summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-04-22s4-libnet: fixed two compiler warningsAndrew Tridgell1-3/+2
2010-04-22s4-drs: removed dsdb_validate_client_flags()Andrew Tridgell2-37/+0
This test is in the wrong place. We end up validating our own flags. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: only allow replication with the right invocationIdAndrew Tridgell1-1/+20
Non-administrator replication checks the invocationId matches the sid of the user token being used Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: removed an unused variableAndrew Tridgell1-1/+0
2010-04-22s4-dsdb: added dsdb_validate_invocation_id()Andrew Tridgell1-0/+87
this validates that a invocationID matches an account sid This will be used to ensure that we don't allow DRS replication from someone a non-DC or administrator Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: added dsdb_get_extended_dn_sid()Andrew Tridgell2-12/+34
This will be used by the RODC code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-dsdb: moved rodc schema validation to samldb.cAndrew Tridgell2-33/+37
This means we are only doing the checks for schema changes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva2-2/+4
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: Do not send RODC filtered attributes to RODCs on GetNCChanges replyFernando J V da Silva1-0/+14
During building an object to send it on a GetNCChanges reply, it checks the attributes and if any of them is a RODC filtered and the recipient is a RODC, then such attribute is not sent. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s40-drs: Do not send GetNCChanges messages to RODCsFernando J V da Silva1-0/+11
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: dsdb_validate_client_flags() functionFernando J V da Silva1-0/+28
This function is intended to check if some client is not lying about his flags. At this moment, it only checks for RODC flags. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva6-39/+80
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: Do not allow system-critical attributes to be RODC filteredFernando J V da Silva1-0/+33
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4:provision Make OpenLDAP backend more robustAndrew Bartlett1-1/+11
With the extra moduleload lines (which succeed if it's already staticly linked), we now work with OpenLDAP overlays as modules. Andrew Bartlett
2010-04-22s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDsAndrew Bartlett1-0/+24
The SIDs in some queries were not being passed as binary, but as strings in comparison with the securityIdentifer object. We need to recognise that these are SIDs in the simple_ldap_map. Andrew Bartlett
2010-04-22s4:provison Pass nosync in for the OpenLDAP cn=config tooAndrew Bartlett1-0/+1
2010-04-22s4:OpenLDAP-backend Use the new rdnval module in OpenLDAPAndrew Bartlett4-5/+15
This is rather than rdn_name, which tries to do the job on the client side. We need to leave this module in the stack for Fedora DS (and of course the LDB backend). Andrew Bartlett
2010-04-22s4:dsdb Revert accidentilly commited change for LDAP backendsAndrew Bartlett1-1/+1
In the future, LDAP backends will be resposible for maintaining the 'name' attributes. Andrew Bartlett
2010-04-22s4:provision Use more reasonable values for DB_CONFIGAndrew Bartlett1-5/+13
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort on startup, and was very inefficient. This new one, kindly supplied by Matthew Backes <mbackes@symas.com> uses a more reasonable set of buffer sizes. Andrew Bartlett
2010-04-21s4:netlogon RPC server - fix a counter variable typeMatthias Dieter Wallnöfer1-1/+2
2010-04-21s4-waf: python devel headers are mandatory for the source4 buildAndrew Tridgell1-1/+1
2010-04-21s4-server: show build host in samba -b outputAndrew Tridgell1-0/+5
2010-04-21s4-upgradeprovision: fixed --realm option duplicate in upgrade_from_s3Andrew Tridgell2-2/+1
2010-04-21s4-drs: accept zero revision in drs selftestAndrew Tridgell1-0/+5
Kamen, please have a look at this. We need to accept revision zero as w2k8r2 sends it during initial schema replication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-provision: cope with --realm being in getopt.pyAndrew Tridgell1-1/+2
we still need to allow for interactive querying of the realm Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-waf: create the smbd.tmp/messaging directoryAndrew Tridgell1-1/+1
this prevents a warning when we run net vampire from the install dir when samba has never been run previously Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-python: added --realm option to python scriptsAndrew Tridgell1-1/+7
