Jelmer Vernooij [Sat, 8 Oct 2011 12:13:04 +0000 (14:13 +0200)]
netcmd: Avoid catching all exceptions, avoid using ';' at the end of lines.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Oct 8 15:46:46 CEST 2011 on sn-devel-104
Jelmer Vernooij [Sat, 8 Oct 2011 12:07:18 +0000 (14:07 +0200)]
upgrade: Avoid catching all exceptions, just catch the ones we care about.
Matthias Dieter Wallnöfer [Fri, 30 Sep 2011 14:45:55 +0000 (16:45 +0200)]
s4:findprovisionusnranges - the default python path is detected over "env"
Reviewed-by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 8 13:06:20 CEST 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Fri, 30 Sep 2011 13:47:04 +0000 (15:47 +0200)]
s4:upgrading-samba4.txt - fix mistakes reported by bug #8504
Reviewed-by: Jelmer
Stefan Metzmacher [Sat, 8 Oct 2011 07:18:02 +0000 (09:18 +0200)]
examples/VFS: add skel_get_dfs_referrals()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 8 11:29:18 CEST 2011 on sn-devel-104
Stefan Metzmacher [Sat, 8 Oct 2011 07:17:11 +0000 (09:17 +0200)]
examples/VFS: fix names in skel_opaque.c
metze
Stefan Metzmacher [Sat, 8 Oct 2011 05:23:00 +0000 (07:23 +0200)]
s4:torture/smb2: avoid '//' comments
The compiler on openindiana doesn't like them.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 8 08:56:10 CEST 2011 on sn-devel-104
Stefan Metzmacher [Sat, 8 Oct 2011 05:22:39 +0000 (07:22 +0200)]
s4:torture/drs: avoid '//' comments
The compiler on openindiana doesn't like them.
metze
Stefan Metzmacher [Sat, 8 Oct 2011 05:22:14 +0000 (07:22 +0200)]
s4:lib/wmi: avoid '//' comments
The compiler on openindiana doesn't like them.
metze
Stefan Metzmacher [Sat, 8 Oct 2011 05:21:49 +0000 (07:21 +0200)]
s3:utils: avoid '//' comments
The compiler on openindiana doesn't like them.
metze
Stefan Metzmacher [Sat, 8 Oct 2011 05:21:25 +0000 (07:21 +0200)]
s3:lib/netapi: avoid '//' comments
The compiler on openindiana doesn't like them.
metze
Stefan Metzmacher [Sat, 8 Oct 2011 05:20:39 +0000 (07:20 +0200)]
dnsserver.idl: avoid '//' comments
The compiler on openindiana doesn't like them.
metze
Andrew Bartlett [Sat, 8 Oct 2011 00:19:35 +0000 (11:19 +1100)]
build: build wbinfo only once in the waf build
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct 8 04:52:03 CEST 2011 on sn-devel-104
Andrew Bartlett [Fri, 7 Oct 2011 23:50:32 +0000 (10:50 +1100)]
build: remove double-setting of build_public_headers
The top level build already sets this, so we do not need to set it twice.
Andrew Bartlett
Andrew Bartlett [Fri, 7 Oct 2011 23:49:49 +0000 (10:49 +1100)]
build: s3 public headers appear to be correct now
The build now passes without this setting, so remove it to ensure we
do this check in future.
Andrew Bartlett
Stefan Metzmacher [Tue, 4 Oct 2011 10:44:12 +0000 (12:44 +0200)]
selftest: run dfs tests on plugin_s4_dc
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 8 03:18:54 CEST 2011 on sn-devel-104
Stefan Metzmacher [Tue, 4 Oct 2011 10:38:00 +0000 (12:38 +0200)]
s3:modules: add vfs_dfs_samba4
This module overloads the SMB_VFS_GET_DFS_REFERRAL() hooks,
in order to support the domain, dc and sysvol referrals
for a AD DC.
