
f6b10596ca and we move on towards Samba4 alpha12! 2010-01-11 17:05:06 +11:00
Andrew Bartlett
1a76c80466 This is Samba4 alpha11! 2010-01-11 14:58:11 +11:00
Steven Danneman
5323fe99c3 s4/torture: Parameterize output in LOCK tests based off server support
Two new torture parameters:

* smbexit_pdu_support: if the Server supports the Exit command

* range_not_locked_on_file_close: whether the server returns the
  NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
  pending lock request.  Windows returns this error, though per the
  spec, this error should only be returned to an unlock request.
2010-01-10 16:12:44 -08:00
Andrew Tridgell
73422e7dd8 Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
This reverts commit 5c174c68cc.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
This reverts commit 61dfd3dc1d.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
This reverts commit 9ee895fcf6.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a Revert "s4:provision_users.ldif - Add objects for IIS"
This reverts commit 91e2100287.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
2cedefabc9 s4:upgradeprovision - fix up the script regarding linked attributes
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.

The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.

I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
2010-01-10 22:48:06 +01:00
Matthias Dieter Wallnöfer
e0d6b0977e s4:upgradeprovision - Reformat comments
Make them break at line 80 (better readability).
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
601ea3a442 s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
91e2100287 s4:provision_users.ldif - Add objects for IIS
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6 s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
2010-01-10 10:50:46 +01:00
Andrew Tridgell
a3e089db19 s4-ldb: display security descriptors with correct SDL for known SIDs
This makes it much easier to compare SDs
2010-01-10 13:23:38 +11:00
Andrew Tridgell
d5091a1dd9 s4-dsdb: added samdb_domain_sid_cache_only() 2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d s4-drs: instanceType is always sent, regardless of UDV values 2010-01-09 22:08:36 +11:00
Andrew Tridgell
a894eeab77 s4-debug: lower the verbosity of a couple of common log messages 2010-01-09 21:59:34 +11:00
Andrew Tridgell
93fefefea8 s4-samldb: fixed primaryGroupID when promoting a machine to a DC
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
8a09dc1266 s4-schema: fixed the SDDL for the schema root security descriptor
This was preventing a DCPROMO client from allowing outgoing
replication
2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06 s4-drs: give DN of failed replication partition 2010-01-09 21:59:32 +11:00
Andrew Tridgell
04e82370db s4-drs: base is_nc_prefix on instanceType
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c s4-drs: having no SPNs to change is not an error 2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356 s4-drs: fixed writespn to ignore add/delete errors
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
2010-01-09 18:56:30 +11:00
Andrew Tridgell
8c2d7ae19e s4-dsdb: added samdb_ldb_val_case_cmp() 2010-01-09 18:56:29 +11:00
Andrew Tridgell
acf33e0d58 s4-drs: moved the DsWriteAccountSpn call to its own file 2010-01-09 18:56:29 +11:00
Andrew Tridgell
8ccedc3ac7 s4-libnet: dsdb_wellknown_dn() in vampire code 2010-01-09 18:56:29 +11:00
Andrew Tridgell
1158c13861 s4-drs: need to set the getncchanges extended_ret on success too 2010-01-09 18:56:29 +11:00
Andrew Tridgell
7010fad4ea s4-drs: calculate and send a uptodateness_vector with replication requests
This stops us getting objects changes twice if they came via an
indirect path.
2010-01-09 18:56:29 +11:00
Andrew Tridgell
39730ac302 s4-drs: be less verbose when we filter objects by UDV 2010-01-09 18:56:28 +11:00
Andrew Tridgell
349f7ba09c s4-drs: added filtering by udv in getncchanges
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
2010-01-09 13:11:27 +11:00
Andrew Tridgell
9e6eb22f7f s4-drs: fixed the NC in the getncchanges RID alloc reply
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
2010-01-09 10:15:14 +11:00
Andrew Tridgell
651ddb720a s4-messaging: remove only usage of debug_ctx() 2010-01-09 10:15:13 +11:00
Andrew Tridgell
6a36799d30 s4-messaging: fixed a memory leak in messaging_path()
It is a bit convoluted to fix, as cluster_id_string() may return a
const string.
2010-01-09 10:15:12 +11:00
Andrew Tridgell
196cb6b359 s4-drs: fixed usage of ldb_dn_new() 2010-01-09 10:15:12 +11:00
Andrew Tridgell
39a4e2a38d s4-ldb: validate the type of the ldb argument to ldb_dn_new()
It has been a common bug to get the first two arguments the wrong way
around
2010-01-09 10:15:12 +11:00
Simo Sorce
7eee8e053b Fix comment 2010-01-08 17:01:02 -05:00
Matthias Dieter Wallnöfer
fca0c4de2a s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs 2010-01-08 18:18:21 +01:00
Andreas Schneider
0588f34467 s4-kdc: Migrate tcp connections to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-08 14:38:35 +01:00
Stefan Metzmacher
42c34cdafa s4:kdc: use LIBSAMBA_TSOCKET
metze
2010-01-08 14:36:49 +01:00
Stefan Metzmacher
d97562b382 s4:kdc: the ->process function returns "bool"
metze
2010-01-08 14:36:49 +01:00
Stefan Metzmacher
bbaec01b37 libcli/util: add tstream_read_pdu_blob_send/recv
This will take the some full_request callback function
as the Samba4 packet code.

