summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
AgeCommit message (Collapse)AuthorFilesLines
2011-05-11s4/getncchanges: Move the code that collects objects into separate functionKamen Mazdrashki1-41/+67
2011-05-11s4/getncchanges: Don't mask Extended operation result - callers need itKamen Mazdrashki1-1/+0
2011-05-11s4/getncchanges: Fail extended request rather than failing whole requestKamen Mazdrashki1-1/+3
in case that destination_dsa_guid is not valid
2011-03-19source4/rpc_server: Fix prototypes for all functions.Jelmer Vernooij1-0/+1
2011-03-04s4:dsdb - we don't need to check if a DN != NULL if we call "ldb_dn_validate"Matthias Dieter Wallnöfer1-4/+2
"ldb_dn_validate" is NULL-safe and does the check implicitly. Reviewed by: Tridge
2011-03-01s4:drsuapi RPC server - this resembles more "samdb_is_gc"Matthias Dieter Wallnöfer1-1/+1
Reviewed by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 17:57:47 CET 2011 on sn-devel-104
2011-03-01s4:drsuapi RPC server - check for the "SPN" attribute != NULLMatthias Dieter Wallnöfer1-0/+6
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer
2011-03-01s4:dsdb - always handle the attribute "options" as 32bit unsigned integerMatthias Dieter Wallnöfer1-1/+1
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as 64-bit integer. Reviewed by: Kamenim and Metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
2011-03-01s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer1-4/+3
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-15s4:drsuapi/getncchanges: make sure we don't process filteres objects more ↵Stefan Metzmacher1-3/+3
than once metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104
2010-11-29s4:dcesrv_drsuapi RPC server - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0
2010-11-27s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64Matthias Dieter Wallnöfer6-10/+9
2010-11-28s4-drs: allow DrsReplicaGetInfo as a DCAndrew Tridgell1-1/+1
2010-11-13s4-drs: fixed a crash in writspnAndrew Tridgell1-2/+8
sam_ctx_system may be NULL for non-privileged users Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
2010-11-09s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we ↵Stefan Metzmacher1-1/+0
don't use it metze
2010-11-09s4:rpc_server/drsuapi: make msg_attrs static constStefan Metzmacher1-1/+3
metze
2010-11-09s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use ↵Stefan Metzmacher1-5/+1
DSDB_SECRET_ATTRIBUTES We should replicate all secret attributes back to other DCs. metze
2010-11-08s4:drsuapi RPC server - writespn.c - fix indentationsMatthias Dieter Wallnöfer1-15/+24
2010-11-08s4-drs: allow bypass of writespn checking for some SPNsAndrew Tridgell1-1/+111
this allows accounts (and in particular RODCs) to make SPN updates on their own account if they take the form SERVICE/hostname we may be able to remove this in the future after some changes in our ACL checking for userPrincipalName Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
2010-11-05s4-drs: reduce the memory usage of the getncchanges serverAndrew Tridgell1-21/+69
we now keep just a list of GUIDs around between getncchanges calls, instead of an entire db search. This makes the overhead of having a pending getncchanges call much smaller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-31idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID valuesKamen Mazdrashki2-14/+14
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-31s4:drsuapi RPC server - fix counter variablesMatthias Dieter Wallnöfer1-3/+6
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer2-2/+4
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett5-0/+5
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett2-3/+3
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-2/+2
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-1/+1
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:getncchanges.c - fix some counter typesMatthias Dieter Wallnöfer1-3/+3
2010-09-30s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell2-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-drs: added support for level 10 of getncchangesAndrew Tridgell2-73/+112
added a simple mapping from req8
2010-09-29s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell1-26/+130
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2-12/+63
this checks securiity on the NC root of the specified naming context
2010-09-28s4-drs: added support for DRSUAPI_EXOP_REPL_OBJAndrew Tridgell1-1/+32
this extended getncchanges operation replicates a single object
2010-09-28s4-drs: use drs_ObjectIdentifier_*() calls in getncchangesAndrew Tridgell1-14/+16
this allows for replication by GUID or SID
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-44/+0
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-drs: Added check for drs-manage-topology to updateRefs.Nadezhda Ivanova1-7/+9
2010-09-28s4-drs: Added drs_security_access_check functionNadezhda Ivanova2-0/+64
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
2010-09-27s4-drs: make getncchanges debug less verboseAndrew Tridgell1-1/+1
quieten make test a little
2010-09-27s4-drs: fixed comment in getncchanges codeAndrew Tridgell1-1/+1
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
2010-09-26s4-drs: use the system sam_ctx for updaterefsAndrew Tridgell1-8/+9
this is needed for RODC clients calling updaterefs
2010-09-25s4-repl: make getncchanges a bit less verboseAndrew Tridgell1-1/+1
this should reduce some of the clutter in make test
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov1-29/+26
2010-09-16s4-drs: make debugging DsUpdateRefs a bit easierAndrew Tridgell1-1/+8
2010-09-16s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} callsAndrew Tridgell1-3/+42
2010-09-16s4-drs: removed a debug print in repl secretAndrew Tridgell1-1/+0
2010-09-16s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm()Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-drs: Wait DsReplicaSync for as long as it takes to completeKamen Mazdrashki1-2/+19
In case the caller wants sync execution, we should not cancel the call for internal timeout reason, but rather wait for its execution
2010-09-16s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() callKamen Mazdrashki1-3/+7
It is to be used when caller wants to explicitly specify the timeout for the call
2010-09-15s4/fsmo: Remove empty new linesAnatoliy Atanasov1-6/+0
2010-09-10s4:getncchanges_change_master - also in this call "i" needs to be unsignedMatthias Dieter Wallnöfer1-1/+2