Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
sam_ctx_system may be NULL for non-privileged users
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
|
|
don't use it
metze
|
|
metze
|
|
DSDB_SECRET_ATTRIBUTES
We should replicate all secret attributes back to other DCs.
metze
|
|
|
|
this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname
we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
|
|
we now keep just a list of GUIDs around between getncchanges calls,
instead of an entire db search. This makes the overhead of having a
pending getncchanges call much smaller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Those values are actually ATTID values and such, they are used
for ATTIDs for Attributes, Classes and Syntaxes.
|
|
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
|
|
This will allow it to replace functions in source3 that use debug classes.
Andrew Bartlett
|
|
|
|
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.
As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
added a simple mapping from req8
|
|
This implements partial attribute set checking on getncchanges. If the
client sends a partial_attribute_set then we only return the specified
attributes.
This also implements access checking on the NC root for the access
right GUIDs for requests with and without reveal secrets
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
this checks securiity on the NC root of the specified naming context
|
|
this extended getncchanges operation replicates a single object
|
|
this allows for replication by GUID or SID
|
|
this will be used outside of the drs server.
This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
|
|
|
|
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
|
|
quieten make test a little
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
|
|
this is needed for RODC clients calling updaterefs
|
|
this should reduce some of the clutter in make test
|
|
|
|
|
|
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
In case the caller wants sync execution, we should
not cancel the call for internal timeout reason,
but rather wait for its execution
|
|
It is to be used when caller wants to explicitly
specify the timeout for the call
|
|
|
|
|
|
in case we are handling extended operation.
It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS
and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit
more picky on this.
|
|
Most of extended operations I know of work like:
1. do extended operation
2. collect a set of objects to return and start replication cycle
3. continue returning object as we have no more to give
This way we ensure we are doing 1. only once
|
|
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE
and DRSUAPI_EXOP_FSMO_REQ_PDC.
Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
|
|
When DRSUAPI_EXOP_FSMO_RID_ALLOC extended op is handled
in DsGetNCChanges() stub, we need to returned a well know set of
object - see: [ms-adts], 3.1.1.5.1.7
With this hack we are going to return just objects modified
during RID allocation procedure - i.e. "RID Manager$", "RID Set" for
computer object and computer object itself.
Which is a close approximation of what we are expected to return.
|
|
They should be "unsigned" since they count LDB objects. And also the SID array
can be counted as "unsigned".
|
|
this is useful when debugging replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we just need to clear this flag
|
|
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
|
|
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|