summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2010-09-21s4-ldap: Fixed a problem with NC's having a parentGUID attributeNadezhda Ivanova2-14/+48
NC's other than default NC had a parentGUID, due to an incorrect check of whether the object has a parent. Fixed by checking object's instanceType instead.
2010-09-20s4-drepl: use the partition UDV and hwm for extended getncchanges opsAndrew Tridgell3-28/+75
we find the NC root then load the uptodateness vector and highwater mark, if available, from there
2010-09-20s4-rodc: fixed repsFrom store on RODCAndrew Tridgell1-14/+11
We were disallowing repsFrom store as a RODC on the basis that it is a write to the directory. It should be allowed, as its is a non-replicated attribute. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-20s4-kcc: a bit more debug info on repsFrom creationAndrew Tridgell1-1/+7
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-21s4-dsdb-schema_prefixmap: return WERR_DS_NO_ATTRIBUTE_OR_VALUE when ATTID is ↵Kamen Mazdrashki1-1/+1
not found rather than WERR_INTERNAL_ERROR - it is not internal error!
2010-09-21s4-dsdb-schema_prefixmap: Print debug message when internal failure occursKamen Mazdrashki1-0/+5
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov2-0/+94
2010-09-20s4/fsmo: Create separate function for retrieving fsmo role dn and owner dn.Anatoliy Atanasov2-54/+81
This functionality is needed for DsCrackNames ListRoles command also.
2010-09-20s4/drs: use type enum drsuapi_DsNameFormat in DsCrackNames codeAnatoliy Atanasov1-9/+20
2010-09-19s4-rootdse: mark registered controls as non-criticalAndrew Tridgell1-0/+37
this is needed for clients that may include unnecessary controls in requests and mark them as non-critical
2010-09-19s4/fsmo: Naming master support addedAnatoliy Atanasov1-1/+2
Test suite for fsmo is extended with a test case for naming master too.
2010-09-19s4-pydsdb: added am_rodc() method on samdbAndrew Tridgell1-0/+27
2010-09-18s4-drs: Check for schema changes only in case we are *not* applying Schema ↵Kamen Mazdrashki1-8/+19
replica This fixes the problem when we fail to replicate with a partner DC that has a newer Schema with attributeSchema objects with OIDs that we don't have in our local prefixMap.
2010-09-17s4-schema: Helper func to compare schemaInfo signituresKamen Mazdrashki1-0/+41
2010-09-17s4-schema: use dsdb_schema_info_blob_is_valid() to verify schemaInfo blobKamen Mazdrashki1-9/+6
instead of parsing it.
2010-09-17s4-prefixMap: use dsdb_schema_info_blob_is_valid() for schemaInfo blob ↵Kamen Mazdrashki1-4/+2
validation This fixes a leaking dsdb_schema_info object also.
2010-09-17s4-dsdb: Add dsdb_schema_info_blob_is_valid() to verify schemaInfo bloblsKamen Mazdrashki1-10/+24
2010-09-16s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} callsAndrew Tridgell3-1/+97
2010-09-16s4-repl: if we are an RODC don't set WRIT_REP in replicationAndrew Tridgell1-2/+7
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: add partial attribute set to getncchanges calls for RODCsAndrew Tridgell4-9/+67
when we are a RODC we must supply a partial attribute set in the getncchanges call Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: added min_usn to extended replication callAndrew Tridgell4-2/+9
the repl_secret code needs to set it to avoid too many duplicate attributes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: added repl_secret handling Andrew Tridgell2-2/+98
initiate a repl secret extended op when requested Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: cleanup the extended op calls in repl serverAndrew Tridgell5-21/+23
- use generic parameter names - trigger a run of pending ops on all extended ops - don't prevent parallel fsmo transfers - moved extended op code into drepl_extended
2010-09-16s4-pyjoin: fill in the dns name in the python replication methodAndrew Tridgell1-0/+40
this is needed to get the repsFrom DNS entry right Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: split out the extended op handling Andrew Tridgell3-137/+169
this is not part of the rid allocation logic Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-repl: cleanup getncchanges extended op callsAndrew Tridgell3-40/+70
Multiple calls are allowed to run in parallel as long as they don't conflict. This also cleans up the variable names in the extended op calls. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4/fsmo: Handle infrastructure, pdc and rid extended opsAnatoliy Atanasov2-45/+53
With this change we can transfer all roles back and forward, except for the naming master. Also this commit fixes the naming of fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner role_owner_dn - used to point to the NTDSDSA who owns the role Now we always pass fsmo_role_dn, role_owner_dn to the extended operation and to drepl_create_role_owner_source_dsa Conflicts: source4/dsdb/repl/drepl_ridalloc.c
2010-09-15s4-repl: use consistent API calls for getting DN GUIDAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4: fixed some printf format errorsAndrew Tridgell1-1/+1
2010-09-15s4-rodc: add a trigger message for REPL_SECRET to auth_samAndrew Tridgell1-0/+14
when an RODC tries to authenticate against an account and the account has no password information it needs to send a message to the drepl server to tell it to try and replicate the secret information from a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4-kcc: removed redundent loop check Andrew Tridgell1-1/+1
el has already been checked for NULL
2010-09-15s4-dsdb: check for invalid backend typeAndrew Tridgell1-0/+2
2010-09-15s4-rootdse: setup length after NULL checkAndrew Tridgell1-2/+2
2010-09-15s4-dsdb: fixed use after free for RODCAndrew Tridgell1-2/+1
2010-09-15s4-dsdb: free right context on failureAndrew Tridgell1-1/+1
down_req is not initialised yet
2010-09-15s4-dsdb: defer ac->msg after check for NULL acAndrew Tridgell1-1/+3
2010-09-15s4-anr: check for allocation failure before useAndrew Tridgell1-1/+1
2010-09-14waf: work around circular dependency finder erroneously removing dependency ↵Jelmer Vernooij1-1/+4
of gensec on dcerpc.
2010-09-13s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵Matthias Dieter Wallnöfer2-9/+9
LDAP filters This makes also lookups through special backends as "samba3sam" work.
2010-09-13s4:cosmetic - the SID attribute is called objectSid - not objectSIDMatthias Dieter Wallnöfer5-16/+16
2010-09-13Revert "s4:samldb LDB module - simplify the message handling on add and ↵Matthias Dieter Wallnöfer1-26/+33
modify operations" This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d. This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this. I will rework this further.
2010-09-12s4:samldb LDB module - remove a disastrous "talloc_free"Matthias Dieter Wallnöfer1-2/+0
This completely destroys the program logic (async callbacks). Sorry for introducing this.
2010-09-12Revert "s4:util_samr.c - also here we've now the default primaryGroupID ↵Matthias Dieter Wallnöfer1-1/+4
detection working" This reverts commit 7e9e35db4126f953e8a2579d992c63b274011119. Sorry, the logic is working differently here. We do still need this.
2010-09-12s4:util_samr.c - also here we've now the default primaryGroupID detection ↵Matthias Dieter Wallnöfer1-4/+1
working
2010-09-12s4:ldap.py - tests the primary group detection by the "userAccountControl"Matthias Dieter Wallnöfer1-2/+47
2010-09-12s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID ↵Matthias Dieter Wallnöfer1-1/+5
derivation from "userAccountControl" Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
2010-09-12s4:samldb LDB module - free the "ac" context after the delete checksMatthias Dieter Wallnöfer1-1/+4
2010-09-12s4:samldb LDB module - simplify the message handling on add and modify ↵Matthias Dieter Wallnöfer1-33/+28
operations We perform always only one shallow copy operation of the message on the "req" context. This allows to free the "ac" context when we've prepared all our changes.
2010-09-12s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see ↵Matthias Dieter Wallnöfer1-41/+41
that it is only in use by the delete operation add and modify helpers will stay on the top of the add and modify operation since they will likely be shared as much as possible.
2010-09-12s4:samldb LDB module - add a comment to mark the beginning of the extended ↵Matthias Dieter Wallnöfer1-0/+2
operation handler