The config would look like this:
[IPC$]
vfs objects = dfs_samba4
metze
Stefan Metzmacher [Sat, 1 Oct 2011 07:15:58 +0000 (09:15 +0200)]
s3:msdfs: removed unused variables
metze
Stefan Metzmacher [Sat, 1 Oct 2011 07:13:50 +0000 (09:13 +0200)]
s3:msdfs: implement setup_dfs_referral() on top of SMB_VFS_GET_DFS_REFERRALS()
metze
Stefan Metzmacher [Sat, 1 Oct 2011 04:57:18 +0000 (06:57 +0200)]
s3:vfs: add SMB_VFS_GET_DFS_REFERRAL() hooks
metze
Stefan Metzmacher [Tue, 4 Oct 2011 10:41:12 +0000 (12:41 +0200)]
s3:param: add lp_host_msdfs to loadparm_s3_context
metze
Stefan Metzmacher [Tue, 4 Oct 2011 10:42:11 +0000 (12:42 +0200)]
s4:smb_server: implement dfs referral handing on top of dfs_server_ad_get_referrals()
metze
Stefan Metzmacher [Tue, 4 Oct 2011 11:08:50 +0000 (13:08 +0200)]
dfs_server: add generic dfs_server_ad_get_referrals() call
This is a generic function to implement the domain, dc and sysvol
DFS referrals.
metze
Michael Adam [Fri, 7 Oct 2011 12:00:18 +0000 (14:00 +0200)]
examples/VFS: fix a typo in the README
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat Oct 8 01:42:33 CEST 2011 on sn-devel-104
Jeremy Allison [Fri, 7 Oct 2011 18:09:44 +0000 (11:09 -0700)]
Fix bug #8509 - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER.
Not a security issue as we also check inside _samr_CreateUser2.
Thanks to Andreas Schneider <asn@samba.org> for finding and testing this.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 7 21:51:27 CEST 2011 on sn-devel-104
Stefan Metzmacher [Wed, 5 Oct 2011 12:59:59 +0000 (14:59 +0200)]
s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
Stefan Metzmacher [Fri, 7 Oct 2011 07:58:29 +0000 (09:58 +0200)]
Revert "ldb: support raw OIDs in control string parsing"
This reverts commit
ea41860d32d38448e08cefd79d30ee1150317a9e.
This is not needed, because we already have the 'local_oid' magic.
metze
Stefan Metzmacher [Fri, 7 Oct 2011 07:57:34 +0000 (09:57 +0200)]
s4:dbchecker: make use of local_oid controls for dsdb.DSDB_CONTROL_DBCHECK
metze
Stefan Metzmacher [Fri, 7 Oct 2011 07:56:17 +0000 (09:56 +0200)]
ldb/ldb_controls: allow oid up to 255 chars
We have char oid[256], so allow sscanf() to consume 255 chars.
metze
Stefan Metzmacher [Fri, 7 Oct 2011 07:49:48 +0000 (09:49 +0200)]
s4:dsdb: fix the order of DSDB_CONTROL_* defines in samdb.h
This makes clear that struct dsdb_control_password_change
belongs to DSDB_CONTROL_PASSWORD_CHANGE_OID.
metze
Andreas Schneider [Fri, 7 Oct 2011 08:30:23 +0000 (10:30 +0200)]
uid_wrapper: Add uwrap_setresuid().
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Oct 7 12:04:05 CEST 2011 on sn-devel-104
Andreas Schneider [Thu, 6 Oct 2011 14:52:03 +0000 (16:52 +0200)]
uid_wrapper: Add uwrap_setregid().
Andreas Schneider [Thu, 6 Oct 2011 14:25:32 +0000 (16:25 +0200)]
uid_wrapper: Add uwrap_setreuid().
Andrew Bartlett [Thu, 6 Oct 2011 05:59:19 +0000 (16:59 +1100)]
s4-param copy print_parameter and equal_parameter in from source3
This will allow these functions to be put into lib/param shortly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 7 10:17:01 CEST 2011 on sn-devel-104
Andrew Bartlett [Thu, 6 Oct 2011 05:58:32 +0000 (16:58 +1100)]
s3-param Remove odd formatting to allow code merge
This code is very old, and has some code styles that we have not used
in Samba for a very long time. This fixes up a the extra braces around
return values.
