delta/samba.git - git.samba.org: samba.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	repl: test for schema object and LA repl across chunks	Aaron Haslett	2019-04-11	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	During replication, transmission of objects and linked attributes are split into chunks. These two tests check behavioural consistency across chunks for regular schema objects and linked attributes. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
*	s4:dsdb: add DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID oid	Stefan Metzmacher	2018-10-30	1	-0/+1
\| \| \| \| \| \| \| \| \|	This will be used to fix missing <SID=> components in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	schema_samba4.ldif: add allocation of DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME	Stefan Metzmacher	2018-10-30	1	-0/+1
\| \| \| \| \| \| \| \|	This was already allocated in source4/dsdb/samdb/samdb.h with commit 22208f52e6096fbe9413b8ff339d9446851e0874. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	dns: custom match rule for DNS records to be tombstoned	Aaron Haslett	2018-07-12	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	A custom match rule for records to be tombstoned by the scavenging process. Needed because DNS records are a multi-valued attribute on name records, so without a custom match rule we'd have entire zones into memory to search for expired records. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
*	samdb: Add transaction id control	Gary Lockyer	2018-05-10	1	-0/+1
\| \| \| \| \|	Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	CVE-2018-1057: s4:dsdb/samdb: define ↵	Ralph Boehme	2018-03-13	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
*	s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid	Stefan Metzmacher	2017-11-24	1	-0/+1
\| \| \| \| \| \| \|	BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED ↵	Stefan Metzmacher	2017-11-24	1	-0/+1
\| \| \| \| \| \| \|	1.3.6.1.4.1.7165.4.3.32 as allocated Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	provision: Add a fixed GUID to the samba4top objectclass definition	Andrew Bartlett	2017-09-23	1	-0/+1
\| \| \| \| \| \| \| \| \|	This is only used in the OpenLDAP backend and will certainly be removed before this becomes production. (a production backend will use the real AD top objectclass) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
*	selftest: Add a test for @ATTRIBUTES and @INDEXLIST generation	Andrew Bartlett	2017-06-15	1	-0/+1
\| \| \| \| \|	Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
*	rodc: Allow local RODC changes with version 0	Garming Sam	2017-04-13	1	-0/+2
\| \| \| \| \| \| \| \| \|	These changes will get clobbered by RWDCs through replication. This behaviour is required for lockoutTime to enforce the password lockout locally on the RODC (and is consistent with Windows). Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	python/schema: fix tests flapping due to oid collision	Andrew Bartlett	2017-01-10	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	These tests would sometimes fail because the randomly generated OIDs would collide. This fixes that by giving a unique OID to each attribute and class. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12507 Pair-Programmed-With: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 10 13:44:02 CET 2017 on sn-devel-144
*	ldb:controls: add LDB_CONTROL_RECALCULATE_RDN_OID	Stefan Metzmacher	2016-12-01	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	This will be used by 'samba-tool dbcheck' to fix the rdn attribute name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12399 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (Patch reduced by Andrew Bartlett to only allocate the OID)
*	dsdb: Add python hooks to allocate a RID set and allocate a RID pool	Andrew Bartlett	2016-11-04	1	-0/+2
\| \| \| \| \| \| \| \| \|	This will help us to correct errors during dbcheck Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
*	ldb-samba: Add new extended match rule DSDB_MATCH_FOR_EXPUNGE	Andrew Bartlett	2016-09-01	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	This allows us to find links that need to be expunged without passing the whole DB up in the search response. While each message still needs to be examined, this code only has to do memory allocation for entries with links Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
*	selftest: Move repl_schema test to a distinct OID prefix	Andrew Bartlett	2016-08-11	1	-0/+2
\| \| \| \| \| \| \| \| \| \|	We also take the chance to make it clearer that the number being passed in should be unique. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
*	dsdb: add vanish links control	Douglas Bagnall	2016-07-15	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Normally linked attributes are deleted by marking them as with RMD flags, but sometimes we want them to vanish without trace. At those times we set the DSDB_CONTROL_REPLMD_VANISH_LINKS control. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
*	provision: Ignore duplicate attid and governsID check	Bob Campbell	2016-07-06	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	During the provision this causes a huge performance hit as these two attributes are unindexed. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
*	s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID	Stefan Metzmacher	2016-06-27	1	-0/+1
\| \| \| \| \| \| \|	BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID	Stefan Metzmacher	2016-06-27	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	This will be used to let the "password_hash" module know that the value of pwdLastSet was defaulted to 0 in the "samldb" module on add. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
*	selftest: Use random OIDs from under the Samba OID arc	Andrew Bartlett	2016-06-06	1	-0/+11
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The urgent_replication.py test used the OID of uid, and this caused other tests to fail The other random OIDs should have been from under our arc, not under iso.member-body.us We split up the range a little to avoid some of the birthday paradox, in the tests that create multiple OIDs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz
*	dbcheck: Add explict tests for unknown and unsorted attributeID values	Andrew Bartlett	2015-08-24	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Unknown attributeID values would cause an exception previously, and unsorted attributes cause a failure to replicate with Samba 4.2. In commit 61b978872fe86906611f64430b2608f5e7ea7ad8 we started to sort these values correctly, but previous versions of Samba did not sort them correctly (we sorted high-bit-set values as negative), and then after 9c9df40220234cba973e84b4985d90da1334a1d1 we stoped accepting these. To ensure we are allowed to make this unusual change to the replPropertyMetaData, a new OID is allocated and checked for in repl_meta_data.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
*	s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requests	Kamen Mazdrashki	2015-02-03	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Tombstone reanimation requries some special handling which is going to affect several modules. Most notably: - a bit different access checks in acl.c - restore certain attributes during modify requests in samldb.c Control added also to schema_samba4.ldif by Andrew Bartlett hence the "pair programmed with" tag. Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
*	CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵	Andrew Bartlett	2015-01-15	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
*	s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID	Stefan Metzmacher	2012-11-30	1	-0/+1
\| \| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
*	s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID	Stefan Metzmacher	2012-11-30	1	-0/+1
\| \| \| \| \|	Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
*	dsdb: Allocate new OID to allow updates of a read-only replica	Andrew Bartlett	2012-07-18	1	-0/+1
\| \| \| \| \| \| \|	Normally this would be a very bad idea, but the specific case of fixing the instanceType is the only case where this makes sense. Andrew Bartlett
*	s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modify	Michael Adam	2012-04-18	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \|	This is preliminary in that it is implemented as a no-op for a start just to be able to successfully answer the request, which seems to be sufficient in order to e.g. survive the exchange schema extensions. Signed-off-by: Matthieu Patou <mat@matws.net> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
*	s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID	Stefan Metzmacher	2011-10-07	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	Which allows the caller to pass a given 'pwdLastSet' value (every useful for migrations). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
*	s4-dsdb: added DSDB_CONTROL_DBCHECK	Andrew Tridgell	2011-10-06	1	-0/+1
\| \| \| \| \| \|	this will be used for overrides by the dbcheck validator Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
*	s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA	Andrew Tridgell	2011-10-04	1	-0/+1
\| \| \| \| \| \| \| \|	this control tells the partition module that the DN being created is a partial replica, so it should modify the @PARTITION object to add the partialReplica attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
*	s4-dsdb: added NO_GLOBAL_CATALOG control	Andrew Tridgell	2011-09-22	1	-0/+1
\| \| \| \| \| \| \|	this control is used to ask samdb to not return searches with a basedn in partial repica partitions, which is needed to support the difference between a search on the 3268 GC ldap port and the non-GC 389 port
*	ldb: added a new always-fail ldap extended match OID	Andrew Tridgell	2011-08-04	1	-0/+8
\| \| \| \| \| \| \|	this is used when rewriting filter rules to replace a filter rule with one that is guaranteed not to match Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
*	s4:setup/schema_samba4.ldif - this control isn't used anymore	Matthias Dieter Wallnöfer	2010-10-27	1	-1/+1
\| \| \| \| \|	Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 27 16:32:28 UTC 2010 on sn-devel-104
*	s4/ldb:introduce the LDB_CONTROL_PROVISION_OID control	Matthias Dieter Wallnöfer	2010-10-23	1	-0/+1
\| \| \| \| \| \| \|	This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
*	ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵	Matthias Dieter Wallnöfer	2010-10-23	1	-1/+1
\| \| \| \| \| \|	LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
*	s4:schema_samba4.ldif - update allocated controls list	Matthias Dieter Wallnöfer	2010-10-03	1	-0/+1
\| \| \| \| \|	This needs always to be done after a control allocation otherwise we end up in double-allocations and unexpected behaviour.
*	s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"	Matthias Dieter Wallnöfer	2010-08-17	1	-1/+1
\| \| \| \| \|	Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
*	s4 dsdb: create a new control: changereplmetadata	Matthieu Patou	2010-07-15	1	-0/+1
\| \| \| \| \| \|	This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org>
*	s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID	Stefan Metzmacher	2010-07-05	1	-0/+1
\| \| \| \| \| \|	When importing users from Samba3 we need to control all values. metze
*	ldb: add a new control bypassioperationnal	Matthieu Patou	2010-06-20	1	-0/+1
\| \| \| \|	Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
*	s4:dsdb Add control for signaling between repl_meta_data and linked_attributes	Andrew Bartlett	2010-06-16	1	-0/+1
\| \| \| \| \| \| \| \|	This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett
*	s4:fix allocated control OIDs for "password_hash" LDB module	Matthias Dieter Wallnöfer	2010-06-13	1	-3/+5
\| \| \| \| \|	The password hash module controls overlapped others. Sorry, but the "schema_samba4.ldif" hasn't been kept up-to-date.
*	s4:dsdb: add new controls	Matthias Dieter Wallnöfer	2010-05-10	1	-0/+3
\| \| \| \| \| \| \|	- Add a new control for getting status informations (domain informations, password change status) directly from the module - Add a new control for allowing direct hash changes - Introduce an addtional control "change_old password checked" for the password
*	s4:setup: mark DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4 as ↵	Stefan Metzmacher	2010-05-10	1	-2/+4
\| \| \| \| \| \|	allocated metze
*	s4-provision: Added msDS-NcType into samba4Top object class	Endi S. Dewata	2010-01-23	1	-0/+1
\| \| \| \|	Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
*	s4-dsdb: added an extended operation for allocating a new RID pool	Andrew Tridgell	2010-01-08	1	-0/+1
\| \| \| \| \| \| \|	This will be called by getncchanges when a client asks for a DRSUAPI_EXOP_FSMO_RID_ALLOC operation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
*	s4:provision - Remap conflicting thumbnailPhoto and thumbnailLogo OID's.	Endi Sukma Dewata	2009-12-15	1	-0/+3
\|
*	s4: fix SD update and password change in upgrade script	Matthieu Patou	2009-11-28	1	-1/+1
\| \| \| \| \| \| \| \| \|	- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
*	s4:dsdb Rework modules create new partitions at runtime	Andrew Bartlett	2009-10-21	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is done by passing an extended operation to the partitions module to extend the @PARTITION record and to extend the in-memory list of partitions. This also splits things up into module parts that belong above and below repl_meta_data Also slit the partitions module into two files due to the complexity of the code Andrew Barltett