metze
2010-01-08 14:36:43 +01:00
Andrew Tridgell
8d87c0a0c3 s4-drs: added two more SPNs in addentry
w2k8r2 wants these after a DCPROMO

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:54 +11:00
Andrew Tridgell
ad11deb9bd s4-schema: fixes for W2K8-R2 schema
The schema from WSPP had a number of typos that prevented it from
working. These changes allow it to work with Samba, and allow w2k8r2
to run DCPROMO against Samba successfully

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:54 +11:00
Andrew Tridgell
ebec49965b s4-schema: added msDS-NcType to schema container
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
ce21151d22 s4-schema: fixed attributes of aggregate schema
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
38909a4ae5 s4-schema: switch to W2K8-R2 schema
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
d371b0eabe s4-schema: added adminDisplayName and adminDescription
These are missing from the WSPP schemas

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
c93a182a0d s4-schema: added some debug for bad attributes 2010-01-08 18:24:53 +11:00
Andrew Tridgell
9d296e6776 s4-provision: added W2K8-R2 schema as provided by WSPP 2010-01-08 18:24:52 +11:00
Andrew Tridgell
5ccf8ae373 s4-samba3samtest: we need to force netbios name as well
needed for when run in CLIENT context
2010-01-08 13:03:08 +11:00
Andrew Tridgell
dde2b66341 s4-samba3sid: fixed error returns when res->count != 1 and oom 2010-01-08 13:03:08 +11:00
Andrew Tridgell
9aed099362 s4-samba3samtest: force workgroup so the domain is right
the samba3sid backend looks at lp_sam_name() which is based on the
workgroup
2010-01-08 13:03:07 +11:00
Andrew Tridgell
f68c43e803 s4-samba3sid: the sambaNextRid attribute is actually the previous RID
Not well named .... though same mistake that MS made with rIDNextRid
2010-01-08 13:03:07 +11:00
Andrew Tridgell
d6f92db456 s4-samba3sam: use samba3sid module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
dd61336165 s4-dsdb: added a samba3sid module
This module allocates SIDs using the Samba3 algorithm, for use with
the samba3sam module.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
66f161dee1 s4-acl: fixed acl.py test to use correct ldif
same problem as sec_descriptor.py
2010-01-08 13:03:07 +11:00
Andrew Tridgell
81c0b01585 s4-secdesc: fixed the sec_descriptor.py test
The test was using a "changetype: add" to try and add a member to a
group, where it should use a "changetype: modify" with a "add: member"

Also fixed the recovery when the test fails part way through (delete
the test users at the start as well as the end)

Nadya, please check!
2010-01-08 13:03:07 +11:00
Andrew Tridgell
43a815c67a s4-samba3samtest: use system credentials for creating users 2010-01-08 13:03:07 +11:00
Andrew Tridgell
8b8bb15a54 s4-dsdb: fixed const misuse in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
baa8793a94 s4-dsdb: use dsdb_module_am_system() in acl module 2010-01-08 13:03:06 +11:00
Andrew Tridgell
595fad2b34 s4-dsdb: allow specification of a SID if we are system
needed for samba3sam test
2010-01-08 13:03:06 +11:00
Andrew Tridgell
f118f54ee7 s4-dsdb: added dsdb_module_am_system()
better than each module inventing their own
2010-01-08 13:03:06 +11:00
Andrew Tridgell
d22a9e5d3b s4-dsdb: squash some unknown structure warnings 2010-01-08 13:03:06 +11:00
Andrew Tridgell
5d6032eb4b s4-partition: fixed selection of partitions on exact match
When a search is on the root of a partition on the global catalog,
don't search partitions above that one.
2010-01-08 13:03:06 +11:00
Andrew Tridgell
59f314d321 s4-scripting: we need to use a base search for the NTDS GUID
now we have nTDSConnections structures we can get more than 1 reply
2010-01-08 13:03:06 +11:00
Stefan Metzmacher
501dd4a3b5 s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req
metze

