summaryrefslogtreecommitdiff
path: root/source4/dsdb
AgeCommit message (Collapse)AuthorFilesLines
2012-02-25s4-lib: Remove unused samdb_msg_set_int()Ricky Nance1-15/+0
Found by callcatcher Ricky Nance
2012-02-20s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett3-3/+6
Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
2012-02-13s4-dsdb: Check if metadata.tdb exists, before trying to open itAmitay Isaacs1-0/+6
This fixes the error output from tdb2 when metadata module tries to create metadata.tdb first time. This error is reported since metadata module tries to check if tdb exists by trying to open tdb file. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon Feb 13 03:02:09 CET 2012 on sn-devel-104
2012-02-01Revert "s4-drs: do not try to contact for replication servers that are not ↵Andrew Tridgell1-38/+4
anymore in reps*" This reverts commit 5bfd6251eb22ff701184a95649822a73cf4d157b. This change has been causing regular segfaults in the build farm since it was applied. I also think it may be unnecessary as dreplsrv_refresh_partitions() should already be achieving the same thing (removing stale replication targets). I think the segfaults were caused by freeing an in-flight DSA, but I have been unable to reproduce it outside of the build farm Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Feb 1 07:49:42 CET 2012 on sn-devel-104
2012-01-30samdb: use compat wrappers for tdb_fetch().Rusty Russell1-6/+6
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now. Similarly, tdb_errorstr() -> tdb_errorstr_compat(). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-24dsdb: Allow DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID to be specified as a flagAndrew Bartlett2-0/+8
2012-01-24python: Change except: statement to except Exception:Amitay Isaacs1-1/+1
This way we only catch true exceptions and keyboard interrupts are not caught here. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
2012-01-16s4:dsdb/password_hash: require a "Primary:Kerberos" blob in ↵Stefan Metzmacher1-0/+16
supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
2012-01-14Intersite KCC flags for pythonDave Craft1-0/+5
Add NTDSSITELINK options to dsdb class for use in python samba_kcc Signed-off-by: Andrew Tridgell <tridge@samba.org>
2012-01-05s4:repl_meta_data LDB module - set "isRecycled" time correctlyMatthias Dieter Wallnöfer1-9/+8
"unix_to_nt_time()" which is based on "time_t" behaves differently for literals > 32 bit on 32 and 64 bit platforms. Reviewed-by: ekacnet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
2011-12-23s4-kcc: Remove also deleted objects that are not in the Deleted Object containerMatthieu Patou2-2/+38
For the configuration container we do a full scan at every run of the kcc-delete service. For the base DN we introduce a new parameter that avoid the full scan to kick just when samba starts. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4-ldb: Add isRecycled when is defined in the schemaMatthieu Patou1-3/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19s4-dsdb: Relax the conditions where we can't do a subtree deleteMatthieu Patou1-1/+19
If the parent object is a SAM object (as defined in 3.1.1.5.2.3 Special Classes and Attributes of MS-ADTS) then we can use the subtree delete control even if the object is a critical one. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
2011-12-13s4:pydsdb: remove unused variable from py_dsdb_am_pdc()Stefan Metzmacher1-1/+0
metze
2011-12-09s4:dsdb/common/util.c - test LDB result against LDB_SUCCESS as we are always ↵Matthias Dieter Wallnöfer1-1/+1
doing Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 9 12:00:03 CET 2011 on sn-devel-104
2011-12-08Invocation of samba_kcc from KCC taskDave Craft3-21/+89
Modification to periodic and explicit invocation paths of the KCC topology generation code. Managed via samba_runcmd_send() API. The samba_kcc script is invoked if (kccsrv:samba_kcc = true) appears in smb.conf Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-08Add subreq and status to kcc_service structDave Craft1-2/+9
The subreq and status fields in the kcc_service struct are added for execution management of the external samba_kcc python script. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-07pydsdb: provide a am_pdc hook like am_rodc to python scriptsAndrew Bartlett1-0/+22
2011-12-05s4-drs: do not try to contact for replication servers that are not anymore ↵Matthieu Patou1-6/+40
in reps* Servers connection can be removed from repsTo and respFrom either due to DC demote or topology change by the KCC, if a server is removed from the reps* it must be effectivly removed from the list of server that we will contact for getNcChanges and for replicaSync. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
2011-12-05s4-resolver: do not use all the A and AAAA records, those after a NS are not ↵Matthieu Patou1-1/+1
the one we want to use
2011-12-05s4-drs: mark WERR_DS_DRA_BUSY as a non error in DsReplicaUpdateRefsMatthieu Patou1-2/+22
2011-11-29s4-repl: Check if GC SPN exists before using it for replicationAmitay Isaacs1-3/+54
Sometimes windows DC will set up dNSHostname before setting up GC SPN and that causes replication errors since samba tries to use GC SPN, which does not yet exist locally. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Added metadata to partition module for global sequence numberAmitay Isaacs5-17/+612
This adds support for global sequence number which is independent of partition information. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: use dsdb_module_extended instead of duplicate codeAmitay Isaacs2-31/+13
