summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2009-09-07s4:nsupdate-gss allow forcing of the realmAndrew Tridgell1-35/+37
this is needed for the _msdcs zone
2009-09-07s4:setup: Remove display_specifiers.ldif.Andrew Kroeger1-482/+0
This file is no longer needed as the DisplaySpecifiers are now generated from files provided by Microsoft.
2009-09-07s4:setup: Updated comment to reflect new DisplaySpecifiers location.Andrew Kroeger1-1/+3
2009-09-07s4:setup: Use ms_display_specifiers script for provision.Andrew Kroeger1-2/+5
Changed the provisioning to use the new script to parse the Microsoft-provided DisplaySpecifiers LDIF file.
2009-09-07s4:setup: Added script to parse Microsoft DisplaySpecifiers document.Andrew Kroeger1-0/+189
Created this script based on the existing ms_schema.py script. - Removed some unnecessary transformations that are only necessary for schema processing. - Added capability to parse and properly output base64-encoded values. - Removed unnecessary attributes based on what attributes were present (and also what were explicitly removed) from display_specifiers.ldif.
2009-09-07s4:setup: Change license headers to LDIF comments.Andrew Kroeger5-86/+146
The original license headers provided by Microsoft cannot be parsed as valid LDIF. Changed the license headers to be valid LDIF comments, and added a new header section detailing the exact changes that were made to the original document. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-07s4:setup Add DisplaySpecifiers from Microsoft.Andrew Bartlett5-0/+148158
Like the schema, these are provided under the licence at the head of the file, which is not the GPL, but allows us to distribute them with Samba. Andrew Bartlett
2009-09-07s4: bring nsupdate-gss into the s4 treeAndrew Tridgell2-0/+379
This is a perl script that does TSIG-GSS DNS updates against a AD DC. The bind 9.5 nsupdate still doesn't seem to work with TSIG-GSS, and we need a way to do DNS updates when we vampire a domain, so I revived this ancient perl script and added a wrapper script that can update DNS entries using our machine account credentials
2009-09-07s4: fixed the secrets.ldb construction in libnetAndrew Tridgell1-8/+8
on a vampire join we were not putting the right attributes and objectclass on the secrets.ldb record
2009-09-07s4: the secrets.ldb module needs the loadparm opaque setupAndrew Tridgell1-0/+7
2009-09-06s4:simple_ldap_map - Enhance it for supporting "primaryGroupID" in the right wayMatthias Dieter Wallnöfer1-14/+25
2009-09-06s4:torture - Fix uninitialized variableMatthias Dieter Wallnöfer1-1/+1
2009-09-06s4:"linked attributes" modules - correct the commentsMatthias Dieter Wallnöfer1-2/+2
2009-09-06s4: Fix typoMatthias Dieter Wallnöfer1-2/+2
2009-09-06s4:pwsettings - Introduce the LDB modify flags in the right wayMatthias Dieter Wallnöfer1-27/+8
We can't emulate them through the LDB changetype flags since they haven't the same constants! The previous behaviour led to huge problems.
2009-09-06s4:ldb_errors - add spacesMatthias Dieter Wallnöfer1-0/+2
2009-09-06s4:dsdb/common/util.c - Copy parameters to prevent segfaultsMatthias Dieter Wallnöfer1-3/+8
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs!
2009-09-06s4:dsdb/common/util - Indentation fixesMatthias Dieter Wallnöfer1-4/+5
2009-09-06Tell newbie devs about ./configure.developerRusty Russell1-1/+1
Enhances the outputs in autogen.sh for both s3 and s4. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2009-09-04s4:configure: require tevent >= 0.9.8Stefan Metzmacher1-1/+1
metze
2009-09-04s4:python fixed subunit tests of dcerpcAndrew Tridgell7-6/+6
The version of the unitest python module in Ubuntu Jaunty doesn't seem to support this many level of subdirectories. Moving the tests up one level solves the problem.
2009-09-04ldb: make ldb module programming less error proneAndrew Tridgell2-0/+17
When a top level method in a module returns an error, it is supposed to call ldb_module_done(). We ran across a case where this wasn't done, and then found that in fact that are hundreds of similar cases in our modules. It took Andrew and I a full day to work out that this was the cause of a subtle segv in another part of the code. To try to prevent this happening again, this patch changes ldb_next_request() to catch the error by checking if a module returning an error has called ldb_module_done(). If it hasn't then the call is made on behalf of the module.
2009-09-04ldb: ensure we cancel a ldb transactionAndrew Tridgell2-3/+9
When we fail a ldbadd or ldbedit we should cancel the transaction to prevent ldb giving a warning about having a open transaction in the ldb destructor
2009-09-04s4: fixed a missing NULL termination in a attribute list passed to ldb_searchAndrew Tridgell1-1/+1
2009-09-03First attempt to implement dcesrv_drsuapi_DsGetNCChangesAnatoliy Atanasov1-1/+204
So far it returns the ctr6 responce without proper linked attributes support and metadata. A couple of improvements are the filter in the search uses '(uSNChanged>=N)', added extended dn search support, non-replicated attributes are excluded from the result.
2009-09-03Fix the dsdb_syntax_OID_ldb_to_drsuapi functionAnatoliy Atanasov1-1/+51
This replace the dsdb_syntax_FOOBAR_ldb_to_drsuapi function, which was left as a TODO code. Implementation in both added functions is completely identical and probably should differ in the future.