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-08 13:03:05 +11:00
Andrew Tridgell
278d2f75ba s4-smbd: setup the default event contexts for other process models 2010-01-08 13:03:05 +11:00
Andrew Tridgell
5803253362 s4-drs: we need to wrap extended operations in transactions 2010-01-08 13:03:05 +11:00
Andrew Tridgell
2d10f3a841 s4-dsdb: poke the RID Manager when completely out of RIDs too 2010-01-08 13:03:05 +11:00
Andrew Tridgell
a65823e33c s4-dsdb: ensure we will in all the attributes for RID Set
We need to go to the top of the module stack so that all the extra
attributes get filled in
2010-01-08 13:03:05 +11:00
Andrew Tridgell
308a4798b8 s4-dsdb: added DSDB_FLAG_TOP_MODULE
This is used when you want the dsdb_module_*() functions to go to the
top of the stack.
2010-01-08 13:03:05 +11:00
Andrew Tridgell
5f36f0352e s4-dsdb: no longer need special invocationID handling for standalone servers
They now work the same way as a DC
2010-01-08 13:03:05 +11:00
Andrew Tridgell
a7fffe8da0 s4-provision: do a self join for all server types
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
2010-01-08 13:03:05 +11:00
Andrew Tridgell
f6cf895951 s4-schema: added generic attributeID conversion functions
When we get one we haven't seen before, we can work out the right type
automatically in most cases.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Andrew Tridgell
f7517e6256 s4-schema: added dsdb_attribute_by_lDAPDisplayName_ldb_val
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Andrew Tridgell
cd65ce8a18 s4-schema: make ldb_val to string comparison safer with nul termination
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
3352e5d7ba s4/dsdb_schema: Load msDS-IntId value separately when loading from LDB
This way we have consistent behavior when loading from DRSUAPI
and from LDB.
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
25238110df Revert "s4-schema: Set ATTID in schema cache from "msDS-IntId""
This reverts commit 4e8ad284f5.
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
6247a135c6 s4/schema: Do not assign msDS-IntId value if LDB_CONTROL_RELAX_OID is passed
This way msDS-IntId should not be assigned during provisioning,
which is how Windows works
2010-01-08 13:03:04 +11:00
Andrew Tridgell
73838b353a s4-libnet: better error messages in libnet_vampire.c 2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
9871f52bd3 s4/dsdb_schema: use msDS-IntId value for attribute look-up 2010-01-08 13:03:03 +11:00
Kamen Mazdrashki
a44ae10c77 s4/dsdb_schema: fetch msDS-IntId value during SCHEMA replication 2010-01-08 13:03:03 +11:00
Kamen Mazdrashki
a7b3891fb5 s4/dsdb_schema: GET_UINT32_DS() macro to use supplied default value instead of 0 2010-01-08 13:03:03 +11:00
Andrew Tridgell
f7756c87bb s4-partition: don't ignore errors from other modules
if we get an error code from a lower module, we don't want to ignore
it just because something also succeeded
2010-01-08 13:03:03 +11:00
Andrew Tridgell
9672a3d1cc s4-devel: a useful script to setup bin/ and st/ as tmpfs filesystems
this makes building and testing s4 as a developer much faster, if you
have enough memory!
2010-01-08 13:03:03 +11:00
Andrew Tridgell
1f25d0a5ad s4-provision: re-open sam.ldb after creating the schema
This enables the full schema during the rest of the provision, which
means indexing is enabled (along with index error checking, such as
duplicate SIDs)
2010-01-08 13:03:03 +11:00
Andrew Tridgell
42f0bdae69 s4-provision: RID 1000 is consumed by the machine account 2010-01-08 13:03:03 +11:00
Andrew Tridgell
fdf12a607d s4-ldb: improve error handling in indexing code
When we get an indexing failure we want a clear error message
2010-01-08 13:03:03 +11:00
Andrew Tridgell
c4fa4d1162 s4-dsdb: improve error messages in schema and pdc_fsmo modules
We want to incorporate the error messages from the modules further
down the stack.
2010-01-08 13:03:03 +11:00
Andrew Tridgell
ac5d426062 s4-drs: added some debug messages
It is nice to see when a RID Alloc is successful
2010-01-08 13:03:02 +11:00
Andrew Tridgell
dcbba583d9 s4-event: added s4_event_context_set_default()
we're still not weaned off event_context_find()
2010-01-08 13:03:02 +11:00
Andrew Tridgell
f254091957 s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC
This allocates a RID pool for the client DC when we are the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:02 +11:00
Andrew Tridgell
b1f97b7e60 s4-dsdb: added an extended operation for allocating a new RID pool
This will be called by getncchanges when a client asks for a
DRSUAPI_EXOP_FSMO_RID_ALLOC operation

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:02 +11:00
Andrew Tridgell
2590b7795d s4-repl: implement MSG_DREPL_ALLOCATE_RID
When the repl server gets MSG_DREPL_ALLOCATE_RID it contacts the RID
Manager to ask for another RID pool. We use a callback on completion
of the operation to make sure that we don't have two RID allocation
requests in flight at once

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
cc7967b1c0 s4-repl: allow for callbacks when a repl operation completes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
7a40cacbde s4-dsdb: the dsdb ldb modules now need messagiing
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
dc11414f98 s4-dsdb: send a message to the drepl task when we need another RID pool
We send the message when the current pool is half gone. We don't wait
for a reply.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
805ab0ef15 s4-messaging: added a new msg type MSG_DREPL_ALLOCATE_RID
This will be used to ask the drepl task for a new RID pool

