Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-03-04 | s4:dsdb - we don't need to check if a DN != NULL if we call "ldb_dn_validate" | Matthias Dieter Wallnöfer | 1 | -4/+2 | |
"ldb_dn_validate" is NULL-safe and does the check implicitly. Reviewed by: Tridge | |||||
2011-03-01 | s4:drsuapi RPC server - this resembles more "samdb_is_gc" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Reviewed by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 17:57:47 CET 2011 on sn-devel-104 | |||||
2011-03-01 | s4:drsuapi RPC server - check for the "SPN" attribute != NULL | Matthias Dieter Wallnöfer | 1 | -0/+6 | |
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer | |||||
2011-03-01 | s4:dsdb - always handle the attribute "options" as 32bit unsigned integer | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as 64-bit integer. Reviewed by: Kamenim and Metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104 | |||||
2011-03-01 | s4:remove many invocations of "samdb_msg_add_string" | Matthias Dieter Wallnöfer | 1 | -4/+3 | |
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2011-02-15 | s4:drsuapi/getncchanges: make sure we don't process filteres objects more ↵ | Stefan Metzmacher | 1 | -3/+3 | |
than once metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104 | |||||
2010-11-29 | s4:dcesrv_drsuapi RPC server - remove unreachable statement | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-11-27 | s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64 | Matthias Dieter Wallnöfer | 6 | -10/+9 | |
2010-11-28 | s4-drs: allow DrsReplicaGetInfo as a DC | Andrew Tridgell | 1 | -1/+1 | |
2010-11-13 | s4-drs: fixed a crash in writspn | Andrew Tridgell | 1 | -2/+8 | |
sam_ctx_system may be NULL for non-privileged users Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104 | |||||
2010-11-09 | s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we ↵ | Stefan Metzmacher | 1 | -1/+0 | |
don't use it metze | |||||
2010-11-09 | s4:rpc_server/drsuapi: make msg_attrs static const | Stefan Metzmacher | 1 | -1/+3 | |
metze | |||||
2010-11-09 | s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use ↵ | Stefan Metzmacher | 1 | -5/+1 | |
DSDB_SECRET_ATTRIBUTES We should replicate all secret attributes back to other DCs. metze | |||||
2010-11-08 | s4:drsuapi RPC server - writespn.c - fix indentations | Matthias Dieter Wallnöfer | 1 | -15/+24 | |
2010-11-08 | s4-drs: allow bypass of writespn checking for some SPNs | Andrew Tridgell | 1 | -1/+111 | |
this allows accounts (and in particular RODCs) to make SPN updates on their own account if they take the form SERVICE/hostname we may be able to remove this in the future after some changes in our ACL checking for userPrincipalName Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104 | |||||
2010-11-05 | s4-drs: reduce the memory usage of the getncchanges server | Andrew Tridgell | 1 | -21/+69 | |
we now keep just a list of GUIDs around between getncchanges calls, instead of an entire db search. This makes the overhead of having a pending getncchanges call much smaller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-10-31 | idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID values | Kamen Mazdrashki | 2 | -14/+14 | |
Those values are actually ATTID values and such, they are used for ATTIDs for Attributes, Classes and Syntaxes. | |||||
2010-10-31 | s4:drsuapi RPC server - fix counter variables | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
2010-10-15 | s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵ | Matthias Dieter Wallnöfer | 2 | -2/+4 | |
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-10-12 | s4-libcli/security Use seperate subsystem for session related functions | Andrew Bartlett | 5 | -0/+5 | |
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett | |||||
2010-10-12 | libcli/security Add debug class to security_token_debug() et al | Andrew Bartlett | 2 | -3/+3 | |
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett | |||||
2010-10-10 | samdb: Add flags argument to samdb_connect(). | Jelmer Vernooij | 1 | -2/+2 | |
2010-10-03 | s4:dsdb - substitute the "show_deleted" with the "show_recycled" control | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