2009-09-03another large change to the linked_attribute moduleAndrew Tridgell1-20/+64
This one copes with deleted objects where linked attributes have been set on the module. We hit this when we do the ldb wipe at the start of a provision, which trigers linked attribute updates, but for objects that have disappeared. We need to ensure that the linked attribute updates only happen on the right object, and if the object gets re-created (as happens with a provision) then it is not the right object. To cope with this we record the GUID of the object when the operation that triggered the linked attribute update comes in, and then find the DN by suing that GUID when we apply the change in the prepare commit hook.
2009-09-03hook on prepare_commit instead of transaction_endAndrew Tridgell2-8/+11
This allows for safe transaction end aborts
2009-09-03greatly simplify the transaction processing in the partition moduleAndrew Tridgell1-51/+29
Now that ldb is calling prepare commit separately, the job of the partition module on transaction end is much simpler (and more robust!)
2009-09-03show more reasonable object counts during a vampireAndrew Tridgell1-4/+18
We now show the total number of objects we have processed, which gives the user a better idea of how much has been done. A vampire on a large domain can take an hour or more (which needs to be fixed btw, it is a problem with the lack of scalability of the ltdb index code). Watching the same msg for an hour makes you wonder if any progress is being made!
2009-09-03always use prepare_commit in ldb transaction commits if possibleAndrew Tridgell3-6/+51
The reason we need this is to make multi-tdb transactions safe, with the partition module. The linked_attributes and repl_meta_data modules now do extra processing when the transaction ends, and that processing can fail. When it fails we need to cancel the transaction, which we can only do if the hook is on the prepare commit instead of the end transaction call. Otherwise the partition module cannot ensure that no commit has been done on another partition.
2009-09-03added dsdb_find_guid_by_dn()Andrew Tridgell1-1/+21
This will be used by the linked_attribute module
2009-09-03allow setting of the debug level in python from CAndrew Tridgell3-2/+18
2009-09-03change repl_meta_data to process linked_attributes structures in end_transactionAndrew Tridgell1-4/+276
When running at functional level 2 or above, the repl_meta_data module can receive linked attribute structures from the repl replication task. These attributes can come through DRS before the associated objects have been created. To cope with this, we need to process linked attributes in the end_transaction hook.
2009-09-03fixed transaction handling in linked_attributes moduleAndrew Tridgell1-76/+4
We need to call down to the next transaction function when we finish in linked_attributes. This also changes linked_attributes to use the common dsdb_find_dn_by_guid() function
2009-09-03add the the linked attributes elements to the repl structureAndrew Tridgell2-1/+9
This exposes the linked_attributes to the repl_meta_data module
2009-09-03tell the server that we support linked attribute replicationAndrew Tridgell1-6/+1
2009-09-03added dsdb_find_dn_by_guid()Andrew Tridgell1-0/+78
This came from the linked_attributes module, but now the repl_meta_data module needs the same functionality, so move it to a common routine.
2009-09-03support config files in the current directoryAndrew Tridgell1-2/+7
2009-09-02s4-smbtorture: test netr_ServerSetPassword2 against Samba3.Günther Deschner1-0/+1
Guenther
2009-09-02show the full set of command line options for ldb toolsAndrew Tridgell5-29/+6
I always found it hard to remember some of the options. We might as well use popt to give us the full list
2009-09-02traverse the ac list in reverse orderAndrew Tridgell1-1/+6
items are added to the linked attribute list using DLIST_ADD(), which means to commit them to the database in the same order they came from the server we need to walk the list backwards when we traverse it
2009-09-02repl_meta_data should only be included when we are a DCAndrew Tridgell1-1/+1
2009-09-02s4:dsdb rewrite the linked_atrributes code to commit in the end_transaction hookAndrew Tridgell1-107/+281
linked attribute changes can come in any order. This means it is possible for a forward link to come over the wire in DRS before the target even exists. To make this work this patch changed the linked attributes module to gather up all the changes it needs to make in a linked list, then execute the changes in the end_transaction hook for the module. During that commit phase we also fix up all the DNs that we got by searching for their GUID, as the objects may have moved after the linked attribute was sent, but before the end of the transaction
2009-09-02move the repl_meta_data module up the ldb module stackAndrew Tridgell1-1/+2
The repl_meta_data module needs to be above the linked_attributes module, to allow linked_attributes to do its magic
2009-09-02wrap the entire vampire operation in a transactionAndrew Tridgell1-13/+24
We want to grab the whole database, or none of it. This is also needed to get linked attributes right
2009-09-02use ldb_cmdline_help() in ldbsearchAndrew Tridgell2-8/+3
2009-09-02added ldb_cmdline_help()Andrew Tridgell1-29/+36
This allows the ldb tools to show their full command line options
2009-09-02add the partition_control control to replication requestsAndrew Tridgell1-0/+22
We know the partition DN from the DRS objects, we need to pass this down the modules below us to ensure they operate on the right partition
2009-09-02change the dsdb_control_current_partition to not include internal variablesAndrew Tridgell2-82/+88
This structures was used in two ways. In one way it held variables that are logically internal to the partition module, and in the other way it was used to pass the partition DN down to other modules. This change makes the structure contain just the dn which is being passed down. This change is part of the support for linked attributes. We will be passing this control down from above the partition module to force which partition a request acts upon. The partition module now only adds this control if it isn't already there.