Andrew Tridgell
a56ede9027
s4-ldb: cope with bad ptr alignment in ldb_index.c
...
We can't assume that a rec_ptr will come back from a tdb traverse with
alignment sufficient for a pointer.
2010-01-16 09:34:27 +11:00
Kai Blin
5c016ad88e
s4 selftest: Ignore more winbind test known to fail
2010-01-15 02:09:05 +01:00
Günther Deschner
9d881f4cfb
s4-smbtorture: add setup_schannel_netlogon_pipe() function.
...
Guenther
2010-01-15 00:53:16 +01:00
Andreas Schneider
33a4739090
s4-torture: Migrate ntp_signd test to tsocket.
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-14 21:37:48 +01:00
Günther Deschner
d95ad11bc5
s4-smbtorture: add rather simple libsmbclient torture testsuite.
...
Guenther
2010-01-14 19:48:29 +01:00
Kai Blin
cf38a1f850
s3 test: Fix WINBINDD-STRUCT tests
...
The struct-based tests are working in make selftest, make them work in plain
"make test" as well.
2010-01-14 15:18:35 +01:00
Kai Blin
89e6eac290
s3 selftest: Fix LOOKUP_SID test.
...
WINBINDD_LIST_USERS does not give a domain name if we're a DC and the user is
from our domain.
2010-01-14 15:18:35 +01:00
Kai Blin
e95c04f0f1
s3 selftest: Fix WINBINDD_LIST_GROUPS test
...
If there's no groups in the database, there are no entries in extra_data. This
caused WINBINDD_LIST_GROUPS test to fail. Use the fact that
WINBINDD_LIST_GROUPS now reports the number of groups in data.num_entries to
identify the "no groups" case.
2010-01-14 15:18:35 +01:00
Kai Blin
a4f21d5dc8
s3 selftest: Allow the enumeration of users and groups
...
This fixes the WINBINDD_GETPWENT test.
2010-01-14 15:18:34 +01:00
Kai Blin
a6015a858d
s3 selftest: Fix the WINBINDD_GETDCNAMEe test.
...
The WINBINDD_GETDCNAME test expected an NSS_STATUS_SUCCESS return from all
calls. However, this does not apply for BUILTIN and the DC's own domain.
Make the test work again by skipping those two.
2010-01-14 15:18:34 +01:00
Matthias Dieter Wallnöfer
b1d2bb3e51
s4:provision_users.ldif - Add a comment that some objects under "Users" are now located elsewhere
...
This is needed due to the new RID/SID distribution system
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
face5d3030
s4:provision_users.ldif - Add objects for IIS
...
Some WSPP locations point out that beginning with Windows Server 2008 they're
also per default present.
Compared against Windows Server 2008
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
9ac39b659f
s4:provision_users.ldif - Add additional BUILTIN objects
...
Compared against Windows Server 2008
2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
2a05dd6fcc
s4:provision_users.ldif - add the restant part of the objects needing for RODC support
...
RODC = Read Only Domain Controllers
Compared against Windows Server 2008
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
71357053bb
s4:provision_users.ldif - Fix up errors on existing entries
...
Compared against Windows Server 2008
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
81053e9124
s4:provision_users.ldif - Simple reordering
...
Sorted according the SID - easier for later enhancements.
2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
a0d7f3e344
s4:provision_users.ldif - Remove system objects from the wrong place
...
Objects like the "Cryptographic Operators", "Event Log Readers" don't belong
here but into the builtin domain.
2010-01-14 10:58:06 +01:00
Matthias Dieter Wallnöfer
40bc48dfa9
s4:SAMR RPC - Fix the criteria for group searches
...
This should match the MS-SAMR documentation (section 3.1.5.5.1.1)
2010-01-14 10:58:06 +01:00
Andrew Tridgell
74a5719614
s4-torture: switch smbtorture to the generic DRS options
2010-01-14 15:37:59 +11:00
Andrew Tridgell
2008d24e91
s4-drs: switch the DRS server to the generic DRS options flags
2010-01-14 15:37:59 +11:00
Andrew Tridgell
a5d6117065
s4-torture: switch to generic DRS options flags
2010-01-14 15:37:59 +11:00
Andrew Tridgell
88ec10b757
s4-drepl: switch drepl over to using the generic DRS options flags
...
WSPP uses a single set of flags for all these DRS operations.
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
6f806b7079
s4-drs: Uses dsdb_load_partition_usn() with urgent_uSN in s4 code
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:59 +11:00
Fernando J V da Silva
e30d009965
s4-drs: Store uSNUrgent for Urgent Replication
...
When a object or attribute is created/updated/deleted, according
to [MS-ADTS] 3.1.1.5.1.6, it stores the uSNUrgent on @REPLCHANGED
for the partitions that it belongs.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-14 15:37:58 +11:00
Stefan Metzmacher
204e4b26ae
s4:dsdb: use validate_update module
...
metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
1f2efef214
s4:dsdb/schema: add dsdb_syntax_OID_validate_ldb()
...
This is a very heavy weight way of checking this syntax,
but it's very complex and using the existing function
should be ok for now. We can optimize it later.
metze
2010-01-13 16:06:41 +01:00
Stefan Metzmacher
f0fed6cadd
s4:dsdb/schema: add dsdb_syntax_DN_STRING_validate_ldb()
...
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
83baa44c67
s4:dsdb/schema: add dsdb_syntax_DN_BINARY_validate_ldb()
...
metze
2010-01-13 16:06:40 +01:00
Stefan Metzmacher
39dda462cd
s4:dsdb/schema: add dsdb_syntax_DN_validate_ldb()
...
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
4fa2bf8184
s4:dsdb/schema: add dsdb_syntax_PRESENTATION_ADDRESS_validate_ldb()
...
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
ba8a930d0e
s4:dsdb/schema: add dsdb_syntax_UNICODE_validate_ldb()
...
metze
2010-01-13 16:06:39 +01:00
Stefan Metzmacher
674e8350b6
s4:dsdb/schema: add dsdb_syntax_DATA_BLOB_validate_ldb()
...
