summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-10-02s4: Improve provisioning: use relax controlMatthieu Patou5-20/+24
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
2009-10-02pythonbindings: allow add() to have an array of controls as second parameterMatthieu Patou1-0/+1
2009-10-02s4-ldb: Use relax control to check in replace metadata module if we accept ↵Matthieu Patou1-5/+38
request that specify objectGUID attribute.
2009-10-02s4-ldb: Add new relax controls that allow relaxed x500 constraints checksMatthieu Patou2-0/+35
2009-10-02s4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()Andrew Bartlett1-1/+4
This segfault occoured in cases where we rejected (or never attempted) the tree connect, so had an invalid private pointer for the logoff codepath. Andrew Bartlett
2009-10-02s4:Ensure the selected RDN is the right one per the schemaAndrew Bartlett1-1/+7
The relative DN must be the one that the most specific structural objectclass specifies. Andrew Bartlett
2009-10-02s4-samldb: the samldb module requires that the primary group existsAndrew Tridgell1-9/+17
We need to create Domain Users in the test ldb
2009-10-02s4-samdb: added some debuggingAndrew Tridgell1-2/+8
This helped track down the samba3sam.py failures
2009-10-02s4-test: skip python gensec test until its finishedAndrew Tridgell1-0/+1
2009-10-02s4-pygensec: a bit closer to workingAndrew Tridgell3-9/+56
I'll need help from Andrew on how to get gensec to initialise it's ops element
2009-10-02s4-torture: added a very simple samr ValidatePassword testAndrew Tridgell1-0/+32
2009-10-02s4-samr: fake up a samr_ValidatePassword responseAndrew Tridgell1-1/+5
mdw is working on the correct call to check the password strength
2009-10-02s4-libnet: give sane error messages when functional levels don't matchAndrew Tridgell1-8/+12
It is nice to tell the user why their command failed :-)
2009-10-02s4:dsdb/common/sidmap - RemoveMatthias Dieter Wallnöfer2-613/+0
As metze pointed out - this seems to be completely dead code. I too didn't find any dependencies in other code parts. Therefore remove it.
2009-10-02s4:provision - Change the default forest/domain function level back to ↵Matthias Dieter Wallnöfer2-2/+2
Windows 2003 Native
2009-10-02s4:libnet_become_dc - add checks for valid domain/forest function levelsMatthias Dieter Wallnöfer1-10/+52
Add checks to make sure that we join only supported AD domains (we agreed that those are >= (Windows) 2003 Native per default - this is changeable with the "ads:function level" option). Add also checks to make sure that we cannot join domains which have a bigger function level than our DC capable function level (e.g. a (Windows) 2008 DC cannot join a (Windows) 2008 R2 domain).
2009-10-02s4-ldb: accept the binary DN OIDs in extended DN modulesAndrew Tridgell2-4/+8
2009-10-02s4-ldb: Add support for binary blobs in DNsAndrew Tridgell3-53/+408
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a binary blob. We need to support those in order to give correctly formatted binary blobs for things like wellKnownObjects This implementation is not ideal, as it allows for binary blobs on all DNs, whereas it should only allow them on those with a syntax of 2.5.5.7. We should clean this up in the future, but meanwhile this implementation at least gets us a working DC join of w2k8 to s4. This patch also uses a static function for marking DNs as invalid, which is very useful when debugging this code, as you can break on it in gdb.
2009-10-02s4-cldap: match w2k8-r2 for cldap netlogon bitsAndrew Tridgell1-10/+17
Windows does not set the 3 high bits, which is strange given their meaning. I've submitted a CAR on this.
2009-10-02ds-flags: use the new name DS_DNS_FOREST_ROOTAndrew Tridgell2-6/+6
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer what this bit means (according to MS-ADTS doc)
2009-10-01s4/torture: Add two new SMB RAW-OPEN testsAravind Srinivasan3-1/+296
* Add chained NTCREATEX_READX test which first tries to open/read a non-existant file failing on the open, then attempts the same operation on a file that does exist, opening and reading successfully. * Add test for open_dispositions on directories.
2009-10-01s4/torture: convert printf to torture_comment() in RAW-OPENAravind Srinivasan1-58/+103
Allows "make test" and other harnesses to print cleaner output.
2009-10-01s4/torture: second try on renaming oplocks.c to oplock.cSteven Danneman1-0/+3617
Forgot to "git add" the new file in commit b2bcfaae
2009-10-01s4/torture: rename oplocks.c to oplock.c to match SMB1 file layoutSteven Danneman2-3618/+1
2009-10-01s4/torture: Ported SMB oplock torture tests to SMB2Steven Danneman3-68/+3519
I've ported all applicable SMB oplock torture tests to SMB2, giving us a good base for SMB2 oplock testing. There are several differences between oplocks in SMB and SMB2, mostly because of differences in W2K3 and W2K8. The existing SMB oplock tests all pass against W2K3, but several fail against W2K8. These same tests were failing in SMB2, util I reworked them. BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't cause a sharing violation or break an existing oplock. It appears that in W2K8/SMB2 a sharing violation is raised. BATCH22: In W2K3/SMB when a second opener was waiting the full timeout of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead the second opener succeeds. LEVELII500: Added 1 new test checking that the server returns a proper error code when a client improperly replies to a levelII to none break notification. STREAM1: W2K8 now grants oplocks on alternate data streams.
