1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

68639 Commits

Author SHA1 Message Date
Volker Lendecke
d6d2f8a8f2 s3: Build idmap_autorid by default 2010-11-08 13:39:51 +01:00
Christian Ambach
9aab4149af s3:idmap: add a new ID mapping module autorid
This is an initial implementation of the idmap_autorid module.
It works similar to the idmap_rid module but requires less
configuration. It will automatically pick ranges for each domain,
so you do not have to bother any more about adding an idmap
configuration for all of the domains in the forest.

This is very easy to use and to configure and much more
deterministic and faster than idmap_tdb, the typical choice
of Samba users up to now.
2010-11-08 13:39:51 +01:00
Christian Ambach
51ddddfa9f s3:winbind add wcache_tdc_fetch_domainbysid
add a function to lookup a domain in the winbind cache by domain SID
2010-11-08 13:39:51 +01:00
Volker Lendecke
69155e4103 s3: Put some parentheses around conditionals 2010-11-08 13:39:51 +01:00
Volker Lendecke
cbe399155d s3: Consistently use stdbool types in new code 2010-11-08 13:39:51 +01:00
Christian Ambach
57b3d32c8d s3:winbind add timeouts to winbind cache
This adds a timeout value to cache entries and the NDR records
in the winbind cache.

The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.

The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.

I increased the cache version number so an old cache will be wiped
automatically after upgrade.
2010-11-08 13:39:51 +01:00
Matthias Dieter Wallnöfer
58cfa5a825 s4:passwords.py - test empty password attributes behaviour
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 12:09:56 UTC 2010 on sn-devel-104
2010-11-08 12:09:56 +00:00
Matthias Dieter Wallnöfer
0bfbf6d526 s4:password_hash LDB module - deleting password attributes is a little more complicated 2010-11-08 11:27:03 +00:00
Matthias Dieter Wallnöfer
9154d4dcfc s4:samdb_msg_find_old_and_new_ldb_val - rework
- don't crash when no values where specified
- return ERR_CONSTRAINT_VIOLATION on malformed messages
- only check for flags when we are involved in a LDB modify operation
2010-11-08 11:27:03 +00:00
Matthias Dieter Wallnöfer
6041ef7442 s4:password_hash LDB module - clear the fact that a delete of password attributes isn't possible 2010-11-08 11:27:03 +00:00
Matthias Dieter Wallnöfer
d4c9a34cf8 s4:acl LDB module - define the delete passwords special case a bit better 2010-11-08 11:27:03 +00:00
Matthias Dieter Wallnöfer
acffe25896 s4:passwords.py - add another two failure cases 2010-11-08 11:27:03 +00:00
Matthias Dieter Wallnöfer
9aa0ed2c3a ldb:pyldb.c - "py_ldb_msg_element_get" - here we can safely use "unsigned int" for the element reference
We don't make use of "Py_List*" calls

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 11:21:27 UTC 2010 on sn-devel-104
2010-11-08 11:21:27 +00:00
Matthias Dieter Wallnöfer
ef4861d926 ldb:pyldb.c - "py_ldb_contains" - return only "0" not found, "1" found, "-1" error 2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
7bdbfc9603 ldb:pyldb.c - most of the times "time_t" is defined as "long int"
Therefore use a signed long int for conversions.

http://stackoverflow.com/questions/471248/what-is-ultimately-a-time-t-typedef-to
2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
9e5ca72afb ldb:pyldb.c - fix some "Py_ssize_t" output warnings 2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
f6572e5ffc ldb:pyldb.c - use "Py_ssize_t" for counting list entries
This seems to be the most appopriate type
2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
084c11d600 ldb:pyldb.c - fix indentation 2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
af84b6d325 s4:pydsdb.c - use "Py_ssize_t" for Python list counters
Seems to be the most appropriate type
2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
9f2d21561b s4:pydsdb.c - introduce Python 2.4 compatibility defines 2010-11-08 10:39:05 +00:00
Matthias Dieter Wallnöfer
4b97e7c8f2 s4:objectguid/repl_meta_data LDB module - deny "objectGUID" updates
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 10:36:50 UTC 2010 on sn-devel-104
2010-11-08 10:36:49 +00:00
Matthias Dieter Wallnöfer
8caf0ed909 s4:objectclass LDB module - no idea why we'd need the "objectGUID" here 2010-11-08 10:51:45 +01:00
Matthias Dieter Wallnöfer
bb2eef5295 s4:objectguid LDB module - make use of "dsdb_next_callback" 2010-11-08 10:36:12 +01:00
Matthias Dieter Wallnöfer
e2efb098ab s4:drsuapi RPC server - writespn.c - fix indentations 2010-11-08 09:59:22 +01:00
Andrew Tridgell
b38a9a8999 s4-drs: allow bypass of writespn checking for some SPNs
this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname

we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 08:45:16 UTC 2010 on sn-devel-104
2010-11-08 08:45:16 +00:00
Andrew Bartlett
cb3d6c407e heimdal Add clock-skew handling to DCE-style GSSAPI
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.

Andrew Bartlett

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 07:58:09 UTC 2010 on sn-devel-104
2010-11-08 07:58:09 +00:00
Andrew Bartlett
10c82d0619 s4-auth Supply more useful error messages on Kerberos failure
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.