Andrew Bartlett
Andrew Bartlett [Thu, 6 Oct 2011 05:54:08 +0000 (16:54 +1100)]
s3-param: inline octal_string into caller to allow code merge
Andrew Bartlett [Thu, 6 Oct 2011 05:35:39 +0000 (16:35 +1100)]
param: Use a bool to hold boolean parameters
All three-state parameters invoking Auto (2) are already declared as integers, not
booleans.
Andrew Bartlett
Andrew Bartlett [Thu, 6 Oct 2011 05:34:52 +0000 (16:34 +1100)]
s3-param use Auto define for lm_announce default
Andrew Bartlett [Tue, 5 Jul 2011 00:14:12 +0000 (10:14 +1000)]
ldb: use ldb directly rather than via a copy
This avoids needing to manually sync the two files, which due to the
top level build must be API compatible at all times anyway.
The most important recent change was:
commit
e3b76bd6205acfc1a89fbcab5d9588b32cb47b88
Author: Andrew Tridgell <tridge@samba.org>
Date: Thu Jul 28 15:51:31 2011 +1000
ldb: fixed a search expression parse bug
However, as we always control the search expression in the callers to
this code, no backport to other releases is required.
Andrew Bartlett
Andrew Bartlett [Thu, 8 Sep 2011 00:42:02 +0000 (10:42 +1000)]
build: ndrdump is only built with waf
We no longer need an #if (_SAMBA_BUILD >= 4) here.
Andrew Bartlett
Andrew Bartlett [Thu, 8 Sep 2011 00:09:12 +0000 (10:09 +1000)]
build: Remove obsolete --enable/disable-merged-build
All waf builds build everything now.
Andrew Bartlett
Andrew Bartlett [Wed, 7 Sep 2011 22:46:42 +0000 (08:46 +1000)]
build: Remove _SAMBA_WAF_BUILD_
The _SAMBA_BUILD_ macro can pick the difference between autoconf and waf builds now
Andrew Bartlett
Andrew Bartlett [Thu, 1 Sep 2011 02:45:53 +0000 (12:45 +1000)]
autobuild: Remove s3-waf from autobuild
Andrew Bartlett [Thu, 1 Sep 2011 02:45:38 +0000 (12:45 +1000)]
build: Reduce build systems to just top level waf and autoconf
The s3-waf build system is a key component of the top level build, but
with this commit is is no longer available directly. This reduces the
number of build system combinations in master as we prepare for the
Samba 4.0 release.
Andrew Bartlett
Andrew Tridgell [Fri, 7 Oct 2011 04:25:59 +0000 (15:25 +1100)]
s4-dsdb: special case for deleted objects one way link
we show wellknown links to the deleted objects container
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 7 07:58:08 CEST 2011 on sn-devel-104
Andrew Tridgell [Fri, 7 Oct 2011 02:20:35 +0000 (13:20 +1100)]
s4-dsdb: don't display links to deleted objects
unless the user asks for the display of deactivated links, we should
not display DNs that link to deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 7 Oct 2011 02:19:48 +0000 (13:19 +1100)]
s4-dsdb: fixed one_way_link calculation
we need to check for the other end of the link, not the current linkID
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 7 Oct 2011 00:46:59 +0000 (11:46 +1100)]
s4-dsdb: fixed behaviour of show_deleted and show_recycled control
to correctly implement the show_deleted and show_recycled control we
need to know if the recyclebin is enabled. When not enabled, the
isRecycled attribute is ignored, and only isDeleted is used.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 7 Oct 2011 00:46:05 +0000 (11:46 +1100)]
s4-dsdb: fixed the check_optional_feature() call
the dsdb_check_optional_feature() call should look on our own NTDS DN
for the enabled feature. This should work for all features, not just
for forest wide fetaures.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 6 Oct 2011 07:57:20 +0000 (09:57 +0200)]
s3:lib: remove unused/empty modules.c
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 6 15:23:45 CEST 2011 on sn-devel-104
Stefan Metzmacher [Thu, 7 Jul 2011 17:48:02 +0000 (19:48 +0200)]
selftest/Samba3: enable uid wrapper in nmbd, winbindd and smbd
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Oct 6 13:49:05 CEST 2011 on sn-devel-104
Stefan Metzmacher [Thu, 7 Jul 2011 17:47:20 +0000 (19:47 +0200)]
