Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-10-12 | s4-drs: make DsBind a bit less verbose | Andrew Tridgell | 1 | -1/+1 | |
2009-10-08 | s3/s4 - Adapt the IDL changes on various locations | Matthias Dieter Wallnöfer | 1 | -19/+20 | |
2009-10-06 | s4-drs: added some debug lines to DsAddEntry() | Andrew Tridgell | 1 | -0/+3 | |
2009-10-06 | s4-drs: take advantage of system session auth in dsbind | Andrew Tridgell | 2 | -41/+21 | |
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges | |||||
2009-10-06 | s4-drs: fixed error message for drs_security_level_check | Andrew Tridgell | 1 | -1/+3 | |
2009-10-06 | s4-drs: open samdb with system credentials when authorised | Andrew Tridgell | 1 | -1/+14 | |
When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls. | |||||
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2009-10-02 | s4/srvsvc: deactivate a "ntvfs_connect" with a wrong parameter | Matthias Dieter Wallnöfer | 1 | -1/+3 | |
In the srvsvc code for s4 (NTVFS module) there exists a call to "ntvfs_connect" which is performed with a totally wrong argument. Since I'm not able to fix this, I commented it out and added a "FIXME" comment. | |||||
2009-10-02 | s4-samr: fake up a samr_ValidatePassword response | Andrew Tridgell | 1 | -1/+5 | |
mdw is working on the correct call to check the password strength | |||||
2009-10-02 | ds-flags: use the new name DS_DNS_FOREST_ROOT | Andrew Tridgell | 1 | -1/+1 | |
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer what this bit means (according to MS-ADTS doc) | |||||
2009-09-28 | s4-drs: removed debug code that replicated a maximum of 10 objects at a time | Andrew Tridgell | 1 | -2/+1 | |
2009-09-28 | s4-drsuapi: state variable for getncchanges | Andrew Tridgell | 1 | -0/+1 | |
2009-09-28 | s4-dsruapi: plugfest updates | Andrew Tridgell | 1 | -77/+144 | |
- always fetch parentGUID from databases, don't rely on parentGUID in attributes - re-fetch nc root mesages to avoid the problem of dual messages for roots - support returning messages a chunk at a time, using max_object_count from request | |||||
2009-09-28 | s4-drsutil: allow NULL filter | Andrew Tridgell | 1 | -5/+0 | |
2009-09-27 | rpc_server: Fix warnings. | Jelmer Vernooij | 1 | -0/+2 | |
2009-09-24 | s4-drs: el may not be a talloc pointer | Andrew Tridgell | 1 | -1/+1 | |
Use msg->elements for the new element values | |||||
2009-09-24 | s4-drs: include deleted objects in getncchanges reply | Andrew Tridgell | 1 | -1/+6 | |
Even though we don't create deleted objects ourselves yet, we need to pass along deleted objects we receive from other replication partners | |||||
2009-09-23 | s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in ↵ | Anatoliy Atanasov | 3 | -4/+46 | |
getncchanges When this flag is specified in the request these attributes are treated as secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing, lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials, trustAuthIncoming, trustAuthOutgoing, unicodePwd Their value is changed to NULL and the meta_data.originating_change_time to 0 | |||||
2009-09-23 | s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchanges | Anatoliy Atanasov | 1 | -1/+7 | |
When this flag is specified in the request we should return for ncRoot only and so scope of search is LDB_SCOPE_BASE. | |||||
2009-09-23 | s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchanges | Anatoliy Atanasov | 1 | -0/+6 | |
When this flag is specified in the request we shouldn't use the uptodateness vector in the request. | |||||
2009-09-23 | s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchanges | Anatoliy Atanasov | 3 | -10/+15 | |
2009-09-23 | s4-drs: fill in more guids and SIDs, plus filter rDN | Andrew Tridgell | 1 | -3/+48 | |
In DsGetNCChanges we need to fill in the parentGUID and objectGUID of each object, plus we need to filter out the rDN from the meta data, and always send the instanceType | |||||
2009-09-23 | s4-drsserver: fixed addition of sort control | Andrew Tridgell | 1 | -5/+7 | |
2009-09-23 | s4-netlogon: always set the dNSHostName in GetDomainInfo | Andrew Tridgell | 1 | -3/+7 | |
This seems to be what w2k8 does | |||||
