summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-1/+1
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r25940: Rework the samldb and templates handling.Andrew Bartlett1-6/+10
Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-4/+4
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r24246: Avoid the annoying 'probable memory leak in ldb' messages, by fixingAndrew Bartlett1-3/+3
some issues in the NBT server (this was a false positive, but easily worked around) and DRSUAPI server. We should take care not to use the ldb_context as a talloc pool, and to always ensure that any results from ldb_search() are moved off that pool with talloc_steal or talloc_free(). To work around the issue in provision, for which I can find no fault (other than a lot of work being done in provision), I've moved the detector trigger to 400 additional blocks. This fixes Bug #4810 by <mwallnoefer@yahoo.de> Andrew Bartlett (This used to be commit 42bcf856203ae3cf43130519904828a143ac8d18)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell2-6/+4
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23239: Fill in drsuapi_QuerySitesByCost.Günther Deschner1-3/+3
Guenther (This used to be commit cf953d04813d193da5e9714ceebb7826dc7e4d0b)
2007-10-10r22477: When an invaild base is specified to ldb_search, it should returnAndrew Bartlett1-20/+27
LDB_ERR_NO_SUCH_OBJECT. Handle this (found against LDAP, ldb_tdb is being updated). Andrew Bartlett (This used to be commit 93e2ff2e85c57a192aadac96ce09a678d464e8ad)
2007-10-10r21512: finish DsBind() in the DRSUAPI server:Stefan Metzmacher2-14/+140
- fill in our on bind_info struct correctly - remember the local and remote DsBindInfo28 struct - remember the remote bind_buid w2k3 now tries replicate using DsGetNCChanges() from us, after the NET-API-BECOME-DC test created the domain controller and replicated all data. (But we still give a DCERPC fault in DsGetNCChanges()...) metze (This used to be commit 33550c063d4e206fce63fdd99dc93a56995db580)
2007-10-10r21356: we have a function to get the sites dnStefan Metzmacher1-5/+1
also it's not always under the domain dn metze (This used to be commit b8c940f1e2bbd65ed5d2f4279434dd526456ad8b)
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij1-27/+27
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r20514: implement idl for DsGetNT4ChangeLog() which transferres the meta dataStefan Metzmacher1-3/+3
for NT4 DC's in mixed mode domains. This call is triggered by tranferring the PDC FSMO Role to another DC the real meta data is encoded in the user buffer which is just a DATA_BLOB in idl metze (This used to be commit d883815c8d64429e4dac26a93a15e67d31dc263e)
2007-10-10r20374: It's still 2006 (just...). Add copyright.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 21b38ae1e4c48dab4b89f234f4dc26a3aed401c3)
2007-10-10r20353: Restructure the DRSUAPI DsGetDomainControllerInfo test, because asAndrew Bartlett1-28/+2
usual things are more complex than they appear. Also remove the incorrect server-side implementation, which blindly assumed some sense of consistancy across the API switch levels. Andrew Bartlett (This used to be commit 79941adbff843f5027dacd31b972deca4a1557ec)
2007-10-10r20315: Implement the server side of DsGetDomainControllerInfo. This is aAndrew Bartlett1-1/+273
supprisingly complex call... It turns out that the in/out parameter 'level' is not in/out, but set seperatly by the server-side code from r->req.req1.level. This commit also breaks out some common code from samldb into samdb. Andrew Bartlett (This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
2007-10-10r19847: add idl for DsRemoveDSServer(), this is used when a server unbecomes ↵Stefan Metzmacher1-3/+3
a DC metze (This used to be commit df133cd22a350d422c49844e50a67f4cc1fb61e4)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-1/+1
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-2/+2
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19761: This may need work, but here is an initial implementation ofAndrew Bartlett1-1/+64
DsWriteAccountSpn(). It passes the client toture test. Andrew Bartlett (This used to be commit a1e80eeb9561a856ac5aa1f5a991dcd648b152ff)
2007-10-10r16796: Fill in dsr_GetMemberships() / dsr_GetMemberships2().Günther Deschner1-8/+6
This intersting call is apparently used to construct the user token, collect memberships from other DSAs and to retrieve (nested) memberships of a given group. Torture test to follow (once I cleaned it up). Guenther (This used to be commit ca5e133e8c6fca188fcaa834cdcd4cb2cd801d79)
2007-10-10r15319: remove unneeded macrosStefan Metzmacher1-4/+4
metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.Andrew Bartlett2-833/+50
I'm sure this will not be the final resting place, but it will do for now. Use the cracknames code in auth/ for creating a server_info given a principal name only (should avoid assumtions about spliting a user@realm principal). Andrew Bartlett (This used to be commit c9d5d8e45dd7b7c99b6cf35b087bc18012f31222)
2007-10-10r11239: Use ${REALM} for the realm in rootdse.ldifAndrew Bartlett1-0/+60
Add the kpasswd server to our KDC, implementing the 'original' and Microsoft versions of the protocol. This works with the Heimdal kpasswd client, but not with MIT, I think due to ordering issues. It may not be worth the pain to have this code go via GENSEC, as it is very, very tied to krb5. This gets us one step closer to joins from Apple, Samba3 and other similar implementations. Andrew Bartlett (This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb)
