summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2012-06-27s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it ↵Andrew Bartlett1-1/+7
non-critical
2012-06-27s4-dsdb: Remove hooks for non-directory password handlingAndrew Bartlett1-12/+0
This was an interesting hack, and the local_password module still exists, but until it has a use case and a test case, remove the bypass of password_hash. Andrew Bartlett
2012-06-26s4-samldb: do not talloc_steal() the elements of the original requestAndrew Bartlett1-4/+10
2012-06-25s4-join: Import DNS zones in AD DC joinAndrew Bartlett1-0/+2
2012-06-24s4-drepl: Ensure that the op->source does not get deallocated too earlyAndrew Bartlett2-9/+25
We need to have the struct dreplsrv_partition_source_dsa around until the end of the async op, so we use talloc_reference after carefully checking the callers and making the modifications required. This prevents a crash when replicating partitions in the vampire_dc test after adding DNS replication at join time. Andrew Bartlett
2012-06-23selftest: schema is not automatically reloaded now so if you modify it you ↵Matthieu Patou1-0/+9
have to reload it Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
2012-06-22s4-dsdb: operational handle modifyTimeStamp on the CN=aggregate DNMatthieu Patou1-1/+37
modifyTimeStamp is a generated attribute, for most object it's generated directly from the whenChanged attribute. But for the CN=aggregate object in the schema we have to handle it in a different way, that's because for this object whenChanged!=modifyTimeStamp (as checked against Windows 2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the most recently modified and loaded schema object (that is to the one with the highest USN before the schema was reload due to timeout or by the reloadSchemaNow command). Some third party are using this information to know if they have to update their schema cache and also to check that schema updates have been correctly reloaded by the DC, a good example of this behavior is exchange 2010.
2012-06-22s4-schema: improve the documentation of the dsdb_schema structureMatthieu Patou1-4/+6
2012-06-22s4-dsdb: Check for key SCHEMA_SEQ_NUM in metadata.tdb updatesMatthieu Patou2-3/+192
If the value has changed then reload the schema, this means that now the schema is only reloaded on a periodical basis or if we have been asked explicitly to do it and not necesserly if the schema partition has changed.
2012-06-22s4-dsdb: Add/Update SCHEMA_SEQ_NUM key in the metadata.tdb after schemaUpdateNowMatthieu Patou4-2/+43
The idea is to signal to other process accessing the database that the schema was forced to be reloaded and so they should reload as well.
2012-06-22s4-drs: if schema has changed during replication notify other process that ↵Matthieu Patou1-0/+55
they have to reload the schema
2012-06-22s4-dsdb: move schema_load at the top of module stackMatthieu Patou1-1/+1
2012-06-22s4-extended: do not try to fix if there is no schemaMatthieu Patou1-0/+4
2012-06-22s4-schema: keep track of the timestamp of the most recently changed/created ↵Matthieu Patou3-1/+13
object
2012-06-22s4-schema: generalized time use its own syntax nowMatthieu Patou1-1/+0
2012-06-22s4-drsuapi: Fix a const warningMatthieu Patou1-1/+1
2012-06-22s4-drsuapi: rework the crackname implementation of functionnal namesMatthieu Patou1-24/+122
2012-06-22s4-dsdb-linkedattributes: register the VERIFY_NAME control, handle it when ↵Matthieu Patou1-10/+97
we are a GC In theory when presented this control and not a GC we should use the specified name as the DC to contact for cross-domain link verification. But for the moment we don't support this so we just fail when we have this control and are not a GC.
2012-06-22s4-dsdb: support otherWellKnownObjectsMatthieu Patou1-24/+31
2012-06-22s4-dsdb: Try to avoid much of the time a db search for msDS-IntIDMatthieu Patou3-14/+97
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID). If so generate another random value. If not check if the highest USN in the database for the schema partition is the one that we know. If so it means that's only this ldb context that is touching the schema in the database. If not it means that's someone else has modified the database while we are doing our changes too (this case should be very bery rare) in order to be sure do the search in the database.
2012-06-22dsdb-schema: do not reload more often than schema_reload_intervalMatthieu Patou4-2/+42
Samba 4 use to try to reload the schema every time dsdb_get_schema was called (which could be 20+ time per ldb request). Now we only reload at most every xx seconds (xx being the value of dsdb:"schema_reload_interval" or 120). The timestamp of the last reloaded schema is kept in the dsdb_schema object. There is also a timestamp in the ldb_context, that is used by the LDAP server to know if it has to reload the schema after handling the request. This is used to allow that the schema will be immediately reload after a schemaUpdateNow request has been issued, the reload can't occur in the handling of the LDAP request itself because we have a transaction autostarted.
