summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi/updaterefs.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-30s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell1-0/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-drs: Added check for drs-manage-topology to updateRefs.Nadezhda Ivanova1-7/+9
2010-09-26s4-drs: use the system sam_ctx for updaterefsAndrew Tridgell1-8/+9
this is needed for RODC clients calling updaterefs
2010-09-16s4-drs: make debugging DsUpdateRefs a bit easierAndrew Tridgell1-1/+8
2010-09-07s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs callKamen Mazdrashki1-6/+10
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-2/+2
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-2/+2
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-17s4-drs: added domain_sid to DRS security checksAndrew Tridgell1-1/+2
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-28s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUIDKamen Mazdrashki1-4/+4
This function is used in DRSUpdateRefs() implementation where we get DSA's objectGUID rather than invocationId
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-3/+20
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-03-05s4:drsuapi RPC - Change also here counters to "unsigned"Matthias Dieter Wallnöfer1-2/+2
No need to have "signed" counters at those places.
2010-01-14s4-drs: switch the DRS server to the generic DRS options flagsAndrew Tridgell1-5/+5
2010-01-02s4-drs: don't give an error on repsTo delete if add is also specifiedAndrew Tridgell1-1/+3
w2k8-r2 in dcpromo asks for a delete+add during its initial join.
2009-10-20s4: ran minimal_includes.pl on source4/rpc_serverAndrew Tridgell1-2/+0
2009-10-15s4-drs: implement more of DsUpdateRefsAndrew Tridgell1-27/+61
The DsUpdateRefs calls takes a set of flags that indicates if the server should ignore specific add/delete error codes. This patch also exposes the core UpdateRefs call into a public function, so that it can be called from DsGetNCChanges
2009-10-06s4-drs: take advantage of system session auth in dsbindAndrew Tridgell1-18/+11
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges
2009-09-19Add drs_security_level_check for dcesrv calls security checksAnatoliy Atanasov1-4/+3
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-19more include minimisationAndrew Tridgell1-5/+0
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell1-0/+7
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-12s4-repl: use common functions to simplify updaterefs.cAndrew Tridgell1-108/+4
We now have dsdb_loadreps() and dsdb_savereps()
2009-09-10s4/drs: changed the UpdateRefs server to use the dn instead of the GUIDAndrew Tridgell1-27/+18
Our vampire code sends a zero GUID in the updaterefs calls. Windows seems to ignore the GUID and use the DN in the naming context instead, so I have changed our UpdateRefs server implementation to do the same. With this change we can now vampire from s4<->s4 successfully! Now to see if all the attributes came across correctly.
2009-09-10s4: fix spellingAndrew Tridgell1-1/+1
2009-09-09s4:drs split addentry and getncchanges into separate filesAndrew Tridgell1-1/+1
These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
2009-09-09s4: fixed format of repsTo in samdbAndrew Tridgell1-52/+70
Metze pointed out what the windows tool ldp.exe will examine repsTo attributes on remote DCs, so we do in fact need to use the same format that windows uses. This patch changes the server side implementation of UpdateRefs to use the windows format
2009-09-08s4: implemented server side of DSUpdateRefs callAndrew Tridgell1-0/+278
This call is made by DCs to tell us we should notify them of directory changes