sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
59,068 Commits 60 Branches 1,146 Tags
Commit Graph

1357 Commits

Author SHA1 Message Date
Michael Adam
fb4679638d s4:rpc-server:samr: fix setting of lockout duration < lockout window 
This should return NT_STATUS_INVALID_PARAMETER.
This makes samba pass the first part of the samr-lockout test.

This constraint is documented here for the samr server:
http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx
MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates

and here for the ldap backend:
http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx
MS-ADTS 3.1.1.5.3.2 Constraints

So the check should actually be moved down into the backend,
i.e. under dsdb/samdb/ldb_modules - TODO..

Michael
 2010-01-21 13:01:24 +01:00
Andrew Tridgell
f461a72ec3 idl: switched to using the WSPP names for the 'neighbour' DRS options 
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
 2010-01-18 07:25:18 +11:00
Andrew Tridgell
dde836adbd s4-drs: allow for security bypass for DsReplicaGetInfo 
Use --option=drs:disable_sec_check=true until the group membership bug
with the PAC is fixed.
 2010-01-17 10:52:31 +11:00
Andrew Tridgell
8342d08f5c s4-dsdb: take advantage of local cursor and sort 
in getncchanges and repl task we don't need the extra load and sort
any more.
 2010-01-16 14:10:43 +11:00
Andrew Tridgell
0bba44094a s4-drs: use dsdb_load_udv_v2() in getncchanges code 2010-01-16 14:10:43 +11:00
Andrew Tridgell
3a9b33b487 s4-drs: better debug info when security checks fail 
show the security token of the user at debug level 2
 2010-01-16 14:10:42 +11:00
Andrew Tridgell
5efff3ad6a s4-dsdb: require admin access for DsReplicaGetInfo 2010-01-16 14:10:42 +11:00
Andrew Tridgell
5bfeed89da s4-drs: framework for DsGetReplInfo(), includes the DS_REPL_INFO_NEIGHBORS infoType. 
This patch includes the framework for the implementation of all infoTypes of
the DsGetReplInfo() call, and includes the implementation for the first one,
the DS_REPL_INFO_NEIGHBORS.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-01-16 14:10:42 +11:00
Andrew Tridgell
22d92157e3 s4-drs: give better debug info on unsupported DRS calls 2010-01-16 14:10:41 +11:00
Matthias Dieter Wallnöfer
40bc48dfa9 s4:SAMR RPC - Fix the criteria for group searches 
This should match the MS-SAMR documentation (section 3.1.5.5.1.1)
 2010-01-14 10:58:06 +01:00
Andrew Tridgell
2008d24e91 s4-drs: switch the DRS server to the generic DRS options flags 2010-01-14 15:37:59 +11:00
Andrew Tridgell
a894eeab77 s4-debug: lower the verbosity of a couple of common log messages 2010-01-09 21:59:34 +11:00
Andrew Tridgell
04e82370db s4-drs: base is_nc_prefix on instanceType 
for extended operations comparing to the ncRoot_dn is not correct
 2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c s4-drs: having no SPNs to change is not an error 2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356 s4-drs: fixed writespn to ignore add/delete errors 
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
 2010-01-09 18:56:30 +11:00
Andrew Tridgell
acf33e0d58 s4-drs: moved the DsWriteAccountSpn call to its own file 2010-01-09 18:56:29 +11:00
Andrew Tridgell
1158c13861 s4-drs: need to set the getncchanges extended_ret on success too 2010-01-09 18:56:29 +11:00
Andrew Tridgell
39730ac302 s4-drs: be less verbose when we filter objects by UDV 2010-01-09 18:56:28 +11:00
Andrew Tridgell
349f7ba09c s4-drs: added filtering by udv in getncchanges 
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
 2010-01-09 13:11:27 +11:00
Andrew Tridgell
9e6eb22f7f s4-drs: fixed the NC in the getncchanges RID alloc reply 
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
 2010-01-09 10:15:14 +11:00
Andrew Tridgell
196cb6b359 s4-drs: fixed usage of ldb_dn_new() 2010-01-09 10:15:12 +11:00
Andrew Tridgell
8d87c0a0c3 s4-drs: added two more SPNs in addentry 
w2k8r2 wants these after a DCPROMO