s3:configure.developer: add --enable-uid-wrapper
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sat, 19 Feb 2011 23:05:06 +0000 (00:05 +0100)]
s3: Use the uid_wrapper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sat, 19 Feb 2011 22:21:07 +0000 (23:21 +0100)]
uid_wrapper: We have talloc_array_length, no need for an explicit length
Signed-off-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 9 Sep 2011 12:41:28 +0000 (22:41 +1000)]
lib/util: consolidate module loading
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Oct 6 08:52:30 CEST 2011 on sn-devel-104
Andrew Bartlett [Fri, 9 Sep 2011 12:25:43 +0000 (22:25 +1000)]
modules: standardise on samba_init_module as the hook symbol to resolve
Andrew Bartlett [Fri, 9 Sep 2011 12:18:42 +0000 (22:18 +1000)]
lib/util: Use only init_module_fn typedef in module loading
Andrew Bartlett [Fri, 9 Sep 2011 12:10:12 +0000 (22:10 +1000)]
lib/util: Remove unused module loading functions
Andrew Bartlett [Fri, 9 Sep 2011 11:24:49 +0000 (21:24 +1000)]
lib/util: consolidate module loading into common code
This creates a samba-modules private libary that handles the details.
Andrew Bartlett
Andrew Bartlett [Fri, 9 Sep 2011 10:29:32 +0000 (20:29 +1000)]
s3-module allow libreplace to provide dlopen replacement
Given that we have replacement dlopen() etc, use this from libreplace.
The dlerror() from libreplace gives a good error if the platform
really does not have dlopen().
Andrew Bartlett
Andrew Tridgell [Thu, 6 Oct 2011 03:21:41 +0000 (14:21 +1100)]
samba-tool: add support for fixing broken backlinks in dbcheck
this allows dangling backlinks to be removed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Oct 6 07:08:35 CEST 2011 on sn-devel-104
Andrew Tridgell [Thu, 6 Oct 2011 03:21:02 +0000 (14:21 +1100)]
s4-dsdb: allow deletion of backlinks if DSDB_CONTROL_DBCHECK given
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 6 Oct 2011 03:20:25 +0000 (14:20 +1100)]
s4-dsdb: added DSDB_CONTROL_DBCHECK
this will be used for overrides by the dbcheck validator
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 6 Oct 2011 03:19:24 +0000 (14:19 +1100)]
ldb: support raw OIDs in control string parsing
this makes it possible to use a raw OID string on the command line or
in python scripts
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 6 Oct 2011 03:18:49 +0000 (14:18 +1100)]
ldb: fixed memory leak in control string parsing
if parsing fails, free ctrl
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 6 Oct 2011 01:31:21 +0000 (12:31 +1100)]
s4-dsdb: allow groupType update on deleted objects
this allows dbcheck to fix groupType on objects that have been deleted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 6 Oct 2011 00:24:28 +0000 (11:24 +1100)]
s4-rodc: use the rodc_replica flag on the partition
this sets DSDB_REPL_FLAG_PARTIAL_REPLICA when replicating a RODC
partition, which tells the replication code to map instanceType to
remove the INSTANCE_TYPE_WRITE bit
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 6 Oct 2011 00:14:13 +0000 (11:14 +1100)]
s4-rodc: ensure we load replicated partitions for RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 30 Sep 2011 21:33:38 +0000 (14:33 -0700)]
s4-dsdb: Do not assume that all deleted objects have an objectCategory and sAMAccountType
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Oct 6 03:43:13 CEST 2011 on sn-devel-104
Andrew Bartlett [Fri, 30 Sep 2011 01:56:38 +0000 (18:56 -0700)]
dsdb: Do not attempt to resolve conflicts on an RODC
Andrew Bartlett [Fri, 30 Sep 2011 01:53:51 +0000 (18:53 -0700)]
dsdb: fix double-free in replication failure case on RODC
Andrew Bartlett [Fri, 30 Sep 2011 00:05:38 +0000 (17:05 -0700)]
s4-dsdb Allow repl server to start even when no master NCs are present
Ewoud Kohl van Wijngaarden [Wed, 5 Oct 2011 22:36:46 +0000 (00:36 +0200)]
Add missing com_err dependencies