this is needed for net vampire Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-provision: set "setup_dir" to the right pathAndrew Tridgell1-2/+8
This needs to cope with both running from the build tree or running from the install tree. We use the provision.smb.conf.dc as a sentinal to detect if we are in the build tree. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-schema: allow revision numbers of zeroAndrew Tridgell1-6/+3
w2k8r2 sends a revision of zero in the initial schema replication during a net vampire Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-python: accept --option arguments in python cmdline parsingAndrew Tridgell1-10/+17
also fixed the -d option to use lp.set() which calls lp_set_cmdline() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-devel: allow extra net command line options and gdbAndrew Tridgell1-1/+1
This allows you to run: GDB="gdb --args" vampire_ad.sh and also to add higher debug levels like this: vampire_ad.sh -d100 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-21s4-pynet: accept None for target_dir in vampireAndrew Tridgell1-1/+1
2010-04-20s4-smbtorture: add spoolss DriverInfo and winreg consistency test.Günther Deschner1-7/+238
Guenther
2010-04-20s4-smbtorture: add function to get a printserver's environment.Günther Deschner1-0/+22
Guenther
2010-04-20s4-smbtorture: simplify macros used in PrinterInfo winreg consistency teste.Günther Deschner1-22/+22
Guenther
2010-04-20s4-smbtorture: refactor test_GetPrinterDriver2().Günther Deschner1-36/+64
Guenther
2010-04-20s4:dynconfig: fix the autoconf build and pass -DPYTHONDIR=\"$(pythondir)\"Stefan Metzmacher1-2/+2
metze
2010-04-20s4:rpc_server/netlogon: add no memory checksStefan Metzmacher1-1/+2
metze
2010-04-20s4-netlogon: fixed dc_unc and dc_address_typeAndrew Tridgell1-1/+3
These are needed for dcpromo from w2k8r2
2010-04-20s4-smbtorture: add test for csetprinter field behaviour in printer info level 0.Günther Deschner1-0/+71
Suprisingly, that value is always 0 (at least on w2k8r2). Guenther
2010-04-20s4-net: don't show a full python exception when you can't open sam.ldbAndrew Tridgell1-2/+2
2010-04-20s4-net: show a list of commands when someone runs "net" with no argumentsAndrew Tridgell1-1/+1
2010-04-20s4-python: added PYTHONDIR to python search pathAndrew Tridgell1-0/+5
we put it after the scripting/python dir, so we look in the build directory (if applicable) first.
2010-04-20s4-dynconfig: added dyn_PYTHONDIRAndrew Tridgell3-0/+6
2010-04-20s4:netlogon RPC - "fill_one_domain_info" - use "lp_workgroup" for the DC ↵Matthias Dieter Wallnöfer1-1/+1
short domainname discovery Here we don't need to use "lp_sam_name" since in this function we are always a DC.
2010-04-20s4:torture/rpc/netlogon.c - fix typoMatthias Dieter Wallnöfer1-1/+1
2010-04-20pytalloc: ensure talloc_ctx is directly after PyObject_HEADAndrew Tridgell4-10/+10
the talloc python interface for tp_alloc and tp_dealloc relies on a cast to a py_talloc_Object to find the talloc_ctx (see py_talloc_dealloc). This means we rely on the talloc_ctx for the object being directly after the PyObject_HEAD This fixes the talloc free with references bug in samba_dnsupdate The actual problem was the tp_alloc() call in PyCredentialCacheContainer_from_ccache_container() which used a cast from a py_talloc_Object to a PyCredentialCacheContainerObject. That case effectively changed the parent/child relationship between the talloc_ctx and the ccc ptr. This patch changes all the structures that follow this pattern to put the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if anyone else decides to do a dangerous cast like this that it won't cause the same sort of subtle breakage. Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-20talloc: there is no ambiguity when freeing a ptr with a null parentAndrew Tridgell1-1/+1
when a ptr has a single reference and a NULL parent, then talloc_free(ptr) is not ambiguous, as the caller could not have done a talloc_free(NULL) to free the memory Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-20s4:provisionbackend Print the command we failed to start slapd withAndrew Bartlett1-1/+2
This makes it easier to put failed startups into a debugger. Andrew Bartlett
2010-04-20s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()Andrew Bartlett6-13/+106
By putting these values into the cache on the LDB, this reduces some of the noise in provision, particularly with the LDAP backend. Andrew Bartlett