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
19e515aac7 s4-repl: added request for RID allocation in drepl task
The drepl task now checks to see if our rIDAllocationPool is
exhausted, and if it is then we queue a extended operation
DsGetNCChanges call to ask the RID Manager to give us a new allocation
pool.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
8cd2bedee7 s4-dsdb: added dsdb_find_guid_attr_by_dn()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
37340d5a2e s4-ridalloc: copy with missing rIDNextRid and rIDAllocationPool
The attributes rIDNextRid and rIDAllocationPool are not replicated, so
their initial value when we first get a RID Set from the RID Manager
is blank.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
45550f83f0 s4-dsdb: added dsdb_module_set_integer()
This will be used by ridalloc.c

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
c12b9ab2f2 s4-dsdb: clarify who is responsible for each attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
dd8cb3c7ed s4-dsdb: fixed usage of rIDAllocationPool and rIDPreviousAllocationPool
These are very badly named attributes! See the comments in ridalloc.c
for a explanation of what they really seem to mean

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
5136438ad6 s4-dsdb: implement refresh of RID Set pool for a local RID Manager
when we run out of RIDs in our RID Set pool then grab a new one from
the RID Manager object

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
53d10d139e s4-provision: don't hard wire the creation of the RID Set object
We now create it automatically in the samldb module when the first
user is created. 

The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
1053ce529d s4-dsdb: implement creation of the RID Set object
when we are the RID Manager we can create our own RID Set object when
the first user is created
2010-01-08 13:02:59 +11:00
Andrew Tridgell
439ee5aaae s4-dsdb: use dsdb_next_callback()
We can't just use the callers callback directly otherwise the
ldb_module_done() is never called on the parent request, as the child
request is passed to the callback.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
d0bd6e7ea5 s4-dsdb: added dsdb_next_callback()
This should be used when you create a sub request and just want the
parent requests callback to be called when done.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
e6f14ac2c4 s4-dsdb: added dsdb_module_constrainted_update_integer()
This provides a convenient way to update a integer attribute with a
constrained delete/add

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
f24011059b s4-dsdb: added dsdb_module_reference_dn()
This adds a module callable version of samdb_reference_dn(), which
finds a DN via a reference link

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
f137f93e09 s4-dsdb: added dsdb_module_add()
added a ldb add function for modules

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
fcfb5d7b63 s4-provision: allow provision modifies to add records
we need to recognise a changetype of 'add'
2010-01-08 13:02:59 +11:00
Andrew Tridgell
226460d543 s4-dsdb: move the RID allocation logic into ridalloc.c
This will end up having the RID Manager logic as well, so all the RID
pool allocation logic is in one spot

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
7f90a05c66 s4-samldb: use RID Set to allocate user/group RIDs
This is the first step towards DRS-friendly RID allocation. We now get
the next rid from the RID Set object

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
5eb3b919c5 s4-provision: the DC object itself needs a fixed objectSID
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
2bad107aa1 s4-dsdb: added samdb_rid_set_dn()
This returns the DN of our RID Set object

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
a1362492ab s4-provision: added an initial RID Set
We will allocate RIDs from this set

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
bd6d0e9379 s4-ldb: added nice ldif display of 64 bit ranges for RIDs 2010-01-08 13:02:58 +11:00
Andrew Tridgell
fbc3a0fe62 s4-dsdb: added samdb_reference_dn()
This returns a 'reference' DN, which is a link to a DN, from the
specified object. It is then used by samdb_server_reference_dn() which
returns the serverReference DN, and samdb_rid_manager_dn() which
returns the rIDManagerReference DN.
2010-01-08 13:02:58 +11:00
Jelmer Vernooij
c915bd8718 linked_attributes: Fix missing dependency on util. 2010-01-08 01:31:21 +01:00
Tim Prouty
57be1d07af s4 torture: Add RAW-OPEN-NTCREATEDIR to test error checking for open directories as files 2010-01-07 15:32:27 -08:00
Steven Danneman
71a40d7e2c s4/torture: fix small bug in lock test
Cleanup path should unlock, not cancel existing locked range.
2010-01-06 18:48:10 -08:00
Steven Danneman
655bdb19bd s4/torture: add more lock cancellation tests
* Test the SMB1 behavior when multiple lock ranges are requested, pend,
  and then are cancelled.  The entire LockingAndX request fails.
2010-01-06 18:48:10 -08:00
Günther Deschner
3dbe8603d9 s4-smbtorture: add test_ChangeID to RPC-SPOOLSS.
This tests ChangeID consistency between spoolss_GetPrinterData,
spoolss_GetPrinterDataEx and spoolss_GetPrinter (level 0).

