summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
AgeCommit message (Collapse)AuthorFilesLines
2011-03-04s4:dsdb - we don't need to check if a DN != NULL if we call "ldb_dn_validate"Matthias Dieter Wallnöfer1-4/+2
"ldb_dn_validate" is NULL-safe and does the check implicitly. Reviewed by: Tridge
2011-03-01s4:drsuapi RPC server - this resembles more "samdb_is_gc"Matthias Dieter Wallnöfer1-1/+1
Reviewed by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 17:57:47 CET 2011 on sn-devel-104
2011-03-01s4:drsuapi RPC server - check for the "SPN" attribute != NULLMatthias Dieter Wallnöfer1-0/+6
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer
2011-03-01s4:dsdb - always handle the attribute "options" as 32bit unsigned integerMatthias Dieter Wallnöfer1-1/+1
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as 64-bit integer. Reviewed by: Kamenim and Metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
2011-03-01s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer1-4/+3
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-15s4:drsuapi/getncchanges: make sure we don't process filteres objects more ↵Stefan Metzmacher1-3/+3
than once metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104
2010-11-29s4:dcesrv_drsuapi RPC server - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0
2010-11-27s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64Matthias Dieter Wallnöfer6-10/+9
2010-11-28s4-drs: allow DrsReplicaGetInfo as a DCAndrew Tridgell1-1/+1
2010-11-13s4-drs: fixed a crash in writspnAndrew Tridgell1-2/+8
sam_ctx_system may be NULL for non-privileged users Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
2010-11-09s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we ↵Stefan Metzmacher1-1/+0
don't use it metze
2010-11-09s4:rpc_server/drsuapi: make msg_attrs static constStefan Metzmacher1-1/+3
metze
2010-11-09s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use ↵Stefan Metzmacher1-5/+1
DSDB_SECRET_ATTRIBUTES We should replicate all secret attributes back to other DCs. metze
2010-11-08s4:drsuapi RPC server - writespn.c - fix indentationsMatthias Dieter Wallnöfer1-15/+24
2010-11-08s4-drs: allow bypass of writespn checking for some SPNsAndrew Tridgell1-1/+111
this allows accounts (and in particular RODCs) to make SPN updates on their own account if they take the form SERVICE/hostname we may be able to remove this in the future after some changes in our ACL checking for userPrincipalName Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
2010-11-05s4-drs: reduce the memory usage of the getncchanges serverAndrew Tridgell1-21/+69
we now keep just a list of GUIDs around between getncchanges calls, instead of an entire db search. This makes the overhead of having a pending getncchanges call much smaller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-31idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID valuesKamen Mazdrashki2-14/+14
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-31s4:drsuapi RPC server - fix counter variablesMatthias Dieter Wallnöfer1-3/+6
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer2-2/+4
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett5-0/+5
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett2-3/+3
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-2/+2
2010-10-03s4:dsdb - substitute the "show_deleted" with the "show_recycled" controlMatthias Dieter Wallnöfer1-1/+1
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4:getncchanges.c - fix some counter typesMatthias Dieter Wallnöfer1-3/+3
2010-09-30s4-drs: put the GCSPN flag into the repsTo if requestedAndrew Tridgell2-0/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-drs: added support for level 10 of getncchangesAndrew Tridgell2-73/+112
added a simple mapping from req8
2010-09-29s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell1-26/+130
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2-12/+63
this checks securiity on the NC root of the specified naming context
2010-09-28s4-drs: added support for DRSUAPI_EXOP_REPL_OBJAndrew Tridgell1-1/+32
this extended getncchanges operation replicates a single object
2010-09-28s4-drs: use drs_ObjectIdentifier_*() calls in getncchangesAndrew Tridgell1-14/+16
this allows for replication by GUID or SID
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-44/+0
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-drs: Added check for drs-manage-topology to updateRefs.Nadezhda Ivanova1-7/+9
2010-09-28s4-drs: Added drs_security_access_check functionNadezhda Ivanova2-0/+64
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
2010-09-27s4-drs: make getncchanges debug less verboseAndrew Tridgell1-1/+1
quieten make test a little
2010-09-27s4-drs: fixed comment in getncchanges codeAndrew Tridgell1-1/+1
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
2010-09-26s4-drs: use the system sam_ctx for updaterefsAndrew Tridgell1-8/+9
this is needed for RODC clients calling updaterefs
2010-09-25s4-repl: make getncchanges a bit less verboseAndrew Tridgell1-1/+1
this should reduce some of the clutter in make test
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov1-29/+26
2010-09-16s4-drs: make debugging DsUpdateRefs a bit easierAndrew Tridgell1-1/+8
2010-09-16s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} callsAndrew Tridgell1-3/+42
2010-09-16s4-drs: removed a debug print in repl secretAndrew Tridgell1-1/+0
2010-09-16s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm()Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-drs: Wait DsReplicaSync for as long as it takes to completeKamen Mazdrashki1-2/+19
In case the caller wants sync execution, we should not cancel the call for internal timeout reason, but rather wait for its execution
2010-09-16s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() callKamen Mazdrashki1-3/+7
It is to be used when caller wants to explicitly specify the timeout for the call
2010-09-15s4/fsmo: Remove empty new linesAnatoliy Atanasov1-6/+0
2010-09-10s4:getncchanges_change_master - also in this call "i" needs to be unsignedMatthias Dieter Wallnöfer1-1/+2
2010-09-10s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_retKamen Mazdrashki1-0/+1
in case we are handling extended operation. It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit more picky on this.
2010-09-10s4-drs: Hanlde extended operations only onceKamen Mazdrashki1-40/+45
Most of extended operations I know of work like: 1. do extended operation 2. collect a set of objects to return and start replication cycle 3. continue returning object as we have no more to give This way we ensure we are doing 1. only once
2010-09-10s4-rpc: Added handling of fsmo role transfer to GetNCChangesNadezhda Ivanova1-0/+108
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE and DRSUAPI_EXOP_FSMO_REQ_PDC. Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-07s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs callKamen Mazdrashki1-6/+10