Andrew Tridgell [Tue, 29 Dec 2009 23:52:55 +0000 (10:52 +1100)]
s4-drs: make sure the DNs we put in the db have a extended GUID
Andrew Tridgell [Tue, 29 Dec 2009 23:52:14 +0000 (10:52 +1100)]
s4-dsdb: added dsdb_set_extended_dn_guid()
Andrew Tridgell [Tue, 29 Dec 2009 00:41:19 +0000 (11:41 +1100)]
s4-ldbtest: fixed message element in modify
a flags value of zero is not valid
Andrew Tridgell [Tue, 29 Dec 2009 00:40:30 +0000 (11:40 +1100)]
s4-ldb: allow modules to override error return values
The samldb module overrides the error code for some returns when
handling primaryGroupID. We need to take the error from the async
callback to allow this to work reliably
Andrew Tridgell [Tue, 29 Dec 2009 00:39:29 +0000 (11:39 +1100)]
s4-ldbmodify: show the error code as well as error string
Andrew Tridgell [Tue, 29 Dec 2009 00:39:05 +0000 (11:39 +1100)]
s4-ldb: declate ldb_val_to_time()
Andrew Tridgell [Tue, 29 Dec 2009 00:38:49 +0000 (11:38 +1100)]
s4-ldb: use safe length limited conversions for int64 and time
Andrew Tridgell [Tue, 29 Dec 2009 00:38:17 +0000 (11:38 +1100)]
s4-dsdb: use safe length limiting in string->integer conversion
The ldap.py test suite could trigger a read past the end of the struct
ldb_val buffer
Andrew Tridgell [Tue, 29 Dec 2009 00:37:17 +0000 (11:37 +1100)]
s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time()
Andrew Tridgell [Tue, 29 Dec 2009 00:36:37 +0000 (11:36 +1100)]
s4-ldb: added ldb_val_to_time()
This is intended as a replacement for ldb_string_to_time() for ldb_val
inputs. This ensures it is length limited and includes additional
validity checks
Andrew Tridgell [Mon, 28 Dec 2009 06:22:40 +0000 (17:22 +1100)]
s4-drs: sort linked attributes
See MS-DRSR section 4.1.10.5.17 for a description of the sorting
comparison function
Andrew Tridgell [Mon, 28 Dec 2009 06:22:12 +0000 (17:22 +1100)]
s4-drs: re-resolve the DN in linked attribute processing
w2k8-r2 sometimes sends the DN with an old target
Andrew Tridgell [Mon, 28 Dec 2009 06:20:13 +0000 (17:20 +1100)]
s4-drs: use dsdb_module_rename()
Use the new dsdb_module_rename() for DRS rename handling, instead of
ldb_rename(). This stops us going to the top of the module stack on a
rename.
Andrew Tridgell [Mon, 28 Dec 2009 06:19:29 +0000 (17:19 +1100)]
s4-drs: use dsdb linked attribute parse functions
This makes the code considerably more readable
Andrew Tridgell [Mon, 28 Dec 2009 06:18:14 +0000 (17:18 +1100)]
s4-dsdb: added parse functions for DRS linked attribute blobs
Andrew Tridgell [Mon, 28 Dec 2009 03:11:37 +0000 (14:11 +1100)]
s4-drs: set flag to indicate that we do support linked attributes
Andrew Tridgell [Tue, 22 Dec 2009 01:31:42 +0000 (12:31 +1100)]
s4-ldb: show the error code as well as errstr
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 22 Dec 2009 01:21:02 +0000 (12:21 +1100)]
s4-dsdb: fixed valgrind error in replmd modify
We are using the values from a search result, so we need to steal them
onto the msg before we free the search results
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:28:04 +0000 (21:28 +1100)]
s4-drs: don't try to remove backlinks directly
backlinks need to be removed as a side effect of removing the forward
link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:27:16 +0000 (21:27 +1100)]
s4-drs: isRecycled only exists in FL W2K8-R2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:26:15 +0000 (21:26 +1100)]
s4-drs: use DSDB_FLAG_OWN_MODULE
We need DRS driven replication changes to update replPropertyMetaData,
so it needs to call into the repl_meta_data module logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:25:27 +0000 (21:25 +1100)]