Guenther
2010-01-06 22:09:37 +01:00
Günther Deschner
7568f49134 s4-smbtorture: add test_SetPrinter to RPC-SPOOLSS.
Guenther
2010-01-06 22:09:36 +01:00
Günther Deschner
0457cf915b s4-smbtorture: refactor test_GetPrinter in RPC-SPOOLSS.
Guenther
2010-01-06 22:09:36 +01:00
Kamen Mazdrashki
a2044b9a61 s4: Fix result check for getaddrinfo()
I think this completes commit 50feca550e.
Now result should be handled correctly both for systems that
support EAI_NODATA but returns EAI_NONAME (as my Ubuntu 9.x)
and systems that doesn't support EAI_NODATA at all.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-06 14:26:32 +01:00
Matthias Dieter Wallnöfer
a08a0ffd37 s4:SAMLDB LDB module - Fix trailing whitespaces 2010-01-05 20:55:47 +01:00
Matthias Dieter Wallnöfer
77ce33c419 s4:SAMLDB LDB module - Rework to allow checks for wrong "defaultObjectCategory" attributes
This allows a stricter check for "defaultObjectCategory" attributes which is
performed when the "relax" control isn't specified.
Additional note: As the added comment points out this isn't complete.
And I personally think that moving this at some point to the "objectclass"
module is a better idea to make this fully work (since there we have direct
access to the schema). If someone has a good idea how to do this please inform
me.

Anyway, the SAMLDB module does require some restructure since at the moment it's
very overloaded and therefore a bit a mess. In the meantime I started to work
on a new approach to realise it in a better way.
2010-01-05 20:55:47 +01:00
Matthias Dieter Wallnöfer
c051008540 s4:schema_load.c - Typo 2010-01-05 20:55:46 +01:00
Matthias Dieter Wallnöfer
bbf9885013 s4:ldap_schema.py - add an additional check for validity of "defaultObjectCategory" 2010-01-05 20:55:45 +01:00
Matthias Dieter Wallnöfer
d8ca002a8c s4:ldap_schema.py - Move generated attributes check
Make more clear that they're created before the "schemaUpdateNow".
2010-01-05 20:55:32 +01:00
Jeremy Allison
2a66db8f93 Fix the merged build. Probably not strictly correct but allows us to "make test".
Jeremy.
2010-01-04 13:27:48 -08:00
Stefan Metzmacher
f04e10f4c0 s4:dsdb/repl: convert dreplsrv_out_drsuapi_send/recv to tevent_req
metze
2010-01-04 09:36:25 +01:00
Stefan Metzmacher
a06e5cdb99 s4: Happy New Year 2010
metze
2010-01-04 08:42:49 +01:00
Andrew Tridgell
504754856e s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
w2k8-r2 gives a "schema mismatch" error if the revision is not set to
REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.

