Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-15 | s4/fsmo: Handle infrastructure, pdc and rid extended ops | Anatoliy Atanasov | 2 | -45/+53 | |
With this change we can transfer all roles back and forward, except for the naming master. Also this commit fixes the naming of fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner role_owner_dn - used to point to the NTDSDSA who owns the role Now we always pass fsmo_role_dn, role_owner_dn to the extended operation and to drepl_create_role_owner_source_dsa Conflicts: source4/dsdb/repl/drepl_ridalloc.c | |||||
2010-09-15 | s4-repl: use consistent API calls for getting DN GUID | Andrew Tridgell | 1 | -1/+1 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4: fixed some printf format errors | Andrew Tridgell | 1 | -1/+1 | |
2010-09-15 | s4-rodc: add a trigger message for REPL_SECRET to auth_sam | Andrew Tridgell | 1 | -0/+14 | |
when an RODC tries to authenticate against an account and the account has no password information it needs to send a message to the drepl server to tell it to try and replicate the secret information from a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-kcc: removed redundent loop check | Andrew Tridgell | 1 | -1/+1 | |
el has already been checked for NULL | |||||
2010-09-15 | s4-dsdb: check for invalid backend type | Andrew Tridgell | 1 | -0/+2 | |
2010-09-15 | s4-rootdse: setup length after NULL check | Andrew Tridgell | 1 | -2/+2 | |
2010-09-15 | s4-dsdb: fixed use after free for RODC | Andrew Tridgell | 1 | -2/+1 | |
2010-09-15 | s4-dsdb: free right context on failure | Andrew Tridgell | 1 | -1/+1 | |
down_req is not initialised yet | |||||
2010-09-15 | s4-dsdb: defer ac->msg after check for NULL ac | Andrew Tridgell | 1 | -1/+3 | |
2010-09-15 | s4-anr: check for allocation failure before use | Andrew Tridgell | 1 | -1/+1 | |
2010-09-14 | waf: work around circular dependency finder erroneously removing dependency ↵ | Jelmer Vernooij | 1 | -1/+4 | |
of gensec on dcerpc. | |||||
2010-09-13 | s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵ | Matthias Dieter Wallnöfer | 2 | -9/+9 | |
LDAP filters This makes also lookups through special backends as "samba3sam" work. | |||||
2010-09-13 | s4:cosmetic - the SID attribute is called objectSid - not objectSID | Matthias Dieter Wallnöfer | 5 | -16/+16 | |
2010-09-13 | Revert "s4:samldb LDB module - simplify the message handling on add and ↵ | Matthias Dieter Wallnöfer | 1 | -26/+33 | |
modify operations" This reverts commit 1d94bb3ad4d9c6de3b77ed4690a54ebf2399cc0d. This commit causes unconditional behaviour (sometimes it works, sometimes not) -sorry for introducing this. I will rework this further. | |||||
2010-09-12 | s4:samldb LDB module - remove a disastrous "talloc_free" | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
This completely destroys the program logic (async callbacks). Sorry for introducing this. | |||||
2010-09-12 | Revert "s4:util_samr.c - also here we've now the default primaryGroupID ↵ | Matthias Dieter Wallnöfer | 1 | -1/+4 | |
detection working" This reverts commit 7e9e35db4126f953e8a2579d992c63b274011119. Sorry, the logic is working differently here. We do still need this. | |||||
2010-09-12 | s4:util_samr.c - also here we've now the default primaryGroupID detection ↵ | Matthias Dieter Wallnöfer | 1 | -4/+1 | |
working | |||||
2010-09-12 | s4:ldap.py - tests the primary group detection by the "userAccountControl" | Matthias Dieter Wallnöfer | 1 | -2/+47 | |
2010-09-12 | s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID ↵ | Matthias Dieter Wallnöfer | 1 | -1/+5 | |
derivation from "userAccountControl" Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441. | |||||
2010-09-12 | s4:samldb LDB module - free the "ac" context after the delete checks | Matthias Dieter Wallnöfer | 1 | -1/+4 | |
2010-09-12 | s4:samldb LDB module - simplify the message handling on add and modify ↵ | Matthias Dieter Wallnöfer | 1 | -33/+28 | |
operations We perform always only one shallow copy operation of the message on the "req" context. This allows to free the "ac" context when we've prepared all our changes. | |||||
2010-09-12 | s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see ↵ | Matthias Dieter Wallnöfer | 1 | -41/+41 | |
that it is only in use by the delete operation add and modify helpers will stay on the top of the add and modify operation since they will likely be shared as much as possible. | |||||
2010-09-12 | s4:samldb LDB module - add a comment to mark the beginning of the extended ↵ | Matthias Dieter Wallnöfer | 1 | -0/+2 | |
operation handler | |||||
2010-09-12 | s4:samldb LDB module - refactor "samldb_find_for_defaultObjectCategory" to ↵ | Matthias Dieter Wallnöfer | 1 | -94/+22 | |
be again synchronous Also to make it easier to comprehend | |||||
