summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10955: finally worked out why our computer accounts were being identified ↵Andrew Tridgell1-0/+1
as users in mmc. The problem was that the samdb module was auto-adding objectClass=user for these accounts. That would be OK, as computer accounts are supposed to be in that objectClass, but mmc cares about the order of the values in the objectClass attribute! It looks for the last value, and takes that as the value to use when deciding how to manipulate the record. So, this patch adds an explicit objectClass=user to the record when it gets created, which tells the samdb module to not add it as well. That fixes the order. I suspect we are missing something else though - is objectClass supposed to auto-sort based on the schema? (This used to be commit 68c5f807fdb99fd605154d455e61a08293cbd2d0)
2007-10-10r10954: added support for canonicalName in the operational module, using theAndrew Tridgell3-32/+94
dn->canonicalName function abartlet just committed (This used to be commit 197e8a27f0557869eacd17b74e1b14e0665883b1)
2007-10-10r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.cAndrew Bartlett4-97/+210
Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2007-10-10r10950: More cracknames variations (including expected values) than you canAndrew Bartlett1-16/+76
poke a stick at... Andrew Bartlett (This used to be commit e4b21300304f8c66c81fa0d15198c640d87db68e)
2007-10-10r10946: Use the right name for the remote workstation, and always initialise it.Andrew Bartlett2-4/+7
Should fix a valgrind error volker is seeing. Andrew Bartlett (This used to be commit 11957c5f37fe0a0be465a9ce9d6d256724c5951c)
2007-10-10r10945: Free the salt after we are done with it. May need a merge to similarAndrew Bartlett1-2/+4
code in Samba3. Andrew Bartlett (This used to be commit 36e302bac87d0a07c86cc4c841d376c778630dab)
2007-10-10r10941: Hmmm. Making that fn static is more correct.Volker Lendecke2-2/+1
(This used to be commit eaf347bdeaaddb655fe72ddb98f3a67ace795937)
2007-10-10r10940: add struct definitionVolker Lendecke1-0/+1
(This used to be commit 295271a329586d0858b6d6b845b8ebba3d035f5f)
2007-10-10r10936: Commit work in progress: wb_pam_auth_crap made async. This does not ↵Volker Lendecke4-19/+326
work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2007-10-10r10934: Fix a gcc 4 warningVolker Lendecke1-1/+2
(This used to be commit 317edeb546ef03507812e5a0fa1fb331073f55c1)
2007-10-10r10924: we don't need this line twiceStefan Metzmacher1-1/+0
metze (This used to be commit f1ee8d4b58d97888dc4c57af34c7604ee9dd2a73)
2007-10-10r10920: in case of a accept() failure just failing and trying again is noAndrew Tridgell3-0/+17
good, as it is probably a resource constraint, so if we just try again we will spin (as the incoming socket will still be readable). Using a sleep(1) solves this by throtting smbd until the resource constraint goes away. if the resource constraint doesn't go away, then at least smbd won't be spinning chewing cpu (This used to be commit 7a5a9da477186b5e4fdb34ec64cc97915de4fd8e)
2007-10-10r10918: - fixed standalone ldb buildAndrew Tridgell8-241/+15
- added note about allowedAttributesEffective (will be needed for mmc) - fixed some more ldb warnings (This used to be commit e9e4d81b6976549db8a7668572a5da466fbec4a9)
2007-10-10r10917: copy the element name in a ldb_msg_rename_attr() and ↵Andrew Tridgell3-9/+18
ldb_msg_copy_attr() to ensure that callers (like the ldap server) can talloc_steal the name (This used to be commit 9c914542cc346758c82f89990c80eb096a9c0959)
2007-10-10r10916: - finished the 'operational' ldb moduleAndrew Tridgell8-42/+148
- removed the timestamps module, replacing it with the operational module - added a ldb_msg_copy_shallow() function which should be used when a module wants to add new elements to a message on add/modify. This is needed because the caller might be using a constant structure, or may want to re-use the structure again - enabled the UTC time attribute syntaxes in the operational module (This used to be commit 61e8b010223ac6a0573185008f3719ba29574688)
2007-10-10r10915: added a standard attribute handler for a ldap UTC time stringAndrew Tridgell3-11/+56
(This used to be commit efd7dd1a775c06f21924f35760f7768b4e8db449)
2007-10-10r10914: moved the ldap time string functions into ldb so they can be used byAndrew Tridgell7-59/+52
the time attribute handling functions (This used to be commit 93c296d52718e77f8b702e1721b548eaadc56c76)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell35-281/+625
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10912: added a test for supporting batch oplock upgradesAndrew Tridgell1-0/+14
(This used to be commit 1183af06b70a06ef7a1af665567560e9158fc960)
2007-10-10r10897: added in a hackish ldb proxy module that I am using to experiment withAndrew Tridgell3-0/+351
mmc management support (This used to be commit 99a5b088810e8e2f4e28b99a4a0e5e7dc9301594)
2007-10-10r10896: added a strcasestr() replacement functionAndrew Tridgell3-2/+20
(This used to be commit 4483d275e12006e5acc72ae143c0a01da01bd00d)
2007-10-10r10895: allow 'dn=string' searches to work again. Windows doesn't allow these,Andrew Tridgell1-7/+2
but they are so very useful for things like dn=@MODULES that I think its worth supporting them (This used to be commit e2e3193a98b0f81c7bdb02c98db375ca0449022a)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell14-40/+37
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10893: add configure test for utime (needed for the previous utime patch)Andrew Tridgell1-1/+1
(This used to be commit ef020d599fd2336cbf879920fe3505b97783dfc8)
2007-10-10r10892: - improved the handling of the special distinguishedName attributeAndrew Tridgell1-85/+43
- ensure we don't add attributes twice, should a user ask for the attribute twice. Do this in such a way that we don't become O(n^2) - removed some unused code (This used to be commit 7684cdb47b4ae516f066afb249d5f88032152ec9)
2007-10-10r10891: I noticed that the secrets.db was not being backed up on my system dueAndrew Tridgell1-0/+9
to msync/mmap not changing the mtime of the file. This patch ensures that for successfully completed transactions we update the mtime. I don't do this on all tdb writes as its too expensive, but doing it just on transactions is bearable, as those cost quite a lot anyway. (This used to be commit b2934732dd62f705f59c124f19460c5436a9a422)
2007-10-10r10889: make searches for dn's less of a special case, and much faster whenAndrew Tridgell2-15/+7
part of more complex expressions (This used to be commit 40d304140b4cf22559d6b55c8cbaf1b984baf62f)
2007-10-10r10880: Missed terminating ';', sorry.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 2680aeffb1e40a7d1d59c98f0ee533d7c4362f40)
2007-10-10r10879: Added the ZERO_STRUCT(q_u), (r_u) entries to the generatedJeremy Allison1-0/+3
Samba3 code. Jelmer please check ! Jeremy. (This used to be commit 534e8d16228ad4f1306ddf21ea9c9b988d736525)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke11-330/+520
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10873: check the complete payload headerStefan Metzmacher1-3/+11
metze (This used to be commit 27f8d82231f2978ff15719e4b23912ae7f910638)
2007-10-10r10872: fix the length of the dummy XPRESS decompressed bufferStefan Metzmacher1-1/+1
metze (This used to be commit 0a1e4498a3550721b214716d1106843bf1ff4597)
2007-10-10r10871: make xpress compression choosable, by --option="dssync:xpress=yes",Stefan Metzmacher1-1/+29
default is to not use it, as it's currently not supported metze (This used to be commit 2fb79e24228a47edcb7e1e12fb73def523b0400b)
2007-10-10r10870: decompress DsGetNCChangesCtr7 replies, that uses type 2 (MSZIP)Stefan Metzmacher1-19/+57
compression metze (This used to be commit b451137526c4872a808f14ef42b2ed50abce1355)
2007-10-10r10869: add dummy functions and dummy parsing of XPRESS decompression,Stefan Metzmacher2-8/+87
this is the compression algorithm used by w2k3 for DsGetNCChanges(). This algorithm isn't known yet, but it seems to be some sort of Lempel-Ziv algorithm. metze (This used to be commit 694252b6e02e365ae5baffb76cdbc89eec5358e7)
2007-10-10r10868: make flag(NDR_PAHEX) possible to use and show the union level in hexStefan Metzmacher2-4/+10
metze (This used to be commit 7efb92adc057ad8a993eb9de66c3806608747104)
2007-10-10r10867: add WERR_UNKNOWN_REVISION errorcodeStefan Metzmacher2-0/+2
metze (This used to be commit b436206c498ea166b8b9fa47638d5f8f6f4752bf)
2007-10-10r10865: merge branches/SOC/SAMBA_4_0 into main the main SAMBA_4_0 treeStefan Metzmacher4-4/+420
metze r8017@SERNOX: metze | 2005-06-30 13:44:23 +0200 create the SAMBA_4_0 branch for the Summer Of Code Project metze r8730@SERNOX: brad | 2005-07-24 03:09:48 +0200 Branching Samba 4 r8731@SERNOX: brad | 2005-07-24 06:39:00 +0200 added 'make installmisc' to howto.txt added existing 'compression' option to level8 drsuapi torture test added new 'neighbour_writeable' option to level8 drsuapi torture test r8732@SERNOX: brad | 2005-07-24 06:42:38 +0200 added metze's dssync patch as source/torture/rpc/dssync.c r8739@SERNOX: brad | 2005-07-25 00:24:46 +0200 added a test called RPC-DSSYNC to config.mk hacking at dssync.c in an attempt to make it compile r8754@SERNOX: brad | 2005-07-25 15:19:21 +0200 Changing dssync.c to use ldb routines for accessing ldap rather than raw ldap calls. r8765@SERNOX: brad | 2005-07-26 03:35:38 +0200 more ldb changes to test_CompleteJoin(), it mostly kind of almost works now! r8766@SERNOX: brad | 2005-07-26 03:56:00 +0200 Trying to fix the crazy nesting in the branch r8769@SERNOX: brad | 2005-07-26 04:48:29 +0200 merging latest changes r8770@SERNOX: brad | 2005-07-26 04:53:43 +0200 removing nested branch r8793@SERNOX: jerry | 2005-07-27 05:04:57 +0200 merging on of Brad missing changes from the nested 4.0 branch debacle r8794@SERNOX: jerry | 2005-07-27 05:14:42 +0200 syncing up with the main 4_0 branch for Brad r8842@SERNOX: brad | 2005-07-29 00:26:30 +0200 merging changes from branches/SAMBA_4_0 r8850@SERNOX: brad | 2005-07-29 21:07:57 +0200 Bringing my tree up to date r8851@SERNOX: brad | 2005-07-30 00:48:04 +0200 making dssync.c more ldb-centric, reverted samlogon.c from rev. 8845 to get my branch to compile again. r8856@SERNOX: brad | 2005-07-30 03:20:33 +0200 I think I have the ldb code down in test_CompleteJoin (not complete yet though) r8860@SERNOX: brad | 2005-07-30 07:08:13 +0200 Changed comments to C style /**/ (thanks Richard), some more changes to test_CompleteJoin(). r8862@SERNOX: brad | 2005-07-31 04:45:32 +0200 Bringing the SOC/SAMBA_4_0 branch up to date. r8863@SERNOX: brad | 2005-07-31 20:00:41 +0200 Updated some missing files from the branch r8864@SERNOX: brad | 2005-07-31 20:25:50 +0200 Removing autogenerated files from branch r8865@SERNOX: brad | 2005-07-31 20:43:58 +0200 last of the unneeded files in SOC/SAMBA_4_0 r9004@SERNOX: brad | 2005-08-03 18:51:23 +0200 r5214@buttercup: j0j0 | 2005-08-03 10:44:30 -0600 r@buttercup: j0j0 | 2005-08-02 22:54:13 -0600 creating a local branch of branches/SAMBA_4_0 r9013@SERNOX: brad | 2005-08-03 20:57:48 +0200 r5228@buttercup: j0j0 | 2005-08-03 13:00:11 -0600 Fixing differences between this branch and /branches/SAMBA_4_0 r9014@SERNOX: brad | 2005-08-03 21:18:05 +0200 r5231@buttercup: j0j0 | 2005-08-03 13:23:12 -0600 Updating config.mk so that smbtorture builds again r9061@SERNOX: brad | 2005-08-04 18:17:36 +0200 r5249@buttercup: j0j0 | 2005-08-03 21:01:02 -0600 Start using libnet_Join() for DC join. r9062@SERNOX: brad | 2005-08-04 18:17:47 +0200 r5250@buttercup: j0j0 | 2005-08-04 10:21:34 -0600 Some more work towards performing a dc join. r9064@SERNOX: brad | 2005-08-04 18:53:51 +0200 r5253@buttercup: j0j0 | 2005-08-04 10:53:00 -0600 Fixed a bug (passing a TALLOC_CTX to libnet_context_init() ) r9069@SERNOX: brad | 2005-08-04 21:59:55 +0200 r5279@buttercup: j0j0 | 2005-08-04 14:04:55 -0600 Some more work on the domain join r9117@SERNOX: brad | 2005-08-05 16:50:26 +0200 r5281@buttercup: j0j0 | 2005-08-05 08:55:58 -0600 Committing minor changes before merge r9180@SERNOX: brad | 2005-08-07 17:25:25 +0200 r5314@buttercup: j0j0 | 2005-08-07 09:30:12 -0600 Reworked libnet_join to use two join levels, AUTOMATIC and SPECIFIED. r9181@SERNOX: brad | 2005-08-07 17:25:36 +0200 r5315@buttercup: j0j0 | 2005-08-07 09:31:22 -0600 Working with libnet_Join(), code cleanup needed in the near future. r9192@SERNOX: brad | 2005-08-07 21:40:22 +0200 r5373@buttercup: j0j0 | 2005-08-07 13:46:09 -0600 Some code cleanup to make things a little more readable. r9249@SERNOX: brad | 2005-08-12 01:31:48 +0200 r5375@buttercup: j0j0 | 2005-08-11 17:38:44 -0600 Split libnet_JoinDomain() into libnet_JoinDomain() and libnet_JoinADSDomain(). r9256@SERNOX: brad | 2005-08-12 04:55:11 +0200 r5413@buttercup: j0j0 | 2005-08-11 21:02:27 -0600 Clean up libnet_JoinADSDomain() a little, added a comment to the test_join struct. r9314@SERNOX: brad | 2005-08-16 03:53:20 +0200 r5436@buttercup: j0j0 | 2005-08-15 20:01:21 -0600 libnet_JoinDomain() should honour LIBNET_JOIN_TORTURE now. torture_join_domain() should properly use libnet_JoinDomain(). dssync.c uses torture_join_domain() again. r9351@SERNOX: brad | 2005-08-17 07:15:31 +0200 r5438@buttercup: j0j0 | 2005-08-16 23:23:58 -0600 Removed LIBNET_JOIN_TORTURE level, as it became unnecessary once libnet_Join_primary_domain() handled netbios names better. Corrected libnet_JoinDomain() and libnet_JoinADSDomain(). r9352@SERNOX: brad | 2005-08-17 07:24:49 +0200 r5440@buttercup: j0j0 | 2005-08-16 23:33:25 -0600 Fixed a typo. r9354@SERNOX: metze | 2005-08-17 10:28:25 +0200 remove object files from svn metze r9376@SERNOX: brad | 2005-08-18 05:15:48 +0200 r5476@buttercup: j0j0 | 2005-08-17 21:24:33 -0600 Proof that I shouldn't code when i'm tired (silly bugfixes). r9405@SERNOX: brad | 2005-08-19 22:50:10 +0200 r5500@buttercup: j0j0 | 2005-08-19 14:56:25 -0600 Get dssync.c compiling again after merge (ldb_dn changes from rev. 9391). r9407@SERNOX: brad | 2005-08-20 03:22:42 +0200 r5502@buttercup: j0j0 | 2005-08-19 19:28:22 -0600 libnet/libnet_join.c Some more fixes so ldb uses ldb_dn's. torture/rpc/dssync.c Some debugging printf()'s. ldb_dn fixes. torture/rpc/testjoin.c Change torture_join_domain() to use libnet_JoinDomain() rather than libnet_Join(). Some more debugging statements. I'm not sure why, but GUID_all_zero(user_handle.uuid) is returning true in torture_leave_domain() when called it from torture_destroy_context() in torture/rpc/dssync.c. That's what i'm working out now. r9427@SERNOX: brad | 2005-08-20 18:38:29 +0200 r5504@buttercup: j0j0 | 2005-08-20 10:44:52 -0600 Some bugfixes. Removed a bunch of debugging code. torture_leave_domain() works again! not 100% perfect yet though... r9428@SERNOX: brad | 2005-08-20 19:09:26 +0200 r5506@buttercup: j0j0 | 2005-08-20 11:15:54 -0600 Restructure torture_join_domain() so that it joins itself, removes itself, and joins itself to the domain again to ensure that its account information is all current and as expected. r9452@SERNOX: brad | 2005-08-21 19:33:51 +0200 r5508@buttercup: j0j0 | 2005-08-21 11:40:36 -0600 Bugfixes, trying to get things straight between contexts. r9467@SERNOX: brad | 2005-08-22 04:00:48 +0200 r5510@buttercup: j0j0 | 2005-08-21 20:06:55 -0600 Another round of bugfixing. r9521@SERNOX: brad | 2005-08-23 15:26:44 +0200 r5596@buttercup: j0j0 | 2005-08-23 07:33:06 -0600 Merging changes r9524@SERNOX: metze | 2005-08-23 16:09:42 +0200 - fix the build caused by changes in the main samba4 tree, - add an option "dssync:german=yes" to allow me to run against my german w2k3 server this should be replaces by CLDAP calls to get the Default-First-Site-Name dynamicly - remove some temporary comments, as DsAddEntry works now metze r9528@SERNOX: metze | 2005-08-23 18:22:22 +0200 the RPC-DSSYNC test is now able to fetch the whole tree, including the unicodePwd, ntPwdHistory fields metze r9559@SERNOX: brad | 2005-08-24 04:11:47 +0200 r5612@buttercup: j0j0 | 2005-08-23 20:19:12 -0600 Some fixes around using talloc in a hierarchical fashion. Still not right, but better. r9564@SERNOX: brad | 2005-08-24 05:43:11 +0200 r5614@buttercup: j0j0 | 2005-08-23 21:50:38 -0600 Gave libnet_JoinADSDomain() its own tmp_ctx rather than passing it from libnet_JoinDomain() as a parameter (yuk). As a side effect, it proves that my bug lies in libnet_JoinDomain(), not libnet_JoinADSDomain(). r9565@SERNOX: brad | 2005-08-24 06:09:46 +0200 r5616@buttercup: j0j0 | 2005-08-23 22:17:12 -0600 Small fix, if r->out.error_string and r2->samr_handle.out.error_string weren't set to NULL, torture_join_domain() would segfault on the second join. r9630@SERNOX: brad | 2005-08-26 06:42:50 +0200 Commented out the parts of the dssync test which perform the dc join and create/remove associated ldap entries. Commented out the test for the 'german' dssync option, because now we detect the Site-Name using CLDAP. If cldap_netlogon() does not return ok, the code defaults to 'Default-First-Site-Name'. r9670@SERNOX: brad | 2005-08-27 02:30:11 +0200 Added a patch from metze. To showcase what i've learned today, i've created two new parameters which can be set at runtime, drsuapi:last_usn and drsuapi:partition. drsuapi:last_usn takes an integer representing the USN of the last recieved replication update for a particular partition (uses the domain dn if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. drsuapi:partition takes a string dn and uses that as the name of the AD partition to replicate. Some debugging output was also added. r9723@SERNOX: brad | 2005-08-29 01:07:51 +0200 Added some copyright notices. Changed some things in net_join.c to try and figure out why 'net join <domain> bdc' segfaults. It occurs when the last talloc_free() happens, so i'm sure it's something to do with the memory fiddling i'm doing in libnet_join. Added some drsuapi attribute ids that I figured out today. I put some (many, dry) notes together while doing that, so i'll try to put them up on a blog at samba.org a little later tonight. r9740@SERNOX: metze | 2005-08-29 16:58:03 +0200 fix up the DsGetNCchanges loop, and remove misleading comments metze r9743@SERNOX: metze | 2005-08-29 17:26:45 +0200 make the logic a bit clearer metze r9815@SERNOX: brad | 2005-08-31 02:36:21 +0200 Added cldap_netlogon() AD Site-Name lookup into libnet/libnet_join.c. Bugfixing rampage in libnet_join.c to resolve misunderstanding of talloc_steal(). libnet_join now creates the CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn> container on a dc join. r9858@SERNOX: brad | 2005-09-01 03:17:17 +0200 Removed extraneous NDR_ALL subsystem requirement from torture/config.mk. Added lots of error checking as per metze's advice. Removed commented out code. More bug chasing. r9863@SERNOX: brad | 2005-09-01 05:53:19 +0200 Cleaned up dssync.c, removed the unneeded DsCrackNames() call, removed DC join/leave related stuff. It no longer looks like my house does! r9887@SERNOX: metze | 2005-09-01 11:34:03 +0200 - fix dssync:highest_usn parameter handling - ask for LINKED_ATTRIBUTE replication metze r9891@SERNOX: metze | 2005-09-01 14:13:18 +0200 make the code more readable, and fix a few bugs metze r9911@SERNOX: brad | 2005-09-01 20:36:27 +0200 Bugfixes in libnet_join.c. Cleaned up comments. Added domain_dn_str and account_dn_str to struct libnet_JoinDomain. Removed struct dcerpc_pipe *samr_pipe and struct policy_handle user_handle from struct libnet_Join. r9920@SERNOX: brad | 2005-09-01 23:34:13 +0200 Added disclaimer (I can't seem to get libnet_JoinDomain() to keep the samr_pipe and u_handle open past the function call, grrrr....). r9921@SERNOX: brad | 2005-09-01 23:37:54 +0200 Added copyright statement. Cleaned up unneeded variables from torture_join_domain(). r9932@SERNOX: brad | 2005-09-02 01:49:42 +0200 Really rushed project notes. r10841@SERNOX: metze | 2005-10-08 20:01:45 +0200 remove diff to main SAMBA_4_0 branch metze r10862@SERNOX: metze | 2005-10-10 10:31:52 +0200 remove the differences between SAMBA_4_0 and SOC/SAMBA_4_0 metze r10863@SERNOX: metze | 2005-10-10 10:34:26 +0200 fix the build metze r10864@SERNOX: metze | 2005-10-10 11:10:08 +0200 remove README file to reduce, diffs to main SAMBA_4_0 branch: metze README: This project was centered around adding a torture test to Samba 4, which used drsuapi_DsGetNCChanges() to retrieve the contents of an Active Directory in the same manner as an Active Directory DC replication event. As the project unfolded, I also applied some changes to the functionality of the libnet library related to joining a machine account to a domain. One of the first things that I implemented in this project was a 'neighbour_writeable' option for the RPC-DRSUAPI torture test. The command line to execute this torture test is as follows: smbtorture --option=drsuapi:neighbour_writeable=True -W <domain name> -U <admin username>%<password> ncacn_ip_tcp:<domain controller dns name> RPC-DRSUAPI This option provides us with runtime control over the DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE flag in the struct drsuapi_DsGetNCChanges.in.req.req<level>.replica_flags, allowing us to easily test for differences in the behaviour of AD replication with the switch on or off. In the course of the project, I also implemented two more flags for the RPC-DSSYNC test. dssync:last_usn takes an integer representing the USN (Universal Serial Number) of the last recieved replication update for a particular partition (uses the domain DN if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. dssync:partition takes a string DN and uses that as the name of the AD partition to replicate. Based initially on a patch provided to me by one of my mentors, Stephan (metze) Metzmacher, the RPC-DSSYNC test was implemented for this project. Initially functionality was included to perform a DC join prior to initiating replication, but the code was removed when it was realized that replication could indeed take place without being a member of the domain in any way. It has been recently suggested that we may need a DC join after all to get all of the information we may want from the AD replication. This is probably best added using a torture_join_domain() call once the libnet code is able to keep the user policy handle and SAMR RPC pipe open. The DC join code was taken out of the RPC-DSSYNC and implemented for the most part in the libnet libraries. To test this, the RPC-NETLOGON test was modified to perform a domain join, leave and rejoin. Currently, the test has a fault in that it is unable to leave the domain using the same SAMR RPC pipe and user_policy information as was used for the first join. This is because I was unable to get the code working properly in libnet to provide that functionality. Currently missing from the DC join in libnet is the code to create the CN=NTDS Settings,CN=<DC NETBIOS NAME>,CN=<Site-Name>,CN=Sites,CN=Configuration,<domain DN> container using the dcerpc_drsuapi_DsAddEntry() call. I did not want to implement this functionality in libnet while there were still problems with the code. I also provided the ability in libnet and the RPC-DSSYNC test to look up the proper site name using the cldap library. In my investigations, I was unable to find out any information regarding the UnicodePwd attribute, except that the same password is represented differently for two different users in the same directory. I was also able to resolve and confirm the meaning of some DRSUAPI_ATTRIBUTE ID's. DRSUAPI_OBJECTCLASS_domain (0xA0042) DRSUAPI_OBJECTCLASS_domainDNS (0xA0043) wellKnownObjects (0x9026A) fSMORoleOwner (0x90171) name or dc (0x90001) whenCreated (0x20002) instanceType (0x20001) gPLink (0x9037B) These were added to the IDL for drsuapi (source/librpc/idl/drsuapi.idl). I would like to thank everyone on the Samba team who worked with me and assisted me with this project, specifically all the work done by Stephan Metzmacher, Andrew Bartlett and Jerry Carter. Working on this project with the Samba team really has been a life changing experience, as corny as that sounds. I've realized that I was born to be a systems developer, and it has helped confirm in my mind that Open Source (specifically Samba) development is exactly what i've been missing! I would also like to take this opportunity to thank Chris Dibona and Google for the amazing opportunity. I don't know if I would have taken the leap in other circumstances. I know these notes sound a little rushed, but it is 23:55 after all! :) (This used to be commit 55552b41cbaa8c57a30373a53176e7f3ae945290)
2007-10-10r10859: Make the flow a bit clearerVolker Lendecke1-8/+7
(This used to be commit 66c90483b49bd8a8de1a46b12cce5270571f4090)
2007-10-10r10856: we need aclocal.m4 in ldb for standalone configureAndrew Tridgell2-2/+14
(This used to be commit b2551e76e8b0edf99483343d687df3a6cecff1f5)
2007-10-10r10855: Put the domain SID in secrets.ldb by default, and add http as aAndrew Bartlett2-1/+2
default SPN alias. Andrew Bartlett (This used to be commit e4fe5802dae544f4dabf0c6d04a55be1144d8820)
2007-10-10r10854: talloc_get_type() can return NULL..Jelmer Vernooij1-0/+12
(This used to be commit 8f7070055fc577cb4234654420539c68992d9671)
2007-10-10r10853: Convert wbinfo -n to properly init the domain.Volker Lendecke3-401/+32
Volker (This used to be commit 512ae49270197146e5967acd654dd97452cf4e77)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke7-249/+665
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10849: Fix handling of [charset] for strings with fixed or "inline" sizeJelmer Vernooij1-6/+3
(This used to be commit 3c2558d11ec1d0b41e5b36b793d9e64db2e203b6)
2007-10-10r10848: Fix warningJelmer Vernooij1-1/+1
(This used to be commit 48d22a991024f19eccaa63848566b311524260c8)
2007-10-10r10847: Fix up new 'decrypt samlogon reply' routine to be more robust, and useAndrew Bartlett2-61/+37
it in the RPC-SAMLOGON test. Andrew Bartlett (This used to be commit 675b7df2eedbcb7ea89c0411f76429d8e2357222)
2007-10-10r10846: Create a "wbsrv_domain", change wb_finddcs to the style of the rest ↵Volker Lendecke6-200/+263
of the async helpers. Volker (This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
2007-10-10r10845: Add new function to decrypt the session keys in samlogon responses.Andrew Bartlett1-0/+44
Andrew Bartlett (This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
2007-10-10r10844: Add challenge-response authentication to Samba4's winbindd for VL.Andrew Bartlett3-1/+128
Plaintext should be simple, but I'm going to do some infrustructure work first. Andrew Bartlett (This used to be commit c9273729e4db4adc0061087fe7e0332e2bc24384)