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
e2b9454d36
s4:dsdb/schema: add dsdb_syntax_NTTIME_validate_ldb()
...
metze
2010-01-13 16:06:38 +01:00
Stefan Metzmacher
eb261a9fda
s4:dsdb/schema: add dsdb_syntax_NTTIME_UTC_validate_ldb()
...
metze
2010-01-13 16:06:37 +01:00
Stefan Metzmacher
5f13a16295
s4:dsdb/schema: add dsdb_syntax_INT64_validate_ldb()
...
metze
2010-01-13 16:03:55 +01:00
Stefan Metzmacher
ece3defd15
s4:dsdb/schema: add dsdb_syntax_INT32_validate_ldb()
...
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
a0f2a49b8a
s4:dsdb/schema: add dsdb_syntax_BOOL_validate_ldb()
...
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
bf1f067b0c
s4:dsdb: add validate_update module
...
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
b20707c11a
s4:dsdb/schema: add inftrastructure for dsdb_validate_ldb()
...
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
61589085c4
s4:dsdb/schema: add dsdb_syntax_DN_STRING_* wrappers
...
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
24ecd19b30
s4:dsdb/resolve_oids: also resolve oid in search attribute list
...
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa
s4:dsdb/schema_load: add a TODO about schema reloading
...
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
7d41afece7
s4:ldb/tests: do a "schemaUpdateNow" after creating a new attribute in ldap_schema.py
...
It seems that windows doesn't need that.
And we should think about a check for reloading the schema
at the start of each "write" operation.
metze
2010-01-13 16:03:52 +01:00
Stefan Metzmacher
92b87eb474
s4:dsdb/repl: reorder dreplsrv_op_notify* functions
...
This make the whole async dreplsrv_op_notify_send/recv()
readable.
metze
2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240
s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req
...
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab
s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation.
...
In lsa_BinaryString length and size are byte counts!
TODO: we may need to do byte order conversion in this functions too...
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
ca9bc96b96
s4:ldb_msg: first try to decode integers as signed and then fallback to unsigned
...
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204
s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int()
...
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".
metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0
s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64()
...
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".
metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
8d4b913ce2
s4:ldb: be more strict in parsing ldb time strings
...
metze
2010-01-13 14:51:59 +01:00
Andreas Schneider
129c15c083
s4-ntp_signd: Migrate to tsocket.
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-13 14:51:58 +01:00
Nadezhda Ivanova
a4eaa11134
Fixed a problem with incorrect default SD owner/group.
2010-01-13 15:16:38 +02:00
Zahari Zahariev
5d1aa4c5b7
Comparison tool for LDAP servers (using Ldb)
...
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).
Added functionality for two sets of credentials.
2010-01-13 12:06:17 +02:00
Simo Sorce
3d184399a5
Strip trailing spaces
2010-01-12 13:50:24 -05:00
Günther Deschner
3b82254903
s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4.
...
Seems like account lockout is not implemented at all yet.
Guenther
2010-01-12 12:34:55 +01:00
Günther Deschner
13dad38930
s4-smbtorture: fix GetAliasMembership test in RPC-SAMR.
...
Guenther
2010-01-12 12:12:05 +01:00
Günther Deschner
a744dbcf2b
s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test.
...
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.
Michael, please check. This should help verifiying Bug #4347 .
Guenther
2010-01-12 12:09:47 +01:00
Günther Deschner
c9e84ad397
s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests.
...
Guenther
2010-01-12 12:09:25 +01:00
Simo Sorce
e0e255fb24
Fix comment/debug messages
2010-01-11 11:55:28 -05:00
Andrew Bartlett
c32b0b6b02
Merge remote branch 'origin/master' into alpha11release
2010-01-11 17:10:32 +11:00
Andrew Bartlett
f6b10596ca
and we move on towards Samba4 alpha12!
2010-01-11 17:05:06 +11:00
Andrew Bartlett
1a76c80466
This is Samba4 alpha11!
2010-01-11 14:58:11 +11:00
Steven Danneman
5323fe99c3
s4/torture: Parameterize output in LOCK tests based off server support
...
Two new torture parameters:
* smbexit_pdu_support: if the Server supports the Exit command
* range_not_locked_on_file_close: whether the server returns the
NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
pending lock request. Windows returns this error, though per the
spec, this error should only be returned to an unlock request.
2010-01-10 16:12:44 -08:00
Andrew Tridgell
73422e7dd8
Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
...
This reverts commit 5c174c68cc
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde
Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
...
This reverts commit 61dfd3dc1d
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d
Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
...
This reverts commit 9ee895fcf6
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a
Revert "s4:provision_users.ldif - Add objects for IIS"
...
This reverts commit 91e2100287
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
2cedefabc9
s4:upgradeprovision - fix up the script regarding linked attributes
...
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.
The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.
I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
2010-01-10 22:48:06 +01:00
Matthias Dieter Wallnöfer
e0d6b0977e
s4:upgradeprovision - Reformat comments
...
Make them break at line 80 (better readability).
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
601ea3a442
s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
91e2100287
s4:provision_users.ldif - Add objects for IIS
...
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af
s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific
2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6
s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group
2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d
s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now
...
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc
s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode
...
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
2010-01-10 10:50:46 +01:00
Andrew Tridgell
a3e089db19
s4-ldb: display security descriptors with correct SDL for known SIDs
...
This makes it much easier to compare SDs
2010-01-10 13:23:38 +11:00
Andrew Tridgell
d5091a1dd9
s4-dsdb: added samdb_domain_sid_cache_only()
2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d
s4-drs: instanceType is always sent, regardless of UDV values
2010-01-09 22:08:36 +11:00
Andrew Tridgell
a894eeab77
s4-debug: lower the verbosity of a couple of common log messages
2010-01-09 21:59:34 +11:00
Andrew Tridgell
93fefefea8
s4-samldb: fixed primaryGroupID when promoting a machine to a DC
...
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
8a09dc1266
s4-schema: fixed the SDDL for the schema root security descriptor
...
This was preventing a DCPROMO client from allowing outgoing
replication
2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58
s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
...
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06
s4-drs: give DN of failed replication partition
2010-01-09 21:59:32 +11:00
Andrew Tridgell
04e82370db
s4-drs: base is_nc_prefix on instanceType
...
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c
s4-drs: having no SPNs to change is not an error
2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356
s4-drs: fixed writespn to ignore add/delete errors
...
