Age | Commit message (Collapse) | Author | Files | Lines |
|
Give the possibility to specify controls when loading ldif files.
Relax control is specified by default for all ldb_add_diff (request Andrew B).
Set domainguid if specified at the creation of object instead of modifying afterward
Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
|
|
|
|
request that specify objectGUID attribute.
|
|
|
|
This segfault occoured in cases where we rejected (or never attempted)
the tree connect, so had an invalid private pointer for the logoff
codepath.
Andrew Bartlett
|
|
The relative DN must be the one that the most specific structural
objectclass specifies.
Andrew Bartlett
|
|
We need to create Domain Users in the test ldb
|
|
This helped track down the samba3sam.py failures
|
|
|
|
I'll need help from Andrew on how to get gensec to initialise it's ops
element
|
|
|
|
mdw is working on the correct call to check the password strength
|
|
It is nice to tell the user why their command failed :-)
|
|
As metze pointed out - this seems to be completely dead code. I too didn't find
any dependencies in other code parts. Therefore remove it.
|
|
Windows 2003 Native
|
|
Add checks to make sure that we join only supported AD domains (we agreed that
those are >= (Windows) 2003 Native per default - this is changeable with the
"ads:function level" option).
Add also checks to make sure that we cannot join domains which have a bigger
function level than our DC capable function level (e.g. a (Windows) 2008 DC
cannot join a (Windows) 2008 R2 domain).
|
|
|
|
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects
This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of
2.5.5.7. We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.
This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.
|
|
Windows does not set the 3 high bits, which is strange given their
meaning. I've submitted a CAR on this.
|
|
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer
what this bit means (according to MS-ADTS doc)
|
|
* Add chained NTCREATEX_READX test which first tries to open/read
a non-existant file failing on the open, then attempts the same
operation on a file that does exist, opening and reading
successfully.
* Add test for open_dispositions on directories.
|
|
Allows "make test" and other harnesses to print cleaner output.
|
|
Forgot to "git add" the new file in commit b2bcfaae
|
|
|
|
I've ported all applicable SMB oplock torture tests to SMB2, giving us
a good base for SMB2 oplock testing.
There are several differences between oplocks in SMB and SMB2, mostly
because of differences in W2K3 and W2K8. The existing SMB oplock
tests all pass against W2K3, but several fail against W2K8. These
same tests were failing in SMB2, util I reworked them.
BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't
cause a sharing violation or break an existing oplock. It appears that
in W2K8/SMB2 a sharing violation is raised.
BATCH22: In W2K3/SMB when a second opener was waiting the full timeout
of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after
about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead
the second opener succeeds.
LEVELII500: Added 1 new test checking that the server returns a proper
error code when a client improperly replies to a levelII to none break
notification.
STREAM1: W2K8 now grants oplocks on alternate data streams.
|
|
|
|
|
|
|
|
|
|
After this patch DsGetNCChanges() test works fine.
bind_info returned by server is also cached for future use
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
Based on the change in commit fb84edabbe9f358031117de2cf78613c704ac600, these
tests needs to expect lowercase output.
|
|
|
|
The case distinction shouldn't be needed also when "diff" is NULL.
"PyLdbMessage_FromMessage" works with "NULL" arguments.
|
|
This reverts commit fb914640ad656b146f732ab33063575e2e47e37c.
Jelmer requested the revert since he feels better when we reapply this change
after his merge with the updated WMI branch.
|
|
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298.
abartlet claims that this patch could lead to data loss (look at technical
mailing list)
|
|
- Improve the error handling according to Jelmer's suggestions
- Print out the error messages on "stderr"
- Add also here the "choice" type for arguments
|
|
function levels
Adds a parameter "--function-level" which allows to specify the domain and
forest function level.
|
|
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep"
utility is used to perform schema updates and update other attributes as
necessary.
Adding these entries provides an indication that the adprep utility has been run
with the /forestprep, /domainprep and /rodcprep arguments. Although these
entries indicate adprep has been run, nothing has been done to verify that the
changes that the adprep utility would have made have actually been done.
The values used for the revision atttributes are as seen on a W2K8 DC (not
W2K8 R2, which will probably have higher values).
|
|
We are running the W2K8 schema version, not the W2K3 version.
|
|
I came up with a better solution which is invoked when we try to join a domain
as a DC (in file "libnet_become_dc.c"). Consider a following commit for this
patch.
|
|
- We support domain/forest function levels >= (Windows) 2003 Native -> adapt the
domain/forest and DC function level restrictions.
- Consider also the lowest function level of a DC. The domain and forest function
levels can never be higher than it.
- Improve the error handling by printing out messages to "stderr"
- Introduce the "choice" type for choice arguments (saves us some error handling)
|
|
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
We were pulling junk memory for our stream names after the reordering
of the struct definition.
|
|
Previously, the oplock torture tests, being single threaded, required
the server to return oplock break requests, and other SMB packets
in a specific order for us to verify "correctness".
Of course, in several cases the protocol allows the break packets,
especially breaks to levelII to come back in any order. With tevent
we're now able to wait for oplock breaks in the middle of a torture
test.
I've added a helper to do this, and modified all oplock tests to allow
returning of oplock breaks in any order.
|
|
Allows "make test" and other harnesses to print cleaner output.
|
|
|
|
list.
|
|
We were re-using a stack variable outside of the stack scope
|