s4-drs: update comment to refect only forward link in this fn
This function only update forward links
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:24:18 +0000 (21:24 +1100)]
s4-drs: fixed typo for uSNCreated
This broke DRS replication from samba to windows
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:23:18 +0000 (21:23 +1100)]
s4-drs: use dsdb_module_guid_by_dn()
We should not be going to the top of the module stack
Andrew Tridgell [Mon, 21 Dec 2009 10:21:55 +0000 (21:21 +1100)]
s4-drs: cope better with NULL GUIDS from DRS
It is valid to get a NULL GUID over DRS for a deleted forward link. We
need to match by DN if possible when seeing if we should update an
existing link.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:19:55 +0000 (21:19 +1100)]
s4-drs: give an error message in repl_meta_data if we don't get a partition control
Andrew Tridgell [Mon, 21 Dec 2009 10:18:31 +0000 (21:18 +1100)]
s4-drs: treat a zero GUID as not present in replmd_add_fix_la
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:16:35 +0000 (21:16 +1100)]
s4-drs: update highwatermark after successfully encoding the object
Andrew Tridgell [Mon, 21 Dec 2009 10:13:59 +0000 (21:13 +1100)]
s4-drs: send all linked attributes at the end of a replication cycle
This ensures that a link is not seen before the object it points to
Andrew Tridgell [Mon, 21 Dec 2009 10:12:19 +0000 (21:12 +1100)]
s4-drs: use the extended linearized form for DRS replication
We were sending zero GUIDs. Not good!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:10:41 +0000 (21:10 +1100)]
s4-drs: implemented sorting functions based on replication flags
I think we probably have more work to do on the sort order, but this
brings us a bit closer.
Andrew Tridgell [Mon, 21 Dec 2009 10:06:56 +0000 (21:06 +1100)]
s4-drs: we are doing the sorting for getncchanges in the app code now
the sorting is quite delicate, and easier to get right in the
getncchanges code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:05:50 +0000 (21:05 +1100)]
s4-drs: give a reason when an AddEntry commit fails
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:01:33 +0000 (21:01 +1100)]
s4-schema: don't fill in the extended DN with a zero GUID
sometimes windows sends us a zero GUID in a DRS DN.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 09:59:57 +0000 (20:59 +1100)]
sd-schema: order DRS classes on the wire in reverse order
windows sends objectclasses in DRS in the opposite order to what LDAP
uses
Andrew Tridgell [Mon, 21 Dec 2009 09:59:08 +0000 (20:59 +1100)]
s4-dsdb: added DSDB_FLAG_OWN_MODULE
This allows you to call dsdb_module_*() functions while including the
current module in the module stack to be used
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 21 Dec 2009 10:03:11 +0000 (21:03 +1100)]
s4-ldb: added ldb_module_get_ops()
This is needed to support DSDB_FLAG_OWN_MODULE
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 20 Dec 2009 00:53:09 +0000 (11:53 +1100)]
s4-dsdb: use a common method for finding a link pair
Use ^1 everywhere, to ensure it works for both forward and backward
links
Andrew Tridgell [Sat, 19 Dec 2009 23:27:03 +0000 (10:27 +1100)]
s4-drs: fixed the UDV return in getncchanges
We should overwrite an existing entry if found
Andrew Tridgell [Sat, 19 Dec 2009 13:12:35 +0000 (00:12 +1100)]
s4-drs: some useful debugging options for getncchanges
Added two debugging parametric options
drs:max object sync =
drs:extra filter =
Andrew Tridgell [Sat, 19 Dec 2009 13:10:40 +0000 (00:10 +1100)]
