Age | Commit message (Collapse) | Author | Files | Lines |
|
directly
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 2 03:11:38 UTC 2010 on sn-devel-104
|
|
when we get a netlogon RODC DNS update, we send it to the dnsupdate
task
|
|
this is used by a RODC to do DNS updates, as TSIG updates are not
allowed by RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
here the new password change syntax
|
|
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
|
|
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional. Some elements may only make sense in Samba3, which I hope
will use this common structure.
Andrew Bartlett
|
|
As ekacnet pointed out on the mailing list we don't need to do a delete if we
(re)set the values afterwards - only if we don't set any new ones.
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
family in a better way
Obviously the last attempt wasn't enough. Now we do really only read the first
byte in the address buffer which on little endian transmission does always
contain the address family (MS-NRPC 2.2.1.2.4.1).
This should now be working platform-independently.
|
|
This should make it clearer by the use of the standardised "sa_family_t" type
and hopefully fixes the problems on platforms other than Linux (NetBSD in the
buildfarm for example).
|
|
See MS-NRPC 3.5.5.6.3.
|
|
|
|
Otherwise it obviously can never be set.
|
|
|
|
|
|
|
|
belong here
I'm not really sure if this check is really done on Windows Server. And if it
is done, then it's on the LDB level (module).
|
|
w2k8r2 returns the local DC information on no inputs for
getDcNameEx2. This is needed for starting dsa.msc (ADUC) on
Win7.
CDLAP on the same call returns an error. This uses a parameter
fill_on_blank_request to distinguish the two cases.
|
|
metze
|
|
client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)
|
|
with the client site information"
This reverts commit 908d982980846257b65ab576d31131e8793e9399.
I need to merge the improved version of this commit.
|
|
This reverts commit e88a54a87e185b44e2d216bd853e6a87bf950be6.
This isn't the correct behaviour. See MS-NRPC documentation under the
"GetAnyDCName" section.
|
|
We should respond when we are the PDC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When we aren't a DC we shouldn't have the netlogon pipe available.
[MS-NRPC 1.3] says that we can only have DCs on the server side.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Does for now only return DC's primary site.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
MS-NRPC docs
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
documentation
This implementation checks if the domainname is valid for us or a trusted domain.
Then I've also added the PDC location functionality. That means that we should
return "WERR_NO_SUCH_DOMAIN" (MS-NRPC 3.5.5.2.5).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
metze
|
|
These are needed for dcpromo from w2k8r2
|
|
short domainname discovery
Here we don't need to use "lp_sam_name" since in this function we are always a
DC.
|
|
|
|
On the base of the "fill_netlogon_samlogon_response" call.
This removes duplicated code.
|
|
|
|
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
|
|
attribute
According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the
forest one.
|
|
Purely cosmetic change.
|
|
|
|
We were missing the SIDs that are not in the domain.
|
|
|
|
Windows 2008
Add more security checks and other corrections to imitate Windows Server >= 2008.
|
|
This was causing marshalling faults when we returned errors.
|
|
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
|
|
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)
This is the same change applied to s3
|
|
Simo, I'm not really sure that those checks are valid. I read MS-NRPC section
3.5.4.1 about LOGONSRV_HANDLEs ("server_name" is of this type). There isn't
stated that the server name has necessarily to be in the DNS form and should
also be valid when it's NULL (if DCE server and client are the same - I don't
know if me make use of it in s4).
|
|
start implementing calls related to trusted domain information
|
|
|
|
Actually return trust relationships by searching the appropriate
entries in the SAM database.
Add checks and return the correct flags, type and attributes.
|