summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-08-22s4-net: better error message on net setpasswordAndrew Tridgell1-3/+5
2010-08-22librpc: add python bindings for the netlogon pipeAndrew Tridgell1-0/+6
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
2010-08-22pyldb: do type checking on the list form of ldb addAndrew Tridgell1-0/+6
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
2010-08-22pidl: give the varible name for bad type in python callsAndrew Tridgell1-1/+1
This makes it much clearer which argument to a function had the wrong type
2010-08-20librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.cStefan Metzmacher2-174/+9
metze
2010-08-20Remove place-holders when it is single domainZahari Zahariev1-18/+32
This patch changes the behavior of LDAPCmp in a single domain scenario. No place-holders will be applied during comparison so replication will be fully tested and even the silightest difference will pop up. There is a second smaller fix when we compre hosts in different domains. This fix disables ${SERVERNAME} paace-holder when there are more then one serevr (domain controller) in the given domain.
2010-08-20s4-dsdb: the RODC_JOIN control also changes samAccountNameAndrew Tridgell1-9/+13
when adding a user with the RODC_JOIN control, the samAccountName is automatically set to the krbtgt_NNNNN form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-pysamdb: fixed get_domain_sid()Andrew Tridgell1-1/+1
we need to actually return the SID! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-ldb: added support for rodc_control in ldbAndrew Tridgell1-0/+27
this allows you to specify the RODC join control in python ldb calls or on the command line Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges callsAndrew Tridgell1-10/+8
when we deny a EXOP_REPL_SECRET call we should set the exop error code to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based on observing windows server behaviour) Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: bring us much closer to the docs for DRS secret replicationAndrew Tridgell1-9/+241
The rules for when a RODC can replicate secrets are: - it can always replicate its own acct - it can also replicate its krbtgt acct - it can't replicate other krbtgt accts - it can't replicate interdomain trust accounts - it can't replicate users in the denied group list - it can replicate users in the allowed group list otherwise it can't replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-dsdb: fixed dsdb_get_extended_dn_sid()Andrew Tridgell1-1/+1
it should honor the component_name Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: implement RODC attribute filtering overrideAndrew Tridgell2-39/+79
When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: added sam_ctx_system on DRS bind stateAndrew Tridgell2-0/+20
The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-19s4 provision: POLICY_ACL is already an FS acl no need to translate itMatthieu Patou1-2/+1
2010-08-19s4 provision: Add some documentation to GPO related functionsMatthieu Patou2-15/+58
2010-08-19unit tests: debug to ease locating pb, remove dir if exists to avoid errorMatthieu Patou1-2/+8
2010-08-19s4 upgradeprovision: exit with a non null return code so that it can be ↵Matthieu Patou1-0/+1
trapped in blackbox tests
2010-08-19s4 upgradeprovision: add more attrbutes the ignore listMatthieu Patou2-5/+20
Also format in a pretty way the int64 ranges
2010-08-19s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless ↵Matthieu Patou1-13/+65
reindexing
2010-08-19s4 upgradeprovision: Add a function for schema reloadingMatthieu Patou1-1/+31
Full schema reloading is needed when we modify exisiting elements that have attributes that comes from not from the default schema (ie. openchange schema, user schema ..)
2010-08-19s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTESMatthieu Patou1-9/+14
This is used by upgradeprovision to readd this delta just before loading a merged schema
2010-08-19s4 upgradeprovision: Fixes for increment_keyversionMatthieu Patou3-3/+22
fix
2010-08-19s4 upgradeprovision: fix a typo and pass correct parameter to ↵Matthieu Patou2-4/+5
increment_calculated_keyversion
2010-08-19s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if ↵Kamen Mazdrashki2-3/+4
it exists
2010-08-19s4-test: make better error message for ATTID checksKamen Mazdrashki1-4/+20
2010-08-19s4-test: Change attribute syntax and value for readabilityKamen Mazdrashki1-3/+3
When it comes to read logs and dumping data received Octet String syntax comes in handy
2010-08-19s4-test: Enable drs.rpc.msdsintid test case - it should be passing nowKamen Mazdrashki1-1/+0
2010-08-19s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be publicKamen Mazdrashki1-3/+3
It is intended to be used in schema_syntax.c module
2010-08-19s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDsKamen Mazdrashki1-3/+16
Depending on which NC is being replicated, GetNCChanges() returns either ATTID based on local prefixMap or msDs-IntId value of the attributeSchema class for the attribute being replicated. If set, msDs-IntId value is always returned when replicating object form NC other than Schema NC. Objects in Schema NC replica always use prefixMap based ATTIDs.
2010-08-19s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema objectKamen Mazdrashki2-14/+55
in case object replicated is not in Schema NC and attributeSchema object has msDs-IntId attribute value set
2010-08-19s4: fix few comment typosKamen Mazdrashki2-3/+3
2010-08-19s4-schema_syntax.c: Fix white spaces and alignmentKamen Mazdrashki1-55/+56
2010-08-19s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functionsKamen Mazdrashki4-57/+45
2010-08-19s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functionsKamen Mazdrashki4-55/+47
2010-08-19s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functionsKamen Mazdrashki3-62/+41
2010-08-19s4-dsdb: Add context structure for dsdb_syntax conversion functionsKamen Mazdrashki2-0/+19
This structure is intended to hold context-dependent data. Syntax-conversion and object-conversion functions need that data to convert objects and attributes from drs-to-ldb and ldb-to-drs correctly. For instance: ATTID value depends on whether we are converting object from partition different that Schema partition.
2010-08-19s4-test-dssync: remove unused variableKamen Mazdrashki1-1/+0
2010-08-17smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly.James Peach1-4/+6
2010-08-17smbtorture: Ensure that the RPC setup returns correct status.James Peach1-4/+4
2010-08-18s4:ldap_server use talloc_unlink() to avoid talloc_free() with referencesAndrew Bartlett1-4/+4
Both the session_info and the ldb can have references. Andrew Bartlett
2010-08-18s4:auth Change {anonymous,system}_session to use common session_info generationAndrew Bartlett2-6/+8
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
2010-08-18s4:auth Avoid doing database lookups for NT AUTHORITY usersAndrew Bartlett2-108/+122
2010-08-18s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett5-58/+4
2010-08-18s4:auth Remove the system:anonymous parameter used for the LDAP backendAndrew Bartlett1-10/+4
This isn't needed any more, and just introduces complexity.
2010-08-18s4:auth Remove special case constructor for admin_session()Andrew Bartlett1-63/+13
There isn't a good reason why this code is duplicated. Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett12-35/+29
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-18s4:ntvfs Don't treat the user SID and primary group SID special for idmapAndrew Bartlett1-12/+4
This simply askes IDMAP about all the user SIDs, rather than the user and group sid, followed by all but the first two sids from the token. Andrew Bartlett
2010-08-18s4:security Bring in #defines for the user and primary group token locationAndrew Bartlett1-0/+3
This will allow us to stop duplicating the user and primary group SID in the struct security_token, and therefore make it more like the NT_USER_TOKEN in Samba3. Andrew Bartlett
2010-08-17s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵Matthias Dieter Wallnöfer1-2/+43
here the new password change syntax