summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi/drsutil.c
AgeCommit message (Collapse)AuthorFilesLines
2010-10-31idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID valuesKamen Mazdrashki1-11/+11
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett1-0/+1
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-2/+2
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-1/+1
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell1-12/+57
this checks securiity on the NC root of the specified naming context
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-44/+0
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-drs: Added drs_security_access_check functionNadezhda Ivanova1-0/+58
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
2010-08-17s4-drs: added domain_sid to DRS security checksAndrew Tridgell1-2/+3
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-1/+1
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-26s4:rpc_server/drsuapi/drsutil.c - remove unreachable codeMatthias Dieter Wallnöfer1-1/+0
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-3/+5
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-01-16s4-drs: better debug info when security checks failAndrew Tridgell1-3/+8
show the security token of the user at debug level 2
2010-01-02s4-drs: we are doing the sorting for getncchanges in the app code nowAndrew Tridgell1-21/+0
the sorting is quite delicate, and easier to get right in the getncchanges code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-02s4-dsdb: ask for REVEAL_INTERNALS in getncchangesAndrew Tridgell1-0/+5
We need this for the linked attribute meta data
2009-10-20s4: ran minimal_includes.pl on source4/rpc_serverAndrew Tridgell1-2/+0
2009-10-13s4-repl: check that a DsGetNCChanges is a continuation, and fix sortingAndrew Tridgell1-1/+1
When we indicate that a getncchanges request is not complete, we set the more_data flag to true in the response. The client usually then asks for the next block of data. If the client decides it wants to skip that replication and do a different replication then we need to make sure that the next call is in fact a continuation of the existing call, and not a new call. This relies on returning the results sorted by uSNChanged, as the client uses the tmp_highest_usn in each result to see if progress is being made.
2009-10-06s4-drs: fixed error message for drs_security_level_checkAndrew Tridgell1-1/+3
2009-09-28s4-drsutil: allow NULL filterAndrew Tridgell1-5/+0
2009-09-24s4-drs: include deleted objects in getncchanges replyAndrew Tridgell1-1/+6
Even though we don't create deleted objects ourselves yet, we need to pass along deleted objects we receive from other replication partners
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in ↵Anatoliy Atanasov1-1/+31
getncchanges When this flag is specified in the request these attributes are treated as secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing, lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials, trustAuthIncoming, trustAuthOutgoing, unicodePwd Their value is changed to NULL and the meta_data.originating_change_time to 0
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchangesAnatoliy Atanasov1-6/+1
2009-09-23s4-drsserver: fixed addition of sort controlAndrew Tridgell1-5/+7
2009-09-22s4-drsserver: sort by DN to give tree orderAndrew Tridgell1-6/+25
This might help the windows client with ordered requests. Later we need to support the "ancestors" mode flag.
2009-09-19s4-drs: security checking on DRS needs to default to onAndrew Tridgell1-1/+2
2009-09-19s4-repl: need param.h for lp_parm_boolAndrew Tridgell1-0/+1
2009-09-19Add drs_security_level_check for dcesrv calls security checksAnatoliy Atanasov1-0/+15
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-19more include minimisationAndrew Tridgell1-5/+0
2009-09-09s4:drs split addentry and getncchanges into separate filesAndrew Tridgell1-1/+62
These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
2009-09-08s4: implemented server side of DSUpdateRefs callAndrew Tridgell1-0/+47
This call is made by DCs to tell us we should notify them of directory changes