Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This test is in the wrong place. We end up validating our own flags.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Non-administrator replication checks the invocationId matches
the sid of the user token being used
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
this validates that a invocationID matches an account sid
This will be used to ensure that we don't allow DRS replication
from someone a non-DC or administrator
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used by the RODC code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This means we are only doing the checks for schema changes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
During building an object to send it on a GetNCChanges reply, it checks
the attributes and if any of them is a RODC filtered and the recipient
is a RODC, then such attribute is not sent.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This function is intended to check if some client is not lying about
his flags. At this moment, it only checks for RODC flags.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
With the extra moduleload lines (which succeed if it's already
staticly linked), we now work with OpenLDAP overlays as modules.
Andrew Bartlett
|
|
The SIDs in some queries were not being passed as binary, but as
strings in comparison with the securityIdentifer object. We need to
recognise that these are SIDs in the simple_ldap_map.
Andrew Bartlett
|
|
|
|
This is rather than rdn_name, which tries to do the job on the client
side. We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).
Andrew Bartlett
|
|
In the future, LDAP backends will be resposible for maintaining the
'name' attributes.
Andrew Bartlett
|
|
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort
on startup, and was very inefficient. This new one, kindly supplied
by Matthew Backes <mbackes@symas.com> uses a more reasonable set of
buffer sizes.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
Kamen, please have a look at this. We need to accept revision zero as
w2k8r2 sends it during initial schema replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we still need to allow for interactive querying of the realm
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this prevents a warning when we run net vampire from the install dir
when samba has never been run previously
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is needed for net vampire
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This needs to cope with both running from the build tree or running
from the install tree. We use the provision.smb.conf.dc as a sentinal
to detect if we are in the build tree.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
w2k8r2 sends a revision of zero in the initial schema replication
during a net vampire
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
also fixed the -d option to use lp.set() which calls lp_set_cmdline()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This allows you to run:
GDB="gdb --args" vampire_ad.sh
and also to add higher debug levels like this:
vampire_ad.sh -d100
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
metze
|
|
metze
|
|
These are needed for dcpromo from w2k8r2
|
|
Suprisingly, that value is always 0 (at least on w2k8r2).
Guenther
|
|
|
|
|
|
we put it after the scripting/python dir, so we look in the build
directory (if applicable) first.
|
|
|
|
short domainname discovery
Here we don't need to use "lp_sam_name" since in this function we are always a
DC.
|
|
|
|
the talloc python interface for tp_alloc and tp_dealloc relies on a
cast to a py_talloc_Object to find the talloc_ctx (see
py_talloc_dealloc). This means we rely on the talloc_ctx for the
object being directly after the PyObject_HEAD
This fixes the talloc free with references bug in samba_dnsupdate
The actual problem was the tp_alloc() call in
PyCredentialCacheContainer_from_ccache_container() which used a cast
from a py_talloc_Object to a PyCredentialCacheContainerObject. That
case effectively changed the parent/child relationship between the
talloc_ctx and the ccc ptr.
This patch changes all the structures that follow this pattern to put
the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if
anyone else decides to do a dangerous cast like this that it won't
cause the same sort of subtle breakage.
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
when a ptr has a single reference and a NULL parent, then
talloc_free(ptr) is not ambiguous, as the caller could not have done a
talloc_free(NULL) to free the memory
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
This makes it easier to put failed startups into a debugger.
Andrew Bartlett
|
|
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.
Andrew Bartlett
|