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Oct 6 02:10:21 CEST 2011 on sn-devel-104
Andrew Tridgell [Wed, 5 Oct 2011 06:07:51 +0000 (17:07 +1100)]
s4-auth: fixed formatting of some DEBUG() lines
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Oct 5 09:45:15 CEST 2011 on sn-devel-104
Jeremy Allison [Tue, 4 Oct 2011 21:46:00 +0000 (14:46 -0700)]
Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create.
Don't manipulate the new_dos_attributes bits until we know it's not a POSIX open.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 5 01:19:17 CEST 2011 on sn-devel-104
Günther Deschner [Tue, 4 Oct 2011 10:53:38 +0000 (12:53 +0200)]
s3-waf: remove explicit linking to SMBLDAP subsystem.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Oct 4 14:39:57 CEST 2011 on sn-devel-104
Günther Deschner [Tue, 4 Oct 2011 10:53:09 +0000 (12:53 +0200)]
s3-smbldap: remove an obsolete prototype.
Guenther
Stefan Metzmacher [Tue, 4 Oct 2011 08:47:46 +0000 (10:47 +0200)]
s3:lib/util: make sure panic action can attach a debugger on ubuntu (>=10.10)
By default user processes can't attach a debugger to a process.
So explicitly allow that for all child processes, before calling
the panic action script.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Oct 4 12:51:35 CEST 2011 on sn-devel-104
Stefan Metzmacher [Tue, 4 Oct 2011 08:47:46 +0000 (10:47 +0200)]
lib/util: make sure panic action can attach a debugger on ubuntu (>=10.10)
By default user processes can't attach a debugger to a process.
So explicitly allow that for all child processes, before calling
the panic action script.
metze
Stefan Metzmacher [Tue, 4 Oct 2011 07:21:23 +0000 (09:21 +0200)]
s3:param: use ROLE_DOMAIN_CONTROLLER for an AD domain controller
metze
Andrew Tridgell [Sat, 1 Oct 2011 00:58:52 +0000 (10:58 +1000)]
s4-subdomain: create trust record with forest root DC
when we create a sub-subdomain we need to use the forest naming master
to setup the partition changes for the new subdomain. We also need to
setup the trust with the forest root, as that allows us to create the
needed _msdcs DNS entries in the forest
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 4 07:40:59 CEST 2011 on sn-devel-104
Andrew Tridgell [Sat, 1 Oct 2011 00:57:14 +0000 (10:57 +1000)]
s4-dsdb: fixed re-join of subdomain
if we repeat the join of a subdomain then we try to re-create the NC
for the subdomain during a DsAddEntry(). This allows that re-creation
to succeed if the NC already exists
Andrew Tridgell [Thu, 29 Sep 2011 23:03:39 +0000 (09:03 +1000)]
s4-lsa: fixed set of trust password with old password
the calculation of add_incoming and add_outgoing was not correct when
a trust was already in place
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 29 Sep 2011 21:43:54 +0000 (07:43 +1000)]
s4-dns: add all forest DCs to named.conf.update
this allows all DCs to update DNS entries
Andrew Tridgell [Thu, 29 Sep 2011 21:08:15 +0000 (07:08 +1000)]
s4-ldap: added DSDB_CONTROL_NO_GLOBAL_CATALOG to ldap encoding list
also remove all the duplicated comments
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 29 Sep 2011 20:47:08 +0000 (06:47 +1000)]
s4-kdc: fixed handling of previous vs current trust password
This sorts out the correct handling for the 'kvno=255'
problem. Windows will use the previous trust password for 1 hour after
a password set, and indicates that the previous password is being used
by sending current_kvno-1. That maps to 255 if the trust password has
not actually been changed, so the initial trust password is being
used.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 29 Sep 2011 07:44:28 +0000 (17:44 +1000)]
s4-auth: rework map_user_info() to use cracknames
to properly support multi-domain forests we need to determine if an
incoming username is part of a known forest domain or not. To do this
for all possible SPN forms, we need to use CrackNames.