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
2010-01-09 18:56:30 +11:00
Andrew Tridgell
8c2d7ae19e
s4-dsdb: added samdb_ldb_val_case_cmp()
2010-01-09 18:56:29 +11:00
Andrew Tridgell
acf33e0d58
s4-drs: moved the DsWriteAccountSpn call to its own file
2010-01-09 18:56:29 +11:00
Andrew Tridgell
8ccedc3ac7
s4-libnet: dsdb_wellknown_dn() in vampire code
2010-01-09 18:56:29 +11:00
Andrew Tridgell
1158c13861
s4-drs: need to set the getncchanges extended_ret on success too
2010-01-09 18:56:29 +11:00
Andrew Tridgell
7010fad4ea
s4-drs: calculate and send a uptodateness_vector with replication requests
...
This stops us getting objects changes twice if they came via an
indirect path.
2010-01-09 18:56:29 +11:00
Andrew Tridgell
39730ac302
s4-drs: be less verbose when we filter objects by UDV
2010-01-09 18:56:28 +11:00
Andrew Tridgell
349f7ba09c
s4-drs: added filtering by udv in getncchanges
...
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
2010-01-09 13:11:27 +11:00
Andrew Tridgell
9e6eb22f7f
s4-drs: fixed the NC in the getncchanges RID alloc reply
...
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
2010-01-09 10:15:14 +11:00
Andrew Tridgell
651ddb720a
s4-messaging: remove only usage of debug_ctx()
2010-01-09 10:15:13 +11:00
Andrew Tridgell
6a36799d30
s4-messaging: fixed a memory leak in messaging_path()
...
It is a bit convoluted to fix, as cluster_id_string() may return a
const string.
2010-01-09 10:15:12 +11:00
Andrew Tridgell
196cb6b359
s4-drs: fixed usage of ldb_dn_new()
2010-01-09 10:15:12 +11:00
Andrew Tridgell
39a4e2a38d
s4-ldb: validate the type of the ldb argument to ldb_dn_new()
...
It has been a common bug to get the first two arguments the wrong way
around
2010-01-09 10:15:12 +11:00
Simo Sorce
7eee8e053b
Fix comment
2010-01-08 17:01:02 -05:00
Matthias Dieter Wallnöfer
fca0c4de2a
s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs
2010-01-08 18:18:21 +01:00
Andreas Schneider
0588f34467
s4-kdc: Migrate tcp connections to tsocket.
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-08 14:38:35 +01:00
Stefan Metzmacher
42c34cdafa
s4:kdc: use LIBSAMBA_TSOCKET
...
metze
2010-01-08 14:36:49 +01:00
Stefan Metzmacher
d97562b382
s4:kdc: the ->process function returns "bool"
...
metze
2010-01-08 14:36:49 +01:00
Stefan Metzmacher
bbaec01b37
libcli/util: add tstream_read_pdu_blob_send/recv
...
This will take the some full_request callback function
as the Samba4 packet code.
metze
2010-01-08 14:36:43 +01:00
Andrew Tridgell
8d87c0a0c3
s4-drs: added two more SPNs in addentry
...
w2k8r2 wants these after a DCPROMO
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:54 +11:00
Andrew Tridgell
ad11deb9bd
s4-schema: fixes for W2K8-R2 schema
...
The schema from WSPP had a number of typos that prevented it from
working. These changes allow it to work with Samba, and allow w2k8r2
to run DCPROMO against Samba successfully
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:54 +11:00
Andrew Tridgell
ebec49965b
s4-schema: added msDS-NcType to schema container
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
ce21151d22
s4-schema: fixed attributes of aggregate schema
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
38909a4ae5
s4-schema: switch to W2K8-R2 schema
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
d371b0eabe
s4-schema: added adminDisplayName and adminDescription
...
These are missing from the WSPP schemas
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 18:24:53 +11:00
Andrew Tridgell
c93a182a0d
s4-schema: added some debug for bad attributes
2010-01-08 18:24:53 +11:00
Andrew Tridgell
9d296e6776
s4-provision: added W2K8-R2 schema as provided by WSPP
2010-01-08 18:24:52 +11:00
Andrew Tridgell
5ccf8ae373
s4-samba3samtest: we need to force netbios name as well
...
needed for when run in CLIENT context
2010-01-08 13:03:08 +11:00
Andrew Tridgell
dde2b66341
s4-samba3sid: fixed error returns when res->count != 1 and oom
2010-01-08 13:03:08 +11:00
Andrew Tridgell
9aed099362
s4-samba3samtest: force workgroup so the domain is right
...
the samba3sid backend looks at lp_sam_name() which is based on the
workgroup
2010-01-08 13:03:07 +11:00
Andrew Tridgell
f68c43e803
s4-samba3sid: the sambaNextRid attribute is actually the previous RID
...
Not well named .... though same mistake that MS made with rIDNextRid
2010-01-08 13:03:07 +11:00
Andrew Tridgell
d6f92db456
s4-samba3sam: use samba3sid module
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
dd61336165
s4-dsdb: added a samba3sid module
...
This module allocates SIDs using the Samba3 algorithm, for use with
the samba3sam module.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:07 +11:00
Andrew Tridgell
66f161dee1
s4-acl: fixed acl.py test to use correct ldif
...
same problem as sec_descriptor.py
2010-01-08 13:03:07 +11:00
Andrew Tridgell
81c0b01585
s4-secdesc: fixed the sec_descriptor.py test
...
The test was using a "changetype: add" to try and add a member to a
group, where it should use a "changetype: modify" with a "add: member"
Also fixed the recovery when the test fails part way through (delete
the test users at the start as well as the end)
Nadya, please check!
2010-01-08 13:03:07 +11:00
Andrew Tridgell
43a815c67a
s4-samba3samtest: use system credentials for creating users
2010-01-08 13:03:07 +11:00
Andrew Tridgell
8b8bb15a54
s4-dsdb: fixed const misuse in acl module
2010-01-08 13:03:06 +11:00
Andrew Tridgell
baa8793a94
s4-dsdb: use dsdb_module_am_system() in acl module
2010-01-08 13:03:06 +11:00
Andrew Tridgell
595fad2b34
s4-dsdb: allow specification of a SID if we are system
...
needed for samba3sam test
2010-01-08 13:03:06 +11:00
Andrew Tridgell
f118f54ee7
s4-dsdb: added dsdb_module_am_system()
...
better than each module inventing their own
2010-01-08 13:03:06 +11:00
Andrew Tridgell
d22a9e5d3b
s4-dsdb: squash some unknown structure warnings
2010-01-08 13:03:06 +11:00
Andrew Tridgell
5d6032eb4b
s4-partition: fixed selection of partitions on exact match
...
