summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-09-12s4-drs: spelling fix, and simpler search expressionAndrew Tridgell1-2/+2
uSNChanged>=N is good enough, and offers a possibility of a simple optimisation where the partition module could look for that expression and check the partitions sequence number, then avoid searching a partition that doesn't have any records with a larger uSN.
2009-09-12s4-repl: don't be too eager to allocate new sequence numbersAndrew Tridgell1-7/+9
we only need to allocate a new sequence number when replPropertyMetaData is changing or being created on an object
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell8-95/+63
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.
2009-09-12s4-drs: fixed the cursor generation to always be filled inAndrew Tridgell1-102/+152
We were relying on the uSNChanged>=n search always finding the DN of the root of the partition, but this now doesn't happen very often as we are now restricting when we change uSNChanged. This means we need to always load the replUpToDateVector attribute from the NC root and use it to populate the cursors in the return.
2009-09-12s4-repl: use common functions to simplify updaterefs.cAndrew Tridgell1-108/+4
We now have dsdb_loadreps() and dsdb_savereps()
2009-09-12s4-repl: we should only update uSNChanged when replication data changesAndrew Tridgell1-29/+39
When changing non-replicated attributes we should not update the uSNChanged attribute on the record, otherwise the DRS server will think this record needs replicating.
2009-09-12s4-kcc: we should only add to the repsFrom if it doesn't already existAndrew Tridgell2-45/+182
If we already have a repsFrom for a particular DC and naming context then we should not overwrite it, as it contains info on what replication we've already done
2009-09-12Fix up-to-dateness vector creation.Anatoliy Atanasov1-15/+76
2009-09-12repl_meta_data: Fix include path when building with standalone ldb.Jelmer Vernooij1-1/+1
2009-09-11ldb: Remove references to operational module init function.Jelmer Vernooij2-2/+0
This module is now part of Samba 4's dsdb subsystem rather than standalone ldb.
2009-09-11ldb: Support running testsuite without installing first.Jelmer Vernooij2-4/+5
2009-09-11s4:group policies - add the domain controller group policyMatthias Dieter Wallnöfer4-11/+60
This patches fixes the last difference between s4 and Windows Server regarding group policy objects: we hadn't the domain controller policy. - Adds the domain controller policy as it is found in the "original" AD - Adds also the right version number in the GPT.INI file for the domain group policy (was missing)
2009-09-11s4-vampire: cope with no invocationID when vampiring the schemaAndrew Tridgell1-3/+4
2009-09-11s4-drs: fixed the ldap SPN in AddEntryAndrew Tridgell1-1/+1
2009-09-11s4-provision: revert _gc_tcp priorityAndrew Tridgell1-1/+1
thanks to id10ts for spotting this. I was a victim of emacs zone mode, which increaed it with each edit.
2009-09-11s4-repl: refresh the partitions on each cycleAndrew Tridgell2-3/+4
The KCC might have changed repsFrom, which is stored in the partitions structure
2009-09-11s4-smbtorture: fix remaining lsa lookup call unknowns. sorry...Günther Deschner1-4/+4
Guenther
2009-09-11s4-kcc: add a very simple KCCAndrew Tridgell6-1/+535
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon that works out who will replicate with who in a AD domain. This implements an extremely simple KCC task that just wants to replicate with everyone :-)
2009-09-11s4-repl: don't update replPropertyMetaData for non-replicated attributesAndrew Tridgell1-0/+7
thanks to Metze for spotting this
2009-09-11s4-idl: added the IDL for the DsReplica* callsAndrew Tridgell1-9/+9
2009-09-11lsa: fill in more unknowns in lsa_LookupSid calls.Günther Deschner2-10/+10
Guenther
2009-09-11s4:ldb_map_outbound - fix memory leakMatthias Dieter Wallnöfer1-0/+2
Patch from Andrew Kroeger wasn't fully correct - we need a "talloc_free" after the "if (ac->r_current == NULL)" statement.
2009-09-11s4-repl: on every ldb modify we need to update replPropertyMetaDataAndrew Tridgell1-8/+171
Every time we change a ldb object with the repl_meta_data module loaded we need to update the replPropertyMetaData attribute to fix the timestamps and USNs of the attributes being changed.
2009-09-11s4-repl: don't add the RDN if it is already thereAndrew Tridgell1-3/+19
2009-09-11s4-ldb: don't remove a message element beyond the end of the arrayAndrew Tridgell1-0/+4
2009-09-11s4-provision: use DNS name, not domain nameAndrew Tridgell2-2/+3
The SPNs end in the DNS domain name
2009-09-11s4-drs: actually call the new drsuapi_add_SPNs() codeAndrew Tridgell1-2/+2
An early return here didn't do any good :-)
2009-09-11s4-drs: add the magic DRS SPNs on AddEntryAndrew Tridgell2-27/+122
When a DsAddEntry is used to create a nTDSDSA object we need to also create the SPNs for the NTDS GUID in the servers machine account.
