summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2010-04-22s4-drs: validate RODC credentials via the user_sidAndrew Tridgell1-27/+12
This checks whether a replication client is a RODC by inclusion of the the DOMAIN_RID_ENTERPRISE_READONLY_DCS sid in the users token Pair-Programmed-With: Rusty Russell <rusty@samba.org> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell7-27/+47
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-drs: only allow replication with the right invocationIdAndrew Tridgell1-1/+20
Non-administrator replication checks the invocationId matches the sid of the user token being used Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+3
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: Do not send RODC filtered attributes to RODCs on GetNCChanges replyFernando J V da Silva1-0/+14
During building an object to send it on a GetNCChanges reply, it checks the attributes and if any of them is a RODC filtered and the recipient is a RODC, then such attribute is not sent. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva2-2/+16
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-21s4:netlogon RPC server - fix a counter variable typeMatthias Dieter Wallnöfer1-1/+2
2010-04-20s4:rpc_server/netlogon: add no memory checksStefan Metzmacher1-1/+2
metze
2010-04-20s4-netlogon: fixed dc_unc and dc_address_typeAndrew Tridgell1-1/+3
These are needed for dcpromo from w2k8r2
2010-04-20s4:netlogon RPC - "fill_one_domain_info" - use "lp_workgroup" for the DC ↵Matthias Dieter Wallnöfer1-1/+1
short domainname discovery Here we don't need to use "lp_sam_name" since in this function we are always a DC.
2010-04-13s4:"samdb_server_site_name" uses - proof for out of memoryMatthias Dieter Wallnöfer1-1/+4
2010-04-13s4:dcesrv_netr_DsRGetDCNameEx2 - provide a much better implementationMatthias Dieter Wallnöfer1-52/+37
On the base of the "fill_netlogon_samlogon_response" call. This removes duplicated code.
2010-04-13s4:use "samdb_forest_name" for the forest DNS domainname lookupMatthias Dieter Wallnöfer1-13/+8
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer3-7/+8
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-12s3/s4:netlogon IDL - fix up "struct netr_SamInfo6" regarding the "forest" ↵Matthias Dieter Wallnöfer1-2/+2
attribute According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the forest one.
2010-04-12s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functionsMatthias Dieter Wallnöfer2-2/+2
Purely cosmetic change.
2010-04-11s4:auth Remove event context from anonymous_session()Andrew Bartlett2-2/+1
This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
2010-04-10s4:rpc_server Fix segfault in modified SamLogon handlingAndrew Bartlett1-0/+1
2010-04-10s4:rpc_server Add all SIDs into the netlogon SamLogon replyAndrew Bartlett1-32/+52
We were missing the SIDs that are not in the domain.
2010-04-09s4-winreg: Fix dcesrv_winreg_CreateKey after rename.Günther Deschner1-1/+1
Guenther
2010-04-09s4-winreg: add winreg_DeleteKeyEx stub.Günther Deschner1-0/+9
Guenther
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06s4-waf: install the rest of the headersAndrew Tridgell1-4/+1
2010-04-06build: waf quicktest nearly worksAndrew Tridgell1-3/+3
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+138
2010-03-30s4:lsa implement lsaRSetForestTrustInformationSimo Sorce1-5/+549
2010-03-29s4:registry - move the UTF16 length calculation for "reg_key_get_info" into ↵Matthias Dieter Wallnöfer1-0/+9
the RPC server code It does fit better there.
2010-03-24s4/drs: drsuapi_DsAddEntry_ErrData propagate structure def in source codeKamen Mazdrashki1-4/+4
2010-03-22s4:lsa Functions to set Domain Trust InformationSimo Sorce1-7/+592
2010-03-22s4:lsa move code to add trusted domain user into its own functionSimo Sorce1-72/+101
2010-03-22s4:lsa Abstract crypto (un)wrapping in separate functionsSimo Sorce1-81/+89
2010-03-22s4:WINREG RPC - add also here a "W_ERROR_HAVE_NO_MEMORY"Matthias Dieter Wallnöfer1-0/+1
2010-03-22s4:registry - adaptions for "add memory contexts for delete value/key functions"Matthias Dieter Wallnöfer1-2/+2
2010-03-21s4:WINREG RPC server - don't check for the "name" size in "EnumValue"Matthias Dieter Wallnöfer1-5/+0
This isn't needed at all since: 1.) a new name object is created and sent back to the client 2.) the "size" seems to be the size of the "name" pointer. On my test with the "regedt32" program this has always been "4".
2010-03-21s4:WINREG RPC - we support only non-volatile keysMatthias Dieter Wallnöfer1-0/+5
2010-03-21s4:WINREG RPC - specify the performed create action for "CreateKey"Matthias Dieter Wallnöfer1-1/+10
To make the WINREG RPC testsuite happy.
2010-03-16s4-lsa: fix dcesrv_lsa_lsaRSetForestTrustInformation server stub.Günther Deschner1-3/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-16s4:idl change level to type in lsa_ForestTrustRecord.Simo Sorce1-2/+2
2010-03-16s4:dsdb Change dsdb_get_schema() callers to use new talloc argumentAndrew Bartlett1-2/+2
This choses an appropriate talloc context to attach the schema too, long enough lived to ensure it does not go away before the operation compleates. Andrew Bartlett
2010-03-12s4:rpc_server/spoolss: make use of dcerpc_binding_handle stubsStefan Metzmacher1-1/+1
metze
2010-03-11s4-winreg: continue processing in WERR_MORE_DATA case in ↵Günther Deschner1-1/+1
dcesrv_winreg_QueryValue(). Matthias, please check. Guenther
2010-03-11s4:rpc_server/drsuapi: don't reset [out,ref] pointer to NULL in ↵Stefan Metzmacher1-1/+0
dcesrv_drsuapi_DsRemoveDSServer() metze
2010-03-11s4/rpc_server Don't segfault over replPropertyMetaData contentsAndrew Bartlett1-0/+7
The replPropertyMetaData may contain attrid values that we don't yet have in the local schema. We need to deal with this - it is a serious error, but we should not segfault. Andrew Bartlett
2010-03-10s4:winreg RPC - fix up the "QueryValue" call to work against the enhanced ↵Matthias Dieter Wallnöfer1-7/+11
torture test Found out by gd's updated torture test.
2010-03-10s4:rpc_server/wkssvc: don't reset [out,ref] pointer to 0Stefan Metzmacher1-6/+0
r->out.total_entries = 0; should be *r->out.total_entries = 0; Otherwise we fail to marshall the reponse or crash if we run with log level = 10 and trigger the ndr_print functions. All out elements are already setup and initialized by the pidl generated code. metze
2010-03-10s4:rpc_server/wkssvc: remove unneeded talloc_reference()Stefan Metzmacher1-4/+2
metze
2010-03-10s4:rpc_server/wkssvc: avoid ZERO_STRUCT(r->out) and use already allocated ↵Stefan Metzmacher1-4/+0
[out,ref] memory metze
2010-03-10s4:rpc_server/srvsvc: remove unused ZERO_STRUCT(r->out);Stefan Metzmacher1-2/+0
Here it doesn't matter, but it's a bad example for other code as it might reset the [out,ref] pointers which are already generated by the pidl generated code. metze
2010-03-10s4-spoolss: remove unsed iconv handle from dcesrv_spoolss_GetPrinterData().Günther Deschner1-1/+0
Guenther
2010-03-10s4:winreg RPC - don't crash when incoming data wasn't correctly specifiedMatthias Dieter Wallnöfer1-2/+8
Also found by the WINREG torture test enhancements by gd.