When a search is on the root of a partition on the global catalog,
don't search partitions above that one.
2010-01-08 13:03:06 +11:00
Andrew Tridgell
59f314d321
s4-scripting: we need to use a base search for the NTDS GUID
...
now we have nTDSConnections structures we can get more than 1 reply
2010-01-08 13:03:06 +11:00
Stefan Metzmacher
501dd4a3b5
s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req
...
metze
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-08 13:03:05 +11:00
Andrew Tridgell
278d2f75ba
s4-smbd: setup the default event contexts for other process models
2010-01-08 13:03:05 +11:00
Andrew Tridgell
5803253362
s4-drs: we need to wrap extended operations in transactions
2010-01-08 13:03:05 +11:00
Andrew Tridgell
2d10f3a841
s4-dsdb: poke the RID Manager when completely out of RIDs too
2010-01-08 13:03:05 +11:00
Andrew Tridgell
a65823e33c
s4-dsdb: ensure we will in all the attributes for RID Set
...
We need to go to the top of the module stack so that all the extra
attributes get filled in
2010-01-08 13:03:05 +11:00
Andrew Tridgell
308a4798b8
s4-dsdb: added DSDB_FLAG_TOP_MODULE
...
This is used when you want the dsdb_module_*() functions to go to the
top of the stack.
2010-01-08 13:03:05 +11:00
Andrew Tridgell
5f36f0352e
s4-dsdb: no longer need special invocationID handling for standalone servers
...
They now work the same way as a DC
2010-01-08 13:03:05 +11:00
Andrew Tridgell
a7fffe8da0
s4-provision: do a self join for all server types
...
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
2010-01-08 13:03:05 +11:00
Andrew Tridgell
f6cf895951
s4-schema: added generic attributeID conversion functions
...
When we get one we haven't seen before, we can work out the right type
automatically in most cases.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Andrew Tridgell
f7517e6256
s4-schema: added dsdb_attribute_by_lDAPDisplayName_ldb_val
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Andrew Tridgell
cd65ce8a18
s4-schema: make ldb_val to string comparison safer with nul termination
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
3352e5d7ba
s4/dsdb_schema: Load msDS-IntId value separately when loading from LDB
...
This way we have consistent behavior when loading from DRSUAPI
and from LDB.
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
25238110df
Revert "s4-schema: Set ATTID in schema cache from "msDS-IntId""
...
This reverts commit 4e8ad284f5
.
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
6247a135c6
s4/schema: Do not assign msDS-IntId value if LDB_CONTROL_RELAX_OID is passed
...
This way msDS-IntId should not be assigned during provisioning,
which is how Windows works
2010-01-08 13:03:04 +11:00
Andrew Tridgell
73838b353a
s4-libnet: better error messages in libnet_vampire.c
2010-01-08 13:03:04 +11:00
Kamen Mazdrashki
9871f52bd3
s4/dsdb_schema: use msDS-IntId value for attribute look-up
2010-01-08 13:03:03 +11:00
Kamen Mazdrashki
a44ae10c77
s4/dsdb_schema: fetch msDS-IntId value during SCHEMA replication
2010-01-08 13:03:03 +11:00
Kamen Mazdrashki
a7b3891fb5
s4/dsdb_schema: GET_UINT32_DS() macro to use supplied default value instead of 0
2010-01-08 13:03:03 +11:00
Andrew Tridgell
f7756c87bb
s4-partition: don't ignore errors from other modules
...
if we get an error code from a lower module, we don't want to ignore
it just because something also succeeded
2010-01-08 13:03:03 +11:00
Andrew Tridgell
9672a3d1cc
s4-devel: a useful script to setup bin/ and st/ as tmpfs filesystems
...
this makes building and testing s4 as a developer much faster, if you
have enough memory!
2010-01-08 13:03:03 +11:00
Andrew Tridgell
1f25d0a5ad
s4-provision: re-open sam.ldb after creating the schema
...
This enables the full schema during the rest of the provision, which
means indexing is enabled (along with index error checking, such as
duplicate SIDs)
2010-01-08 13:03:03 +11:00
Andrew Tridgell
42f0bdae69
s4-provision: RID 1000 is consumed by the machine account
2010-01-08 13:03:03 +11:00
Andrew Tridgell
fdf12a607d
s4-ldb: improve error handling in indexing code
...
When we get an indexing failure we want a clear error message
2010-01-08 13:03:03 +11:00
Andrew Tridgell
c4fa4d1162
s4-dsdb: improve error messages in schema and pdc_fsmo modules
...
We want to incorporate the error messages from the modules further
down the stack.
2010-01-08 13:03:03 +11:00
Andrew Tridgell
ac5d426062
s4-drs: added some debug messages
...
It is nice to see when a RID Alloc is successful
2010-01-08 13:03:02 +11:00
Andrew Tridgell
dcbba583d9
s4-event: added s4_event_context_set_default()
...
we're still not weaned off event_context_find()
2010-01-08 13:03:02 +11:00
Andrew Tridgell
f254091957
s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC
...
This allocates a RID pool for the client DC when we are the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:02 +11:00
Andrew Tridgell
b1f97b7e60
s4-dsdb: added an extended operation for allocating a new RID pool
...
This will be called by getncchanges when a client asks for a
DRSUAPI_EXOP_FSMO_RID_ALLOC operation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:02 +11:00
Andrew Tridgell
2590b7795d
s4-repl: implement MSG_DREPL_ALLOCATE_RID
...
When the repl server gets MSG_DREPL_ALLOCATE_RID it contacts the RID
Manager to ask for another RID pool. We use a callback on completion
of the operation to make sure that we don't have two RID allocation
requests in flight at once
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
cc7967b1c0
s4-repl: allow for callbacks when a repl operation completes
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
7a40cacbde
s4-dsdb: the dsdb ldb modules now need messagiing
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
dc11414f98
s4-dsdb: send a message to the drepl task when we need another RID pool
...
We send the message when the current pool is half gone. We don't wait
for a reply.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
805ab0ef15
s4-messaging: added a new msg type MSG_DREPL_ALLOCATE_RID
...
This will be used to ask the drepl task for a new RID pool
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:01 +11:00
Andrew Tridgell
19e515aac7
s4-repl: added request for RID allocation in drepl task
...