Nadya, please check this!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 17:28:36 +11:00
Andrew Tridgell
e809b721e9 s4-drs: don't give an error on repsTo delete if add is also specified
w2k8-r2 in dcpromo asks for a delete+add during its initial join.
2010-01-02 17:28:35 +11:00
Andrew Tridgell
0bc902ac84 s4-sddl: DRS replication needs REVISION_ADS for SDs
DRS replication with w2k8-r2 fails with a schema mismatch error if we
set the revision to NT4
2010-01-02 17:28:35 +11:00
Jelmer Vernooij
a214ebc3d6 ldb: Fix the standalone ldb build. 2010-01-02 02:40:30 +01:00
Andrew Tridgell
00b39c70f5 s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs
This allows for more flags in the future
2010-01-02 08:16:57 +11:00
Andrew Tridgell
cced567364 s4-kcc: added a preiodic task to remove deleted objects
we check for deleted objects in each partition every 10 minutes, using
onelevel searches
2010-01-02 08:16:56 +11:00
Andrew Tridgell
08bad38035 s4-dsdb: fixed several memory leaks
need to be careful with those temporary contexts
2010-01-02 08:16:56 +11:00
Andrew Tridgell
031460b8a2 s4-dsdb: fixed samdb_create_foreign_security_principal() to use the wellknown GUID
This also fixes a memory leak
2010-01-02 08:16:56 +11:00
Andrew Tridgell
335af02218 s4-ldb: fixed valgrind error: ares can be freed by callback 2010-01-02 08:16:56 +11:00
Andrew Tridgell
8eaed073a7 s4-dsdb: make sure 'whenChanged' is set on modify
We also should preserve (and then replace) whenChanged on delete
2010-01-02 08:16:56 +11:00
Andrew Tridgell
9819d280d6 s4-dsdb: added dsdb_tombstone_lifetime() 2010-01-02 08:16:56 +11:00
Andrew Tridgell
23eb9f49a7 s4-dsdb: allow system to remove deleted objects
This will be used by a periodic job to remove tombstoned objects
2010-01-02 08:16:56 +11:00
Andrew Tridgell
1c5a268f34 s4-ldaptest: need to use MessageElement for modify messages
Without MessageElement() the flags are not set, which is invalid
2010-01-02 08:16:56 +11:00
Andrew Tridgell
e410a91ff4 s4-ldb: show an error string, as well as error message
This makes it easier to track down error mismatches from the test
suite
2010-01-02 08:16:56 +11:00
Andrew Tridgell
4eecfc80bc s4-drs: make sure the DNs we put in the db have a extended GUID 2010-01-02 08:16:56 +11:00
Andrew Tridgell
6628588dfb s4-dsdb: added dsdb_set_extended_dn_guid() 2010-01-02 08:16:55 +11:00
Andrew Tridgell
98d94cca6f s4-ldbtest: fixed message element in modify
a flags value of zero is not valid
2010-01-02 08:16:55 +11:00
Andrew Tridgell
81e8a18181 s4-ldb: allow modules to override error return values
The samldb module overrides the error code for some returns when
handling primaryGroupID. We need to take the error from the async
callback to allow this to work reliably
2010-01-02 08:16:55 +11:00
Andrew Tridgell
302dcd0226 s4-ldbmodify: show the error code as well as error string 2010-01-02 08:16:55 +11:00
Andrew Tridgell
1ab5020ef2 s4-ldb: declate ldb_val_to_time() 2010-01-02 08:16:55 +11:00
Andrew Tridgell
53e86ac5b2 s4-ldb: use safe length limited conversions for int64 and time 2010-01-02 08:16:55 +11:00
Andrew Tridgell
708ad42b0b s4-dsdb: use safe length limiting in string->integer conversion
The ldap.py test suite could trigger a read past the end of the struct
ldb_val buffer
2010-01-02 08:16:55 +11:00
Andrew Tridgell
c3061794ef s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time() 2010-01-02 08:16:55 +11:00
Andrew Tridgell
baae6ef9d2 s4-ldb: added ldb_val_to_time()
This is intended as a replacement for ldb_string_to_time() for ldb_val
inputs. This ensures it is length limited and includes additional
validity checks
2010-01-02 08:16:55 +11:00
Andrew Tridgell
e3cf818c27 s4-drs: sort linked attributes
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
2010-01-02 08:16:55 +11:00
Andrew Tridgell
d48237d547 s4-drs: re-resolve the DN in linked attribute processing
w2k8-r2 sometimes sends the DN with an old target
2010-01-02 08:16:54 +11:00
Andrew Tridgell
5dd6e089f1 s4-drs: use dsdb_module_rename()
Use the new dsdb_module_rename() for DRS rename handling, instead of
ldb_rename(). This stops us going to the top of the module stack on a
rename.
2010-01-02 08:16:54 +11:00
Andrew Tridgell
38160deac4 s4-drs: use dsdb linked attribute parse functions
This makes the code considerably more readable
2010-01-02 08:16:54 +11:00
Andrew Tridgell
5e52c7149f s4-dsdb: added parse functions for DRS linked attribute blobs 2010-01-02 08:16:54 +11:00
Andrew Tridgell
a81dd03917 s4-drs: set flag to indicate that we do support linked attributes 2010-01-02 08:16:54 +11:00
Andrew Tridgell
36f8ece9de s4-ldb: show the error code as well as errstr
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:54 +11:00
Andrew Tridgell
db3f0e8ec1 s4-dsdb: fixed valgrind error in replmd modify
We are using the values from a search result, so we need to steal them
onto the msg before we free the search results

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:54 +11:00
Andrew Tridgell
9f053d43de s4-drs: don't try to remove backlinks directly
backlinks need to be removed as a side effect of removing the forward
link

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
0bf7f95273 s4-drs: isRecycled only exists in FL W2K8-R2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
530503290d s4-drs: use DSDB_FLAG_OWN_MODULE
We need DRS driven replication changes to update replPropertyMetaData,
so it needs to call into the repl_meta_data module logic

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
9572535940 s4-drs: update comment to refect only forward link in this fn
This function only update forward links

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
5b31cb20dd s4-drs: fixed typo for uSNCreated
This broke DRS replication from samba to windows

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
7a39340c8e s4-drs: use dsdb_module_guid_by_dn()
We should not be going to the top of the module stack
2010-01-02 08:16:53 +11:00
Andrew Tridgell
e3054ce0fe s4-drs: cope better with NULL GUIDS from DRS
It is valid to get a NULL GUID over DRS for a deleted forward link. We
need to match by DN if possible when seeing if we should update an
existing link.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
2e114484e5 s4-drs: give an error message in repl_meta_data if we don't get a partition control 2010-01-02 08:16:53 +11:00
Andrew Tridgell
0d5d7f5847 s4-drs: treat a zero GUID as not present in replmd_add_fix_la
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
0c2afdd5a9 s4-drs: update highwatermark after successfully encoding the object 2010-01-02 08:16:52 +11:00
Andrew Tridgell
ff6dd4a67f s4-drs: send all linked attributes at the end of a replication cycle
This ensures that a link is not seen before the object it points to
2010-01-02 08:16:52 +11:00
Andrew Tridgell
5bf257fa9b s4-drs: use the extended linearized form for DRS replication
We were sending zero GUIDs. Not good!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
7653f56bd4 s4-drs: implemented sorting functions based on replication flags
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
2010-01-02 08:16:52 +11:00
Andrew Tridgell
701148bbe9 s4-drs: we are doing the sorting for getncchanges in the app code now
the sorting is quite delicate, and easier to get right in the
getncchanges code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
cb00e443a3 s4-drs: give a reason when an AddEntry commit fails
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
9f02898080 s4-schema: don't fill in the extended DN with a zero GUID
sometimes windows sends us a zero GUID in a DRS DN.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
d4853fed00 sd-schema: order DRS classes on the wire in reverse order
windows sends objectclasses in DRS in the opposite order to what LDAP
uses
2010-01-02 08:16:52 +11:00
Andrew Tridgell
ca5c3a0a02 s4-dsdb: added DSDB_FLAG_OWN_MODULE
This allows you to call dsdb_module_*() functions while including the
current module in the module stack to be used