s4-dsdb: fill in the correct version number of links that come over DRS
Andrew Tridgell [Sat, 19 Dec 2009 10:42:40 +0000 (21:42 +1100)]
s4-dsdb: move checking for single valued links to samba modules
This uses the RELAX control and checking of single valued attributes
in ldb modules to avoid problems with multi-valued links where all
values but one are deleted
Andrew Tridgell [Sat, 19 Dec 2009 10:40:55 +0000 (21:40 +1100)]
s4-dsdb: added dsdb_check_single_valued_link()
This is used in conjunction with the RELAX control, to check for
violations of single value rules for linked attributes
Andrew Tridgell [Sat, 19 Dec 2009 09:59:04 +0000 (20:59 +1100)]
s4-drs: handle mixtures of old and new style links in getncchanges
We need to send non-upgraded links using the old format
Andrew Tridgell [Sat, 19 Dec 2009 09:55:46 +0000 (20:55 +1100)]
s4-dsdb: added dsdb_dn_is_upgraded_link_val()
This is used to detect if a link has been stored in the w2k3 extended
format
Andrew Tridgell [Sat, 19 Dec 2009 09:55:11 +0000 (20:55 +1100)]
s4-ldb: use the RELAX control to disable single value checking on replace
When using w2k3 linked attributes we are allowed to have multiple
values on a single valued attribute. This happens when the other
values are deleted.
Setting the RELAX control tell the ldb-tdb backend to not check for
this on replace, which means the caller has to check for single valued
violations.
Andrew Tridgell [Sat, 19 Dec 2009 08:57:37 +0000 (19:57 +1100)]
s4-dsdb: auto-upgrade w2k formatted linked attributes when modified
When any value of a w2k formatted linked attribute is modified,
upgrade the links.
Andrew Tridgell [Sat, 19 Dec 2009 01:25:09 +0000 (12:25 +1100)]
s4-drs: added linked attribute replication to getncchanges
Andrew Tridgell [Sat, 19 Dec 2009 01:24:09 +0000 (12:24 +1100)]
s4-dsdb: ask for REVEAL_INTERNALS in getncchanges
We need this for the linked attribute meta data
Andrew Tridgell [Sat, 19 Dec 2009 01:23:22 +0000 (12:23 +1100)]
s4-dsdb: minor cleanup in DRS replicated objects code
Andrew Tridgell [Fri, 18 Dec 2009 09:57:21 +0000 (20:57 +1100)]
s4-dsdb: store full meta data from DRS for linked attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 18 Dec 2009 09:56:04 +0000 (20:56 +1100)]
s4-dsdb: add REVEAL_INTERNALS in the search for linked_attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 18 Dec 2009 09:51:37 +0000 (20:51 +1100)]
s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 18 Dec 2009 01:47:31 +0000 (12:47 +1100)]
s4-dsdb: split RMD_USN into RMD_LOCAL_USN and RMD_ORIGINATING_USN
We need a separate RMD_LOCAL_USN to allow us to tell what attributes
need to be sent in a getncchanges request. Thanks to Metze for
pointing this out.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 17 Dec 2009 12:50:41 +0000 (23:50 +1100)]
s4-dsdb: handle links with no backlinks in replmd_delete
Andrew Tridgell [Thu, 17 Dec 2009 12:02:08 +0000 (23:02 +1100)]
s4-dsdb: simplify the linked_attributes module
The linked_attributes module only has to deal with renames now, as
other linked attribute updates happen in repl_meta_data. This allows
it to be much simpler.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 17 Dec 2009 12:00:16 +0000 (23:00 +1100)]
s4-dsdb: do the rename after the modify in replmd_delete
This makes updating the links a bit easier
Andrew Tridgell [Wed, 16 Dec 2009 23:50:34 +0000 (10:50 +1100)]
s4-dsdb: some backlinks can be processed immediately
backlinks in add and delete operations can be processed immediately,
rather than at the end of a transaction. This can save on backlink
list processing time.