The drepl task now checks to see if our rIDAllocationPool is
exhausted, and if it is then we queue a extended operation
DsGetNCChanges call to ask the RID Manager to give us a new allocation
pool.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
8cd2bedee7
s4-dsdb: added dsdb_find_guid_attr_by_dn()
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
37340d5a2e
s4-ridalloc: copy with missing rIDNextRid and rIDAllocationPool
...
The attributes rIDNextRid and rIDAllocationPool are not replicated, so
their initial value when we first get a RID Set from the RID Manager
is blank.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
45550f83f0
s4-dsdb: added dsdb_module_set_integer()
...
This will be used by ridalloc.c
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
c12b9ab2f2
s4-dsdb: clarify who is responsible for each attribute
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
dd8cb3c7ed
s4-dsdb: fixed usage of rIDAllocationPool and rIDPreviousAllocationPool
...
These are very badly named attributes! See the comments in ridalloc.c
for a explanation of what they really seem to mean
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
5136438ad6
s4-dsdb: implement refresh of RID Set pool for a local RID Manager
...
when we run out of RIDs in our RID Set pool then grab a new one from
the RID Manager object
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
53d10d139e
s4-provision: don't hard wire the creation of the RID Set object
...
We now create it automatically in the samldb module when the first
user is created.
The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
1053ce529d
s4-dsdb: implement creation of the RID Set object
...
when we are the RID Manager we can create our own RID Set object when
the first user is created
2010-01-08 13:02:59 +11:00
Andrew Tridgell
439ee5aaae
s4-dsdb: use dsdb_next_callback()
...
We can't just use the callers callback directly otherwise the
ldb_module_done() is never called on the parent request, as the child
request is passed to the callback.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
d0bd6e7ea5
s4-dsdb: added dsdb_next_callback()
...
This should be used when you create a sub request and just want the
parent requests callback to be called when done.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
e6f14ac2c4
s4-dsdb: added dsdb_module_constrainted_update_integer()
...
This provides a convenient way to update a integer attribute with a
constrained delete/add
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
f24011059b
s4-dsdb: added dsdb_module_reference_dn()
...
This adds a module callable version of samdb_reference_dn(), which
finds a DN via a reference link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
f137f93e09
s4-dsdb: added dsdb_module_add()
...
added a ldb add function for modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:59 +11:00
Andrew Tridgell
fcfb5d7b63
s4-provision: allow provision modifies to add records
...
we need to recognise a changetype of 'add'
2010-01-08 13:02:59 +11:00
Andrew Tridgell
226460d543
s4-dsdb: move the RID allocation logic into ridalloc.c
...
This will end up having the RID Manager logic as well, so all the RID
pool allocation logic is in one spot
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
7f90a05c66
s4-samldb: use RID Set to allocate user/group RIDs
...
This is the first step towards DRS-friendly RID allocation. We now get
the next rid from the RID Set object
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
5eb3b919c5
s4-provision: the DC object itself needs a fixed objectSID
...
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
2bad107aa1
s4-dsdb: added samdb_rid_set_dn()
...
This returns the DN of our RID Set object
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
a1362492ab
s4-provision: added an initial RID Set
...
We will allocate RIDs from this set
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
bd6d0e9379
s4-ldb: added nice ldif display of 64 bit ranges for RIDs
2010-01-08 13:02:58 +11:00
Andrew Tridgell
fbc3a0fe62
s4-dsdb: added samdb_reference_dn()
...
This returns a 'reference' DN, which is a link to a DN, from the
specified object. It is then used by samdb_server_reference_dn() which
returns the serverReference DN, and samdb_rid_manager_dn() which
returns the rIDManagerReference DN.
2010-01-08 13:02:58 +11:00
Jelmer Vernooij
c915bd8718
linked_attributes: Fix missing dependency on util.
2010-01-08 01:31:21 +01:00
Tim Prouty
57be1d07af
s4 torture: Add RAW-OPEN-NTCREATEDIR to test error checking for open directories as files
2010-01-07 15:32:27 -08:00
Steven Danneman
71a40d7e2c
s4/torture: fix small bug in lock test
...
Cleanup path should unlock, not cancel existing locked range.
2010-01-06 18:48:10 -08:00
Steven Danneman
655bdb19bd
s4/torture: add more lock cancellation tests
...
* Test the SMB1 behavior when multiple lock ranges are requested, pend,
and then are cancelled. The entire LockingAndX request fails.
2010-01-06 18:48:10 -08:00
Günther Deschner
3dbe8603d9
s4-smbtorture: add test_ChangeID to RPC-SPOOLSS.
...
This tests ChangeID consistency between spoolss_GetPrinterData,
spoolss_GetPrinterDataEx and spoolss_GetPrinter (level 0).
Guenther
2010-01-06 22:09:37 +01:00
Günther Deschner
7568f49134
s4-smbtorture: add test_SetPrinter to RPC-SPOOLSS.
...
Guenther
2010-01-06 22:09:36 +01:00
Günther Deschner
0457cf915b
s4-smbtorture: refactor test_GetPrinter in RPC-SPOOLSS.
...
Guenther
2010-01-06 22:09:36 +01:00
Kamen Mazdrashki
a2044b9a61
s4: Fix result check for getaddrinfo()
...
I think this completes commit 50feca550e
.
Now result should be handled correctly both for systems that
support EAI_NODATA but returns EAI_NONAME (as my Ubuntu 9.x)
and systems that doesn't support EAI_NODATA at all.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-06 14:26:32 +01:00
Matthias Dieter Wallnöfer
a08a0ffd37
s4:SAMLDB LDB module - Fix trailing whitespaces
2010-01-05 20:55:47 +01:00
Matthias Dieter Wallnöfer
77ce33c419
s4:SAMLDB LDB module - Rework to allow checks for wrong "defaultObjectCategory" attributes
...
This allows a stricter check for "defaultObjectCategory" attributes which is
performed when the "relax" control isn't specified.
Additional note: As the added comment points out this isn't complete.
And I personally think that moving this at some point to the "objectclass"
module is a better idea to make this fully work (since there we have direct
access to the schema). If someone has a good idea how to do this please inform
me.
Anyway, the SAMLDB module does require some restructure since at the moment it's
very overloaded and therefore a bit a mess. In the meantime I started to work
on a new approach to realise it in a better way.