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
e1ffcfc783 s4-ldb: added ldb_module_get_ops()
This is needed to support DSDB_FLAG_OWN_MODULE

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:51 +11:00
Andrew Tridgell
dd33a22f1d s4-dsdb: use a common method for finding a link pair
Use ^1 everywhere, to ensure it works for both forward and backward
links
2010-01-02 08:16:51 +11:00
Andrew Tridgell
340d7e807b s4-drs: fixed the UDV return in getncchanges
We should overwrite an existing entry if found
2010-01-02 08:16:51 +11:00
Andrew Tridgell
bcc952d19d s4-drs: some useful debugging options for getncchanges
Added two debugging parametric options

  drs:max object sync = 
  drs:extra filter =
2010-01-02 08:16:51 +11:00
Andrew Tridgell
bf8ccd21f1 s4-dsdb: fill in the correct version number of links that come over DRS 2010-01-02 08:16:51 +11:00
Andrew Tridgell
5dcb903f26 s4-dsdb: move checking for single valued links to samba modules
This uses the RELAX control and checking of single valued attributes
in ldb modules to avoid problems with multi-valued links where all
values but one are deleted
2010-01-02 08:16:51 +11:00
Andrew Tridgell
3c1259f10e s4-dsdb: added dsdb_check_single_valued_link()
This is used in conjunction with the RELAX control, to check for
violations of single value rules for linked attributes
2010-01-02 08:16:51 +11:00
Andrew Tridgell
225bcfa4e6 s4-drs: handle mixtures of old and new style links in getncchanges
We need to send non-upgraded links using the old format
2010-01-02 08:16:51 +11:00
Andrew Tridgell
64802c5e27 s4-dsdb: added dsdb_dn_is_upgraded_link_val()
This is used to detect if a link has been stored in the w2k3 extended
format
2010-01-02 08:16:51 +11:00
Andrew Tridgell
b34db0840d s4-ldb: use the RELAX control to disable single value checking on replace
When using w2k3 linked attributes we are allowed to have multiple
values on a single valued attribute. This happens when the other
values are deleted.

Setting the RELAX control tell the ldb-tdb backend to not check for
this on replace, which means the caller has to check for single valued
violations.
2010-01-02 08:16:51 +11:00
Andrew Tridgell
26ec526d02 s4-dsdb: auto-upgrade w2k formatted linked attributes when modified
When any value of a w2k formatted linked attribute is modified,
upgrade the links.
2010-01-02 08:16:50 +11:00
Andrew Tridgell
fde3f64373 s4-drs: added linked attribute replication to getncchanges 2010-01-02 08:16:50 +11:00
Andrew Tridgell
beba977213 s4-dsdb: ask for REVEAL_INTERNALS in getncchanges
We need this for the linked attribute meta data
2010-01-02 08:16:50 +11:00
Andrew Tridgell
809bcfca3d s4-dsdb: minor cleanup in DRS replicated objects code 2010-01-02 08:16:50 +11:00
Andrew Tridgell
4dbcab45f2 s4-dsdb: store full meta data from DRS for linked attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
312ef9df3c s4-dsdb: add REVEAL_INTERNALS in the search for linked_attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
b1db66a501 s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
f1b6484232 s4-dsdb: split RMD_USN into RMD_LOCAL_USN and RMD_ORIGINATING_USN
We need a separate RMD_LOCAL_USN to allow us to tell what attributes
need to be sent in a getncchanges request. Thanks to Metze for
pointing this out.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
e4a6f5c8b8 s4-dsdb: handle links with no backlinks in replmd_delete 2010-01-02 08:16:50 +11:00
Andrew Tridgell
5eefff915e s4-dsdb: simplify the linked_attributes module
The linked_attributes module only has to deal with renames now, as
other linked attribute updates happen in repl_meta_data. This allows
it to be much simpler.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
e9699e9cb9 s4-dsdb: do the rename after the modify in replmd_delete
This makes updating the links a bit easier
2010-01-02 08:16:49 +11:00
Andrew Tridgell
2b5cd3dba2 s4-dsdb: some backlinks can be processed immediately
backlinks in add and delete operations can be processed immediately,
rather than at the end of a transaction. This can save on backlink
list processing time.
2010-01-02 08:16:49 +11:00
Andrew Tridgell
3fe9244796 s4-dsdb: remove linked_attributes_add
This is now handled in the repl_meta_data module
2010-01-02 08:16:49 +11:00
Andrew Tridgell
9e96ae8ddc s4-dsdb: add linked attributes meta_data handling to replmd_add
This also handles the backlink creation that was previously in the
linked_attributes module