2009-09-23 | s4-netlogon: make GetDomainInfo response match w2k8 | Andrew Tridgell | 1 | -13/+21 | |
2009-09-22 | s4-drsserver: sort by DN to give tree order | Andrew Tridgell | 3 | -8/+29 | |
This might help the windows client with ordered requests. Later we need to support the "ancestors" mode flag. | |||||
2009-09-22 | s4-ldb: added a bunch more debug for DC join | Andrew Tridgell | 1 | -0/+6 | |
These additional debug messages were added to help us track down w2k8->s4 domain join | |||||
2009-09-22 | s4-rpcserver: added support for shared handles | Andrew Tridgell | 3 | -6/+49 | |
This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on. | |||||
2009-09-22 | s4-lsa: added support for QuerySecurity on LSA | Andrew Tridgell | 1 | -2/+85 | |
This follows the sd pattern from samba3 | |||||
2009-09-22 | s4-rpcserver: added shared association groups | Andrew Tridgell | 3 | -34/+111 | |
This patch allows us to share association groups and their rpc handles between connections. This is needed for some DRSUAPI behaviour when recent windows clients connect. | |||||
2009-09-22 | s4-rpcserver: run all RPC operations in a single task | Andrew Tridgell | 1 | -1/+8 | |
This will make it much easier to implement shared handles with association groups. It also means we can shared the ldb between RPC connections. | |||||
2009-09-22 | s4-rpc: remove two unused functions | Andrew Tridgell | 1 | -32/+3 | |
2009-09-19 | s4-drs: security checking on DRS needs to default to on | Andrew Tridgell | 1 | -1/+2 | |
2009-09-19 | s4-repl: need param.h for lp_parm_bool | Andrew Tridgell | 1 | -0/+1 | |
2009-09-19 | Move replmd_drsuapi_DsReplicaCursor2_compare to a common place. | Anatoliy Atanasov | 1 | -7/+1 | |
2009-09-19 | Add drs_security_level_check for dcesrv calls security checks | Anatoliy Atanasov | 6 | -20/+36 | |
There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true | |||||
2009-09-19 | more include minimisation | Andrew Tridgell | 12 | -41/+0 | |
2009-09-19 | s4-rpc_server: removed remaining unnecessary #includes | Andrew Tridgell | 4 | -5/+2 | |
2009-09-19 | s4-rpc: remove some unnecessary #include lines | Andrew Tridgell | 4 | -8/+0 | |
I should remember to run script/minimal_includes.pl more often | |||||
2009-09-19 | s4-netlogon: implement dcesrv_netr_DsRAddressToSitenamesExW | Andrew Tridgell | 1 | -2/+24 | |
We don't implement sites properly at the moment so we just return Default-First-Site-Name | |||||
2009-09-18 | s4-server: kill main daemon if a task fails to initialise | Andrew Tridgell | 1 | -1/+1 | |
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state. | |||||
2009-09-18 | s4:rpc_server: remove some now unused code | Stefan Metzmacher | 2 | -199/+0 | |
metze | |||||
2009-09-18 | s4:rpc_server: export dcesrv_add_ep() so that torture tests can use it | Stefan Metzmacher | 2 | -5/+9 | |
metze | |||||
2009-09-17 | idl: added DsExecuteKCC IDL | Andrew Tridgell | 1 | -3/+3 | |
2009-09-16 | s4:rpc_server netgotiate max xmit size with RPC client | Andrew Bartlett | 1 | -2/+2 | |
Testing against NetAPP showed that clients can object to being told a larger max xmit fragment size than they negotiated. Choose the minimum of the server and client values. Andrew Bartlett | |||||
2009-09-15 | s4-repl: take advantage of async RPC forwarding | Andrew Tridgell | 1 | -21/+4 | |
This uses async RPC forwarding for the DsReplicaSync call | |||||
2009-09-15 | s4-rpc: added a module for forwarding RPC requests | Andrew Tridgell | 3 | -9/+116 | |
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC request to another task in Samba4, with the return being handled asynchronously. This is useful for forwarding DRS requests to the repl or kcc tasks | |||||
2009-09-15 | s4-drs: lock down key DRS calls | Andrew Tridgell | 4 | -22/+54 | |
The key DRS calls should only be allowed by administrators or domain controllers | |||||
2009-09-15 | s4-drs: filter based on local_usn | Andrew Tridgell | 1 | -1/+1 | |
The getncchanges uSN is in our local space, so we must compare it to the local_usn in replPropertyMetaData | |||||
2009-09-16 | schannel: move schannel_sign to main directory. | Günther Deschner | 1 | -1/+2 | |
Guenther |