Andrew Tridgell [Wed, 16 Dec 2009 23:42:44 +0000 (10:42 +1100)]
s4-dsdb: remove linked_attributes_add
This is now handled in the repl_meta_data module
Andrew Tridgell [Wed, 16 Dec 2009 23:42:15 +0000 (10:42 +1100)]
s4-dsdb: add linked attributes meta_data handling to replmd_add
This also handles the backlink creation that was previously in the
linked_attributes module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 16 Dec 2009 06:24:21 +0000 (17:24 +1100)]
s4-dsdb: added replmd_delete, based on Eduardos work
This implements repmld_delete(), which handles the meta_data updates
for an object when deleting. A delete gets mapped to a combination
of a rename followed by a modify request, which has the effect of
moving the object into the Deleted Objects container.
This is based on the code from Eduardo Lima
<eduardoll@gmail.com>. Eduardo's code was modified to take account of
the linked attributes changes that Andrew and I have been working on.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 16 Dec 2009 06:15:23 +0000 (17:15 +1100)]
s4-dsdb: the linked_attributes module no longer handles deletes
delete handling is now moved into repl_meta_data
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 16 Dec 2009 06:14:26 +0000 (17:14 +1100)]
s4-dsdb: repl_meta_data now replaces objectguid in all cases
We don't want to be debugging two different code paths through the ldb
module stack, so better to always do the work of repl_meta_data, even
for a standalone server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 16 Dec 2009 01:01:51 +0000 (12:01 +1100)]
s4-dsdb: add a comment on the use of ldb_rename()
We need to use ldb_rename() and not dsdb_module_rename() here as we
need the rename to be processed by the current module
Andrew Tridgell [Wed, 16 Dec 2009 00:34:58 +0000 (11:34 +1100)]
s4-dsdb: linked_attributes_modify no longer handles modifies
This functionality has moved into repl_meta_data
Andrew Tridgell [Wed, 16 Dec 2009 00:34:33 +0000 (11:34 +1100)]
s4-dsdb: added support for backlinks in repl_meta_data
backlinks need more careful handling now that we store the additional
meta data for deleted links. It is easier to handle this in
repl_meta_data than in linked_attributes.
Eventually linked_attributes will disappear, with the functionality
moved into repl_meta_data.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 14 Dec 2009 10:54:41 +0000 (21:54 +1100)]
s4-dsdb: implemeneted replmd_modify_la_replace()
We now have the core code for handling storage of linked attribute
meta-data with local modifies
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 10 Dec 2009 12:49:02 +0000 (23:49 +1100)]
s4-dsdb: add a TODO item for linked attributes in extended_dn_out
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 10 Dec 2009 12:48:30 +0000 (23:48 +1100)]
s4-dsdb: add support for storing linked attribute meta data in extended DNs
When in functional levels above w2k, we need to store much richer meta
data about linkked attributes. We also need to keep deleted linked
attributes around to allow the deletion to be propogated to other DCs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Fri, 1 Jan 2010 17:32:37 +0000 (18:32 +0100)]
heimdal_build: Explicitly specify 'YES' when enabling external
libraries.
Jelmer Vernooij [Fri, 1 Jan 2010 17:31:44 +0000 (18:31 +0100)]
s4/build: Indicate whether Samba4 is being built against the system
Heimdal.