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
348bcfc8ff s4-dsdb: added replmd_delete, based on Eduardos work
This implements repmld_delete(), which handles the meta_data updates
for an object when deleting. A delete gets mapped to a combination
of a rename followed by a modify request, which has the effect of
moving the object into the Deleted Objects container.

This is based on the code from Eduardo Lima
<eduardoll@gmail.com>. Eduardo's code was modified to take account of
the linked attributes changes that Andrew and I have been working on.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
5964acfa74 s4-dsdb: the linked_attributes module no longer handles deletes
delete handling is now moved into repl_meta_data

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
bd5678f4be s4-dsdb: repl_meta_data now replaces objectguid in all cases
We don't want to be debugging two different code paths through the ldb
module stack, so better to always do the work of repl_meta_data, even
for a standalone server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
3199e02884 s4-dsdb: add a comment on the use of ldb_rename()
We need to use ldb_rename() and not dsdb_module_rename() here as we
need the rename to be processed by the current module
2010-01-02 08:16:48 +11:00
Andrew Tridgell
c071af337a s4-dsdb: linked_attributes_modify no longer handles modifies
This functionality has moved into repl_meta_data
2010-01-02 08:16:48 +11:00
Andrew Tridgell
3b056061ff s4-dsdb: added support for backlinks in repl_meta_data
backlinks need more careful handling now that we store the additional
meta data for deleted links. It is easier to handle this in
repl_meta_data than in linked_attributes.

Eventually linked_attributes will disappear, with the functionality
moved into repl_meta_data.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Andrew Tridgell
dee6b6fb3d s4-dsdb: implemeneted replmd_modify_la_replace()
We now have the core code for handling storage of linked attribute
meta-data with local modifies

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Andrew Tridgell
d5020e3d91 s4-dsdb: add a TODO item for linked attributes in extended_dn_out
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Andrew Tridgell
41c3c979ff s4-dsdb: add support for storing linked attribute meta data in extended DNs
When in functional levels above w2k, we need to store much richer meta
data about linkked attributes. We also need to keep deleted linked
attributes around to allow the deletion to be propogated to other DCs.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Jelmer Vernooij
9085499bbb heimdal_build: Explicitly specify 'YES' when enabling external
libraries.
2010-01-01 18:32:37 +01:00
Jelmer Vernooij
0c29640358 s4/build: Indicate whether Samba4 is being built against the system
Heimdal.
2010-01-01 18:31:44 +01:00
Andrew Tridgell
de94857848 s4-net: fixed finddcs to use empty SID instead of NULL sid (NDR error) 2009-12-31 17:33:53 +11:00
Andrew Tridgell
3239872bbc s4-net: fixed pwsettings command
Don't override user settings with current settings
2009-12-31 17:33:33 +11:00
Jelmer Vernooij
dbd7a62baa py/security: Add test for dom_sid.split.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:33 +11:00
Jelmer Vernooij
66f81d18ce samba: Fix whitespace, remove pointless 'pass' statement.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:31 +11:00
Jelmer Vernooij
ea5af6e30c pyldb: Add dom_sid.split in favor of less powerful dom_sid_to_rid().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:30 +11:00
Jelmer Vernooij
7effe2d2e3 net: Support 'super' commands implemented in Python.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:28 +11:00
Jelmer Vernooij
9e5ef916d4 net: Move 'newuser' to 'net newuser'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:27 +11:00
Jelmer Vernooij
73594c248f net: Fix tests and documentation of setexpiry.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:25 +11:00
Jelmer Vernooij
345b25d059 net: Move setexpiry to 'net setexpiry'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:24 +11:00
Jelmer Vernooij
b531696a5b net: Move 'setpassword' to 'net setpassword'.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:22 +11:00
Jelmer Vernooij
552e65679d net: Allow Python commands to return None instead of 0.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:21 +11:00
Jelmer Vernooij
31cc963ba0 net: Allow python subcommands to provide commands that are not recognized by
net itself.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:02 +11:00
Matthias Dieter Wallnöfer
1aed373b11 s4:lib/registry/util.c - Reintroduce "FIXME"s
Jelmer suggested to put them in again.
2009-12-30 12:39:55 +01:00
Stefan Metzmacher
d5cbfbb93a s4:ntlmssp: remove mem_ctx from check_password() callback to match s3
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
f31d144e70 s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if it's a noop
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
994d34b949 s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()
metze
2009-12-29 17:06:25 +01:00