summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell4-22/+54
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15s4-ldb: ldap attribute names can contain a '.'Andrew Tridgell1-1/+2
When they are of the form of OIDs
2009-09-15s4-ldb: expose ldb_transaction_prepare_commit() in ldbAndrew Tridgell3-21/+64
It is useful to be able to control the 2 phase commit from application code (s4 replication uses it)
2009-09-15s4-repl: don't do double replicationAndrew Tridgell4-6/+44
When we replicate from a remote DC, we need to note the new uSN that the local changes have resulted in, and modify the uSN that the notify task uses to determine if it should send a ReplicaSync message back to the remote DC. Otherwise we end up always triggering a ReplicaSync every time we replicate from another DC
2009-09-15s4-drs: filter based on local_usnAndrew Tridgell1-1/+1
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData
2009-09-15s4-repl: make sure we marshal the replPropertyMetaData after the last changeAndrew Tridgell1-10/+10
we were setting local_usn after the marshall, so it wasn't going into the object
2009-09-15s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()Andrew Tridgell2-4/+4
Using DLIST_ADD_END() to construct a long list is very inefficient (it is O(n^2). These lists are not ordered, so using DLIST_ADD() is much better.
2009-09-15s4-ldb: cope better with corruption of tdb recordsAndrew Tridgell4-5/+30
When doing an indexed search if we hit a corrupt record we abandoned the indexed search and did a full search. The problem was that we might have sent some records to the caller already, which means the caller ended up with duplicate records. Fix this by returning a search error if indexing returns an error and we have given any records to the caller.
2009-09-15s4-repl: add a debug to make it easier to monitor replicationAndrew Tridgell1-0/+5
2009-09-16schannel: move schannel_sign to main directory.Günther Deschner5-313/+5
Guenther
2009-09-16s4-schannel: try to fix the build.Günther Deschner1-1/+1
Guenther
2009-09-16s4-schannel: first step of decoupling schannel from gensec.Günther Deschner2-20/+51
Guenther
2009-09-16s4-schannel: strip trailing whitespace.Günther Deschner1-36/+36
Guenther
2009-09-15s4:schema Add code to provide an index into the subClass treeAndrew Bartlett2-1/+27
In time, this should avoid the astounding (order) complexity of the objectclass sorting in objectclass.c eventually. Andrew Bartlett
2009-09-15libcli:nbt make the lmhosts parsing code and dependicies commonAndrew Bartlett2-43/+1
This starts the process to have Samba4 use lmhosts. Andrew Bartlett
2009-09-15s4:heimdal_build: fix one more problem with automatic dependeciesStefan Metzmacher1-1/+1
metze
2009-09-14s4:provision Prevent some invalid combinations of realm and domainAndrew Bartlett1-0/+9
We don't do well (even just trying to create duplicate servicePrincipalName values) with some of these combinations, so kill it off early before the administrator thinks it's going to work. Andrew Bartlett
2009-09-14s4: Script to build or rebuild extend DN attributesMatthieu Patou1-0/+141
This script can be used to upgrade a provision that didn't integrate extended dn. It can also be used to add missing extended DN that weren't created during provision.
2009-09-14Torture test for bug 6529 - Offline files conflict with Vista and Office 2003.Jeremy Allison1-0/+131
Ensure we don't regress. Jeremy.
2009-09-14s4-repl: handle rename in repl_meta_dataAndrew Tridgell1-0/+97
On a rename we need to update uSNChanged, and the max uSN for the partition
2009-09-14s4-drs: allow replication of renamesAndrew Tridgell1-6/+7
a rename may have no attribute changes
2009-09-14s4-repl: fixed a memory error handling linked attributesAndrew Tridgell1-10/+10
We could get a double free with multiple linked attributes in a message
2009-09-14s4-repl: fall back to repsFrom if repsTo not setAndrew Tridgell1-2/+4
Windows does not seem to be always setting up repsTo using DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo is empty. This is almost certainly incorrect, but it does get notification based replication working with both w2k3 and w2k8.
