Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-10-17 | s4-privileges: moved privileges to private/privilege.ldb | Andrew Tridgell | 1 | -6/+25 | |
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database | |||||
2009-10-15 | s4-dsdb: implement limit on rDN length | Andrew Tridgell | 1 | -3/+11 | |
w2k8 imposes a limit of 64 characters on the rDN | |||||
2009-10-14 | s4:password_hash - load the domain parameters from the "loadparm context" | Matthias Dieter Wallnöfer | 1 | -42/+11 | |
And don't cut them out from the DNS hostname. | |||||
2009-10-12 | s4:objectclass ldb module - Check for empty messages | Matthias Dieter Wallnöfer | 1 | -1/+8 | |
I think the check for empty messages fits best here. | |||||
2009-10-12 | s4:dsdb Search for the schema with dsdb_module_search(), in schema_fsmo | Andrew Bartlett | 1 | -12/+101 | |
This avoids using an ldb_search(), which would run from the top of the module stack. This will help us load the schema before the partitions are initialised. Andrew Bartlett | |||||
2009-10-12 | s4:dsdb Add new functions to help modules do an ldb_search() | Andrew Bartlett | 5 | -43/+173 | |
These take an ldb_module argument, and avoid doing the search from the top of the stack again. (This will help when modules are initialised before being added to the partition set) Andrew Bartlett | |||||
2009-10-12 | s4:provision Remove all references to samba4LocalDomain | Andrew Bartlett | 2 | -7/+6 | |
This was a bad idea all along, as Simo said at the time. With the full MS schema and enforcement of it, it is an even worse idea. This fixes the provision of the member server in 'make test' Andrew Bartlett | |||||
2009-10-08 | s4:subtree_delete - Make the initialisation of the child counter more clear | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
2009-10-06 | s4:various LDB modules - "build_request" functions - propagate result codes back | Matthias Dieter Wallnöfer | 4 | -12/+19 | |
It's very useful to know the exact result code when something fails and not only a generic (by the module) created one. Sure, there are some exception cases with specific results (special message constellations, attributes, values...) which shouldn't be changed at all (examples of them are in the "ldap.py" test). Therefore I looked very carefully to not change them. | |||||
2009-10-06 | s4:rootdse module - intendation fixup | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2009-10-06 | s4:acl module - intendation fix and comment enhancement | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2009-10-03 | s4:objectclass - Free unused memory from responses | Matthias Dieter Wallnöfer | 1 | -0/+3 | |
2009-10-03 | s4:dsdb Use possibleInferiors to restrict creation of child objects | Andrew Bartlett | 1 | -4/+15 | |
This also uses systemPossibleInferiors when the 'relax' control is specified, which is done by the provision. Andrew Bartlett | |||||
2009-10-03 | s4:dsdb Add objectClass and RDN constraints to objectClass module | Andrew Bartlett | 1 | -8/+35 | |
These additional constraints are applied, found by the Microsoft testsuite. - When the parent is not present, we now return 'NO_SUCH_OBJECT'. - Restrict the choice of RDN to the correct one per the schema - Honour the allowedChildClasses attribute from the parent's objectClass. Andrew Bartlett | |||||
2009-10-03 | s4:dsdb Don't allow creation of systemOnly objectclasses | Matthias Dieter Wallnöfer | 2 | -4/+10 | |
(except as part of the provision, which specifies the 'relax' control) Andrew Bartlett | |||||
2009-10-02 | s4:repl_meta_data - various | Matthias Dieter Wallnöfer | 1 | -9/+38 | |
- Add more "talloc_free"s and right error values where needed - Add a pre-lookup for entries before searching for metadata attribute (also suggested by TODO list) - Now the most part of "ldap.py" works again | |||||
2009-10-02 | s4:dsdb Return correct error on invalid attribute | Andrew Bartlett | 1 | -1/+2 | |
This error per the Microsoft testsuite | |||||
2009-10-02 | s4:dsdb Pass down the exact error code on failure in repl_meta_data | Andrew Bartlett | 1 | -5/+5 | |
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -6/+8 | |
2009-10-02 | s4:dsdb Fix crash from LDAP login of DOM\\ | Andrew Bartlett | 1 | -5/+3 | |
The issue here is that when we resolve DOM\\ into an NT4 name, we would not initilise the nt4_account output. Andrew Bartlett | |||||
2009-10-02 | s4:dsdb rework instanceType module - put instanceType in provision | Andrew Bartlett | 1 | -29/+9 | |
