| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
1. During instance creation the provisioning script will import the SASL
mapping for samba-admin. It's done here due to missing config schema
preventing adding the mapping via ldapi.
2. After that it will use ldif2db to import the cn=samba-admin user as
the target of SASL mapping.
3. Then it will start FDS and continue to do provisioning using the
Directory Manager with simple bind.
4. The SASL credentials will be stored in secrets.ldb, so when Samba
server runs later it will use the SASL credentials.
5. After the provisioning is done (just before stopping the slapd)
it will use the DM over direct ldapi to delete the default SASL
mappings included automatically by FDS, leaving just the new
samba-admin mapping.
6. Also before stopping slapd it will use the DM over direct ldapi to
set the ACL on the root entries of the user, configuration, and
schema partitions. The ACL will give samba-admin the full access
to these partitions.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Jeremy.
|
|
This is needed to support some special app I've just come across where I had to
set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There
might be others to fake. This is definitely a "Don't touch if you don't know
what you're doing" thing, so I decided to make this an undocumented parametric
parameter.
I know this sucks, so feel free to beat me up on this. But I don't think it
will hurt.
|
|
|
|
* test if oplocks are granted when requesting delete-on-close
* test how oplocks are broken by byte-range-lock requests
|
|
Allows "make test" and other harnesses to print cleaner output.
|
|
|
|
thanks to metze for pointing this out
|
|
|
|
These two arrays need to be in sync, as they are walked in sync by the
client
|
|
It is easier to understand without the heavy nesting
|
|
DsAddEntry now seems to work for simple tests
|
|
These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow
|
|
The purpose of admin_session is to be able to execute parts of provisioning
as the user Administrator in order to have the correct group and owner in the
security descriptors. To be used for provisioning and tests only.
|
|
This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.
This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.
|
|
I've found that w2k3 deletes the repsTo records we carefully created
in the vampire join if we don't refresh them frequently. After about
30mins all 3 repsTo records are gone.
This patch adds automatic refresh of the repsTo by calling
DSReplicaUpdateRefs every time we do a sync cycle with the server
|
|
Metze pointed out what the windows tool ldp.exe will examine repsTo
attributes on remote DCs, so we do in fact need to use the same format
that windows uses. This patch changes the server side implementation
of UpdateRefs to use the windows format
|
|
I think this is what windows DCs use to see that we are read-only, but
I am not sure. Needs more testing.
|
|
principal.
Patch from Robert LeBlanc <robert@leblancnet.us>.
Thanks!
Guenther
|
|
Guenther
|
|
|
|
These are updated second eddition unittests using ldb.add_ldif()
and ldb.modify_ldif(). Unittests are found to work when using
the right local domain SID. Negative test separated.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Guenther
|
|
This test has been wholly replaced by the SMB2-DIR-ONE test found
in dir.c.
|
|
* removed all uses of printf, replaced with torture_comment
* replaced custom CHECK macros with new torture_assert_*_todo() helpers
* switched string dir name generation to generate_unique_strs() helper,
to avoid non-deterministic test behavior where generate_rand_str()
would cause file colissions in the same directory.
|
|
These allow torture tests to perform cleanup after a failure, by
jumping to a goto label.
|
|
|
|
Guenther
|
|
This is the same as swrap_recv().
metze
|
|
metze
|
|
metze
|
|
metze
|
|
|
|
Hopefully fixes samba4 build.
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Karolin
|
|
These actually belong netlogon but we for now want to keep netlogon as a security
providor separate.
Guenther
|
|
|
|
Vista and upper version use this value to check wether they should ask the DC
to change the msDS-SupportedEncryptionTypes attribute or not.
Declare the different value as a bitmap in Netlogon idl
|
|
|
|
|
|
|
|
|
|
print replUpToDateVector and replPropertyMetaData using NDR format if
--show-binary is given.
|
|
|
|
print security descriptors in NDR format if --show-binary is
given. This is easier to read than sddl format.
|
|
In normal usage this makes no difference, but if you add --show-binary
then you can see the NDR printed out in the usual ndr_print_*() format
|
