summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-02-24s4:lsa use the correct way to store a domain sidSimo Sorce1-7/+5
Converting the sid to a string and then storing a string does not save the sid in the right format. Causing following retrievals to fail to read back a sid with samdb_result_dom_sid().
2010-02-24s4:lsa avoid confusing ourselves over sam_ldbSimo Sorce1-39/+41
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable.
2010-02-24s4:lsa cleanup trailing spaces and tabsSimo Sorce1-35/+35
2010-02-24Revert "s4-smb: Migrate named_pipe_server to tsocket."Simo Sorce2-279/+211
This reverts commit 69d5cea2e59162f19460e7ce4b6382fc5fdd6ca0. This commit causes issues with the RPC server, revert it until we find the exact issue and possibly have a torture test to avoid it happening again. Found playing with w2k8r2 and forest trusts.
2010-02-25s4:install Fix bug #7149 reported by JHT.Andrew Bartlett1-0/+2
We need to install named.conf.update for provision to succeed from the installed setup file. Andrew Bartlett
2010-02-25s4:scripting/devel Allow tmpfs script to be re-runAndrew Bartlett1-1/+4
By doing the unmount, we can avoid double-mounting st and bin
2010-02-25s4:DNS update - change "i" to be unsignedMatthias Dieter Wallnöfer1-1/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:ldap_server - make it "signed-safe"Matthias Dieter Wallnöfer3-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:auth - make some parts "signed-safe"Matthias Dieter Wallnöfer2-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:cldap_server - make it "signed-safe"Matthias Dieter Wallnöfer2-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:torture/ldap/basic.c - add a basic test for referral returnMatthias Dieter Wallnöfer1-3/+219
I implemented this referral test in C since the LDB python API isn't capable to extract referrals from search result sets (there the result sets are simple lists which contain only the matching entries). First I enhanced the RootDSE test to return all partition base DNs in a new null-terminated list "partitions". Then I used this in my referrals test which I've implemented in the LDB api since I needed some certain DN functions.
2010-02-25s4:partition DSDB module - Generate basic referralsMatthias Dieter Wallnöfer2-47/+144
This is a first, very basic implementation of the referrals (more informations at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12). To have the full referral support (and to always point to the right host) the full implementation using DNS will be needed (at the moment we always point to the main DC which is referenceable through the DNS domainname). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:partition DSDB module - change the search and domain scope control handlingMatthias Dieter Wallnöfer1-35/+22
The domain scope control is always removed, from the search one only the two interesting flags (which are handled) and it is marked as non-critical. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:LDAP server - Enable support for returning referrals through itMatthias Dieter Wallnöfer1-0/+22
This is needed for my work regarding the referrals when the domain scope control isn't specified. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:SAMLDB module - ignore referralsMatthias Dieter Wallnöfer1-5/+6
They don't cause any harm to our functionality - so ignore them were not needed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-24s4:netlogon remove wrong ZERO_STRUCT of outputSimo Sorce1-6/+0
This was causing marshalling faults when we returned errors.
2010-02-24s3: Make connections_fetch_record() staticVolker Lendecke2-4/+2
2010-02-24python: ntacls, fix a leftover that is not in the try/except branchMatthieu Patou1-1/+0
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-24dsdb: Add a more explicit error message for constructed attributesMatthieu Patou1-0/+1
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-24s4/drs_util: 'net drs showrepl' command implementationKamen Mazdrashki3-1/+613
2010-02-24s4/idl: Regenerate IDL for DRSUAPI interfaceKamen Mazdrashki2-58/+58
2010-02-24s4/drs: Propagate drsuapi_DsReplicaGetInfoRequest2 changes in source codeKamen Mazdrashki2-6/+6
2010-02-24s4/idl: drsuapi_DsReplicaGetInfoRequest2 - 'string2' to 'value_dn_str'Kamen Mazdrashki1-1/+1
2010-02-24s4/idl: drsuapi_DsReplicaGetInfoRequest2 - 'string1' to 'attribute_name'Kamen Mazdrashki1-1/+1
2010-02-24s4/drs: Propagate drsuapi_DsReplicaGetInfoRequest... changes into source codeKamen Mazdrashki3-6/+6
2010-02-24s4/idl: rename 'guid1' to 'source_dsa_guid' in ↵Kamen Mazdrashki1-2/+2
drsuapi_DsReplicaGetInfoRequest description
2010-02-24s4/drs_util: 'net drs replicate' command implementationKamen Mazdrashki3-4/+254
2010-02-24s4/drs_util: Add public function for binding to a DCKamen Mazdrashki1-0/+48
2010-02-24s4/drs_util: Refactor code to use net_drs_connection object for DRSUAPI ↵Kamen Mazdrashki3-34/+44
connecitons
2010-02-24s4/drs_util: Move DRSUAPI connection data into separate objectKamen Mazdrashki1-8/+18
We need this so we can create independent DRS connections to different DCs.