We intend to see always all objects with the "show_deleted" control specified. To see also recycled objects (beginning with 2008_R2 function level) we need to use the new "show_recycled" control. As far as I see this is only internal code and therefore we don't run into problems if we do substitute it. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-10-03 | s4:getncchanges.c - fix some counter types | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-09-30 | s4-drs: put the GCSPN flag into the repsTo if requested | Andrew Tridgell | 2 | -0/+8 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-30 | s4-drs: added support for level 10 of getncchanges | Andrew Tridgell | 2 | -73/+112 | |
added a simple mapping from req8 | |||||
2010-09-29 | s4-drs: implement PAS checks and access checks for getncchanges | Andrew Tridgell | 1 | -26/+130 | |
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-29 | s4-drs: added drs_security_access_check_nc_root() | Andrew Tridgell | 2 | -12/+63 | |
this checks securiity on the NC root of the specified naming context | |||||
2010-09-28 | s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ | Andrew Tridgell | 1 | -1/+32 | |
this extended getncchanges operation replicates a single object | |||||
2010-09-28 | s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges | Andrew Tridgell | 1 | -14/+16 | |
this allows for replication by GUID or SID | |||||
2010-09-28 | s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c | Andrew Tridgell | 1 | -44/+0 | |
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier | |||||
2010-09-28 | s4-drs: Added check for drs-manage-topology to updateRefs. | Nadezhda Ivanova | 1 | -7/+9 | |
2010-09-28 | s4-drs: Added drs_security_access_check function | Nadezhda Ivanova | 2 | -0/+64 | |
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted | |||||
2010-09-27 | s4-drs: make getncchanges debug less verbose | Andrew Tridgell | 1 | -1/+1 | |
quieten make test a little | |||||
2010-09-27 | s4-drs: fixed comment in getncchanges code | Andrew Tridgell | 1 | -1/+1 | |
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-drs: use the system sam_ctx for updaterefs | Andrew Tridgell | 1 | -8/+9 | |
this is needed for RODC clients calling updaterefs | |||||
2010-09-25 | s4-repl: make getncchanges a bit less verbose | Andrew Tridgell | 1 | -1/+1 | |
this should reduce some of the clutter in make test | |||||
2010-09-20 | s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test | Anatoliy Atanasov | 1 | -29/+26 | |
2010-09-16 | s4-drs: make debugging DsUpdateRefs a bit easier | Andrew Tridgell | 1 | -1/+8 | |
2010-09-16 | s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls | Andrew Tridgell | 1 | -3/+42 | |
2010-09-16 | s4-drs: removed a debug print in repl secret | Andrew Tridgell | 1 | -1/+0 | |
2010-09-16 | s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm() | Andrew Tridgell | 1 | -1/+1 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-16 | s4-drs: Wait DsReplicaSync for as long as it takes to complete | Kamen Mazdrashki | 1 | -2/+19 | |
In case the caller wants sync execution, we should not cancel the call for internal timeout reason, but rather wait for its execution | |||||
2010-09-16 | s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() call | Kamen Mazdrashki | 1 | -3/+7 | |
It is to be used when caller wants to explicitly specify the timeout for the call | |||||
2010-09-15 | s4/fsmo: Remove empty new lines | Anatoliy Atanasov | 1 | -6/+0 | |
2010-09-10 | s4:getncchanges_change_master - also in this call "i" needs to be unsigned | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-09-10 | s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_ret | Kamen Mazdrashki | 1 | -0/+1 | |
in case we are handling extended operation. It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit more picky on this. | |||||
2010-09-10 | s4-drs: Hanlde extended operations only once | Kamen Mazdrashki | 1 | -40/+45 | |
Most of extended operations I know of work like: 1. do extended operation 2. collect a set of objects to return and start replication cycle 3. continue returning object as we have no more to give This way we ensure we are doing 1. only once | |||||
2010-09-10 | s4-rpc: Added handling of fsmo role transfer to GetNCChanges | Nadezhda Ivanova | 1 | -0/+108 | |
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE and DRSUAPI_EXOP_FSMO_REQ_PDC. Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-07 | s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs call | Kamen Mazdrashki | 1 | -6/+10 | |