Andrew Bartlett
2010-11-08 18:15:23 +11:00
Brad Hards
cd4c3d6d7b s4-auth Fix typos in samba4 auth code 2010-11-08 18:15:23 +11:00
Andrew Bartlett
3c4376c4d8 s4-dsdb Explain why we may not use the GC name in some situations.
This delicate balance caused us a bit of a puzzle when we could not work
out why an DC join failed with the new python scripts.

Andrew Bartlett
2010-11-08 18:15:23 +11:00
Andrew Bartlett
e77e162b97 s4-selftest fix indentation 2010-11-08 18:15:23 +11:00
Andrew Tridgell
11b42022c7 s4-repl: fixed replication notifications to RODCs
We need a separate source dsa list for RODCs, as they are not in the
repsFrom for our partitions, but are in the repsTo. This adds a new
'notifies' list, which contains all the source dsas for the DCs that
we should send notifies to, but which we don't replicate from

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 06:57:43 UTC 2010 on sn-devel-104
2010-11-08 06:57:42 +00:00
Andrew Tridgell
2763ede399 fix 2010-11-08 06:16:04 +00:00
Andrew Tridgell
ac0a92b5b3 s4-debug: lowered the debug level of some unimportant messages 2010-11-08 06:16:04 +00:00
Andrew Tridgell
7bd5d40208 s4-ldb: don't give an error if a module is already registered
this can happen when both the build and install paths are used to load
ldb modules

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 05:28:14 UTC 2010 on sn-devel-104
2010-11-08 05:28:14 +00:00
Andrew Tridgell
8759523295 waf: go back to the previous method of handling .inst. rules
the change broke the library linkages for some library, as spotted by
Brad
2010-11-08 15:46:27 +11:00
Andrew Tridgell
e427f2fc81 waf: fixed the names of the installed libraries after the last change
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 02:31:18 UTC 2010 on sn-devel-104
2010-11-08 02:31:18 +00:00
Andrew Tridgell
5a6a9ea45c s4-dns: ensure we get the right case on the grant rule for administrator
it may be 'Administrator' in the database, and bind match rules are
case sensitive

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 01:41:43 UTC 2010 on sn-devel-104
2010-11-08 01:41:42 +00:00
Andrew Tridgell
c0297e5e89 waf: fixed tabs/spaces for python3.0
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 00:55:13 UTC 2010 on sn-devel-104
2010-11-08 00:55:13 +00:00
Andrew Tridgell
b867dc9ea2 waf: prevent us from modifying non-install libs during make install
we need to ensure that 'make install' does not change any of our build
libraries, and only changes the .inst.so libraries, otherwise doing a
make test in the build directory directly after a make install could
use the installed libraries, which would mean using the wrong
LDB_MODULES_PATH

this could cause the "unknown error" loading ldb modules when running
some commands directly after a make install

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-08 11:13:28 +11:00
Andrew Tridgell
d738a0448d s4-ldb: better error message when we try to register a module twice
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-08 11:13:28 +11:00
Andrew Tridgell
cc5e231355 s4-pydrs: validate the DsGetNCChanges response
check that object_count matches up with first_object
2010-11-08 11:13:28 +11:00
Andrew Tridgell
e59bf5efb5 s4-join: modify join behaviour according to domain level
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Nov  7 23:32:16 UTC 2010 on sn-devel-104
2010-11-07 23:32:16 +00:00
Andrew Tridgell
fc5fecb0b7 s4-drs: allow override of the replica_flags 2010-11-07 22:50:05 +00:00
Andrew Tridgell
18085b1236 s4-dsdb: give the DN on a shema attribute failure 2010-11-07 22:50:05 +00:00
Matthias Dieter Wallnöfer
9ba7ce6acf s4:ldap.py - add more "objectGUID" related tests
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 21:12:03 UTC 2010 on sn-devel-104
2010-11-07 21:12:03 +00:00
Matthias Dieter Wallnöfer
225f102106 s4:objectguid LDB module - fix typo in output message 2010-11-07 21:30:16 +01:00
Matthias Dieter Wallnöfer
2c76be76d5 s4:objectguid LDB module - objectGUIDs cannot be specified on add operations 2010-11-07 21:30:16 +01:00
Matthias Dieter Wallnöfer
c89bc8394d s4:upgradeprovision - remove some "recalculate_sd" uses
We need "recalculate_sd" only when no external "nTSecurityDescriptor" change
is performed. Otherwise the recalculation is performed automatically.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 18:52:42 UTC 2010 on sn-devel-104
2010-11-07 18:52:42 +00:00
Matthias Dieter Wallnöfer
9057e603cf s4:descriptor LDB module - make the "nTSecurityDescriptor" attribute fully behave as in AD
- fix crash when provided "nTSecurityDescriptor" attribute is empty
- print out the correct error codes if it's provided multi-valued
- simplify the "recalculate_sd" control handling
2010-11-07 19:09:29 +01:00
Matthias Dieter Wallnöfer
786a76720c s4:ldb_modules/util.c - "dsdb_get_single_valued_attr" - support the attribute fetch also on LDB add operations
We've to completely ignore the flags in that case.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 11:10:23 UTC 2010 on sn-devel-104
2010-11-07 11:10:23 +00:00