2010-02-24s4/net_drs: Utility macros for conditions checkingKamen Mazdrashki1-0/+20
2010-02-24s4/drs: Propagate drsuapi_DsReplicaSync changes in source baseKamen Mazdrashki3-9/+16
2010-02-24s4/drs: Propagate drsuapi_DsReplicaSyncRequest1 changes in source baseKamen Mazdrashki1-1/+1
2010-02-24s4/idl: Regenerate IDL for DRSUAPI interfaceKamen Mazdrashki4-56/+66
2010-02-24s4/idl: drsuapi.idl fix drsuapi_DsReplicaSync definitionKamen Mazdrashki1-3/+3
- Function should accept pointer to drsuapi_DsReplicaSyncRequest. While this doesn't generate essentially different code for NDR parser, using pointer will make drsuapi_DsReplicaSync descritpin with the rest of the functions in DRSUAPI interface. Another benefit is that this way we could create Wireshark dissector directly from Samba's verions for drsuapi.idl - 'level' and thus the switch_type() should be uint32
2010-02-24s4/idl: drsuapi.idl fix drsuapi_DsReplicaSyncRequest1 descriptionKamen Mazdrashki1-2/+2
- pointer to naming_context should be [ref] pointer (i.e. not NULL pointer) - other_info is actually the DNS name for Source DSA and is used if DRSUAPI_DRS_SYNC_BYNAME is passed ref: [MS-DRSR] 5.39
2010-02-24s3:selftest: handle spaces in test namesStefan Metzmacher1-1/+2
metze
2010-02-24s3:selftest: make wbinfo_s3 work on the "member" server too.Stefan Metzmacher1-0/+14
metze
2010-02-24s3:test_wbinfo_s3: test --check-secret and --change-secretStefan Metzmacher1-0/+4
metze
2010-02-24s3:rpc_transport_np: handle trans rdata like the output of a normal readStefan Metzmacher1-0/+17
Inspired by bug #7159. metze
2010-02-24s4-smbtorture: verify that the client cpu architecture has no influence on theGünther Deschner1-0/+72
calculated buffer size in RPC-SPOOLSS. Guenther
2010-02-24tdb: handle processes dying during transaction commit.Rusty Russell3-0/+86
tdb transactions were designed to be robust against the machine powering off, but interestingly were never designed to handle the case where an administrator kill -9's a process during commit. Because recovery is only done on tdb_open, processes with the tdb already mapped will simply use it despite it being corrupt and needing recovery. The solution to this is to check for recovery every time we grab a data lock: we could have gained the lock because a process just died. This has no measurable cost: here is the time for tdbtorture -s 0 -n 1 -l 10000: Before: 2.75 2.50 2.81 3.19 2.91 2.53 2.72 2.50 2.78 2.77 = Avg 2.75 After: 2.81 2.57 3.42 2.49 3.02 2.49 2.84 2.48 2.80 2.43 = Avg 2.74 Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-24patch tdb-refactor-tdb_lock-and-tdb_lock_nonblock.patchRusty Russell1-16/+13
2010-02-24tdb: add -k option to tdbtortureRusty Russell1-57/+142
To test the case of death of a process during transaction commit, add a -k (kill random) option to tdbtorture. The easiest way to do this is to make every worker a child (unless there's only one child), which is why this patch is bigger than you might expect. Using -k without -t (always transactions) you expect corruption, though it doesn't happen every time. With -t, we currently get corruption but the next patch fixes that. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-24tdb: don't truncate tdb on recoveryRusty Russell1-10/+0
The current recovery code truncates the tdb file on recovery. This is fine if recovery is only done on first open, but is a really bad idea as we move to allowing recovery on "live" databases. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-24tdb: remove lock opsRusty Russell4-40/+22
Now the transaction code uses the standard allrecord lock, that stops us from trying to grab any per-record locks anyway. We don't need to have special noop lock ops for transactions. This is a nice simplification: if you see brlock, you know it's really going to grab a lock. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-24tdb: rename tdb_release_extra_locks() to tdb_release_transaction_locks()Rusty Russell3-13/+9
tdb_release_extra_locks() is too general: it carefully skips over the transaction lock, even though the only caller then drops it. Change this, and rename it to show it's clearly transaction-specific. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-24tdb: cleanup: remove ltype argument from _tdb_transaction_cancel.Rusty Russell1-17/+13
Now the transaction allrecord lock is the standard one, and thus is cleaned in tdb_release_extra_locks(), _tdb_transaction_cancel() doesn't need to know what type it is. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-17tdb: tdb_allrecord_lock/tdb_allrecord_unlock/tdb_allrecord_upgradeRusty Russell3-29/+62
Centralize locking of all chains of the tdb; rename _tdb_lockall to tdb_allrecord_lock and _tdb_unlockall to tdb_allrecord_unlock, and tdb_brlock_upgrade to tdb_allrecord_upgrade. Then we use this in the transaction code. Unfortunately, if the transaction code records that it has grabbed the allrecord lock read-only, write locks will fail, so we treat this upgradable lock as a write lock, and mark it as upgradable using the otherwise-unused offset field. One subtlety: now the transaction code is using the allrecord_lock, the tdb_release_extra_locks() function drops it for us, so we no longer need to do it manually in _tdb_transaction_cancel. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-02-24tdb: suppress record write locks when allrecord lock is taken.Rusty Russell1-0/+9
Records themselves get (read) locked by the traversal code against delete. Interestingly, this locking isn't done when the allrecord lock has been taken, though the allrecord lock until recently didn't cover the actual records (it now goes to end of file). The write record lock, grabbed by the delete code, is not suppressed by the allrecord lock. This is now bad: it causes us to punch a hole in the allrecord lock when we release the write record lock. Make this consistent: *no* record locks of any kind when the allrecord lock is taken. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>