2012-06-22s4-dsdb: fix a warning about unused variableMatthieu Patou1-3/+0
2012-06-21samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij3-17/+17
2012-06-19ldb: use tdb directly, not tdb_compat.Rusty Russell1-6/+6
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett3-3/+3
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-07build: Add missing deps and make MESSAGING a private libraryAndrew Bartlett1-1/+1
To remove finddcs_nbt these missing deps need to be added. These subsystems linked to to implicit dependencies provided by finddcs. Due to the new arrangmenet of subsystems, MESSAGING needs to be a private library to avoid being a source of duplicate symbols. Andrew Bartlett
2012-05-30dsdb: Fix error checking conditions in partition_metadata moduleAmitay Isaacs1-7/+7
Thanks to Matthieu Patou <mat@matws.net> for pointing it out. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy4-358/+363
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-19s4-dsdb: allow modification of some deleted object if the show-deleted ↵Matthieu Patou1-4/+9
control is presented Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
2012-05-19s4-dsdb: naming context needs to have the extended-dn syntax tooMatthieu Patou1-0/+1
2012-05-06s4-schema: Validate more class attribute when adding a new class in the schemaMatthieu Patou1-0/+29
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
2012-05-05s4: use intermediate var, increase lisibilityMatthieu Patou1-6/+5
2012-05-04s4-dsdb: Use data_blob_string_const and add explaination for open-coded ↵Andrew Bartlett1-4/+6
function in samldb Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
2012-05-04s4-dsdb: Use strcasecmp_m() to compare possibly multibyte strings in samldbAndrew Bartlett1-5/+5
2012-05-04s4:samldb LDB module - make sure to not add identical ↵Matthias Dieter Wallnöfer2-16/+88
"servicePrincipalName"s more than once The service principal names need to be case-insensitively unique, otherwise we end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error. This issue has been discovered on the technical mailing list (thread: cannot rename windows xp machine in samba4) when trying to rename a AD client workstation.
2012-04-30s4:samldb LDB module - homogenize LDB search attributes arraysMatthias Dieter Wallnöfer1-13/+13
First they do not need to be "static" any longer since we have abandoned asynchronous result handling (where global variables have been important). In addition add some "const" in order to protect us from unwanted writes. Reviewed-by: Andrew Bartlett Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Apr 30 16:46:20 CEST 2012 on sn-devel-104
2012-04-30s4:samldb LDB module - implement "fSMORoleOwner" attribute protectionMatthias Dieter Wallnöfer2-0/+153
This is a very essential attribute since it references to various domain master roles (PDC emulator, schema...) depending on which entry it has been set. Incautious modifications can cause severe problems. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
2012-04-29s4:dsdb/common/util.c - samdb_is_pdc() - fail if the "fSMORoleOwner" ↵Matthias Dieter Wallnöfer1-1/+5
attribute has not been set
2012-04-29Add some debug for FOOBAR return case as they are hard to diagnoseMatthieu Patou1-0/+3
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Apr 29 09:08:15 CEST 2012 on sn-devel-104
2012-04-29dsdb: more RELAX to DBCHECK control shift so that only dbcheck can do ↵Matthieu Patou1-2/+2
uncontrolled changes
2012-04-29dsdb: change control from relax to dbcheckMatthieu Patou1-1/+1
Comment indicate that this is needed by dbcheck only and it permits other projects to push broken schema and remain undetected
2012-04-23Cracknames: use krb wrapper functions so it works with MITSimo Sorce1-25/+29
Also avoid a silly game with directly modifying the principal and then calling krb5_principal_unparse_flags to get out a string. If we already assume it is a 2 components name and know what outcome we are going to get, just go ahead and talloc_asprintf the linearized string.
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce1-1/+1
2012-04-19s4-kcc: avoid a false alarm with rodcMatthieu Patou1-0/+7
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Thu Apr 19 12:32:58 CEST 2012 on sn-devel-104
2012-04-18dsdb: added SHOW_DELETED to samldb_member_check()Andrew Tridgell1-1/+1
when dbcheck is fixing DNs, it will sometimes operated on a deleted DN link Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-04-18s4:dsdb/pydsdb.c - call the "objectClass" normalisation code from PythonMatthias Dieter Wallnöfer1-0/+14
This allows the dbchecker to fix ordering/inconsistency problems with the mentioned attribute. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2012-04-18s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modifyMichael Adam2-0/+35
This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
2012-04-18s4-schema: set subClassOf by default to top if not specifiedMatthieu Patou1-0/+6
Signed-off-by: Michael Adam <obnox@samba.org>
2012-04-18s4-schema: remove unused variableMatthieu Patou1-4/+0
2012-04-18s4-schema: Generate some schema related attribute as MS AD is doing if they ↵Matthieu Patou1-0/+43
are not present in ldb requests