Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-10-03 | s4:dsdb Add objectClass and RDN constraints to objectClass module | Andrew Bartlett | 1 | -8/+35 | |
These additional constraints are applied, found by the Microsoft testsuite. - When the parent is not present, we now return 'NO_SUCH_OBJECT'. - Restrict the choice of RDN to the correct one per the schema - Honour the allowedChildClasses attribute from the parent's objectClass. Andrew Bartlett | |||||
2009-10-03 | s4:dsdb Don't allow creation of systemOnly objectclasses | Matthias Dieter Wallnöfer | 2 | -4/+10 | |
(except as part of the provision, which specifies the 'relax' control) Andrew Bartlett | |||||
2009-10-02 | s4:repl_meta_data - various | Matthias Dieter Wallnöfer | 1 | -9/+38 | |
- Add more "talloc_free"s and right error values where needed - Add a pre-lookup for entries before searching for metadata attribute (also suggested by TODO list) - Now the most part of "ldap.py" works again | |||||
2009-10-02 | s4:dsdb Return correct error on invalid attribute | Andrew Bartlett | 1 | -1/+2 | |
This error per the Microsoft testsuite | |||||
2009-10-02 | s4:dsdb Pass down the exact error code on failure in repl_meta_data | Andrew Bartlett | 1 | -5/+5 | |
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -6/+8 | |
2009-10-02 | s4:dsdb rework instanceType module - put instanceType in provision | Andrew Bartlett | 1 | -29/+9 | |
The instanceType needs to be specified in future because that's how the partitions are actually created. | |||||
2009-10-02 | s4:dsdb Don't allow creating of new objects with an isDefunct schema class | Andrew Bartlett | 1 | -1/+7 | |
2009-10-02 | s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID | Andrew Bartlett | 2 | -0/+144 | |
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett | |||||
2009-10-02 | s4-ldb: Use relax control to check in replace metadata module if we accept ↵ | Matthieu Patou | 1 | -5/+38 | |
request that specify objectGUID attribute. | |||||
2009-10-02 | s4:Ensure the selected RDN is the right one per the schema | Andrew Bartlett | 1 | -1/+7 | |
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett | |||||
2009-10-02 | s4-samldb: the samldb module requires that the primary group exists | Andrew Tridgell | 1 | -9/+17 | |
We need to create Domain Users in the test ldb | |||||
2009-10-02 | s4-samdb: added some debugging | Andrew Tridgell | 1 | -2/+8 | |
This helped track down the samba3sam.py failures | |||||
2009-10-02 | s4-ldb: accept the binary DN OIDs in extended DN modules | Andrew Tridgell | 2 | -4/+8 | |
2009-09-28 | s4-dsdb: don't return the partition root objects | Andrew Tridgell | 1 | -1/+19 | |
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object. | |||||
2009-09-28 | s4-dsdb: removed extraneous debug messages | Andrew Tridgell | 1 | -4/+0 | |
2009-09-28 | s4-dsdb: update replPropertyMetaData on linked attribute source attributes | Andrew Tridgell | 1 | -0/+23 | |
2009-09-28 | s4-dsdb: fixed searching for GUID based DNs between partitions | Andrew Tridgell | 1 | -2/+16 | |
2009-09-28 | s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as critical | Andrew Tridgell | 1 | -0/+10 | |
We may also need to remove the isCriticalSystemObject when the machine is demoted | |||||
2009-09-28 | s4-repl: free the la list on prepare commit failure | Andrew Tridgell | 1 | -0/+3 | |
2009-09-28 | s4-samdb: free the linked_attributes list on prepare commit failure | Andrew Tridgell | 1 | -0/+6 | |
2009-09-28 | s4-repl: use GUID to resolve target in linked attributes | Andrew Tridgell | 1 | -8/+7 | |
When we vampire from w2k8-r2, the DC sends us a linked attribute for our machine account which has a target DN with a GUID of the OU=Domain Controllers objects, but has a DN of CN=Computers. We need to use the GUID to resolve the real DN. | |||||
2009-09-28 | s4-drs: fixed sorting of replPropertyMetaData | Andrew Tridgell | 1 | -31/+44 | |
This also ensures we add the SHOW_DELETED control on searches for old replPropertyMetaData attributes | |||||
2009-09-24 | s4-drs: add defines for replication flags on attributes | Andrew Tridgell | 1 | -5/+2 | |
