Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-10-02 | s4:dsdb Don't allow creating of new objects with an isDefunct schema class | Andrew Bartlett | 1 | -1/+7 | |
2009-10-02 | s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID | Andrew Bartlett | 2 | -0/+144 | |
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett | |||||
2009-10-02 | s4-ldb: Use relax control to check in replace metadata module if we accept ↵ | Matthieu Patou | 1 | -5/+38 | |
request that specify objectGUID attribute. | |||||
2009-10-02 | s4:Ensure the selected RDN is the right one per the schema | Andrew Bartlett | 1 | -1/+7 | |
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett | |||||
2009-10-02 | s4-samldb: the samldb module requires that the primary group exists | Andrew Tridgell | 1 | -9/+17 | |
We need to create Domain Users in the test ldb | |||||
2009-10-02 | s4-samdb: added some debugging | Andrew Tridgell | 1 | -2/+8 | |
This helped track down the samba3sam.py failures | |||||
2009-10-02 | s4-ldb: accept the binary DN OIDs in extended DN modules | Andrew Tridgell | 2 | -4/+8 | |
2009-09-28 | s4-dsdb: don't return the partition root objects | Andrew Tridgell | 1 | -1/+19 | |
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object. | |||||
2009-09-28 | s4-dsdb: removed extraneous debug messages | Andrew Tridgell | 1 | -4/+0 | |
2009-09-28 | s4-dsdb: update replPropertyMetaData on linked attribute source attributes | Andrew Tridgell | 1 | -0/+23 | |
2009-09-28 | s4-dsdb: fixed searching for GUID based DNs between partitions | Andrew Tridgell | 1 | -2/+16 | |
2009-09-28 | s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as critical | Andrew Tridgell | 1 | -0/+10 | |
We may also need to remove the isCriticalSystemObject when the machine is demoted | |||||
2009-09-28 | s4-repl: free the la list on prepare commit failure | Andrew Tridgell | 1 | -0/+3 | |
2009-09-28 | s4-samdb: free the linked_attributes list on prepare commit failure | Andrew Tridgell | 1 | -0/+6 | |
2009-09-28 | s4-repl: use GUID to resolve target in linked attributes | Andrew Tridgell | 1 | -8/+7 | |
When we vampire from w2k8-r2, the DC sends us a linked attribute for our machine account which has a target DN with a GUID of the OU=Domain Controllers objects, but has a DN of CN=Computers. We need to use the GUID to resolve the real DN. | |||||
2009-09-28 | s4-drs: fixed sorting of replPropertyMetaData | Andrew Tridgell | 1 | -31/+44 | |
This also ensures we add the SHOW_DELETED control on searches for old replPropertyMetaData attributes | |||||
2009-09-24 | s4-drs: add defines for replication flags on attributes | Andrew Tridgell | 1 | -5/+2 | |
2009-09-24 | s4-ldb: sort replPropertyMetaData by attid | Andrew Tridgell | 1 | -1/+16 | |
We need to sort on both module add and modify | |||||
2009-09-24 | s4-ldb: add instanceType in repl_meta_data module | Andrew Tridgell | 1 | -0/+8 | |
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data to ensure we fill in the meta data for replication | |||||
2009-09-23 | s4-drs: ignore zero value elements in DRS add operations | Andrew Tridgell | 1 | -0/+13 | |
w2k8 sometimes sends us a new object via DRS with an attribute with no values | |||||
2009-09-22 | s4-ldb: added a bunch more debug for DC join | Andrew Tridgell | 3 | -0/+9 | |
These additional debug messages were added to help us track down w2k8->s4 domain join | |||||
2009-09-22 | s4-ldbmodules: allow instanceType to be specified by clients | Andrew Tridgell | 1 | -0/+6 | |
This is needed for the WSPP ADS testsuite | |||||
2009-09-21 | s4:dsdb Fix of double addition of SD-s | Nadezhda Ivanova | 2 | -11/+25 | |
Also add error strings in descriptor module | |||||
2009-09-21 | Merge branch 'master' of git://git.samba.org/samba | Nadezhda Ivanova | 2 | -8/+135 | |
2009-09-21 | Initial Implementation of the DS objects access checks. | Nadezhda Ivanova | 3 | -0/+1176 | |
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified. | |||||
2009-09-21 | s4:dsdb Run the new 'descriptor' module by default. | Andrew Bartlett | 1 | -6/+0 | |