This changes map_user_info() to use CrackNames if a SAM context is
available, and asks the CrackNames services to parse the incoming
username and domain into a NT4 form, which can then be used in the
SAM.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 29 Sep 2011 07:43:25 +0000 (17:43 +1000)]
s4-sam: don't look in GC NCs for user accounts
We need to exclude GC partial replica naming contexts from SAM lookups
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 28 Sep 2011 19:23:38 +0000 (05:23 +1000)]
s4-kdc: don't look at global catalog NCs in the kdc
the kdc should not be looking for users in GC partial replicas, as
these users do not have all of the attributes needed for the KDC to
operate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 28 Sep 2011 19:22:27 +0000 (05:22 +1000)]
s4-kdc: treat a kvno of 255 as unspecified
windows sometimes sends us a kvno of 255 for inter-domain trusts. We
don't yet know why it does this, but it seems that we need to treat
this as an unspecified kvno
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 28 Sep 2011 06:45:17 +0000 (16:45 +1000)]
s4-kcc: if we are a GC, auto-add partial replicas
when we are a global catalog server, the KCC needs to add partial
replicas for all domain partitions that we don't have copies of
Andrew Tridgell [Wed, 28 Sep 2011 04:36:00 +0000 (14:36 +1000)]
s4-dsdb: simplify samdb_is_gc()
we already have a function for returning the NTDS options
Andrew Tridgell [Wed, 28 Sep 2011 04:35:27 +0000 (14:35 +1000)]
s4-dsdb: add the DSDB_CONTROL_PARTIAL_REPLICA when needed
when we are adding an object via DRS, we need to add the
DSDB_CONTROL_PARTIAL_REPLICA control if we are replicating a partial
replica, so ensure the partition module creates new NCs as partial
replicas
Andrew Tridgell [Wed, 28 Sep 2011 04:18:14 +0000 (14:18 +1000)]
heimdal: handle referrals for 3 part DRSUAPI SPNs
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-
00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).
We use the 3rd part of the SPN directly as the realm name in the
referral.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 28 Sep 2011 03:48:52 +0000 (13:48 +1000)]
s4-repl: try harder to find the right SPN in replication server
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC. We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-
00C04FC2DCD2/GUID/DNSDOMAIN SPN form.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 28 Sep 2011 01:04:29 +0000 (11:04 +1000)]
s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 27 Sep 2011 23:32:15 +0000 (09:32 +1000)]
s4-join: enable cleanup on failed join
if a join fails, then cleanup the old records
Andrew Tridgell [Tue, 27 Sep 2011 23:31:38 +0000 (09:31 +1000)]
s4-drs: added DSDB_REPL_FLAG_ADD_NCNAME to DsAddEntry call
we want new NCs to be created
Andrew Tridgell [Tue, 27 Sep 2011 23:30:44 +0000 (09:30 +1000)]
s4-dsdb: added DSDB_REPL_FLAG_ADD_NCNAME flag
Andrew Tridgell [Tue, 27 Sep 2011 23:30:26 +0000 (09:30 +1000)]
s4-dsdb: fixed formatting of a debug message
another missing newline
git.samba.org / garming / samba-autobuild / .git / log