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Return ldb_result context in dsdb_module_extendedAmitay Isaacs1-3/+20
The result of the extended operation is now available in the calling routine. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-29s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number supportAmitay Isaacs2-140/+13
This was a hack for LDAP backends to store a sequence number as a timestamp. It is still supported in standalone ldb tdb backend. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-26s4:update_keytab LDB module - no need to filter for the DNMatthias Dieter Wallnöfer1-2/+2
We launch a search request with base scope on exactly the same DN (see downwards). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-19s4-dsdb: Modify the repl_meta_data behavior to allow Metadata change on ↵Matthieu Patou1-2/+8
attribute interSiteTopologyGenerator even if the value didn't change Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Nov 19 16:47:53 CET 2011 on sn-devel-104
2011-11-18dsdb: Fix the password expiry calculationAmitay Isaacs1-1/+1
As per Section 3.1.1.4.5.26 [MS-ADTS.pdf], password is expired if pwdLastSet = null, or pwdLastSet = 0, or (maxPwdAge != 0x8000000000000000 and (ST - pwdLastSet) > maxPwdAge)
2011-11-17s4-dsdb: Remove unsed variableAmitay Isaacs1-2/+0
2011-11-16s4-dsdb: rework the NC detection for the descriptor calculationMatthieu Patou1-12/+31
This checks if instanceType attribute is available, and if INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then the DN is NC root and security descriptor is not inherited from parent SD. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2011-11-15s4:partition LDB module - fix handling regarding special DNs on searchesMatthias Dieter Wallnöfer1-0/+5
Normally they should always be passed to the main backend unless something different has been specified. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 15 22:43:06 CET 2011 on sn-devel-104
2011-11-15s4:dsdb/schema_data: reject schema update unless they're allowedStefan Metzmacher1-0/+12
"dsdb:schema update allowed = yes" is now needed in smb.conf to enable schema updates, as schema updates are a currenty a good way to prevent samba from startup again, because of errors in the schema definition. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
2011-11-15s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updatesStefan Metzmacher3-2/+17
By default schema updates are not allowed anymore, as we don't have complete validation code to prevent database corruption. metze
2011-11-15s4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, ↵Stefan Metzmacher1-0/+28
msDS-IntId As windows we return CONSTRAINT_VIOLATION now. metze
2011-11-15s4:dsdb/schema_data: make sure we reject schema changes if we're not the ↵Stefan Metzmacher1-0/+101
schema master metze
2011-11-15s4:dsdb/schema_data: make sure we only allow objects one level below the ↵Stefan Metzmacher1-1/+33
schema base The objectclass module should also check for this, but make sure we also reject it on things like provision. metze
2011-11-15s4:param/provision: pass schema_dn to provision_get_schema()Stefan Metzmacher1-1/+1
metze
2011-11-15s4:dsdb/schema: pass and remember the schema_dn in dsdb_set_schema_from_ldif()Stefan Metzmacher2-4/+12
metze
2011-11-15s4:dsdb/pydsdb: pass down schema_dn to _dsdb_set_schema_from_ldif()Stefan Metzmacher1-2/+2
metze
2011-11-15s4:dsdb/samldb: use DSDB_FLAG_AS_SYSTEM in samldb_schema_info_update()Stefan Metzmacher1-1/+3
We should only be able to update the schemaInfo internaly. metze
2011-11-14Remove broken code - these lines use undefined symbols.Jelmer Vernooij1-7/+2
2011-11-13s4-dsdb: initialize correctly the value of originating_change_time for the ↵Matthieu Patou1-2/+52
Deleted Object Container
2011-11-10test: fixed several tests to use samba.testsAndrew Tridgell5-8/+9
this fixes error checking. Test failures were not being detected otherwise Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-11-07python dsdb flag addtions (NTDSSETTINGS, NTDSCONN)Dave Craft1-0/+27
Add missing flags present in C code base to python code base dsdb/pydsdb.c INSTANCE_TYPE... DS_NTDSSETTINGS_OPT... NTDSCONN_OPT... These are consumed by the python KCC scripts Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02s4-sites: Document, fix under optimal coding, use exceptionsMatthieu Patou1-18/+18
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Nov 2 22:35:00 CET 2011 on sn-devel-104
2011-11-02s4-selftest: add unit tests for sites's function in pythonMatthieu Patou1-0/+125
2011-11-02dsdb: Handle the case when extended rights string is NULLAmitay Isaacs1-4/+7
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Nov 2 07:03:40 CET 2011 on sn-devel-104
2011-11-02s4-drepl: Search for application partitions in addition to main onesAmitay Isaacs1-3/+16
To replicate application partitions (e.g. DNS partitions) consult msDs-hasMasterNCs attribute as well. Also, make sure we don't add same partition twice in the list. hasMasterNCs and msDs-hasMasterNCs have domain, configuration and schema partitions common. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-01s4-dsdb Remove LDAP backend credentials supportAndrew Bartlett1-51/+3
The error message from this causes confusion, for a feature that we have never finished and have agreed to remove. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 1 06:32:52 CET 2011 on sn-devel-104