2010-01-05 20:55:47 +01:00
Matthias Dieter Wallnöfer
c051008540
s4:schema_load.c - Typo
2010-01-05 20:55:46 +01:00
Matthias Dieter Wallnöfer
bbf9885013
s4:ldap_schema.py - add an additional check for validity of "defaultObjectCategory"
2010-01-05 20:55:45 +01:00
Matthias Dieter Wallnöfer
d8ca002a8c
s4:ldap_schema.py - Move generated attributes check
...
Make more clear that they're created before the "schemaUpdateNow".
2010-01-05 20:55:32 +01:00
Jeremy Allison
2a66db8f93
Fix the merged build. Probably not strictly correct but allows us to "make test".
...
Jeremy.
2010-01-04 13:27:48 -08:00
Stefan Metzmacher
f04e10f4c0
s4:dsdb/repl: convert dreplsrv_out_drsuapi_send/recv to tevent_req
...
metze
2010-01-04 09:36:25 +01:00
Stefan Metzmacher
a06e5cdb99
s4: Happy New Year 2010
...
metze
2010-01-04 08:42:49 +01:00
Andrew Tridgell
504754856e
s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
...
w2k8-r2 gives a "schema mismatch" error if the revision is not set to
REVISION_ADS and you replicate the ntsecuritydescriptor using DRS.
Nadya, please check this!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 17:28:36 +11:00
Andrew Tridgell
e809b721e9
s4-drs: don't give an error on repsTo delete if add is also specified
...
w2k8-r2 in dcpromo asks for a delete+add during its initial join.
2010-01-02 17:28:35 +11:00
Andrew Tridgell
0bc902ac84
s4-sddl: DRS replication needs REVISION_ADS for SDs
...
DRS replication with w2k8-r2 fails with a schema mismatch error if we
set the revision to NT4
2010-01-02 17:28:35 +11:00
Jelmer Vernooij
a214ebc3d6
ldb: Fix the standalone ldb build.
2010-01-02 02:40:30 +01:00
Andrew Tridgell
00b39c70f5
s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs
...
This allows for more flags in the future
2010-01-02 08:16:57 +11:00
Andrew Tridgell
cced567364
s4-kcc: added a preiodic task to remove deleted objects
...
we check for deleted objects in each partition every 10 minutes, using
onelevel searches
2010-01-02 08:16:56 +11:00
Andrew Tridgell
08bad38035
s4-dsdb: fixed several memory leaks
...
need to be careful with those temporary contexts
2010-01-02 08:16:56 +11:00
Andrew Tridgell
031460b8a2
s4-dsdb: fixed samdb_create_foreign_security_principal() to use the wellknown GUID
...
This also fixes a memory leak
2010-01-02 08:16:56 +11:00
Andrew Tridgell
335af02218
s4-ldb: fixed valgrind error: ares can be freed by callback
2010-01-02 08:16:56 +11:00
Andrew Tridgell
8eaed073a7
s4-dsdb: make sure 'whenChanged' is set on modify
...
We also should preserve (and then replace) whenChanged on delete
2010-01-02 08:16:56 +11:00
Andrew Tridgell
9819d280d6
s4-dsdb: added dsdb_tombstone_lifetime()
2010-01-02 08:16:56 +11:00
Andrew Tridgell
23eb9f49a7
s4-dsdb: allow system to remove deleted objects
...
This will be used by a periodic job to remove tombstoned objects
2010-01-02 08:16:56 +11:00
Andrew Tridgell
1c5a268f34
s4-ldaptest: need to use MessageElement for modify messages
...
Without MessageElement() the flags are not set, which is invalid
2010-01-02 08:16:56 +11:00
Andrew Tridgell
e410a91ff4
s4-ldb: show an error string, as well as error message
...
This makes it easier to track down error mismatches from the test
suite
2010-01-02 08:16:56 +11:00
Andrew Tridgell
4eecfc80bc
s4-drs: make sure the DNs we put in the db have a extended GUID
2010-01-02 08:16:56 +11:00
Andrew Tridgell
6628588dfb
s4-dsdb: added dsdb_set_extended_dn_guid()
2010-01-02 08:16:55 +11:00
Andrew Tridgell
98d94cca6f
s4-ldbtest: fixed message element in modify
...
a flags value of zero is not valid
2010-01-02 08:16:55 +11:00
Andrew Tridgell
81e8a18181
s4-ldb: allow modules to override error return values
...
The samldb module overrides the error code for some returns when
handling primaryGroupID. We need to take the error from the async
callback to allow this to work reliably
2010-01-02 08:16:55 +11:00
Andrew Tridgell
302dcd0226
s4-ldbmodify: show the error code as well as error string
2010-01-02 08:16:55 +11:00
Andrew Tridgell
1ab5020ef2
s4-ldb: declate ldb_val_to_time()
2010-01-02 08:16:55 +11:00
Andrew Tridgell
53e86ac5b2
s4-ldb: use safe length limited conversions for int64 and time
2010-01-02 08:16:55 +11:00
Andrew Tridgell
708ad42b0b
s4-dsdb: use safe length limiting in string->integer conversion
...
The ldap.py test suite could trigger a read past the end of the struct
ldb_val buffer
2010-01-02 08:16:55 +11:00
Andrew Tridgell
c3061794ef
s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time()
2010-01-02 08:16:55 +11:00
Andrew Tridgell
baae6ef9d2
s4-ldb: added ldb_val_to_time()
...
This is intended as a replacement for ldb_string_to_time() for ldb_val
inputs. This ensures it is length limited and includes additional
validity checks
2010-01-02 08:16:55 +11:00
Andrew Tridgell
e3cf818c27
s4-drs: sort linked attributes
...
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
2010-01-02 08:16:55 +11:00
Andrew Tridgell
d48237d547
s4-drs: re-resolve the DN in linked attribute processing
...
w2k8-r2 sometimes sends the DN with an old target
2010-01-02 08:16:54 +11:00
Andrew Tridgell
5dd6e089f1
s4-drs: use dsdb_module_rename()
...
Use the new dsdb_module_rename() for DRS rename handling, instead of
ldb_rename(). This stops us going to the top of the module stack on a
rename.
2010-01-02 08:16:54 +11:00
Andrew Tridgell
38160deac4
s4-drs: use dsdb linked attribute parse functions
...