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:54 +11:00
Andrew Tridgell
5803253362 s4-drs: we need to wrap extended operations in transactions 2010-01-08 13:03:05 +11:00
Andrew Tridgell
ac5d426062 s4-drs: added some debug messages 
It is nice to see when a RID Alloc is successful
 2010-01-08 13:03:02 +11:00
Andrew Tridgell
f254091957 s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC 
This allocates a RID pool for the client DC when we are the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:02 +11:00
Andrew Tridgell
e809b721e9 s4-drs: don't give an error on repsTo delete if add is also specified 
w2k8-r2 in dcpromo asks for a delete+add during its initial join.
 2010-01-02 17:28:35 +11:00
Andrew Tridgell
00b39c70f5 s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs 
This allows for more flags in the future
 2010-01-02 08:16:57 +11:00
Andrew Tridgell
e3cf818c27 s4-drs: sort linked attributes 
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
 2010-01-02 08:16:55 +11:00
Andrew Tridgell
38160deac4 s4-drs: use dsdb linked attribute parse functions 
This makes the code considerably more readable
 2010-01-02 08:16:54 +11:00
Andrew Tridgell
a81dd03917 s4-drs: set flag to indicate that we do support linked attributes 2010-01-02 08:16:54 +11:00
Andrew Tridgell
0c2afdd5a9 s4-drs: update highwatermark after successfully encoding the object 2010-01-02 08:16:52 +11:00
Andrew Tridgell
ff6dd4a67f s4-drs: send all linked attributes at the end of a replication cycle 
This ensures that a link is not seen before the object it points to
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
5bf257fa9b s4-drs: use the extended linearized form for DRS replication 
We were sending zero GUIDs. Not good!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
7653f56bd4 s4-drs: implemented sorting functions based on replication flags 
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
701148bbe9 s4-drs: we are doing the sorting for getncchanges in the app code now 
the sorting is quite delicate, and easier to get right in the
getncchanges code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
cb00e443a3 s4-drs: give a reason when an AddEntry commit fails 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
340d7e807b s4-drs: fixed the UDV return in getncchanges 
We should overwrite an existing entry if found
 2010-01-02 08:16:51 +11:00
Andrew Tridgell
bcc952d19d s4-drs: some useful debugging options for getncchanges 
Added two debugging parametric options

  drs:max object sync = 
  drs:extra filter =
 2010-01-02 08:16:51 +11:00
Andrew Tridgell
225bcfa4e6 s4-drs: handle mixtures of old and new style links in getncchanges 
We need to send non-upgraded links using the old format
 2010-01-02 08:16:51 +11:00
Andrew Tridgell
fde3f64373 s4-drs: added linked attribute replication to getncchanges 2010-01-02 08:16:50 +11:00
Andrew Tridgell
beba977213 s4-dsdb: ask for REVEAL_INTERNALS in getncchanges 
We need this for the linked attribute meta data
 2010-01-02 08:16:50 +11:00
Matthias Dieter Wallnöfer
e22e336f41 s4:drsuapi/getncchanges.c - Update the list of operational attributes 
- Reorder them as specified in "operational.c"
- Add also the lan manager hash password attribute
 2009-12-16 09:45:22 +01:00
Andrew Tridgell
732c701c52 s4-drs: ensure we fill in ncRoot_dn in getncchanges 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-09 18:18:26 +11:00
Andrew Tridgell
16eb25b35b s4-drs: use parentGUID attribute in getncchanges 
Now that parentGUID is reliable again, use it instead
of building our own

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-09 18:18:25 +11:00
Andrew Tridgell
ced3eef776 s4-drsutil: fixed a memory leak in samdb_search_count 
In general functions that don't return any memory should not take a memory context.
Otherwise it is too easy to have a bug like this where memory is leaked
 2009-12-04 17:49:19 +11:00
Andrew Tridgell
8d7a43fed7 s4-drs: fixed UDV and overlapping sync calls in DRS 
When windows abandons a DRS sync, it will sometimes re-use the same bind handle for
a new sync. This means we need to check the DN of the sync and blank the getnc_state
if the DN has changed.

This also fixes the UDV to use the highest uSN for the partition, not for
the whole SAM.
 2009-12-03 10:27:59 +11:00
Matthias Dieter Wallnöfer
f7c28db475 s4:WINREG RPC server - add another "talloc_unlink" in "DeleteKey" 
Also here we waste memory - therefore free the pointless handle after the delete.
 2009-11-27 23:23:32 +01:00
Matthias Dieter Wallnöfer
6f7cfb0e10 s4:WINREG RPC server - Reintroduce the free operation on "CloseKey" 
Better use "talloc_unlink" here Since we could have more than one reference.
 2009-11-27 23:23:31 +01:00
Matthias Dieter Wallnöfer
9e852a1759 Revert "s4-netlogon: always set the dNSHostName in GetDomainInfo" 
This reverts commit 87b6f2e863c6e117643ab6704e50167e849b69cc.

This was the cause of the breakage of the "LogonGetDomainInfo" testsuite. I
think my behaviour is more correct to Windows Server since the test works
against it (at least release 2003 R2).

One problem I discovered is that freshly joined workstations don't get their
DNS name into the directory. Therefore I think also another part (maybe another
RPC call) is able to do this.
 2009-11-24 20:30:07 +01:00
Matthias Dieter Wallnöfer
03b6e6e525 s4:netlogon RPC - Remove trailing whitespace 2009-11-22 15:54:16 +01:00