2009-10-01s4/torture: fix typo in test commentSteven Danneman1-1/+1
2009-10-01s4/asn1: Added torture suite for ASN1Kamen Mazdrashki2-0/+2
2009-10-01s4:pyldb - Wrong error type (found only after the push)Matthias Dieter Wallnöfer1-1/+1
2009-10-01s4:ldb_msg_diff - Fixes up possible memory leaks and the python binding of itMatthias Dieter Wallnöfer2-3/+13
2009-10-01s4-tort-drs: Add bind_info for dcerpc_drsuapi_DsBind() callKamen Mazdrashki2-1/+41
After this patch DsGetNCChanges() test works fine. bind_info returned by server is also cached for future use Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-10-01s4-tort-drs: DsReplicaUpdateRefs test fixed and extendedKamen Mazdrashki1-37/+50
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-10-01s4-tort: Added assertion macro for DRSUAPI callKamen Mazdrashki1-3/+16
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30s4:torture: data_blob_hex_string() output is now lowercase.Andrew Kroeger1-2/+2
Based on the change in commit fb84edabbe9f358031117de2cf78613c704ac600, these tests needs to expect lowercase output.
2009-09-30s4:samba.tests.samdb - remove last relicts of the templatesMatthias Dieter Wallnöfer1-4/+2
2009-09-30s4:pyldb - Fixed the return value in "py_ldb_msg_diff"Matthias Dieter Wallnöfer1-2/+0
The case distinction shouldn't be needed also when "diff" is NULL. "PyLdbMessage_FromMessage" works with "NULL" arguments.
2009-09-30Revert "s4:wmic - Output enhancements"Matthias Dieter Wallnöfer1-105/+58
This reverts commit fb914640ad656b146f732ab33063575e2e47e37c. Jelmer requested the revert since he feels better when we reapply this change after his merge with the updated WMI branch.
2009-09-30Revert "python: create a script for reorgnizing an LDB file."Matthias Dieter Wallnöfer1-60/+0
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298. abartlet claims that this patch could lead to data loss (look at technical mailing list)
2009-09-30s4:pwsettings - Improve error handling and introduce "choice" typeMatthias Dieter Wallnöfer1-13/+10
- Improve the error handling according to Jelmer's suggestions - Print out the error messages on "stderr" - Add also here the "choice" type for arguments
2009-09-30s4:provision - Lets the user choose between the supported forest/domain ↵Matthias Dieter Wallnöfer2-18/+40
function levels Adds a parameter "--function-level" which allows to specify the domain and forest function level.
2009-09-30s4:provision: Show domains and forests are W2K8 DC capable.Andrew Kroeger2-0/+15
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep" utility is used to perform schema updates and update other attributes as necessary. Adding these entries provides an indication that the adprep utility has been run with the /forestprep, /domainprep and /rodcprep arguments. Although these entries indicate adprep has been run, nothing has been done to verify that the changes that the adprep utility would have made have actually been done. The values used for the revision atttributes are as seen on a W2K8 DC (not W2K8 R2, which will probably have higher values).
2009-09-30s4:provision: Update schema version number to W2K8.Andrew Kroeger1-1/+1
We are running the W2K8 schema version, not the W2K3 version.
2009-09-30s4:dsdb/common/util - remove introduced "samdb_is_capable_dc" callMatthias Dieter Wallnöfer1-57/+0
I came up with a better solution which is invoked when we try to join a domain as a DC (in file "libnet_become_dc.c"). Consider a following commit for this patch.
2009-09-30s4:domainlevel - General reworkMatthias Dieter Wallnöfer1-29/+63
- We support domain/forest function levels >= (Windows) 2003 Native -> adapt the domain/forest and DC function level restrictions. - Consider also the lowest function level of a DC. The domain and forest function levels can never be higher than it. - Improve the error handling by printing out messages to "stderr" - Introduce the "choice" type for choice arguments (saves us some error handling)
2009-09-30w32err: Script to fetch and prepare errors to be updated/addedKamen Mazdrashki1-0/+361
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-29s4/torture: fix RAW-OPLOCK-STREAM1 test after commit a11bb14Steven Danneman1-11/+12
We were pulling junk memory for our stream names after the reordering of the struct definition.
2009-09-29s4/torture: Allow receiving of oplock break requests in any orderSteven Danneman1-88/+159
Previously, the oplock torture tests, being single threaded, required the server to return oplock break requests, and other SMB packets in a specific order for us to verify "correctness". Of course, in several cases the protocol allows the break packets, especially breaks to levelII to come back in any order. With tevent we're now able to wait for oplock breaks in the middle of a torture test. I've added a helper to do this, and modified all oplock tests to allow returning of oplock breaks in any order.
2009-09-29s4/torture: convert printf to torture_comment()Aravind Srinivasan1-2/+4
Allows "make test" and other harnesses to print cleaner output.
2009-09-28Move samba-specific variable to s4 Makefile.Jelmer Vernooij2-2/+2
2009-09-28make: Use $(base_srcdirs) in 'make clean' rather than keeping a separateJelmer Vernooij1-1/+1
list.
2009-09-28s4-kcc: fixed corruption of repsFrom records by kccAndrew Tridgell1-4/+2
We were re-using a stack variable outside of the stack scope