summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-08-25s4-repl: load RODC partitions using msDS-hasFullReplicaNCsAndrew Tridgell2-4/+28
we mark these as incoming_only Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-smbtorture: Added a torture test for forest trustsSumit Bose5-2/+841
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-25s4-smbtorture: Make test_SetupCredentials3 publicSumit Bose2-1/+25
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-25s4-smbtorture: fill in trust_domain_passwords_check_in in NDR lsa test.Günther Deschner1-7/+35
Guenther
2010-08-25Fix RPC-LSA-TRUSTED-DOMAINS for changed IDLSumit Bose1-0/+10
2010-08-25s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.Günther Deschner2-49/+19
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
2010-08-25s4-dsdb: make more of the UF_* flags available on pydsdbAndrew Tridgell1-0/+28
this really should be moved to IDL
2010-08-25s4-rodc: broke up RODC join into separate functionsAndrew Tridgell1-186/+194
this also removes some of the magic constants
2010-08-25s4-rodc: added REPL_SECRET exop replication of accountsAndrew Tridgell1-11/+58
During a RODC join, we need to fetch the secrets for the machine account and krbtgt account using GetNCChanges DRSUAPI_EXOP_REPL_SECRET calls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-dsdb: add more DS flags to the dsdb moduleAndrew Tridgell1-0/+15
These are from libds/common/flags.h Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-dsdb: added get_attid_from_lDAPDisplayName() on samdbAndrew Tridgell2-0/+49
This can be used to form the partial_attribute_set list for GetNCChanges Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-rodc: next step in RODC join codeAndrew Tridgell1-126/+218
a RODC net join can now replicate the schame, config and base partitions, by calling the net.replicate*() python hooks, and driving the GetNCChanges calls from python Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-pynet: added replicate_init() and replicate_chunk() callsAndrew Tridgell1-35/+134
these calls allow python code to pass chunks from DRS replication calls into the code that applies the chunks to a database Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-libnet: added libnet_vampire_replicate_init()Andrew Tridgell1-0/+17
this is used to setup for later calls to the replicate chunk functions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4:getncchanges.c - fix some counter variable typesMatthias Dieter Wallnöfer1-3/+3
They should be "unsigned" since they count LDB objects. And also the SID array can be counted as "unsigned".
2010-08-23s4-devel: added a getncchanges developer scriptAndrew Tridgell1-0/+120
this allows for command line access to getncchanges it also provides a good example of calling DRSUAPI interfaces from python Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-pyrpc: use s4_event_context_init()Andrew Tridgell1-1/+1
This fixes a crash when using kerberos and the python dcercpc interface, which requires event nesting Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-pyregistry: use s4_event_context_init()Andrew Tridgell1-2/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-event: event_context_find() should use s4_event_context_init()Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-net: role should be case insensitive for joinAndrew Tridgell1-1/+4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-drs: show the user sid that does the GetNCChanges callAndrew Tridgell1-2/+3
this is useful when debugging replication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-drs: removed the warning on WRIT_REP being setAndrew Tridgell1-4/+2
we just need to clear this flag
2010-08-23s4-net: added initial implemention of RODC joinAndrew Tridgell2-6/+311
This does the join using python code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23libnet-s4: added replicate() command in pynetAndrew Tridgell1-0/+60
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-libnet: split libnet_Vampire() into two partsAndrew Tridgell2-26/+82
libnet_Replicate() will do just the replication portion of libnet_Vampire(). This will be used by the RODC join, where the join part of the operation happens in python, and behaves quite differently to the libnet_Join() code. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-libnet: show the DN when DsAddEntry() failsAndrew Tridgell1-1/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-net: moved the net join command to pythonAndrew Tridgell5-108/+5
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-libnet: added join type constants to python interfaceAndrew Tridgell1-0/+4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-python: added ndr_print() method in ndrAndrew Tridgell1-0/+3
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett16-59/+60
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-22s4: Only install testparm to /usr/bin/, no longer to /usr/sbin.Jelmer Vernooij1-1/+1
2010-08-22s4: Install testparm to /usr/bin, consistent with old behaviour.Jelmer Vernooij1-3/+3
2010-08-22Avoid use of Samba DTD, which requires net access.Jelmer Vernooij10-14/+10
2010-08-22s4-net: better error message on net setpasswordAndrew Tridgell1-3/+5
2010-08-22librpc: add python bindings for the netlogon pipeAndrew Tridgell1-0/+6
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
2010-08-22pyldb: do type checking on the list form of ldb addAndrew Tridgell1-0/+6
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
2010-08-22pidl: give the varible name for bad type in python callsAndrew Tridgell1-1/+1
This makes it much clearer which argument to a function had the wrong type
2010-08-20librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.cStefan Metzmacher2-174/+9
metze
2010-08-20Remove place-holders when it is single domainZahari Zahariev1-18/+32
This patch changes the behavior of LDAPCmp in a single domain scenario. No place-holders will be applied during comparison so replication will be fully tested and even the silightest difference will pop up. There is a second smaller fix when we compre hosts in different domains. This fix disables ${SERVERNAME} paace-holder when there are more then one serevr (domain controller) in the given domain.
2010-08-20s4-dsdb: the RODC_JOIN control also changes samAccountNameAndrew Tridgell1-9/+13
when adding a user with the RODC_JOIN control, the samAccountName is automatically set to the krbtgt_NNNNN form Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-pysamdb: fixed get_domain_sid()Andrew Tridgell1-1/+1
we need to actually return the SID! Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-ldb: added support for rodc_control in ldbAndrew Tridgell1-0/+27
this allows you to specify the RODC join control in python ldb calls or on the command line Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges callsAndrew Tridgell1-10/+8
when we deny a EXOP_REPL_SECRET call we should set the exop error code to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based on observing windows server behaviour) Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: bring us much closer to the docs for DRS secret replicationAndrew Tridgell1-9/+241
The rules for when a RODC can replicate secrets are: - it can always replicate its own acct - it can also replicate its krbtgt acct - it can't replicate other krbtgt accts - it can't replicate interdomain trust accounts - it can't replicate users in the denied group list - it can replicate users in the allowed group list otherwise it can't replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-dsdb: fixed dsdb_get_extended_dn_sid()Andrew Tridgell1-1/+1
it should honor the component_name Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: implement RODC attribute filtering overrideAndrew Tridgell2-39/+79
When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: added sam_ctx_system on DRS bind stateAndrew Tridgell2-0/+20
The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-19s4 provision: POLICY_ACL is already an FS acl no need to translate itMatthieu Patou1-2/+1
2010-08-19s4 provision: Add some documentation to GPO related functionsMatthieu Patou2-15/+58
2010-08-19unit tests: debug to ease locating pb, remove dir if exists to avoid errorMatthieu Patou1-2/+8