2007-10-10r11223: Only pass around the ldb handle (make this code easier to seperateAndrew Bartlett1-21/+21
into a general lib). Andrew Bartlett (This used to be commit e3abbfca4ae3c06f34774edab5ed38ebd5ebc097)
2007-10-10r11194: Use the special ldb attribute "canonicalName" (therefore testing thatAndrew Bartlett1-11/+20
codepath) in DRSUAPI CrackNames. Fix the NT4 account return value. Andrew Bartlett (This used to be commit 2513c02c64b489ebf167e33fdb4ac51ce8783c04)
2007-10-10r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.cAndrew Bartlett1-35/+119
Use this new function in the client and server for the CrackNames case, where we particularly need it. Andrew Bartlett (This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-1/+1
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10811: Revert accidental commit, I still need to finish the displayName andAndrew Bartlett1-55/+0
syntatical mapping work. Andrew Bartlett (This used to be commit 7ec5084f63148d748b6bc87d6817363b079eebe1)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett2-1/+57
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10286: This patch is ugly and disgusting, but for now it works better than ↵Andrew Bartlett1-1/+1
the other ideas I have had. When I get a full list of things I want to do to a krb5_context I'll either add gsskrb5_ wrappers, or a way of speicfying the krb5 context per gssapi context. (I want to ensure that the only krb5_context variables created while executing Samba4 are via our wrapper). Andrew Bartlett (This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)
2007-10-10r10045: metze reminded me to use the correct enum entry, rather than 0 for theAndrew Bartlett1-1/+1
return here. Andrew Bartlett (This used to be commit 73bd6c75343808952d97e32be9f624aba11c78d1)
2007-10-10r9980: Fix some warnings.Tim Potter1-3/+2
(This used to be commit 716011dd92d65caacb31ae399b580defa4e6fb2d)
2007-10-10r9942: CN=Configuration is always under the database-wide base dn, so don'tAndrew Bartlett1-5/+2
try and pass it down as a parameter. Andrew Bartlett (This used to be commit 530d91de7ca4d3763326bc9f5b0e79e77b823778)
2007-10-10r9941: Update the CrackNames test, and provide a much improved server-sideAndrew Bartlett1-119/+515
DRSUAPI CrackNames. We can't pass the full cracknames test until the initial provision is updated, the seperate DomainControllerInfo and canonical names support is added. Andrew Bartlett (This used to be commit ed24d88f0e8c6371acf6638a1c5f2112bc0bf285)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-3/+3
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r8998: More work on the RPC server code to avoid abusing the name attributeAndrew Bartlett1-8/+9
as a netbios name. Andrew Bartlett (This used to be commit 242db48b98a04eed46bb35946dcd68b579bffe00)
2007-10-10r8984: Use the correct cross-reference search in DRSUAPI, rather than makingAndrew Bartlett1-9/+10
assumptions about the behaviour of "name" as a NETBIOS domain name. Andrew Bartlett (This used to be commit ba5fe07b97a99c34256f849dfbdd9a307a7d238d)
2007-10-10r8371: the objectGUID is now stored in binary...Stefan Metzmacher1-5/+4
metze (This used to be commit b920b306b3813ba4a220249dbd7e443605074c9b)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-2/+2
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5742: - add torture test and idl for DsReplicaUpdateRefs()Stefan Metzmacher1-9/+9
(the torture test currently only tests if the idl is correct) - add start for idl for DsGetNCChanges() (if someone didn't noticed the current ethereal trunk code can successful decrypt DCERPC and LDAP gsskrb5 encrypted blobs, when you provide a keytab and have compiled against heimdal :-) - add a view bitmaps and enum's for better debugging metze (This used to be commit cf7c1352ab2857b80256e02f70ab3fbd5177d596)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+1
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell2-4/+4
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4640: first stage in the server side support for multiple context_ids on ↵Andrew Tridgell1-16/+4
one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2007-10-10r4203: the bind_info blob isn't a const.Stefan Metzmacher1-9/+14
here's the idl to parse it, because we don't want the callers to manually de/encode this metze (This used to be commit 983f74c3651759991378b0d7b13b0952d77b3544)
2007-10-10r4087: - add idl and torture tests for drsuapi_DsReplicaGetInfo()Stefan Metzmacher1-3/+3
(NOTE: that the drsuapi_DsReplicaObjMetaData2 struct is not corrently parsed yet and there're some unknown fields left in someother infotypes) metze (This used to be commit 4fd57d5e7cff085a8c003ea82f282e26dc1346d9)
2007-10-10r3999: - reply with the same DsBindInfo blob as w2k3 in the server functionStefan Metzmacher1-4/+17
- add idl for drsuapi_DsReplicaSync() not yet complete - just return WERR_OK for the drsuapi_DsReplicaSync() server function metze (This used to be commit e896925ac0b58bd48b5b9cc2d675682409d09ae1)
2007-10-10r3920: - it seem that we need to send a magic bind_guid in DsBind()Stefan Metzmacher1-3/+3
to make DsWriteAccountSpn() work - add idl and torture test for DsWriteAccountSpn() metze (This used to be commit 625826ad9050c68407ae5e8abfee13699986303c)
2007-10-10r3789: - fix error handlingStefan Metzmacher2-21/+41
- formating changes metze (This used to be commit 7bb3e3751b1193cd16e6ff8aa468b36c823c1cd5)
2007-10-10r3784: do a samdb lookup for the DsCrackNames serverStefan Metzmacher3-16/+154
metze (This used to be commit a2776eca83117131f8316ca222a2f385ffa5d7d5)