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett | |||||
2009-09-21 | s4-ldap: default edn type is 0 | Andrew Tridgell | 1 | -1/+1 | |
2009-09-21 | s4-ldb: add support for extended DNs in the rootDSE | Andrew Tridgell | 1 | -2/+135 | |
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs | |||||
2009-09-21 | s4:kerberos Fix the salt to match Windows 2008. | Andrew Bartlett | 1 | -1/+1 | |
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett | |||||
2009-09-21 | s4:dsdb/resolve_oids: add fast pathes for the common operations without oids | Stefan Metzmacher | 1 | -0/+217 | |
metze | |||||
2009-09-21 | s4:dsdb/resolve_oids: check return values in recursion | Stefan Metzmacher | 1 | -3/+6 | |
metze | |||||
2009-09-21 | Merge branch 'master' of git://git.samba.org/samba | Matthias Dieter Wallnöfer | 1 | -0/+29 | |
2009-09-20 | s4:samba3sam.py test - remove the primary group ID attribute here | Matthias Dieter Wallnöfer | 1 | -7/+2 | |
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm). | |||||
2009-09-20 | Disable descriptor module unless enabled in smb.conf | Nadezhda Ivanova | 1 | -0/+29 | |
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf | |||||
2009-09-20 | dsdb/samdb: add resolve_oids module | Stefan Metzmacher | 2 | -0/+438 | |
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze | |||||
2009-09-19 | Move replmd_drsuapi_DsReplicaCursor2_compare to a common place. | Anatoliy Atanasov | 1 | -7/+1 | |
2009-09-18 | s4-drs: cope with dupliate linked attributes | Andrew Tridgell | 1 | -1/+41 | |
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS which are duplicates of entries that we already have. We need to cope with this by using a remove/add pair in the ldb_modify() to avoid a "entry already exists" error | |||||
2009-09-17 | s4:descriptor module - Revert and const fixups | Matthias Dieter Wallnöfer | 1 | -7/+18 | |
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings | |||||
2009-09-17 | s4:descriptor - cosmetic | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-09-17 | s4/domain behaviour flags: Fix them up in various locations | Matthias Dieter Wallnöfer | 2 | -10/+3 | |
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194 | |||||
2009-09-16 | Owner and group defaulting. | Nadezhda Ivanova | 3 | -57/+479 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-09-15 | s4-repl: make sure we marshal the replPropertyMetaData after the last change | Andrew Tridgell | 1 | -10/+10 | |
we were setting local_usn after the marshall, so it wasn't going into the object | |||||
2009-09-14 | s4-repl: handle rename in repl_meta_data | Andrew Tridgell | 1 | -0/+97 | |
On a rename we need to update uSNChanged, and the max uSN for the partition | |||||
2009-09-14 | s4-repl: fixed a memory error handling linked attributes | Andrew Tridgell | 1 | -10/+10 | |
We could get a double free with multiple linked attributes in a message | |||||
2009-09-14 | dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least) | Michael Adam | 1 | -1/+0 | |
Michael | |||||
2009-09-13 | s4-repl: use the new dsdb partition uSN helper fns | Andrew Tridgell | 1 | -78/+16 | |
2009-09-13 | s4-sam: allow a search to specify a partition | Andrew Tridgell | 1 | -2/+17 | |
You can now attach a partition control to searches to search within a specific partition. This is used to get at the per-partition @REPLCHANGED object | |||||
2009-09-13 | s4-repl: keep a @REPLCHANGED object on each partition | Andrew Tridgell | 1 | -24/+310 | |
This object tracks the highest uSN in each partition. It will be used to allow us to efficiently detect changes in a partition for sending DsReplicaSync messages to our replication partners. | |||||
2009-09-12 | s4:repl_meta_data: increment the attribute version with each change | Stefan Metzmacher | 1 | -1/+2 | |
metze | |||||
2009-09-12 | s4-samdb: make it possible to ask for the sequence number of a partition | Andrew Tridgell | 1 | -0/+9 | |
The partition module normally makes the sequence number extended op operate across all partitions. It will be useful in the repl task to be able to ask for the sequence number of one partition |