Age | Commit message (Collapse) | Author | Files | Lines |
|
we need the domain_sid to determine if the account is a RODC for our
domain
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
show the security token of the user at debug level 2
|
|
the sorting is quite delicate, and easier to get right in the
getncchanges code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We need this for the linked attribute meta data
|
|
|
|
When we indicate that a getncchanges request is not complete, we set
the more_data flag to true in the response. The client usually then
asks for the next block of data. If the client decides it wants to
skip that replication and do a different replication then we need to
make sure that the next call is in fact a continuation of the existing
call, and not a new call.
This relies on returning the results sorted by uSNChanged, as the
client uses the tmp_highest_usn in each result to see if progress is
being made.
|
|
|
|
|
|
Even though we don't create deleted objects ourselves yet, we need to
pass along deleted objects we receive from other replication partners
|
|
getncchanges
When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0
|
|
|
|
|
|
This might help the windows client with ordered requests. Later we
need to support the "ancestors" mode flag.
|
|
|
|
|
|
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
|
|
|
|
These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow
|
|
This call is made by DCs to tell us we should notify them of directory
changes
|