2009-09-11s4/provision: add the nTDSDSA GUID based DNS entries and SPNsAndrew Tridgell3-12/+27
The DNS entries and SPNs are needed for samba<->samba DRS replication. This patch adds them for a standalone DC configure. A separate patch will add them for the vampire configure
2009-09-11s4/drs: parentGUID needs to be specififcally asked forAndrew Tridgell1-1/+2
Right now parentGUID is a normal attribute in s4, but it should be generated, which means we need to ask for it in a search if we want to use it.
2009-09-11s4/libcli: when we get a DNS lookup failure show the nameAndrew Tridgell1-0/+2
When tracking down complex connection problems its useful knowing what name lookups failed.
2009-09-11s4/tort: RPC-DRSUAPI test case refactored to match torture architectureKamen Mazdrashki2-68/+74
2009-09-11s4/tort: code clean up using torture_drsuapi_assert_call() macroKamen Mazdrashki1-132/+36
After this change, when a test fails, it gives reasonable failure message.
2009-09-11s4/tort: assert macro for drsuapi dcerpc callKamen Mazdrashki1-0/+26
The macro actually wraps common code pattern used in almost every test for DRSUAPI interface
2009-09-11s4/tort: Propagate torture_context and use torture_commentKamen Mazdrashki1-66/+79
NOTE: Not every place where printf is used is replaced by torture_comment. Future work shall "missed" printfs also.
2009-09-11s4:setup Updated Display Specifiers from Microsoft (with #s)Andrew Bartlett5-91/+30
This fixes the issue with the original files that they didn't have a leading # in front of the comments, which caused our parsing scripts much pain. The files are now exactly as delivered. Andrew Bartlett
2009-09-11s4:ldb_map: Don't free ares too early.Andrew Kroeger1-3/+3
As found when running "make test" with the MALLOC_CHECK_ and MALLOC_PERTURB_ environment variables set.
2009-09-11s4/tort: CRACKNAMES tests to use private structure for testing.Kamen Mazdrashki1-2/+33
DsCrackNamesPrivate structure basically inherits DsPrivate structure while adding few test-specific members.
2009-09-11s4/tort: Make common setup/teardown drsuapi test funcs really commonKamen Mazdrashki1-13/+6
2009-09-11s4/tort: CrackNames test update to work against W2K3.Kamen Mazdrashki1-0/+4
DRSUAPI_DS_NAME_FORMAT_UKNOWN added to 'known-to-fail' responses as this actually means to ask AD to resolve a name from FQDN format to Unknown format.
2009-09-10s4:srvsvc: Fix logic on error checking.Andrew Kroeger1-6/+6
2009-09-10s4:pwsettings: Added blackbox tests.Andrew Kroeger1-0/+2
The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings.
2009-09-10s4:pwsettings: Show default values in help messages.Andrew Kroeger1-4/+4
2009-09-10s4:pwsettings: Add 'default' option for password complexity.Andrew Kroeger1-2/+2
2009-09-10s4:pwsettings: Added validation.Andrew Kroeger1-4/+26
Validate that each field is within its allowed range. Also validate that the maximum password age is greater than the minimum password length (if the maximum password age is set). I could not find these values documented anywhere in the WSPP docs. I used the values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs the validation of values.
2009-09-10s4:pwsettings: Don't assume a value for pwdProperties.Andrew Kroeger1-2/+2
If we cannot retrieve the value, do not assume a particular value. The fact that we could not retrieve the value indicates a larger problem that we don't want to make worse bypossibly clearing bit fields in the pwdProperties attribute.
2009-09-10s4:pwsettings: Run all updates as a single modify() operation.Andrew Kroeger1-31/+19
This ensures that all changes are made, or none are made. It also makes it possible to do validation as we go and abort in case of an error, while always leaving things in a consistent state.
2009-09-10s4:pwsettings: Added --quiet option.Andrew Kroeger1-16/+17
Also changed all non-error status output to use the message() function, which respects the --quiet option.
2009-09-10s4:netlogon - Put the "supported encryption types" more back in the ↵Matthias Dieter Wallnöfer1-6/+8
"LogonGetDomainInfo" call They're needed only at the end.
2009-09-10Revert "s4: Let the "setpassword" script finally use the ↵Matthias Dieter Wallnöfer2-70/+9
"samdb_set_password" routine" This reverts commit fdd62e9699b181a140292689fcd88a559bc26211. abartlet and I agreed that this isn't the right way to enforce the password policies. Sooner or later we've to control them anyway on the directory level.