2009-09-24 | s4-ldb: sort replPropertyMetaData by attid | Andrew Tridgell | 1 | -1/+16 | |
We need to sort on both module add and modify | |||||
2009-09-24 | s4-ldb: add instanceType in repl_meta_data module | Andrew Tridgell | 1 | -0/+8 | |
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data to ensure we fill in the meta data for replication | |||||
2009-09-23 | s4-drs: ignore zero value elements in DRS add operations | Andrew Tridgell | 1 | -0/+13 | |
w2k8 sometimes sends us a new object via DRS with an attribute with no values | |||||
2009-09-22 | s4-ldb: added a bunch more debug for DC join | Andrew Tridgell | 3 | -0/+9 | |
These additional debug messages were added to help us track down w2k8->s4 domain join | |||||
2009-09-22 | s4-ldbmodules: allow instanceType to be specified by clients | Andrew Tridgell | 1 | -0/+6 | |
This is needed for the WSPP ADS testsuite | |||||
2009-09-21 | s4:dsdb Fix of double addition of SD-s | Nadezhda Ivanova | 2 | -11/+25 | |
Also add error strings in descriptor module | |||||
2009-09-21 | Merge branch 'master' of git://git.samba.org/samba | Nadezhda Ivanova | 2 | -8/+135 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 3 | -0/+1176 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-21 | s4:dsdb Run the new 'descriptor' module by default. | Andrew Bartlett | 1 | -6/+0 | |
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett | |||||
2009-09-21 | s4-ldap: default edn type is 0 | Andrew Tridgell | 1 | -1/+1 | |
2009-09-21 | s4-ldb: add support for extended DNs in the rootDSE | Andrew Tridgell | 1 | -2/+135 | |
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs | |||||
2009-09-21 | s4:kerberos Fix the salt to match Windows 2008. | Andrew Bartlett | 1 | -1/+1 | |
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett | |||||
2009-09-21 | s4:dsdb/resolve_oids: add fast pathes for the common operations without oids | Stefan Metzmacher | 1 | -0/+217 | |
metze | |||||
2009-09-21 | s4:dsdb/resolve_oids: check return values in recursion | Stefan Metzmacher | 1 | -3/+6 | |
metze | |||||
2009-09-21 | Merge branch 'master' of git://git.samba.org/samba | Matthias Dieter Wallnöfer | 1 | -0/+29 | |
2009-09-20 | s4:samba3sam.py test - remove the primary group ID attribute here | Matthias Dieter Wallnöfer | 1 | -7/+2 | |
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm). | |||||
2009-09-20 | Disable descriptor module unless enabled in smb.conf | Nadezhda Ivanova | 1 | -0/+29 | |
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf | |||||
2009-09-20 | dsdb/samdb: add resolve_oids module | Stefan Metzmacher | 2 | -0/+438 | |
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze | |||||
2009-09-19 | Move replmd_drsuapi_DsReplicaCursor2_compare to a common place. | Anatoliy Atanasov | 1 | -7/+1 | |
2009-09-18 | s4-drs: cope with dupliate linked attributes | Andrew Tridgell | 1 | -1/+41 | |
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS which are duplicates of entries that we already have. We need to cope with this by using a remove/add pair in the ldb_modify() to avoid a "entry already exists" error | |||||
2009-09-17 | s4:descriptor module - Revert and const fixups | Matthias Dieter Wallnöfer | 1 | -7/+18 | |
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings | |||||
2009-09-17 | s4:descriptor - cosmetic | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-09-17 | s4/domain behaviour flags: Fix them up in various locations | Matthias Dieter Wallnöfer | 2 | -10/+3 | |
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194 | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 3 | -57/+479 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-15 | s4-repl: make sure we marshal the replPropertyMetaData after the last change | Andrew Tridgell | 1 | -10/+10 | |
we were setting local_usn after the marshall, so it wasn't going into the object | |||||
2009-09-14 | s4-repl: handle rename in repl_meta_data | Andrew Tridgell | 1 | -0/+97 | |
On a rename we need to update uSNChanged, and the max uSN for the partition |