This makes the code considerably more readable
2010-01-02 08:16:54 +11:00
Andrew Tridgell
5e52c7149f
s4-dsdb: added parse functions for DRS linked attribute blobs
2010-01-02 08:16:54 +11:00
Andrew Tridgell
a81dd03917
s4-drs: set flag to indicate that we do support linked attributes
2010-01-02 08:16:54 +11:00
Andrew Tridgell
36f8ece9de
s4-ldb: show the error code as well as errstr
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:54 +11:00
Andrew Tridgell
db3f0e8ec1
s4-dsdb: fixed valgrind error in replmd modify
...
We are using the values from a search result, so we need to steal them
onto the msg before we free the search results
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:54 +11:00
Andrew Tridgell
9f053d43de
s4-drs: don't try to remove backlinks directly
...
backlinks need to be removed as a side effect of removing the forward
link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
0bf7f95273
s4-drs: isRecycled only exists in FL W2K8-R2
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
530503290d
s4-drs: use DSDB_FLAG_OWN_MODULE
...
We need DRS driven replication changes to update replPropertyMetaData,
so it needs to call into the repl_meta_data module logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
9572535940
s4-drs: update comment to refect only forward link in this fn
...
This function only update forward links
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
5b31cb20dd
s4-drs: fixed typo for uSNCreated
...
This broke DRS replication from samba to windows
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
7a39340c8e
s4-drs: use dsdb_module_guid_by_dn()
...
We should not be going to the top of the module stack
2010-01-02 08:16:53 +11:00
Andrew Tridgell
e3054ce0fe
s4-drs: cope better with NULL GUIDS from DRS
...
It is valid to get a NULL GUID over DRS for a deleted forward link. We
need to match by DN if possible when seeing if we should update an
existing link.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
2e114484e5
s4-drs: give an error message in repl_meta_data if we don't get a partition control
2010-01-02 08:16:53 +11:00
Andrew Tridgell
0d5d7f5847
s4-drs: treat a zero GUID as not present in replmd_add_fix_la
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:53 +11:00
Andrew Tridgell
0c2afdd5a9
s4-drs: update highwatermark after successfully encoding the object
2010-01-02 08:16:52 +11:00
Andrew Tridgell
ff6dd4a67f
s4-drs: send all linked attributes at the end of a replication cycle
...
This ensures that a link is not seen before the object it points to
2010-01-02 08:16:52 +11:00
Andrew Tridgell
5bf257fa9b
s4-drs: use the extended linearized form for DRS replication
...
We were sending zero GUIDs. Not good!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
7653f56bd4
s4-drs: implemented sorting functions based on replication flags
...
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
2010-01-02 08:16:52 +11:00
Andrew Tridgell
701148bbe9
s4-drs: we are doing the sorting for getncchanges in the app code now
...
the sorting is quite delicate, and easier to get right in the
getncchanges code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
cb00e443a3
s4-drs: give a reason when an AddEntry commit fails
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
9f02898080
s4-schema: don't fill in the extended DN with a zero GUID
...
sometimes windows sends us a zero GUID in a DRS DN.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
d4853fed00
sd-schema: order DRS classes on the wire in reverse order
...
windows sends objectclasses in DRS in the opposite order to what LDAP
uses
2010-01-02 08:16:52 +11:00
Andrew Tridgell
ca5c3a0a02
s4-dsdb: added DSDB_FLAG_OWN_MODULE
...
This allows you to call dsdb_module_*() functions while including the
current module in the module stack to be used
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:52 +11:00
Andrew Tridgell
e1ffcfc783
s4-ldb: added ldb_module_get_ops()
...
This is needed to support DSDB_FLAG_OWN_MODULE
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:51 +11:00
Andrew Tridgell
dd33a22f1d
s4-dsdb: use a common method for finding a link pair
...
Use ^1 everywhere, to ensure it works for both forward and backward
links
2010-01-02 08:16:51 +11:00
Andrew Tridgell
340d7e807b
s4-drs: fixed the UDV return in getncchanges
...
We should overwrite an existing entry if found
2010-01-02 08:16:51 +11:00
Andrew Tridgell
bcc952d19d
s4-drs: some useful debugging options for getncchanges
...
Added two debugging parametric options
drs:max object sync =
drs:extra filter =
2010-01-02 08:16:51 +11:00
Andrew Tridgell
bf8ccd21f1
s4-dsdb: fill in the correct version number of links that come over DRS
2010-01-02 08:16:51 +11:00
Andrew Tridgell
5dcb903f26
s4-dsdb: move checking for single valued links to samba modules
...
This uses the RELAX control and checking of single valued attributes
in ldb modules to avoid problems with multi-valued links where all
values but one are deleted
2010-01-02 08:16:51 +11:00
Andrew Tridgell
3c1259f10e
s4-dsdb: added dsdb_check_single_valued_link()
...
This is used in conjunction with the RELAX control, to check for
violations of single value rules for linked attributes
2010-01-02 08:16:51 +11:00
Andrew Tridgell
225bcfa4e6
s4-drs: handle mixtures of old and new style links in getncchanges
...
We need to send non-upgraded links using the old format
2010-01-02 08:16:51 +11:00
Andrew Tridgell
64802c5e27
s4-dsdb: added dsdb_dn_is_upgraded_link_val()
...
This is used to detect if a link has been stored in the w2k3 extended
format
2010-01-02 08:16:51 +11:00
Andrew Tridgell
b34db0840d
s4-ldb: use the RELAX control to disable single value checking on replace
...
When using w2k3 linked attributes we are allowed to have multiple
values on a single valued attribute. This happens when the other
values are deleted.
Setting the RELAX control tell the ldb-tdb backend to not check for
this on replace, which means the caller has to check for single valued
violations.
2010-01-02 08:16:51 +11:00
Andrew Tridgell
26ec526d02
s4-dsdb: auto-upgrade w2k formatted linked attributes when modified
...
When any value of a w2k formatted linked attribute is modified,
upgrade the links.
2010-01-02 08:16:50 +11:00
Andrew Tridgell
fde3f64373
s4-drs: added linked attribute replication to getncchanges
2010-01-02 08:16:50 +11:00
Andrew Tridgell
beba977213
s4-dsdb: ask for REVEAL_INTERNALS in getncchanges
...