Andrew Tridgell [Thu, 31 Dec 2009 05:53:14 +0000 (16:53 +1100)]
s4-net: fixed finddcs to use empty SID instead of NULL sid (NDR error)
Andrew Tridgell [Thu, 31 Dec 2009 05:52:49 +0000 (16:52 +1100)]
s4-testpasswords: fixed CONFIG and quoting
Need to pass correct config file to tests
Andrew Tridgell [Thu, 31 Dec 2009 05:52:15 +0000 (16:52 +1100)]
s4-net: fixed pwsettings command
Don't override user settings with current settings
Jelmer Vernooij [Wed, 30 Dec 2009 20:59:50 +0000 (21:59 +0100)]
py/security: Add test for dom_sid.split.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 20:48:42 +0000 (21:48 +0100)]
samba: Fix whitespace, remove pointless 'pass' statement.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 20:46:32 +0000 (21:46 +0100)]
pyldb: Add dom_sid.split in favor of less powerful dom_sid_to_rid().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 20:06:21 +0000 (21:06 +0100)]
net: Support 'super' commands implemented in Python.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 19:40:11 +0000 (20:40 +0100)]
net: Move 'newuser' to 'net newuser'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 19:10:34 +0000 (20:10 +0100)]
net: Fix tests and documentation of setexpiry.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 19:00:12 +0000 (20:00 +0100)]
net: Move setexpiry to 'net setexpiry'
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 18:53:05 +0000 (19:53 +0100)]
net: Move 'setpassword' to 'net setpassword'.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 17:01:24 +0000 (18:01 +0100)]
net: Allow Python commands to return None instead of 0.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 16:58:30 +0000 (17:58 +0100)]
blackbox.passwords: Use convenience variable for net.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 13:55:49 +0000 (14:55 +0100)]
Fix commands in password tests.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jelmer Vernooij [Wed, 30 Dec 2009 13:55:07 +0000 (14:55 +0100)]
net: Allow python subcommands to provide commands that are not recognized by
net itself.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jim McDonough [Wed, 30 Dec 2009 20:04:55 +0000 (15:04 -0500)]
Prevent NULL dereference if group has no members
Matthias Dieter Wallnöfer [Wed, 30 Dec 2009 11:39:55 +0000 (12:39 +0100)]
s4:lib/registry/util.c - Reintroduce "FIXME"s
Jelmer suggested to put them in again.
André Hentschel [Mon, 28 Dec 2009 01:58:40 +0000 (02:58 +0100)]
net: Add some German translation
Signed-off-by: Kai Blin <kai@samba.org>
Stefan Metzmacher [Tue, 29 Dec 2009 15:14:05 +0000 (16:14 +0100)]
s4:ntlmssp: remove mem_ctx from check_password() callback to match s3
metze
Stefan Metzmacher [Tue, 29 Dec 2009 15:10:57 +0000 (16:10 +0100)]
s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if it's a noop
metze
Stefan Metzmacher [Tue, 29 Dec 2009 15:07:16 +0000 (16:07 +0100)]
s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()
metze
Stefan Metzmacher [Tue, 29 Dec 2009 15:02:00 +0000 (16:02 +0100)]
s4:ntlmssp_server: don't use mem_ctx in auth_ntlmssp_check_password()
metze
Stefan Metzmacher [Tue, 29 Dec 2009 14:54:59 +0000 (15:54 +0100)]
s4:ntlmssp_server: clear session key in ntlmssp_server_preauth()
metze
Stefan Metzmacher [Tue, 29 Dec 2009 11:58:44 +0000 (12:58 +0100)]
s4:ntlmssp: use data_blob_null in ntlmssp_server_auth()
metze
Stefan Metzmacher [Tue, 29 Dec 2009 12:53:44 +0000 (13:53 +0100)]
s4:ntlmssp_server: remove unused variable
metze
Stefan Metzmacher [Tue, 29 Dec 2009 09:44:19 +0000 (10:44 +0100)]
s4:auth/ntlmssp: let get_challenge() return a NTSTATUS and fill a stack buffer
metze
Stefan Metzmacher [Tue, 29 Dec 2009 10:57:28 +0000 (11:57 +0100)]
s3:ntlmssp: change get_challange() to return NTSTATUS
metze
Jelmer Vernooij [Tue, 29 Dec 2009 15:08:44 +0000 (16:08 +0100)]
dsdb: Fix dependencies when building against system ldb.
Jelmer Vernooij [Tue, 29 Dec 2009 15:08:17 +0000 (16:08 +0100)]
net: Make arguments available to python commands as sys.argv.
git.samba.org / ira / wip.git / log