summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
AgeCommit message (Collapse)AuthorFilesLines
2010-11-29s4:dcesrv_drsuapi RPC server - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0
2010-11-27s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64Matthias Dieter Wallnöfer6-10/+9
2010-11-28s4-drs: allow DrsReplicaGetInfo as a DCAndrew Tridgell1-1/+1
2010-11-13s4-drs: fixed a crash in writspnAndrew Tridgell1-2/+8
sam_ctx_system may be NULL for non-privileged users Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
2010-11-09s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we ↵Stefan Metzmacher1-1/+0
don't use it metze
2010-11-09s4:rpc_server/drsuapi: make msg_attrs static constStefan Metzmacher1-1/+3
metze
2010-11-09s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use ↵Stefan Metzmacher1-5/+1
DSDB_SECRET_ATTRIBUTES We should replicate all secret attributes back to other DCs. metze
2010-11-08s4:drsuapi RPC server - writespn.c - fix indentationsMatthias Dieter Wallnöfer1-15/+24
2010-11-08s4-drs: allow bypass of writespn checking for some SPNsAndrew Tridgell1-1/+111
this allows accounts (and in particular RODCs) to make SPN updates on their own account if they take the form SERVICE/hostname we may be able to remove this in the future after some changes in our ACL checking for userPrincipalName Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
2010-11-05s4-drs: reduce the memory usage of the getncchanges serverAndrew Tridgell1-21/+69
we now keep just a list of GUIDs around between getncchanges calls, instead of an entire db search. This makes the overhead of having a pending getncchanges call much smaller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-31idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID valuesKamen Mazdrashki2-14/+14
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-31s4:drsuapi RPC server - fix counter variablesMatthias Dieter Wallnöfer1-3/+6
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer2-2/+4
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett5-0/+5
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett2-3/+3
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-2/+2
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-1/+1
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:getncchanges.c - fix some counter typesMatthias Dieter Wallnöfer1-3/+3
2010-09-30s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell2-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-drs: added support for level 10 of getncchangesAndrew Tridgell2-73/+112
added a simple mapping from req8
2010-09-29s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell1-26/+130
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2-12/+63
this checks securiity on the NC root of the specified naming context
2010-09-28s4-drs: added support for DRSUAPI_EXOP_REPL_OBJAndrew Tridgell1-1/+32
this extended getncchanges operation replicates a single object
2010-09-28s4-drs: use drs_ObjectIdentifier_*() calls in getncchangesAndrew Tridgell1-14/+16
this allows for replication by GUID or SID
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-44/+0
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-drs: Added check for drs-manage-topology to updateRefs.Nadezhda Ivanova1-7/+9
2010-09-28s4-drs: Added drs_security_access_check functionNadezhda Ivanova2-0/+64
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
2010-09-27s4-drs: make getncchanges debug less verboseAndrew Tridgell1-1/+1
quieten make test a little
2010-09-27s4-drs: fixed comment in getncchanges codeAndrew Tridgell1-1/+1
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
2010-09-26s4-drs: use the system sam_ctx for updaterefsAndrew Tridgell1-8/+9
this is needed for RODC clients calling updaterefs
2010-09-25s4-repl: make getncchanges a bit less verboseAndrew Tridgell1-1/+1
this should reduce some of the clutter in make test
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov1-29/+26
2010-09-16s4-drs: make debugging DsUpdateRefs a bit easierAndrew Tridgell1-1/+8
2010-09-16s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} callsAndrew Tridgell1-3/+42
2010-09-16s4-drs: removed a debug print in repl secretAndrew Tridgell1-1/+0
2010-09-16s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm()Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-drs: Wait DsReplicaSync for as long as it takes to completeKamen Mazdrashki1-2/+19
In case the caller wants sync execution, we should not cancel the call for internal timeout reason, but rather wait for its execution
2010-09-16s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() callKamen Mazdrashki1-3/+7
It is to be used when caller wants to explicitly specify the timeout for the call
2010-09-15s4/fsmo: Remove empty new linesAnatoliy Atanasov1-6/+0
2010-09-10s4:getncchanges_change_master - also in this call "i" needs to be unsignedMatthias Dieter Wallnöfer1-1/+2
2010-09-10s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_retKamen Mazdrashki1-0/+1
in case we are handling extended operation. It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit more picky on this.
2010-09-10s4-drs: Hanlde extended operations only onceKamen Mazdrashki1-40/+45
Most of extended operations I know of work like: 1. do extended operation 2. collect a set of objects to return and start replication cycle 3. continue returning object as we have no more to give This way we ensure we are doing 1. only once
2010-09-10s4-rpc: Added handling of fsmo role transfer to GetNCChangesNadezhda Ivanova1-0/+108
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE and DRSUAPI_EXOP_FSMO_REQ_PDC. Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-07s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs callKamen Mazdrashki1-6/+10
2010-09-03s4-drs: A quick fix for DRSUAPI_EXOP_FSMO_RID_ALLOC extended_op handlingKamen Mazdrashki1-0/+9
When DRSUAPI_EXOP_FSMO_RID_ALLOC extended op is handled in DsGetNCChanges() stub, we need to returned a well know set of object - see: [ms-adts], 3.1.1.5.1.7 With this hack we are going to return just objects modified during RID allocation procedure - i.e. "RID Manager$", "RID Set" for computer object and computer object itself. Which is a close approximation of what we are expected to return.
2010-08-23s4:getncchanges.c - fix some counter variable typesMatthias Dieter Wallnöfer1-3/+3
They should be "unsigned" since they count LDB objects. And also the SID array can be counted as "unsigned".
2010-08-23s4-drs: show the user sid that does the GetNCChanges callAndrew Tridgell1-2/+3
this is useful when debugging replication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-drs: removed the warning on WRIT_REP being setAndrew Tridgell1-4/+2
we just need to clear this flag
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2-3/+3
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-20s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges callsAndrew Tridgell1-10/+8
when we deny a EXOP_REPL_SECRET call we should set the exop error code to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based on observing windows server behaviour) Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>