2010-09-12 | s4:samldb LDB module - refactor the "primaryGroupID" check on user creation | Matthias Dieter Wallnöfer | 1 | -137/+39 | |
This looks more straight-forward now. | |||||
2010-09-12 | s4:samldb LDB module - get rid of the SID context variable | Matthias Dieter Wallnöfer | 1 | -20/+17 | |
Since we get more and more rid of async stuff we don't need this in the context anymore. | |||||
2010-09-12 | s4:samldb LDB module - use also here the real attribute denomination ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
"sAMAccountName" Purely cosmetic - but nicer to read | |||||
2010-09-12 | s4:samldb LDB module - rename "check_SamAccountType" into "check_sAMAccountType" | Matthias Dieter Wallnöfer | 1 | -5/+4 | |
And a small cosmetic change. I like to have the real attribute names in the function denominations | |||||
2010-09-12 | s4:samldb LDB module - make "samldb_check_sAMAccountName" synchronous again | Matthias Dieter Wallnöfer | 1 | -71/+19 | |
To make it more understandable | |||||
2010-09-11 | s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP ↵ | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
results | |||||
2010-09-11 | libcli/security Use talloc_zero when making a struct security_token | Andrew Bartlett | 1 | -2/+0 | |
2010-09-11 | s4-privs Seperate rights and privileges | Andrew Bartlett | 1 | -2/+6 | |
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett | |||||
2010-09-11 | libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-10 | s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole | Anatoliy Atanasov | 2 | -3/+4 | |
This removed an unnecessary conversion of the return type in drepl_take_FSMO_role. | |||||
2010-09-10 | s4/fsmo: Fix callback declaration | Anatoliy Atanasov | 1 | -1/+2 | |
2010-09-10 | s4-dreplsrv: fix 'dn' for partition object being created | Kamen Mazdrashki | 1 | -1/+9 | |
2010-09-10 | s4-drs-fsmo: try to dispatch ops in queue as soon as possible | Kamen Mazdrashki | 1 | -1/+9 | |
In most cases this will transfer of schema master role to look like a synchronous operation. | |||||
2010-09-10 | s4-fsmo: update FSMO changes for recent IRPC work | Andrew Tridgell | 2 | -7/+13 | |
the IRPC API has changed Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-10 | s4/drs: update repsFrom only when we are not in getncchanges extended op | Anatoliy Atanasov | 1 | -4/+4 | |
2010-09-10 | s4-ldap: Added support for FSMO role transfer via LDAP by modify on rootDSE | Nadezhda Ivanova | 1 | -1/+46 | |
GetNCChanges with the corresponding extended operation is initiated and added to the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster, becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in rootDSE. | |||||
2010-09-10 | s4-irpc: Added internal rpc call DREPL_TAKEFSMOROLE | Nadezhda Ivanova | 1 | -1/+10 | |
It schedules a getncchanges with extended op 6, to be used when a modify request on becomeROLEMaster atteibute on rootDSE is received. | |||||
2010-09-10 | s4-drs: Implementation of GetNCChanges extended op 6 - fsmo role transfer | Nadezhda Ivanova | 3 | -2/+154 | |
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute in its database with the new owner, and replicates the change to the candidate, who then becomes the owner. The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who kindly helped to debug it. | |||||
2010-09-10 | s4-drs: Refactored drepl_service and send_ridalloc_request so that the ↵ | Nadezhda Ivanova | 2 | -27/+48 | |
structures can be used for other extended ops | |||||
2010-09-09 | s4-dreplsrv: Do allocations on long-living context so that callback gets called | Kamen Mazdrashki | 1 | -1/+1 | |
2010-09-09 | s4-dreplsrv: Call dreplsrv_out_operation::callback in case we fail to even ↵ | Kamen Mazdrashki | 1 | -0/+8 | |
run the operation Operation was scheduled already, so we need to call the callback function for it to be able to do its job. For instance, if we are blocking an rpc call until an operation is completed and there is no memory, then client will be blocked without knowing what is going on with the server. | |||||
2010-09-09 | s4-dsdb/repl/drepl_out_pull.c: Remove unused code | Kamen Mazdrashki | 1 | -43/+0 | |
2010-09-09 | s4-drepl_service.c: Update (C) | Kamen Mazdrashki | 1 | -9/+10 | |
and remove few trailing white spaces | |||||
2010-09-09 | s4-drepsrv: Dump more info when drepl_replica_sync() fails | Kamen Mazdrashki | 1 | -24/+28 | |
There are many spots where this function may fail and I find it very useful to know where exactly function fails and what are the input parameters during testing. REPLICA_SYNC_FAIL() macro now dumps an error message so we may remove extra DEBUG() dump in implementation. | |||||
2010-09-09 | s4-dsdb Change debug levels for startup messages | Andrew Bartlett | 2 | -10/+10 | |
We should make the 'common' error not show up, but the unusal case fatal. Andrew Bartlett |