summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
AgeCommit message (Collapse)AuthorFilesLines
2010-08-20s4-drs: added sam_ctx_system on DRS bind stateAndrew Tridgell1-0/+19
The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: added domain_sid to DRS security checksAndrew Tridgell1-4/+4
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-2/+2
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-08s4:drsuapi RPC server - "result_site_name" - fix variable denominationMatthias Dieter Wallnöfer1-3/+3
2010-06-28s4:dcesrv_drsuapi.c - fix a counter variableMatthias Dieter Wallnöfer1-2/+1
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-5/+5
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-03-11s4:rpc_server/drsuapi: don't reset [out,ref] pointer to NULL in ↵Stefan Metzmacher1-1/+0
dcesrv_drsuapi_DsRemoveDSServer() metze
2010-03-05s4:drsuapi RPC - Change also here counters to "unsigned"Matthias Dieter Wallnöfer1-1/+2
No need to have "signed" counters at those places.
2010-02-05s4/drs: propagate DRS_ extension flags in code baseKamen Mazdrashki1-1/+1
2010-01-17s4-drs: allow for security bypass for DsReplicaGetInfoAndrew Tridgell1-5/+9
Use --option=drs:disable_sec_check=true until the group membership bug with the PAC is fixed.
2010-01-16s4-dsdb: require admin access for DsReplicaGetInfoAndrew Tridgell1-5/+7
2010-01-16s4-drs: framework for DsGetReplInfo(), includes the DS_REPL_INFO_NEIGHBORS ↵Andrew Tridgell1-1/+11
infoType. This patch includes the framework for the implementation of all infoTypes of the DsGetReplInfo() call, and includes the implementation for the first one, the DS_REPL_INFO_NEIGHBORS. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-16s4-drs: give better debug info on unsupported DRS callsAndrew Tridgell1-14/+20
2010-01-09s4-debug: lower the verbosity of a couple of common log messagesAndrew Tridgell1-1/+1
2010-01-09s4-drs: moved the DsWriteAccountSpn call to its own fileAndrew Tridgell1-75/+0
2010-01-02s4-drs: set flag to indicate that we do support linked attributesAndrew Tridgell1-4/+1
2009-11-14s4-drs: DsExecuteKCC() implementationErick Nascimento1-1/+10
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc(). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-1/+1
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-12s4-drs: make DsBind a bit less verboseAndrew Tridgell1-1/+1
2009-10-06s4-drs: open samdb with system credentials when authorisedAndrew Tridgell1-1/+14
When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls.
2009-09-19Add drs_security_level_check for dcesrv calls security checksAnatoliy Atanasov1-8/+10
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-19more include minimisationAndrew Tridgell1-3/+0
2009-09-17idl: added DsExecuteKCC IDLAndrew Tridgell1-3/+3
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell1-21/+4
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell1-2/+11
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-11s4-idl: added the IDL for the DsReplica* callsAndrew Tridgell1-9/+9
2009-09-09s4:drs split addentry and getncchanges into separate filesAndrew Tridgell1-290/+2
These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
2009-09-09s4/repl: implement DsReplicaSyncAndrew Tridgell1-5/+26
This patch implements DsReplicaSync by passing the call via irpc to the repl server task. The repl server then triggers an immediate replication of the specified partition. This means we no longer need to set a small value for dreplsrv:periodic_interval to force frequent DRS replication. We can now wait for the DC to send us a ReplicaSync msg for any partition that changes, and we immediately sync that partition.
2009-09-08s3:drsuapi: add a simple DsRemoveDSServer() implementationStefan Metzmacher1-1/+42
metze
2009-09-08s4:drsuapi: add an incomplete DsAddEntry implementationStefan Metzmacher1-2/+37
metze
2009-09-08s4: implemented server side of DSUpdateRefs callAndrew Tridgell1-10/+3
This call is made by DCs to tell us we should notify them of directory changes
2009-09-08Fill the meta data vector in the responce struct.Anatoliy Atanasov1-4/+32
2009-09-03First attempt to implement dcesrv_drsuapi_DsGetNCChangesAnatoliy Atanasov1-1/+204
So far it returns the ctr6 responce without proper linked attributes support and metadata. A couple of improvements are the filter in the search uses '(uSNChanged>=N)', added extended dn search support, non-replicated attributes are excluded from the result.
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij1-2/+2
remove some unused functions.
2008-10-18s4-drsuapi: merge drsuapi_DsCrackNames from s3 drsuapi idl.Günther Deschner1-8/+10
Guenther
2008-10-18s4-drsuapi: merge drsuapi_DsGetDomainControllerInfo from s3 drsuapi idl.Günther Deschner1-5/+7
Guenther
2008-10-18s4-drsuapi: merge drsuapi_DsWriteAccountSpn from s3 drsuapi idl.Günther Deschner1-5/+8
Guenther
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-9/+9
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-07-22Change occurrences of the u1 member of DsBindInfo* to pid after idl change.Michael Adam1-6/+9
Michael (This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-1/+1
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2007-12-21r26540: Revert my previous commit after concerns raised by Andrew.Jelmer Vernooij1-2/+2
(This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173)
2007-12-21r26539: Remove unnecessary statics.Jelmer Vernooij1-2/+2
(This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2)
2007-12-21r26296: Store loadparm context in DCE/RPC server context.Jelmer Vernooij1-1/+1
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-1/+2
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-1/+1
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r25940: Rework the samldb and templates handling.Andrew Bartlett1-6/+10
Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-4/+4
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r24246: Avoid the annoying 'probable memory leak in ldb' messages, by fixingAndrew Bartlett1-3/+3
some issues in the NBT server (this was a false positive, but easily worked around) and DRSUAPI server. We should take care not to use the ldb_context as a talloc pool, and to always ensure that any results from ldb_search() are moved off that pool with talloc_steal or talloc_free(). To work around the issue in provision, for which I can find no fault (other than a lot of work being done in provision), I've moved the detector trigger to 400 additional blocks. This fixes Bug #4810 by <mwallnoefer@yahoo.de> Andrew Bartlett (This used to be commit 42bcf856203ae3cf43130519904828a143ac8d18)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23239: Fill in drsuapi_QuerySitesByCost.Günther Deschner1-3/+3
Guenther (This used to be commit cf953d04813d193da5e9714ceebb7826dc7e4d0b)
generated by cgit (git 2.34.1) at 2025-03-07 19:45:19 +0000