The instanceType needs to be specified in future because that's how the partitions are actually created. | |||||
2009-10-02 | s4:dsdb Don't allow creating of new objects with an isDefunct schema class | Andrew Bartlett | 1 | -1/+7 | |
2009-10-02 | s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID | Andrew Bartlett | 2 | -0/+144 | |
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett | |||||
2009-10-02 | s4-ldb: Use relax control to check in replace metadata module if we accept ↵ | Matthieu Patou | 1 | -5/+38 | |
request that specify objectGUID attribute. | |||||
2009-10-02 | s4:Ensure the selected RDN is the right one per the schema | Andrew Bartlett | 1 | -1/+7 | |
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett | |||||
2009-10-02 | s4-samldb: the samldb module requires that the primary group exists | Andrew Tridgell | 1 | -9/+17 | |
We need to create Domain Users in the test ldb | |||||
2009-10-02 | s4-samdb: added some debugging | Andrew Tridgell | 1 | -2/+8 | |
This helped track down the samba3sam.py failures | |||||
2009-10-02 | s4-ldb: accept the binary DN OIDs in extended DN modules | Andrew Tridgell | 2 | -4/+8 | |
2009-09-28 | s4-dsdb: don't return the partition root objects | Andrew Tridgell | 1 | -1/+19 | |
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object. | |||||
2009-09-28 | s4-dsdb: removed extraneous debug messages | Andrew Tridgell | 1 | -4/+0 | |
2009-09-28 | s4-dsdb: update replPropertyMetaData on linked attribute source attributes | Andrew Tridgell | 1 | -0/+23 | |
2009-09-28 | s4-dsdb: fixed searching for GUID based DNs between partitions | Andrew Tridgell | 1 | -2/+16 | |
2009-09-28 | s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as critical | Andrew Tridgell | 1 | -0/+10 | |
We may also need to remove the isCriticalSystemObject when the machine is demoted | |||||
2009-09-28 | s4-repl: free the la list on prepare commit failure | Andrew Tridgell | 1 | -0/+3 | |
2009-09-28 | s4-samdb: free the linked_attributes list on prepare commit failure | Andrew Tridgell | 1 | -0/+6 | |
2009-09-28 | s4-repl: use GUID to resolve target in linked attributes | Andrew Tridgell | 1 | -8/+7 | |
When we vampire from w2k8-r2, the DC sends us a linked attribute for our machine account which has a target DN with a GUID of the OU=Domain Controllers objects, but has a DN of CN=Computers. We need to use the GUID to resolve the real DN. | |||||
2009-09-28 | s4-drs: fixed sorting of replPropertyMetaData | Andrew Tridgell | 1 | -31/+44 | |
This also ensures we add the SHOW_DELETED control on searches for old replPropertyMetaData attributes | |||||
2009-09-24 | s4-drs: add defines for replication flags on attributes | Andrew Tridgell | 1 | -5/+2 | |
2009-09-24 | s4-ldb: sort replPropertyMetaData by attid | Andrew Tridgell | 1 | -1/+16 | |
We need to sort on both module add and modify | |||||
2009-09-24 | s4-ldb: add instanceType in repl_meta_data module | Andrew Tridgell | 1 | -0/+8 | |
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data to ensure we fill in the meta data for replication | |||||
2009-09-23 | s4-drs: ignore zero value elements in DRS add operations | Andrew Tridgell | 1 | -0/+13 | |
w2k8 sometimes sends us a new object via DRS with an attribute with no values | |||||
2009-09-22 | s4-ldb: added a bunch more debug for DC join | Andrew Tridgell | 3 | -0/+9 | |
These additional debug messages were added to help us track down w2k8->s4 domain join | |||||
2009-09-22 | s4-ldbmodules: allow instanceType to be specified by clients | Andrew Tridgell | 1 | -0/+6 | |
This is needed for the WSPP ADS testsuite | |||||
2009-09-21 | s4:dsdb Fix of double addition of SD-s | Nadezhda Ivanova | 2 | -11/+25 | |
Also add error strings in descriptor module | |||||
2009-09-21 | Merge branch 'master' of git://git.samba.org/samba | Nadezhda Ivanova | 2 | -8/+135 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 3 | -0/+1176 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-21 | s4:dsdb Run the new 'descriptor' module by default. | Andrew Bartlett | 1 | -6/+0 | |
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett | |||||
2009-09-21 | s4-ldap: default edn type is 0 | Andrew Tridgell | 1 | -1/+1 | |
2009-09-21 | s4-ldb: add support for extended DNs in the rootDSE | Andrew Tridgell | 1 | -2/+135 | |
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs | |||||
2009-09-21 | s4:kerberos Fix the salt to match Windows 2008. | Andrew Bartlett | 1 | -1/+1 | |
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett |