| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
The problem here was that tridge's changes to ensure that test results
were always propogated didn't merge well with the addition of extra
environment variables for the 'make valgrindtest' and similar
environments. By splitting out the macro further, we keep the build
farm reporting accurate, but allow these other test modes to work.
Andrew Bartlett
|
|
The tick conversion math was off by a factor of 10 due to the incorrect usage of
the "e" notation. The expression "XeY" means "X * (10^Y)", so the correct
expression is 1e7 to get the correct adjustment for ticks.
|
|
The "setpassword" script should use the "samdb_set_password" call to change
the NT user password. Windows Server tests show that "userPassword" is not the
right place to save the NT password and does not inherit the password complexity.
|
|
Here we just need to map the oid string in the ldb value to
the ATTRTYP id.
metze
|
|
This check is specified in Windows Server after release 2003.
The parameter "hostname" should match as prefix of the dns hostname given as
parameter in the "workstation" structure.
|
|
This looks much nicer than "normal" string exceptions - and fits better in the OO
programming style.
|
|
Previous patch was incomplete regarding the "primaryGroupId" attribute. Complete it.
|
|
|
|
I fixed them up to match with Windows Server 2003. I don't think that the
creation of them in the provision script is needed so I put them in the
"provision_users.ldif" file.
|
|
|
|
This passes the Windows Server behaviour. Also SAMBA 4 should match it.
Also some small enhancement.
|
|
Tests show that Windows Server seems to do the access checks on the very last moment.
|
|
We have not only to expand the additional groups but *also* the primary group to
gain all rights of a user account.
Also, remove an unneeded context (tmp_ctx) and "talloc_steal".
|
|
the right way
When doing some tests with the NT User Manager for Domains on s4 I noticed that the
handling of the primary group for a user wasn't correct. So I fixed this.
Also some cosmetic changes (tab indent corrections).
|
|
This fixes up the change of the primary group of a user when using the ADUC
console:
- When the "primaryGroupId" attribute changes, we have to delete the
"member"/"memberOf" attribute reference of the new primary group and add one
for the old primary group.
- Deny deletion of primary groups according to Windows Server (so we cannot
have invalid "primaryGroupID" attributes in our AD).
- We cannot add a primary group directly before it isn't a secondary one of a
user account.
- We cannot add a secondary reference ("member" attribute) when the group has
been chosen as primary one.
This also removes the LDB templates which are basically overhead now.
This should also fix bug #6599.
|
|
We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
|
|
"samldb" changes
The "provision_users.ldif" file needs some rework to pass against the changed
and improved "samldb" module (see next commit).
|
|
|
|
this is needed for the _msdcs zone
|
|
This file is no longer needed as the DisplaySpecifiers are now generated from
files provided by Microsoft.
|
|
|
|
Changed the provisioning to use the new script to parse the Microsoft-provided
DisplaySpecifiers LDIF file.
|
|
Created this script based on the existing ms_schema.py script.
- Removed some unnecessary transformations that are only necessary for schema
processing.
- Added capability to parse and properly output base64-encoded values.
- Removed unnecessary attributes based on what attributes were present (and also
what were explicitly removed) from display_specifiers.ldif.
|
|
The original license headers provided by Microsoft cannot be parsed as valid
LDIF.
Changed the license headers to be valid LDIF comments, and added a new header
section detailing the exact changes that were made to the original document.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Like the schema, these are provided under the licence at the head of
the file, which is not the GPL, but allows us to distribute them with
Samba.
Andrew Bartlett
|
|
This is a perl script that does TSIG-GSS DNS updates against a AD
DC. The bind 9.5 nsupdate still doesn't seem to work with TSIG-GSS,
and we need a way to do DNS updates when we vampire a domain, so I
revived this ancient perl script and added a wrapper script that can
update DNS entries using our machine account credentials
|
|
on a vampire join we were not putting the right attributes and
objectclass on the secrets.ldb record
|
|
|
|
|
|
|
|
|
|
|
|
We can't emulate them through the LDB changetype flags since they haven't the
same constants! The previous behaviour led to huge problems.
|
|
|
|
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform
write operations on them (look below in the code) we could get SIGSEGVs!
|
|
|
|
Enhances the outputs in autogen.sh for both s3 and s4.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
metze
|
|
The version of the unitest python module in Ubuntu Jaunty doesn't seem
to support this many level of subdirectories. Moving the tests up one
level solves the problem.
|
|
When a top level method in a module returns an error, it is supposed
to call ldb_module_done(). We ran across a case where this wasn't
done, and then found that in fact that are hundreds of similar cases
in our modules. It took Andrew and I a full day to work out that this
was the cause of a subtle segv in another part of the code.
To try to prevent this happening again, this patch changes
ldb_next_request() to catch the error by checking if a module
returning an error has called ldb_module_done(). If it hasn't then the
call is made on behalf of the module.
|
|
When we fail a ldbadd or ldbedit we should cancel the transaction to
prevent ldb giving a warning about having a open transaction in the
ldb destructor
|
|
|
|
So far it returns the ctr6 responce without proper linked attributes
support and metadata. A couple of improvements are the filter in the search
uses '(uSNChanged>=N)', added extended dn search support, non-replicated attributes
are excluded from the result.
|
|
This replace the dsdb_syntax_FOOBAR_ldb_to_drsuapi function,
which was left as a TODO code. Implementation in both added functions
is completely identical and probably should differ in the future.
|
|
This one copes with deleted objects where linked attributes have been
set on the module. We hit this when we do the ldb wipe at the start of
a provision, which trigers linked attribute updates, but for objects
that have disappeared. We need to ensure that the linked attribute
updates only happen on the right object, and if the object gets
re-created (as happens with a provision) then it is not the right
object.
To cope with this we record the GUID of the object when the operation
that triggered the linked attribute update comes in, and then find the
DN by suing that GUID when we apply the change in the prepare commit
hook.
|
|
This allows for safe transaction end aborts
|
