summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2012-12-11s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam1-47/+65
This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner1-5/+23
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-10-19s3:build: move sessionid_tdb.o and conn_tdb.o to SMBD_OBJ_BASEGregor Beck1-1/+1
and use SMBD_OBJ_BASE for a couple of targets where sessionid_tdb and conn_tdb were used. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-09s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserverAmitay Isaacs1-0/+4
..TrustAnchors zone is not interpreted by RPC dnsserver code. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Tue Oct 9 03:21:07 CEST 2012 on sn-devel-104
2012-10-07drsuapi: Validate the input parameters for the drsuapi_UpdateRefs functionMatthieu Patou1-0/+16
2012-10-07drsuapi: check more carefully the validity of the NCMatthieu Patou1-4/+11
Check that both the GUID and DN are the GUID/DN of a NC if not return WERR_DS_DRA_BAD_NC
2012-10-07s4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGESMatthieu Patou1-0/+24
2012-10-07s4-drs: EXOP_REPL_SECRETS can be called by RW DC as wellMatthieu Patou1-7/+15
2012-10-07drs-getncchanges: do not set the highestUsn to 0Matthieu Patou1-1/+0
Paragraph 4.1.10.5 says that if err = 0 then msgOut.pNC := msgIn.pNC msgOut.usnvecFrom := msgIn.usnvecFrom so no need to set the highestUsn to 0
2012-10-07kcc: return invalid parameter if the taskId is not 0Matthieu Patou1-1/+3
2012-10-07Implement the LIST_INFO_FOR_SERVER input formatMatthieu Patou1-1/+2
2012-10-07getdcinfo: Check that the server object has a serverreference objects ↵Matthieu Patou1-2/+4
pointing to a DC object The problem was found by the DRSR testsuite where server objects were created in the Site container without serverrefrence attribute triggering error in the testsuite.
2012-09-26netlogon: Per MS-NRPC, don't send unknown workstation flags back to theJelmer Vernooij1-1/+2
client.
2012-09-25s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in ↵Stefan Metzmacher1-1/+1
dcesrv_drsuapi_DsBind() metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 25 03:06:13 CEST 2012 on sn-devel-104
2012-09-25s4:rpc_server/drsuapi: fix a crash in ↵Stefan Metzmacher1-6/+6
dcesrv_drsuapi_DsGetDomainControllerInfo_1() metze
2012-08-14s4-repl: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-15/+13
2012-08-14s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett2-3/+3
As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-08-10build: rename security → samba-securityBjörn Jacke1-2/+2
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
2012-07-24lib/param: Remove "ntptr providor" and hard-code in s4 spoolss serverAndrew Bartlett1-1/+1
This stub codebase does not justify a merged parameter. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-17s4:rpc_server/netlogon: add support for AES based netlogon schannelStefan Metzmacher1-0/+4
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for itStefan Metzmacher1-26/+31
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: implement netr_LogonGetCapabilitiesStefan Metzmacher1-2/+20
This is also needed to support AES. metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcpAndreas Schneider1-0/+10
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for npAndreas Schneider3-0/+45
2012-07-06s4-lsarpc: Restrict LookupSids3 to crypto connections only.Andreas Schneider1-0/+10
2012-07-06s4-lsarpc: Restrict LookupNames4 to crypto connections only.Andreas Schneider1-0/+10
2012-07-06s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.Andreas Schneider1-46/+48
2012-07-06s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.Andreas Schneider1-49/+53
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett4-8/+8
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-01Revert "waf-mitkrb5: enable dcerpc_server library to support OpenChange ↵Alexander Bokovoy1-37/+20
client code" This reverts commit f8c447b1a48eaf12dcf70b92fd7525c4ad26c246. After discussing with Julien (Openchange) and Metze, I decided to revert this code. Instead I made a patch to Openchange which allows to build client side only. Openchange server code requires working s4 member DC and --without-ad-dc build does not provide working provisioning even if we enable dcerpc_server and end point mapper. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Fri Jun 1 16:46:08 CEST 2012 on sn-devel-104
2012-06-01waf-mitkrb5: enable dcerpc_server library to support OpenChange client codeAlexander Bokovoy1-20/+37
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2-12/+60
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23auth and s4-rpc_server: Do not use features we currently can't implement ↵Simo Sorce1-0/+6
with MIT Kerbros build
2012-05-04Fix direct access to krb5_principal structureSimo Sorce1-2/+4
2012-04-20Move kdc_get_policy helper in the lsa server where it belongs.Simo Sorce2-2/+26
This was used in only 2 places, db-glue.c and the lsa server. In db-glue.c it is awkward though, as it forces to use an unconvenient lsa structure and conversions from time_t to nt_time only to have nt_times converted back to time_t for actual use. This is silly. Also the kdc-policy file was a single funciton library, that's just ridiculous. The loadparm helper is all we need to keep the values consistent, and if we ever end up doing something with group policies we will care about it when it's the time. the code would have to change quite a lot anyway. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
2012-03-21s4-rpc: dnsserver: Fix IPv6 reverse zone handlingAmitay Isaacs1-0/+7
Thanks to Marcel Ritter <marcel.ritter@rrze.fau.de> for the patch.
2012-03-20libndr: Rename policy_handle_empty to ndr_policy_handle_empty.Jelmer Vernooij1-1/+1
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20libndr: Rename ndr64_transfer_syntax and null_ndr_syntax_id so they have a ↵Jelmer Vernooij2-8/+8
ndr_ prefix. This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-02s4-rpc: dnsserver: Fix the typo in comparing two DNS recordsAmitay Isaacs1-2/+2
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Mar 2 10:27:41 CET 2012 on sn-devel-104
2012-03-02s4-rpc: dnsserver: Update data type for TXT DNS recordsAmitay Isaacs1-6/+25
2012-02-27s4-netlogond: Fix use of uninitialised value dns_nameAndrew Bartlett1-19/+8
The GET_CHECK_STR macro (now unrolled) did not initialise the trusts->array[n].dns_name when the value was not set. New tests for our trusted domains code create domain trusts without a DNS domain name. Found by the autobuild flakey build detector. Andrew Bartlett
2012-02-23dcerpc_server: Add 'modulesdir' variable to pkg-config file.Jelmer Vernooij1-0/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Feb 23 16:26:25 CET 2012 on sn-devel-104
2012-01-26s4-rpc_server: Fix search for existing trust to actually look for the dns nameAndrew Bartlett1-1/+1
Found by a eagle-eyed user. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
2012-01-12s4-rpc:dnsserver: DNS names are case insensitiveAmitay Isaacs3-17/+17
2012-01-06s4-rpc:dnsserver: Do not replace @ with zone_name in update operationAmitay Isaacs1-1/+6
This fixes the problem when updating DNS record for '@' or domain name.
2011-12-23s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explainationMatthias Dieter Wallnöfer1-0/+5
NETLOGON pipe is only thought for DCs. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4:drsuapi/getncchanges: the default for isRecycled is FALSEStefan Metzmacher1-1/+1
metze Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104
2011-12-23s4-drsuapi: we store boolean in upppercase so we need to test them in uppercaseMatthieu Patou1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4:rpc-dnsserver: Set the rank for the new DNS record correctlyAmitay Isaacs1-0/+8
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Dec 23 07:56:34 CET 2011 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-11-03 18:35:24 +0000