Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-08-10 | s4-drs: In dcesrv_drsuapi_DsRemoveDSServer use the subtree control to delete ↵ | Matthieu Patou | 1 | -1/+2 | |
the NTDS entry This entry has most of the time subelements (connections between DCs) that will forbid a simple (non recursive) delete | |||||
2011-07-27 | s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 ↵ | Matthieu Patou | 1 | -1/+15 | |
loops when joining s4 domains Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Jul 27 00:46:56 CEST 2011 on sn-devel-104 | |||||
2011-07-11 | s4-drs: do not return links pointed to unexistant objects | Matthieu Patou | 1 | -0/+24 | |
When an object is deleted, link pointed to it are marked as inactive. When the same object is purged we do not remmove the link pointed to it (we can't know them) so they stay in the database, it turns to be a problem for Windows 2008. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2011-06-10 | s4-drs: added debug lines for missing linked attribute fields | Andrew Tridgell | 1 | -0/+8 | |
this improved the logging of bugs related to linked attribute replication Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jun 10 03:26:21 CEST 2011 on sn-devel-104 | |||||
2011-06-10 | s4-drs: cope with missing RMD_ADDTIME in linked attributes | Andrew Tridgell | 1 | -4/+6 | |
upgraded links can be missing the RMD_ADDTIME field | |||||
2011-05-11 | s4/getncchanges: Pre-mark extended requests as success in case a ↵ | Kamen Mazdrashki | 1 | -0/+4 | |
sub-function "forget" to do this | |||||
2011-05-11 | s4/getncchanges: Implement placeholder for handling ex-op collection of objects | Kamen Mazdrashki | 1 | -13/+44 | |
Right now it is solely based on function that handles objects in normal DsGetNCChanges calls. | |||||
2011-05-11 | s4/getncchanges: Move the code that collects objects into separate function | Kamen Mazdrashki | 1 | -41/+67 | |
2011-05-11 | s4/getncchanges: Don't mask Extended operation result - callers need it | Kamen Mazdrashki | 1 | -1/+0 | |
2011-05-11 | s4/getncchanges: Fail extended request rather than failing whole request | Kamen Mazdrashki | 1 | -1/+3 | |
in case that destination_dsa_guid is not valid | |||||
2011-03-19 | source4/rpc_server: Fix prototypes for all functions. | Jelmer Vernooij | 1 | -0/+1 | |
2011-03-04 | s4:dsdb - we don't need to check if a DN != NULL if we call "ldb_dn_validate" | Matthias Dieter Wallnöfer | 1 | -4/+2 | |
"ldb_dn_validate" is NULL-safe and does the check implicitly. Reviewed by: Tridge | |||||
2011-03-01 | s4:drsuapi RPC server - this resembles more "samdb_is_gc" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Reviewed by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 17:57:47 CET 2011 on sn-devel-104 | |||||
2011-03-01 | s4:drsuapi RPC server - check for the "SPN" attribute != NULL | Matthias Dieter Wallnöfer | 1 | -0/+6 | |
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer | |||||
2011-03-01 | s4:dsdb - always handle the attribute "options" as 32bit unsigned integer | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as 64-bit integer. Reviewed by: Kamenim and Metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104 | |||||
2011-03-01 | s4:remove many invocations of "samdb_msg_add_string" | Matthias Dieter Wallnöfer | 1 | -4/+3 | |
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2011-02-15 | s4:drsuapi/getncchanges: make sure we don't process filteres objects more ↵ | Stefan Metzmacher | 1 | -3/+3 | |
than once metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104 | |||||
2010-11-29 | s4:dcesrv_drsuapi RPC server - remove unreachable statement | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-11-27 | s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64 | Matthias Dieter Wallnöfer | 6 | -10/+9 | |
2010-11-28 | s4-drs: allow DrsReplicaGetInfo as a DC | Andrew Tridgell | 1 | -1/+1 | |
2010-11-13 | s4-drs: fixed a crash in writspn | Andrew Tridgell | 1 | -2/+8 | |
sam_ctx_system may be NULL for non-privileged users Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104 | |||||
2010-11-09 | s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we ↵ | Stefan Metzmacher | 1 | -1/+0 | |
don't use it metze | |||||
2010-11-09 | s4:rpc_server/drsuapi: make msg_attrs static const | Stefan Metzmacher | 1 | -1/+3 | |
metze | |||||
