summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi/getncchanges.c
AgeCommit message (Collapse)AuthorFilesLines
2009-12-16s4:drsuapi/getncchanges.c - Update the list of operational attributesMatthias Dieter Wallnöfer1-7/+8
- Reorder them as specified in "operational.c" - Add also the lan manager hash password attribute
2009-12-09s4-drs: ensure we fill in ncRoot_dn in getncchangesAndrew Tridgell1-0/+7
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-09s4-drs: use parentGUID attribute in getncchangesAndrew Tridgell1-34/+6
Now that parentGUID is reliable again, use it instead of building our own Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-03s4-drs: fixed UDV and overlapping sync calls in DRSAndrew Tridgell1-40/+42
When windows abandons a DRS sync, it will sometimes re-use the same bind handle for a new sync. This means we need to check the DN of the sync and blank the getnc_state if the DN has changed. This also fixes the UDV to use the highest uSN for the partition, not for the whole SAM.
2009-11-20s4-dsdb: some more attribuutes that we should only give if asked forAndrew Tridgell1-1/+8
2009-11-20s4-drs: we need to specifically ask for ntSecurityDescriptorAndrew Tridgell1-1/+1
ntSecurityDescriptor is no longer included by default
2009-10-20s4: ran minimal_includes.pl on source4/rpc_serverAndrew Tridgell1-2/+0
2009-10-15s4-drs: support DRSUAPI_DRS_ADD_REF flagAndrew Tridgell1-5/+29
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs call on behalf of the client after the DsGetNCChanges call. The lack of support for this option may explain why the repsTo attribute was not being created for w2k8-r2 replication partners.
2009-10-15drs: improved error checkingAndrew Tridgell1-16/+49
Check the validity of the requested options in DsGetNCChanges
2009-10-13s4-repl: check that a DsGetNCChanges is a continuation, and fix sortingAndrew Tridgell1-3/+16
When we indicate that a getncchanges request is not complete, we set the more_data flag to true in the response. The client usually then asks for the next block of data. If the client decides it wants to skip that replication and do a different replication then we need to make sure that the next call is in fact a continuation of the existing call, and not a new call. This relies on returning the results sorted by uSNChanged, as the client uses the tmp_highest_usn in each result to see if progress is being made.
2009-10-06s4-drs: take advantage of system session auth in dsbindAndrew Tridgell1-23/+10
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges
2009-09-28s4-drs: removed debug code that replicated a maximum of 10 objects at a timeAndrew Tridgell1-2/+1
2009-09-28s4-dsruapi: plugfest updatesAndrew Tridgell1-77/+144
- always fetch parentGUID from databases, don't rely on parentGUID in attributes - re-fetch nc root mesages to avoid the problem of dual messages for roots - support returning messages a chunk at a time, using max_object_count from request
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in ↵Anatoliy Atanasov1-3/+12
getncchanges When this flag is specified in the request these attributes are treated as secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing, lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials, trustAuthIncoming, trustAuthOutgoing, unicodePwd Their value is changed to NULL and the meta_data.originating_change_time to 0
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchangesAnatoliy Atanasov1-1/+7
When this flag is specified in the request we should return for ncRoot only and so scope of search is LDB_SCOPE_BASE.
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchangesAnatoliy Atanasov1-0/+6
When this flag is specified in the request we shouldn't use the uptodateness vector in the request.
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchangesAnatoliy Atanasov1-3/+13
2009-09-23s4-drs: fill in more guids and SIDs, plus filter rDNAndrew Tridgell1-3/+48
In DsGetNCChanges we need to fill in the parentGUID and objectGUID of each object, plus we need to filter out the rDN from the meta data, and always send the instanceType
2009-09-22s4-drsserver: sort by DN to give tree orderAndrew Tridgell1-1/+2
This might help the windows client with ordered requests. Later we need to support the "ancestors" mode flag.
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov1-7/+1
2009-09-19Add drs_security_level_check for dcesrv calls security checksAnatoliy Atanasov1-4/+3
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-19more include minimisationAndrew Tridgell1-3/+0
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell1-20/+29
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-15s4-drs: filter based on local_usnAndrew Tridgell1-1/+1
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData
2009-09-14s4-drs: allow replication of renamesAndrew Tridgell1-6/+7
a rename may have no attribute changes
2009-09-13s4-drs: fixed search expressionAndrew Tridgell1-1/+1
At least on the command line the braces are needed. Strange.
2009-09-12s4-drs: change debug levelAndrew Tridgell1-1/+1
It's useful seeing the object count without as much detail
2009-09-12s4-drs: also fill in tmp_highest_usnAndrew Tridgell1-0/+1
Without this the client will not update its repsFrom highest_usn values
2009-09-12s4-drs: return objects with uSN > highest_usnAndrew Tridgell1-2/+6
When the client tells us the highest_usn they have is N, then we want to send them objects with usn>N, not>=N, as otherwise we end up sending them the same object (the one with the highest uSN) again and again.
2009-09-12s4-drs: spelling fix, and simpler search expressionAndrew Tridgell1-2/+2
uSNChanged>=N is good enough, and offers a possibility of a simple optimisation where the partition module could look for that expression and check the partitions sequence number, then avoid searching a partition that doesn't have any records with a larger uSN.
2009-09-12s4-drs: fixed the cursor generation to always be filled inAndrew Tridgell1-102/+152
We were relying on the uSNChanged>=n search always finding the DN of the root of the partition, but this now doesn't happen very often as we are now restricting when we change uSNChanged. This means we need to always load the replUpToDateVector attribute from the NC root and use it to populate the cursors in the return.
2009-09-12Fix up-to-dateness vector creation.Anatoliy Atanasov1-15/+76
2009-09-11s4/drs: parentGUID needs to be specififcally asked forAndrew Tridgell1-1/+2
Right now parentGUID is a normal attribute in s4, but it should be generated, which means we need to ask for it in a search if we want to use it.
2009-09-10s4/drs: enable attribute encryptionAndrew Tridgell1-6/+41
This means we now get passwords vampired correctly for s4<->s4 replication.
2009-09-10s4/drs: correctly fill in the GUID of DRS objectsAndrew Tridgell1-1/+1
2009-09-10s4/drs: when we don't find an attribute use zero valuesAndrew Tridgell1-19/+10
thanks to metze for pointing this out
2009-09-09s4:drs match the meta_data and attributes arrayAndrew Tridgell1-16/+46
These two arrays need to be in sync, as they are walked in sync by the client
2009-09-09s4/drs: broke out the core of the getncchanges codeAndrew Tridgell1-81/+96
It is easier to understand without the heavy nesting
2009-09-09s4:drs split addentry and getncchanges into separate filesAndrew Tridgell1-0/+215
These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow