summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2009-09-28s4-kcc: fixed corruption of repsFrom records by kccAndrew Tridgell1-4/+2
We were re-using a stack variable outside of the stack scope
2009-09-28s4-kcc: remove stale repsFrom entries in kcc runAndrew Tridgell1-0/+11
2009-09-28s4-dsdb: don't return the partition root objectsAndrew Tridgell1-1/+19
When searching across partitions, we want to avoid sending duplicate records caused by the record appearing both as a mount point and as a partition root in a nested partition. This patch works by intercepting objects from searches and checking if they match a partition root. If they do, and the partition is not the one in the partition control request, then discard the object.
2009-09-28s4-dsdb: removed extraneous debug messagesAndrew Tridgell1-4/+0
2009-09-28s4-dsdb: update replPropertyMetaData on linked attribute source attributesAndrew Tridgell1-0/+23
2009-09-28s4-dsdb: fixed searching for GUID based DNs between partitionsAndrew Tridgell1-2/+16
2009-09-28s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as criticalAndrew Tridgell1-0/+10
We may also need to remove the isCriticalSystemObject when the machine is demoted
2009-09-28s4-repl: free the la list on prepare commit failureAndrew Tridgell1-0/+3
2009-09-28s4-samdb: free the linked_attributes list on prepare commit failureAndrew Tridgell1-0/+6
2009-09-28s4-repl: use GUID to resolve target in linked attributesAndrew Tridgell1-8/+7
When we vampire from w2k8-r2, the DC sends us a linked attribute for our machine account which has a target DN with a GUID of the OU=Domain Controllers objects, but has a DN of CN=Computers. We need to use the GUID to resolve the real DN.
2009-09-28s4-dsdb: ask for an extended DN in dsdb_find_dn_by_guid()Andrew Tridgell1-0/+5
2009-09-28s4-dsdb: make dsdb_search_dn_with_deleted public for repl_meta_data moduleAndrew Tridgell1-5/+5
2009-09-28s4-drs: fixed sorting of replPropertyMetaDataAndrew Tridgell1-31/+44
This also ensures we add the SHOW_DELETED control on searches for old replPropertyMetaData attributes
2009-09-24s4-drs: add defines for replication flags on attributesAndrew Tridgell1-5/+2
2009-09-24s4-ldb: sort replPropertyMetaData by attidAndrew Tridgell1-1/+16
We need to sort on both module add and modify
2009-09-24s4-ldb: add instanceType in repl_meta_data moduleAndrew Tridgell1-0/+8
We need to add instanceType on new records if not added by caller. This is needed in repl_meta_data to ensure we fill in the meta data for replication
2009-09-24s4-drs: add SHOW_DELETED control on dsdb utility callsAndrew Tridgell1-2/+60
The dsdb_find_dn_by_guid() and dsdb_find_sid_by_dn() are using by the DRS server call getncchanges on objects that may be deleted.
2009-09-23s4-dsdb: cope with windows sending extra pad bytesAndrew Tridgell1-4/+4
2009-09-23s4-dsdb: added dsdb_find_sid_by_dn()Andrew Tridgell1-0/+30
2009-09-23s4-drs: ignore zero value elements in DRS add operationsAndrew Tridgell1-0/+13
w2k8 sometimes sends us a new object via DRS with an attribute with no values
2009-09-22s4-ldb: added a bunch more debug for DC joinAndrew Tridgell5-0/+17
These additional debug messages were added to help us track down w2k8->s4 domain join
2009-09-22s4-ldbmodules: allow instanceType to be specified by clientsAndrew Tridgell1-0/+6
This is needed for the WSPP ADS testsuite
2009-09-21s4:dsdb Fix of double addition of SD-sNadezhda Ivanova2-11/+25
Also add error strings in descriptor module
2009-09-21s4:ldb Add 'single-value' support to LDB.Andrew Bartlett1-0/+4
This is currently only triggered via Samba4's schema code.
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova4-21/+160
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova4-0/+1188
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-21s4:dsdb Run the new 'descriptor' module by default.Andrew Bartlett1-6/+0
This code was derived from the objectclass module, and we need the new code in the default provision, or else no ACL is set on each object. Andrew Bartlett
2009-09-21s4-schema: don't trace the schema load (too verbose)Andrew Tridgell1-12/+24
2009-09-21s4-ldap: default edn type is 0Andrew Tridgell1-1/+1
2009-09-21s4-ldb: add support for extended DNs in the rootDSEAndrew Tridgell1-2/+135
W2K8 join as a DC relies on being able to ask for the sid component of extended DNs from the rootDSE DNs
2009-09-21s4-dsdb: fixed a printf format warningAndrew Tridgell1-1/+1
2009-09-21s4:kerberos Fix the salt to match Windows 2008.Andrew Bartlett1-1/+1
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett
2009-09-21s4:dsdb/resolve_oids: add fast pathes for the common operations without oidsStefan Metzmacher1-0/+217
metze
2009-09-21s4:dsdb/resolve_oids: check return values in recursionStefan Metzmacher1-3/+6
metze
2009-09-21Merge branch 'master' of git://git.samba.org/sambaMatthias Dieter Wallnöfer1-0/+29
2009-09-20s4:samba3sam.py test - remove the primary group ID attribute hereMatthias Dieter Wallnöfer1-7/+2
This shouldn't be specified on creation time (Windows Server doesn't allow that). Hope this also fixes the test (see buildfarm).
2009-09-20Disable descriptor module unless enabled in smb.confNadezhda Ivanova1-0/+29
Since this code may still have some problems, it is not executed by default. To enable descriptor inheritance add: acl:inheritance = true in your smb.conf
2009-09-20s4:dsdb/common/util - Check for the right forest/domain function levelMatthias Dieter Wallnöfer1-0/+57
This adds a function which performs the check for the supported forest and domain function levels. On an unsuccessful result a textual error message can be created (parameter "errmsg" != NULL) which gives hints for the user to help him fixing the issue.
2009-09-20dsdb/samdb: add resolve_oids moduleStefan Metzmacher2-0/+438
Windows Servers allow OID strings to be used instead of attribute/class names. For now we only resolve the OIDs in the search expressions, the rest will follow. metze
2009-09-19Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.cAnatoliy Atanasov1-0/+8
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov2-7/+7
2009-09-19s4:dsdb Print the partition we failed to suggest replication forAndrew Bartlett1-1/+2
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell5-20/+23
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-09-18s4-drs: cope with dupliate linked attributesAndrew Tridgell1-1/+41
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS which are duplicates of entries that we already have. We need to cope with this by using a remove/add pair in the ldb_modify() to avoid a "entry already exists" error
2009-09-17s4:descriptor module - Revert and const fixupsMatthias Dieter Wallnöfer1-7/+18
- Revert a change introduced by me since I didn't understood the meaning of the version check - Added some "const" to suppress compiler warnings
2009-09-17s4:descriptor - cosmeticMatthias Dieter Wallnöfer1-1/+1
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer2-10/+3
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-16Owner and group defaulting.Nadezhda Ivanova3-57/+479
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-16s4-repl: raise a debug levelAndrew Tridgell1-1/+1
2009-09-16s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't existAndrew Tridgell1-0/+8
When a partition is first created it still needs a uSNHighest value