2010-11-09 | s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use ↵ | Stefan Metzmacher | 1 | -5/+1 | |
DSDB_SECRET_ATTRIBUTES We should replicate all secret attributes back to other DCs. metze | |||||
2010-11-08 | s4:drsuapi RPC server - writespn.c - fix indentations | Matthias Dieter Wallnöfer | 1 | -15/+24 | |
2010-11-08 | s4-drs: allow bypass of writespn checking for some SPNs | Andrew Tridgell | 1 | -1/+111 | |
this allows accounts (and in particular RODCs) to make SPN updates on their own account if they take the form SERVICE/hostname we may be able to remove this in the future after some changes in our ACL checking for userPrincipalName Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104 | |||||
2010-11-05 | s4-drs: reduce the memory usage of the getncchanges server | Andrew Tridgell | 1 | -21/+69 | |
we now keep just a list of GUIDs around between getncchanges calls, instead of an entire db search. This makes the overhead of having a pending getncchanges call much smaller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-10-31 | idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID values | Kamen Mazdrashki | 2 | -14/+14 | |
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes. | |||||
2010-10-31 | s4:drsuapi RPC server - fix counter variables | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
2010-10-15 | s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵ | Matthias Dieter Wallnöfer | 2 | -2/+4 | |
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-10-12 | s4-libcli/security Use seperate subsystem for session related functions | Andrew Bartlett | 5 | -0/+5 | |
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett | |||||
2010-10-12 | libcli/security Add debug class to security_token_debug() et al | Andrew Bartlett | 2 | -3/+3 | |
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett | |||||
2010-10-10 | samdb: Add flags argument to samdb_connect(). | Jelmer Vernooij | 1 | -2/+2 | |
2010-10-03 | s4:dsdb - substitute the "show_deleted" with the "show_recycled" control | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-10-03 | s4:getncchanges.c - fix some counter types | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-09-30 | s4-drs: put the GCSPN flag into the repsTo if requested | Andrew Tridgell | 2 | -0/+8 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-30 | s4-drs: added support for level 10 of getncchanges | Andrew Tridgell | 2 | -73/+112 | |
added a simple mapping from req8 | |||||
2010-09-29 | s4-drs: implement PAS checks and access checks for getncchanges | Andrew Tridgell | 1 | -26/+130 | |
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-29 | s4-drs: added drs_security_access_check_nc_root() | Andrew Tridgell | 2 | -12/+63 | |
this checks securiity on the NC root of the specified naming context | |||||
2010-09-28 | s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ | Andrew Tridgell | 1 | -1/+32 | |
this extended getncchanges operation replicates a single object | |||||
2010-09-28 | s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges | Andrew Tridgell | 1 | -14/+16 | |
this allows for replication by GUID or SID | |||||
2010-09-28 | s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c | Andrew Tridgell | 1 | -44/+0 | |
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier | |||||
2010-09-28 | s4-drs: Added check for drs-manage-topology to updateRefs. | Nadezhda Ivanova | 1 | -7/+9 | |
2010-09-28 | s4-drs: Added drs_security_access_check function | Nadezhda Ivanova | 2 | -0/+64 | |
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted | |||||
2010-09-27 | s4-drs: make getncchanges debug less verbose | Andrew Tridgell | 1 | -1/+1 | |
quieten make test a little | |||||
2010-09-27 | s4-drs: fixed comment in getncchanges code | Andrew Tridgell | 1 | -1/+1 | |
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-drs: use the system sam_ctx for updaterefs | Andrew Tridgell | 1 | -8/+9 | |
this is needed for RODC clients calling updaterefs | |||||
2010-09-25 | s4-repl: make getncchanges a bit less verbose | Andrew Tridgell | 1 | -1/+1 | |
this should reduce some of the clutter in make test | |||||
2010-09-20 | s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test | Anatoliy Atanasov | 1 | -29/+26 | |
2010-09-16 | s4-drs: make debugging DsUpdateRefs a bit easier | Andrew Tridgell | 1 | -1/+8 | |