summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
AgeCommit message (Collapse)AuthorFilesLines
2009-10-06s4-drs: added some debug lines to DsAddEntry()Andrew Tridgell1-0/+3
2009-10-06s4-drs: take advantage of system session auth in dsbindAndrew Tridgell2-41/+21
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges
2009-10-06s4-drs: fixed error message for drs_security_level_checkAndrew Tridgell1-1/+3
2009-10-06s4-drs: open samdb with system credentials when authorisedAndrew Tridgell1-1/+14
When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls.
2009-09-28s4-drs: removed debug code that replicated a maximum of 10 objects at a timeAndrew Tridgell1-2/+1
2009-09-28s4-drsuapi: state variable for getncchangesAndrew Tridgell1-0/+1
2009-09-28s4-dsruapi: plugfest updatesAndrew Tridgell1-77/+144
- always fetch parentGUID from databases, don't rely on parentGUID in attributes - re-fetch nc root mesages to avoid the problem of dual messages for roots - support returning messages a chunk at a time, using max_object_count from request
2009-09-28s4-drsutil: allow NULL filterAndrew Tridgell1-5/+0
2009-09-24s4-drs: el may not be a talloc pointerAndrew Tridgell1-1/+1
Use msg->elements for the new element values
2009-09-24s4-drs: include deleted objects in getncchanges replyAndrew Tridgell1-1/+6
Even though we don't create deleted objects ourselves yet, we need to pass along deleted objects we receive from other replication partners
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in ↵Anatoliy Atanasov3-4/+46
getncchanges When this flag is specified in the request these attributes are treated as secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing, lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials, trustAuthIncoming, trustAuthOutgoing, unicodePwd Their value is changed to NULL and the meta_data.originating_change_time to 0
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchangesAnatoliy Atanasov1-1/+7
When this flag is specified in the request we should return for ncRoot only and so scope of search is LDB_SCOPE_BASE.
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchangesAnatoliy Atanasov1-0/+6
When this flag is specified in the request we shouldn't use the uptodateness vector in the request.
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchangesAnatoliy Atanasov3-10/+15
2009-09-23s4-drs: fill in more guids and SIDs, plus filter rDNAndrew Tridgell1-3/+48
In DsGetNCChanges we need to fill in the parentGUID and objectGUID of each object, plus we need to filter out the rDN from the meta data, and always send the instanceType
2009-09-23s4-drsserver: fixed addition of sort controlAndrew Tridgell1-5/+7
2009-09-22s4-drsserver: sort by DN to give tree orderAndrew Tridgell3-8/+29
This might help the windows client with ordered requests. Later we need to support the "ancestors" mode flag.
2009-09-22s4-ldb: added a bunch more debug for DC joinAndrew Tridgell1-0/+6
These additional debug messages were added to help us track down w2k8->s4 domain join
2009-09-19s4-drs: security checking on DRS needs to default to onAndrew Tridgell1-1/+2
2009-09-19s4-repl: need param.h for lp_parm_boolAndrew Tridgell1-0/+1
2009-09-19Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.Anatoliy Atanasov1-7/+1
2009-09-19Add drs_security_level_check for dcesrv calls security checksAnatoliy Atanasov6-20/+36
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-19more include minimisationAndrew Tridgell5-17/+0
2009-09-19s4-rpc_server: removed remaining unnecessary #includesAndrew Tridgell1-0/+2
2009-09-17idl: added DsExecuteKCC IDLAndrew Tridgell1-3/+3
2009-09-15s4-repl: take advantage of async RPC forwardingAndrew Tridgell1-21/+4
This uses async RPC forwarding for the DsReplicaSync call
2009-09-15s4-drs: lock down key DRS callsAndrew Tridgell4-22/+54
The key DRS calls should only be allowed by administrators or domain controllers
2009-09-15s4-drs: filter based on local_usnAndrew Tridgell1-1/+1
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData
2009-09-14s4-drs: allow replication of renamesAndrew Tridgell1-6/+7
a rename may have no attribute changes
2009-09-13s4-drs: fixed search expressionAndrew Tridgell1-1/+1
At least on the command line the braces are needed. Strange.
2009-09-12s4-drs: change debug levelAndrew Tridgell1-1/+1
It's useful seeing the object count without as much detail
2009-09-12s4-drs: also fill in tmp_highest_usnAndrew Tridgell1-0/+1
Without this the client will not update its repsFrom highest_usn values
2009-09-12s4-drs: return objects with uSN > highest_usnAndrew Tridgell1-2/+6
When the client tells us the highest_usn they have is N, then we want to send them objects with usn>N, not>=N, as otherwise we end up sending them the same object (the one with the highest uSN) again and again.
2009-09-12s4-drs: spelling fix, and simpler search expressionAndrew Tridgell1-2/+2
uSNChanged>=N is good enough, and offers a possibility of a simple optimisation where the partition module could look for that expression and check the partitions sequence number, then avoid searching a partition that doesn't have any records with a larger uSN.
2009-09-12s4-drs: fixed the cursor generation to always be filled inAndrew Tridgell1-102/+152
We were relying on the uSNChanged>=n search always finding the DN of the root of the partition, but this now doesn't happen very often as we are now restricting when we change uSNChanged. This means we need to always load the replUpToDateVector attribute from the NC root and use it to populate the cursors in the return.
2009-09-12s4-repl: use common functions to simplify updaterefs.cAndrew Tridgell1-108/+4
We now have dsdb_loadreps() and dsdb_savereps()
2009-09-12Fix up-to-dateness vector creation.Anatoliy Atanasov1-15/+76
2009-09-11s4-drs: fixed the ldap SPN in AddEntryAndrew Tridgell1-1/+1
2009-09-11s4-idl: added the IDL for the DsReplica* callsAndrew Tridgell1-9/+9
2009-09-11s4-drs: actually call the new drsuapi_add_SPNs() codeAndrew Tridgell1-2/+2
An early return here didn't do any good :-)
2009-09-11s4-drs: add the magic DRS SPNs on AddEntryAndrew Tridgell1-4/+120
When a DsAddEntry is used to create a nTDSDSA object we need to also create the SPNs for the NTDS GUID in the servers machine account.
2009-09-11s4/drs: parentGUID needs to be specififcally asked forAndrew Tridgell1-1/+2
Right now parentGUID is a normal attribute in s4, but it should be generated, which means we need to ask for it in a search if we want to use it.
2009-09-10s4/drs: enable attribute encryptionAndrew Tridgell1-6/+41
This means we now get passwords vampired correctly for s4<->s4 replication.
2009-09-10s4/drs: changed the UpdateRefs server to use the dn instead of the GUIDAndrew Tridgell1-27/+18
Our vampire code sends a zero GUID in the updaterefs calls. Windows seems to ignore the GUID and use the DN in the naming context instead, so I have changed our UpdateRefs server implementation to do the same. With this change we can now vampire from s4<->s4 successfully! Now to see if all the attributes came across correctly.
2009-09-10s4/drs: correctly fill in the GUID of DRS objectsAndrew Tridgell1-1/+1
2009-09-10s4: fix spellingAndrew Tridgell1-1/+1
2009-09-10s4/drs: when we don't find an attribute use zero valuesAndrew Tridgell1-19/+10
thanks to metze for pointing this out
2009-09-09s4:drs match the meta_data and attributes arrayAndrew Tridgell1-16/+46
These two arrays need to be in sync, as they are walked in sync by the client
2009-09-09s4/drs: broke out the core of the getncchanges codeAndrew Tridgell1-81/+96
It is easier to understand without the heavy nesting
2009-09-09s4:drs level_out is a pointerAndrew Tridgell1-1/+1
DsAddEntry now seems to work for simple tests
generated by cgit (git 2.34.1) at 2024-11-23 18:19:45 +0000