summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2012-06-25s4-samba_upgradedns: Do not set DNS account for internal serverAndrew Bartlett1-32/+32
The internal DNS server does not need the samba-only NAME-dns account. Andrew Bartlett
2012-06-25s4-join: Import DNS zones in AD DC joinAndrew Bartlett3-20/+59
2012-06-24selftest: Test unix.whoami with kerberos on plugin_s4_dcAndrew Bartlett1-16/+4
This also tests the comparison with LDAP on anonymous connections and marks this as knownfail, while we investigate the correct behaviour here. Andrew Bartlett
2012-06-24s4-classicupgrade: Allow DNS backend to be specifiedAndrew Bartlett2-6/+12
2012-06-24s4-drepl: Ensure that the op->source does not get deallocated too earlyAndrew Bartlett2-9/+25
We need to have the struct dreplsrv_partition_source_dsa around until the end of the async op, so we use talloc_reference after carefully checking the callers and making the modifications required. This prevents a crash when replicating partitions in the vampire_dc test after adding DNS replication at join time. Andrew Bartlett
2012-06-23selftest: schema is not automatically reloaded now so if you modify it you ↵Matthieu Patou1-0/+9
have to reload it Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
2012-06-22s4-dsdb: operational handle modifyTimeStamp on the CN=aggregate DNMatthieu Patou1-1/+37
modifyTimeStamp is a generated attribute, for most object it's generated directly from the whenChanged attribute. But for the CN=aggregate object in the schema we have to handle it in a different way, that's because for this object whenChanged!=modifyTimeStamp (as checked against Windows 2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the most recently modified and loaded schema object (that is to the one with the highest USN before the schema was reload due to timeout or by the reloadSchemaNow command). Some third party are using this information to know if they have to update their schema cache and also to check that schema updates have been correctly reloaded by the DC, a good example of this behavior is exchange 2010.
2012-06-22s4-schema: improve the documentation of the dsdb_schema structureMatthieu Patou1-4/+6
2012-06-22s4-dsdb: Check for key SCHEMA_SEQ_NUM in metadata.tdb updatesMatthieu Patou2-3/+192
If the value has changed then reload the schema, this means that now the schema is only reloaded on a periodical basis or if we have been asked explicitly to do it and not necesserly if the schema partition has changed.
2012-06-22s4-dsdb: Add/Update SCHEMA_SEQ_NUM key in the metadata.tdb after schemaUpdateNowMatthieu Patou4-2/+43
The idea is to signal to other process accessing the database that the schema was forced to be reloaded and so they should reload as well.
2012-06-22s4-drs: if schema has changed during replication notify other process that ↵Matthieu Patou1-0/+55
they have to reload the schema
2012-06-22s4-dsdb: move schema_load at the top of module stackMatthieu Patou1-1/+1
2012-06-22s4-extended: do not try to fix if there is no schemaMatthieu Patou1-0/+4
2012-06-22s4-schema: keep track of the timestamp of the most recently changed/created ↵Matthieu Patou3-1/+13
object
2012-06-22s4-schema: generalized time use its own syntax nowMatthieu Patou1-1/+0
2012-06-22s4-drsuapi: Fix a const warningMatthieu Patou1-1/+1
2012-06-22s4-drsuapi: rework the crackname implementation of functionnal namesMatthieu Patou1-24/+122
2012-06-22s4-dsdb-linkedattributes: register the VERIFY_NAME control, handle it when ↵Matthieu Patou1-10/+97
we are a GC In theory when presented this control and not a GC we should use the specified name as the DC to contact for cross-domain link verification. But for the moment we don't support this so we just fail when we have this control and are not a GC.
2012-06-22s4-ldap: handle VERIFY_NAME control encoding/decodingMatthieu Patou1-0/+96
2012-06-22s4-dsdb: support otherWellKnownObjectsMatthieu Patou1-24/+31
2012-06-22s4-dsdb: Try to avoid much of the time a db search for msDS-IntIDMatthieu Patou3-14/+97
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID). If so generate another random value. If not check if the highest USN in the database for the schema partition is the one that we know. If so it means that's only this ldb context that is touching the schema in the database. If not it means that's someone else has modified the database while we are doing our changes too (this case should be very bery rare) in order to be sure do the search in the database.
2012-06-22dsdb-schema: do not reload more often than schema_reload_intervalMatthieu Patou5-4/+65
Samba 4 use to try to reload the schema every time dsdb_get_schema was called (which could be 20+ time per ldb request). Now we only reload at most every xx seconds (xx being the value of dsdb:"schema_reload_interval" or 120). The timestamp of the last reloaded schema is kept in the dsdb_schema object. There is also a timestamp in the ldb_context, that is used by the LDAP server to know if it has to reload the schema after handling the request. This is used to allow that the schema will be immediately reload after a schemaUpdateNow request has been issued, the reload can't occur in the handling of the LDAP request itself because we have a transaction autostarted.
2012-06-22s4-dsdb: fix a warning about unused variableMatthieu Patou1-3/+0
2012-06-22s4:torture/raw: add raw.session.expire1Stefan Metzmacher1-0/+200
This demonstrates the interaction of CAP_DYNAMIC_REAUTH and NT_STATUS_NETWORK_SESSION_EXPIRED. metze
2012-06-22s4:torture/smb2: run smb2.session.reauth5 in a subdirectoryStefan Metzmacher1-14/+77
This way we can give anonymous full access to the directory. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 22 11:30:06 CEST 2012 on sn-devel-104
2012-06-22s4:torture/smb2: add smb2.durable-open.lock-oplockStefan Metzmacher1-0/+79
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 22 03:37:54 CEST 2012 on sn-devel-104
2012-06-22s4:torture/smb2: rename smb2.durable-open.lock to smb2.durable-open.lock-leaseStefan Metzmacher1-4/+4
metze
2012-06-21samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij5-23/+25
2012-06-21s4-provision: Give better clues on what Samba needs for s3fs ACL supportAndrew Bartlett1-1/+7
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 21 14:07:55 CEST 2012 on sn-devel-104
2012-06-21s4:torture/smb2: add smb2.durable-open.delete_on_close1Stefan Metzmacher1-2/+126
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jun 21 10:19:00 CEST 2012 on sn-devel-104
2012-06-21samba-tool: gpo: Fix creation of filesystem ACL from directory ACLAmitay Isaacs1-2/+8
Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Thu Jun 21 03:25:57 CEST 2012 on sn-devel-104
2012-06-21s4-pysmb: Parse security info as an unsigned integerAmitay Isaacs1-1/+1
2012-06-20s4-torture: Expand whoami test to confirm the user token.Andrew Bartlett1-2/+44
This uses the tokenGroups attribute on LDAP and the posix whoami call to confirm that user token matches between LDAP and CIFS. I have a seperate patch for the anonymous case, because this isn't consistent at this stage, and we need to study and fix that. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 20 18:43:43 CEST 2012 on sn-devel-104
2012-06-20s4-torture: Change the unix.whoami test to use torture_assert()Andrew Bartlett1-24/+19
2012-06-20s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett3-22/+51
errors
2012-06-20s4-provision: Remove --slapd-path optionAndrew Bartlett3-9/+6
This just leaves a default enough for the test code to still check the start of the provision. This may well be removed in future, and we wish to reduce the extra options to provision. Andrew Bartlett
2012-06-20s4-provision: Remove last unused remenants of the 'sid generator' configurationAndrew Bartlett1-10/+3
This was part of the now-abandoned S4 AD LDAP backend project. Andrew Bartlett
2012-06-20Revert "s4-libcli: Remove unused finddcs_nbt"Andrew Bartlett1-0/+311
This reverts commit 06c90cb6f55701effa4cbafaf189a4de8471949b. There is genuine interest in using this currently unused code, so put it back into the tree to avoid folks having to rewrite it. It should be carefully hooked back into libnet at some point, and possibly told how to talk to the s3 nmbd socket if nbt_server isn't running. The wscript patches are skipped, due to the way the extra dep interacted with the build system. When used, this will be resolved. Andrew Bartlett
2012-06-19auth: Use only security_token_is_system to determine that a user is SYSTEMAndrew Bartlett1-2/+0
This removes the duplication on how to detect that a user is system in Samba now that the smbd system account is also only SID_NT_SYSTEM we can use the same check everywhere. Andrew Bartlett Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-19lib/tdb_wrap: use tdb directly, not tdb_compat.Rusty Russell2-3/+1
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-19ldb: use tdb directly, not tdb_compat.Rusty Russell1-6/+6
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-17heimdal:lib/wind: include <stdlib.h> at the endStefan Metzmacher3-3/+3
This makes sure config.h gets includes first. This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Jun 17 16:16:24 CEST 2012 on sn-devel-104
2012-06-16heimdal:lib/wind: make sure errorlist_table.c includes config.h as first headerStefan Metzmacher1-1/+1
This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jun 16 23:59:07 CEST 2012 on sn-devel-104
2012-06-16heimdal:lib/krb5: don't name a struct 'token'Stefan Metzmacher1-1/+1
This is a static const struct and the name is never used, so just make it an anonymous struct. This hopefully fixes the build on AIX: "../source4/heimdal/lib/roken/roken-common.h", line 276.9: 1506-236 (W) Macro name __attribute__ has been redefined. "../source4/heimdal/lib/roken/roken-common.h", line 276.9: 1506-358 (I) "__attribute__" is defined on line 45 of ../source4/heimdal/lib/com_err/com_err.h. "../source4/heimdal/lib/krb5/expand_path.c", line 331.21: 1506-334 (S) Identifier token has already been defined on line 98 of "/usr/include/net/if_arp.h". "../source4/heimdal/lib/krb5/expand_path.c", line 390.43: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 391.31: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 392.20: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 392.48: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 393.39: 1506-019 (S) Expecting an array or a pointer to object type. Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin' Build failed: -> task failed (err #1): {task: cc expand_path.c -> expand_path_52.o} gmake: *** [all] Error 1 metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jun 16 15:20:59 CEST 2012 on sn-devel-104
2012-06-16s4-classicupgrade: Also ask testparm for 'smb passwd file'Andrew Bartlett1-0/+2
2012-06-16s4-classicupgrade: Use "samba classic" description for samba3 NT4-like ↵Andrew Bartlett2-11/+13
domains in samba3upgrade
2012-06-16s4-lib/param: FLAG DAY for the default FILE SERVERAndrew Bartlett1-4/+4
This commit changes the default file server to be s3fs. Existing installs wishing to keep the ntvfs file server need to set this in their smb.conf: server services = +smb -s3fs dcerpc endpoint services = +winreg +srvsvc Andrew Bartlett
2012-06-16s4-s3upgrade: Assert that administrator has a SID of -500, and only skip ↵Andrew Bartlett1-2/+9
root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett
2012-06-16s4-s3upgrade: Add my wins.dat and fix the parsing errorAndrew Bartlett2-1/+4
The issue was that the numbers at the end of the lines are space padded. Andrew Bartlett
2012-06-16s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entriesAndrew Bartlett1-2/+32