Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Jun 30 13:34:13 CEST 2013 on sn-devel-104
|
|
|
|
|
|
pointing to a DC object
The problem was found by the DRSR testsuite where server objects were
created in the Site container without serverrefrence attribute
triggering error in the testsuite.
|
|
dcesrv_drsuapi_DsBind()
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 25 03:06:13 CEST 2012 on sn-devel-104
|
|
dcesrv_drsuapi_DsGetDomainControllerInfo_1()
metze
|
|
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
|
|
the NTDS entry
This entry has most of the time subelements (connections between DCs)
that will forbid a simple (non recursive) delete
|
|
Reviewed by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 1 17:57:47 CET 2011 on sn-devel-104
|
|
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as
64-bit integer.
Reviewed by: Kamenim and Metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
|
|
This will allow it to replace functions in source3 that use debug classes.
Andrew Bartlett
|
|
|
|
added a simple mapping from req8
|
|
|
|
|
|
In case the caller wants sync execution, we should
not cancel the call for internal timeout reason,
but rather wait for its execution
|
|
It is to be used when caller wants to explicitly
specify the timeout for the call
|
|
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we need the domain_sid to determine if the account is a RODC for our
domain
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
dcesrv_drsuapi_DsRemoveDSServer()
metze
|
|
No need to have "signed" counters at those places.
|
|
|
|
Use --option=drs:disable_sec_check=true until the group membership bug
with the PAC is fixed.
|
|
|
|
infoType.
This patch includes the framework for the implementation of all infoTypes of
the DsGetReplInfo() call, and includes the implementation for the first one,
the DS_REPL_INFO_NEIGHBORS.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
|
|
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
|
|
|
When a DC connects to DRS, open the samdb with system session
credentials, so that we don't have to re-open it each time on other
calls.
|
|
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
|
|
|
|
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
The key DRS calls should only be allowed by administrators or domain
controllers
|
|
|
|
These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow
|
|
This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.
This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.
|