Age | Commit message (Collapse) | Author | Files | Lines |
|
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sun Feb 27 00:10:45 CET 2011 on sn-devel-104
|
|
run_pending_ops directly
Executing dreplsrv_run_pending_ops() directly may cause a segfault
as in case of failure, the _drepl_replica_sync_done_cb() callback
gets called *before* drepl_replica_sync() returns. In such case,
irpc message gets freed twice - once when irpc_send_reply() gets called
and once when drepl_replica_sync() returns
|
|
last success
|
|
1. Take into account DSA options - we should not send replication
requests in case OUTBOUND_REPLICATION is disabled
2. Use replication flags for the operation to determine if
a forced replication is requested
3. In case outbound replication is disabled and we don't have
DRSUAPI_DRS_SYNC_FORCED flag set, then we should record
WERR_DS_DRA_SINK_DISABLED error as a last replication result
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Feb 22 12:39:23 CET 2011 on sn-devel-104
|
|
|
|
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.
Andrew Bartlett
|
|
this removes a conflict with the s3 smbpasswd binary
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Feb 21 18:02:21 CET 2011 on sn-devel-104
|
|
callbacks.
|
|
descriptor_modify.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
|
|
synchronous descriptor_add.
The purpose is to make descriptor module synchronous. This will simplify reading and debugging, and also will make the
implementation of SD hierarchy recalculation on modify much easier.
|
|
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
it does exactly what we need here
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Feb 15 16:55:32 CET 2011 on sn-devel-104
|
|
Exactly for the syntax which is needed by Volker in s3's "pdb_ads".
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 16:10:15 CET 2011 on sn-devel-104
|
|
This is the same way as it is done in the samldb LDB module.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 15 12:08:26 CET 2011 on sn-devel-104
|
|
ntds_guid is NULL otherwise as it doesn't make sense for
not a DC object
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Feb 14 13:15:31 CET 2011 on sn-devel-104
|
|
|
|
as a counterpart for samdb_find_ntdsguid_for_computer()
to be used in LDB modules
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Feb 14 08:45:51 CET 2011 on sn-devel-104
|
|
This approach just asks the tdb backend to handle the single valued
constraint for us
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
different if the P flag is set.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Feb 10 12:31:34 CET 2011 on sn-devel-104
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
|
|
This both checks that the levels make sense, and they match what they
should be based on in the DB.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Feb 2 06:09:53 CET 2011 on sn-devel-104
|
|
The issue here is that when the samdb calls were removed, this call
relied on going back to the top of the module stack, so as to re-enter
the rootDSE search handler. It makes more sense to check the @ROOTDSE
record directly, and therefore not to invoke the search() handler
during the init.
Andrew Bartlett
|
|
This exact form of the construction is important, and we match on it
in the installation scripts.
Andrew Bartlett
|
|
errors.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Jan 28 12:04:01 CET 2011 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
|
|
into "objectclass_attrs" LDB module
LSA object classes are protected on both LDAP add and LDAP modify
operations, so I've refactored the previous check in the objectclass LDB
module only for LDAP adds in a new one in the objectclass_attrs LDB
module for both adds and modifies.
This is the result of the investigations done by Hongwei Sun and I in
the last months.
Interestingly these protection mechansim doesn't apply on LDAP deletes!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metadata stamps are equal
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Jan 22 12:22:30 CET 2011 on sn-devel-104
|
|
|
|
If object is changed by same DC, then version should be incremented
|
|
This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **. This is in keeping with
the other sid lists in the security_token etc.
In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.
Andrew Bartlett
|
|
The input to gensec.update() should always be a string.
Andrew Bartlett
|
|
This confirms that the groups obtained from a Kerberos PAC match those
that a manual search of a target LDAP server would reveal.
This should allow mixing of a KDC specified by krb5.conf to test Samba
or Windows alternatly.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jan 19 13:13:48 CET 2011 on sn-devel-104
|
|
Andrew Bartlett
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104
|
|
dsdb_module_search()
this ensures we follow the module stack, and set the parent on child
requests
|
|
this preserves the request hierarchy for dsdb_module_*() calls inside
dsdb ldb modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Use the temporary list unless we have at least the three main
"namingContexts" from the rootDSE available (Default, Configuration, Schema -
these are mandatory on all AD deployments!).
This bug has been discovered by Nadya in relation with her SD work.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 19:01:11 CET 2011 on sn-devel-104
|
|
The LSA object creation protection changed to the trusted/untrusted
connection model.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 19:30:52 CET 2011 on sn-devel-104
|
|
"UF_ACCOUNTDISABLE" is only added automatically if no "userAccountControl" flags
are set on LDAP add operations.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Jan 14 18:29:07 CET 2011 on sn-devel-104
|