2009-09-14pyldb: Don't segfault when invalid type is specified to Dn.get().Jelmer Vernooij2-2/+14
(#6722)
2009-09-14dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least)Michael Adam1-1/+0
Michael
2009-09-14s4:heimdal_build: fix the build with --enable-automatic-dependenciesStefan Metzmacher1-1/+1
We need to create the header file before we generate the source file. metze
2009-09-13s4:heimdal_build Fix build breakages caused by asn1compile changeAndrew Bartlett1-2/+1
The issue was that we referenced an asn1compile generated file by name, not by the subsystem is was generated by. Andrew Bartlett
2009-09-13s4:heimdal_build Love pointed me at the --one-code-file option to asn1_compileAndrew Bartlett1-32/+17
This new option avoids a lot of code that was used to intuit what files would be output by the compiler. Andrew Bartlett
2009-09-13s4-repl: added a preiodic notification check to the repl taskAndrew Tridgell7-4/+480
The dreplsrv_notify code checks the partition uSN values every N seconds, and if one has changed then it sends a DsReplicaSync to all the replication partners listed in the repsTo attribute for the partition.
2009-09-13s4-drs: fixed search expressionAndrew Tridgell1-1/+1
At least on the command line the braces are needed. Strange.
2009-09-13s4-repl: use the new dsdb partition uSN helper fnsAndrew Tridgell1-78/+16
2009-09-13s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usnAndrew Tridgell1-0/+146
These are used to load/save the per-partition uSN values managed by the repl_meta_data module
2009-09-13s4-sam: allow a search to specify a partitionAndrew Tridgell1-2/+17
You can now attach a partition control to searches to search within a specific partition. This is used to get at the per-partition @REPLCHANGED object
2009-09-13s4-repl: keep a @REPLCHANGED object on each partitionAndrew Tridgell1-24/+310
This object tracks the highest uSN in each partition. It will be used to allow us to efficiently detect changes in a partition for sending DsReplicaSync messages to our replication partners.
2009-09-13s4-schannel: use NL_AUTH_MESSAGE for schannel.Günther Deschner1-23/+35
Guenther
2009-09-13s4-schannel: strip trailing whitespace.Günther Deschner1-26/+26
Guenther
2009-09-12s4:sites & services - Adds Intersite transport containersMatthieu Patou1-5/+28
This patch brings up those subcontainers and fixes up the "systemFlags" on the "Subnet" entry.
2009-09-12s4:group policies - the default group policy objects are all system-criticalMatthias Dieter Wallnöfer1-0/+6
2009-09-12s4:group policies - upcase directory names of default group policiesMatthias Dieter Wallnöfer1-4/+8
The directory names (MACHINE, USER) are upcased to help locating the default group policies under the SYSVOL dir (the additional ones have only the first letter upcased of those directory names).
2009-09-12s4:repl_meta_data: increment the attribute version with each changeStefan Metzmacher1-1/+2
metze
2009-09-12s4-scripts: allow setup_dns.sh to take a PRIVATEDIRAndrew Tridgell1-1/+3
2009-09-12s4-samdb: make it possible to ask for the sequence number of a partitionAndrew Tridgell1-0/+9
The partition module normally makes the sequence number extended op operate across all partitions. It will be useful in the repl task to be able to ask for the sequence number of one partition
2009-09-12s4-drs: change debug levelAndrew Tridgell1-1/+1
It's useful seeing the object count without as much detail
2009-09-12s4-repl: fixed memory leaksAndrew Tridgell3-12/+31
These memory leaks were mostly caused by the fact that refresh_partitions is now called periodically
2009-09-12s4-drs: also fill in tmp_highest_usnAndrew Tridgell1-0/+1
Without this the client will not update its repsFrom highest_usn values
2009-09-12s4-drs: return objects with uSN > highest_usnAndrew Tridgell1-2/+6
When the client tells us the highest_usn they have is N, then we want to send them objects with usn>N, not>=N, as otherwise we end up sending them the same object (the one with the highest uSN) again and again.
2009-09-12s4-drs: spelling fix, and simpler search expressionAndrew Tridgell1-2/+2
uSNChanged>=N is good enough, and offers a possibility of a simple optimisation where the partition module could look for that expression and check the partitions sequence number, then avoid searching a partition that doesn't have any records with a larger uSN.
2009-09-12s4-repl: don't be too eager to allocate new sequence numbersAndrew Tridgell1-7/+9
we only need to allocate a new sequence number when replPropertyMetaData is changing or being created on an object
2009-09-12s4-samdb: internal s4 ldb modules should be GPL not LGPLAndrew Tridgell8-95/+63
I think these modules ended up LGPL because someone based the module on an existing LGPL module in the core ldb, and it spread from there. Certainly there is no reason for the ldb modules that are not distributed as part of ldb to be LGPL.