1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

20908 Commits

Author SHA1 Message Date
Stefan Metzmacher
bf1f067b0c s4:dsdb: add validate_update module
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
b20707c11a s4:dsdb/schema: add inftrastructure for dsdb_validate_ldb()
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
61589085c4 s4:dsdb/schema: add dsdb_syntax_DN_STRING_* wrappers
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
24ecd19b30 s4:dsdb/resolve_oids: also resolve oid in search attribute list
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa s4:dsdb/schema_load: add a TODO about schema reloading
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
7d41afece7 s4:ldb/tests: do a "schemaUpdateNow" after creating a new attribute in ldap_schema.py
It seems that windows doesn't need that.

And we should think about a check for reloading the schema
at the start of each "write" operation.

metze
2010-01-13 16:03:52 +01:00
Stefan Metzmacher
92b87eb474 s4:dsdb/repl: reorder dreplsrv_op_notify* functions
This make the whole async dreplsrv_op_notify_send/recv()
readable.

metze
2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240 s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation.
In lsa_BinaryString length and size are byte counts!

TODO: we may need to do byte order conversion in this functions too...

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
ca9bc96b96 s4:ldb_msg: first try to decode integers as signed and then fallback to unsigned
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.

metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204 s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int()
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0 s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64()
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".

metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
8d4b913ce2 s4:ldb: be more strict in parsing ldb time strings
metze
2010-01-13 14:51:59 +01:00
Andreas Schneider
129c15c083 s4-ntp_signd: Migrate to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-13 14:51:58 +01:00
Nadezhda Ivanova
a4eaa11134 Fixed a problem with incorrect default SD owner/group. 2010-01-13 15:16:38 +02:00
Zahari Zahariev
5d1aa4c5b7 Comparison tool for LDAP servers (using Ldb)
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).

Added functionality for two sets of credentials.
2010-01-13 12:06:17 +02:00
Simo Sorce
3d184399a5 Strip trailing spaces 2010-01-12 13:50:24 -05:00
Günther Deschner
3b82254903 s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4.
Seems like account lockout is not implemented at all yet.

Guenther
2010-01-12 12:34:55 +01:00
Günther Deschner
13dad38930 s4-smbtorture: fix GetAliasMembership test in RPC-SAMR.
Guenther
2010-01-12 12:12:05 +01:00
Günther Deschner
a744dbcf2b s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test.
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.

Michael, please check. This should help verifiying Bug #4347.

Guenther
2010-01-12 12:09:47 +01:00
Günther Deschner
c9e84ad397 s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests.
Guenther
2010-01-12 12:09:25 +01:00
Simo Sorce
e0e255fb24 Fix comment/debug messages 2010-01-11 11:55:28 -05:00
Andrew Bartlett
c32b0b6b02 Merge remote branch 'origin/master' into alpha11release 2010-01-11 17:10:32 +11:00
Andrew Bartlett
f6b10596ca and we move on towards Samba4 alpha12! 2010-01-11 17:05:06 +11:00
Andrew Bartlett
1a76c80466 This is Samba4 alpha11! 2010-01-11 14:58:11 +11:00
Steven Danneman
5323fe99c3 s4/torture: Parameterize output in LOCK tests based off server support
Two new torture parameters:

* smbexit_pdu_support: if the Server supports the Exit command

* range_not_locked_on_file_close: whether the server returns the
  NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
  pending lock request.  Windows returns this error, though per the
  spec, this error should only be returned to an unlock request.
2010-01-10 16:12:44 -08:00
Andrew Tridgell
73422e7dd8 Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
This reverts commit 5c174c68cc.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
This reverts commit 61dfd3dc1d.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
This reverts commit 9ee895fcf6.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a Revert "s4:provision_users.ldif - Add objects for IIS"
This reverts commit 91e2100287.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
2cedefabc9 s4:upgradeprovision - fix up the script regarding linked attributes
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.

The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.

I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
2010-01-10 22:48:06 +01:00
Matthias Dieter Wallnöfer
e0d6b0977e s4:upgradeprovision - Reformat comments
Make them break at line 80 (better readability).
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
601ea3a442 s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
91e2100287 s4:provision_users.ldif - Add objects for IIS
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6 s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
2010-01-10 10:50:46 +01:00
Andrew Tridgell
a3e089db19 s4-ldb: display security descriptors with correct SDL for known SIDs
This makes it much easier to compare SDs
2010-01-10 13:23:38 +11:00
Andrew Tridgell
d5091a1dd9 s4-dsdb: added samdb_domain_sid_cache_only() 2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d s4-drs: instanceType is always sent, regardless of UDV values 2010-01-09 22:08:36 +11:00
Andrew Tridgell
a894eeab77 s4-debug: lower the verbosity of a couple of common log messages 2010-01-09 21:59:34 +11:00
Andrew Tridgell
93fefefea8 s4-samldb: fixed primaryGroupID when promoting a machine to a DC
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
8a09dc1266 s4-schema: fixed the SDDL for the schema root security descriptor
This was preventing a DCPROMO client from allowing outgoing
replication
2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58 s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06 s4-drs: give DN of failed replication partition 2010-01-09 21:59:32 +11:00
Andrew Tridgell
04e82370db s4-drs: base is_nc_prefix on instanceType
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c s4-drs: having no SPNs to change is not an error 2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356 s4-drs: fixed writespn to ignore add/delete errors
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
2010-01-09 18:56:30 +11:00
Andrew Tridgell
8c2d7ae19e s4-dsdb: added samdb_ldb_val_case_cmp() 2010-01-09 18:56:29 +11:00