We need this for the linked attribute meta data
2010-01-02 08:16:50 +11:00
Andrew Tridgell
809bcfca3d
s4-dsdb: minor cleanup in DRS replicated objects code
2010-01-02 08:16:50 +11:00
Andrew Tridgell
4dbcab45f2
s4-dsdb: store full meta data from DRS for linked attributes
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
312ef9df3c
s4-dsdb: add REVEAL_INTERNALS in the search for linked_attributes
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
b1db66a501
s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid()
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
f1b6484232
s4-dsdb: split RMD_USN into RMD_LOCAL_USN and RMD_ORIGINATING_USN
...
We need a separate RMD_LOCAL_USN to allow us to tell what attributes
need to be sent in a getncchanges request. Thanks to Metze for
pointing this out.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:50 +11:00
Andrew Tridgell
e4a6f5c8b8
s4-dsdb: handle links with no backlinks in replmd_delete
2010-01-02 08:16:50 +11:00
Andrew Tridgell
5eefff915e
s4-dsdb: simplify the linked_attributes module
...
The linked_attributes module only has to deal with renames now, as
other linked attribute updates happen in repl_meta_data. This allows
it to be much simpler.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
e9699e9cb9
s4-dsdb: do the rename after the modify in replmd_delete
...
This makes updating the links a bit easier
2010-01-02 08:16:49 +11:00
Andrew Tridgell
2b5cd3dba2
s4-dsdb: some backlinks can be processed immediately
...
backlinks in add and delete operations can be processed immediately,
rather than at the end of a transaction. This can save on backlink
list processing time.
2010-01-02 08:16:49 +11:00
Andrew Tridgell
3fe9244796
s4-dsdb: remove linked_attributes_add
...
This is now handled in the repl_meta_data module
2010-01-02 08:16:49 +11:00
Andrew Tridgell
9e96ae8ddc
s4-dsdb: add linked attributes meta_data handling to replmd_add
...
This also handles the backlink creation that was previously in the
linked_attributes module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
348bcfc8ff
s4-dsdb: added replmd_delete, based on Eduardos work
...
This implements repmld_delete(), which handles the meta_data updates
for an object when deleting. A delete gets mapped to a combination
of a rename followed by a modify request, which has the effect of
moving the object into the Deleted Objects container.
This is based on the code from Eduardo Lima
<eduardoll@gmail.com>. Eduardo's code was modified to take account of
the linked attributes changes that Andrew and I have been working on.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
5964acfa74
s4-dsdb: the linked_attributes module no longer handles deletes
...
delete handling is now moved into repl_meta_data
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
bd5678f4be
s4-dsdb: repl_meta_data now replaces objectguid in all cases
...
We don't want to be debugging two different code paths through the ldb
module stack, so better to always do the work of repl_meta_data, even
for a standalone server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:49 +11:00
Andrew Tridgell
3199e02884
s4-dsdb: add a comment on the use of ldb_rename()
...
We need to use ldb_rename() and not dsdb_module_rename() here as we
need the rename to be processed by the current module
2010-01-02 08:16:48 +11:00
Andrew Tridgell
c071af337a
s4-dsdb: linked_attributes_modify no longer handles modifies
...
This functionality has moved into repl_meta_data
2010-01-02 08:16:48 +11:00
Andrew Tridgell
3b056061ff
s4-dsdb: added support for backlinks in repl_meta_data
...
backlinks need more careful handling now that we store the additional
meta data for deleted links. It is easier to handle this in
repl_meta_data than in linked_attributes.
Eventually linked_attributes will disappear, with the functionality
moved into repl_meta_data.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Andrew Tridgell
dee6b6fb3d
s4-dsdb: implemeneted replmd_modify_la_replace()
...
We now have the core code for handling storage of linked attribute
meta-data with local modifies
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Andrew Tridgell
d5020e3d91
s4-dsdb: add a TODO item for linked attributes in extended_dn_out
...
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Andrew Tridgell
41c3c979ff
s4-dsdb: add support for storing linked attribute meta data in extended DNs
...
When in functional levels above w2k, we need to store much richer meta
data about linkked attributes. We also need to keep deleted linked
attributes around to allow the deletion to be propogated to other DCs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02 08:16:48 +11:00
Jelmer Vernooij
9085499bbb
heimdal_build: Explicitly specify 'YES' when enabling external
...
libraries.
2010-01-01 18:32:37 +01:00
Jelmer Vernooij
0c29640358
s4/build: Indicate whether Samba4 is being built against the system
...
Heimdal.
2010-01-01 18:31:44 +01:00
Andrew Tridgell
de94857848
s4-net: fixed finddcs to use empty SID instead of NULL sid (NDR error)
2009-12-31 17:33:53 +11:00
Andrew Tridgell
3239872bbc
s4-net: fixed pwsettings command
...
Don't override user settings with current settings
2009-12-31 17:33:33 +11:00
Jelmer Vernooij
dbd7a62baa
py/security: Add test for dom_sid.split.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:33 +11:00
Jelmer Vernooij
66f81d18ce
samba: Fix whitespace, remove pointless 'pass' statement.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:31 +11:00
Jelmer Vernooij
ea5af6e30c
pyldb: Add dom_sid.split in favor of less powerful dom_sid_to_rid().
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:30 +11:00
Jelmer Vernooij
7effe2d2e3
net: Support 'super' commands implemented in Python.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:28 +11:00
Jelmer Vernooij
9e5ef916d4
net: Move 'newuser' to 'net newuser'
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:27 +11:00
Jelmer Vernooij
73594c248f
net: Fix tests and documentation of setexpiry.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:25 +11:00
Jelmer Vernooij
345b25d059
net: Move setexpiry to 'net setexpiry'
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:24 +11:00
Jelmer Vernooij
b531696a5b
net: Move 'setpassword' to 'net setpassword'.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:22 +11:00
Jelmer Vernooij
552e65679d
net: Allow Python commands to return None instead of 0.
...
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:21 +11:00
Jelmer Vernooij
31cc963ba0
net: Allow python subcommands to provide commands that are not recognized by
...
net itself.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31 17:33:02 +11:00
Matthias Dieter Wallnöfer
1aed373b11
s4:lib/registry/util.c - Reintroduce "FIXME"s
...
Jelmer suggested to put them in again.
2009-12-30 12:39:55 +01:00
Stefan Metzmacher
d5cbfbb93a
s4:ntlmssp: remove mem_ctx from check_password() callback to match s3
...
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
f31d144e70
s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if it's a noop
...
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
994d34b949
s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()
...
metze
2009-12-29 17:06:25 +01:00