Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-29 | s4-drs: implement PAS checks and access checks for getncchanges | Andrew Tridgell | 1 | -26/+130 | |
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-29 | s4-drs: added drs_security_access_check_nc_root() | Andrew Tridgell | 2 | -12/+63 | |
this checks securiity on the NC root of the specified naming context | |||||
2010-09-28 | s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ | Andrew Tridgell | 1 | -1/+32 | |
this extended getncchanges operation replicates a single object | |||||
2010-09-28 | s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges | Andrew Tridgell | 1 | -14/+16 | |
this allows for replication by GUID or SID | |||||
2010-09-28 | s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c | Andrew Tridgell | 1 | -44/+0 | |
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier | |||||
2010-09-28 | s4-drs: Added check for drs-manage-topology to updateRefs. | Nadezhda Ivanova | 1 | -7/+9 | |
2010-09-28 | s4-drs: Added drs_security_access_check function | Nadezhda Ivanova | 2 | -0/+64 | |
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted | |||||
2010-09-27 | s4-netlogon: added RODC DNS update call fwded to dnsupdate task | Andrew Tridgell | 1 | -3/+89 | |
when we get a netlogon RODC DNS update, we send it to the dnsupdate task | |||||
2010-09-28 | s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the ↵ | Stefan Metzmacher | 1 | -0/+1 | |
socket fd twice. metze | |||||
2010-09-27 | s4-drs: make getncchanges debug less verbose | Andrew Tridgell | 1 | -1/+1 | |
quieten make test a little | |||||
2010-09-27 | s4/irpc: Add security token to the binding handle when doing irp call forwarding | Anatoliy Atanasov | 1 | -0/+7 | |
2010-09-27 | s4-drs: fixed comment in getncchanges code | Andrew Tridgell | 1 | -1/+1 | |
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-drs: use the system sam_ctx for updaterefs | Andrew Tridgell | 1 | -8/+9 | |
this is needed for RODC clients calling updaterefs | |||||
2010-09-25 | s4-repl: make getncchanges a bit less verbose | Andrew Tridgell | 1 | -1/+1 | |
this should reduce some of the clutter in make test | |||||
2010-09-24 | s4:rpc_server/dcerpc_server.c - fix a "const" warning | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-23 | s4/eventlog6: Add dummy implementation for calls 0x5 and 0xB | Anatoliy Atanasov | 1 | -2/+6 | |
The code is enough to let us run all dcdiag tests against samba4 server | |||||
2010-09-23 | s4/eventlog6: Build and hook EventLog6 RPC endpont mapper and idl | Anatoliy Atanasov | 3 | -0/+21 | |
2010-09-23 | s4/eventlog6: Add endpoint server for EventLog6 RPC | Anatoliy Atanasov | 1 | -0/+319 | |
The file is generated using PIDL --template command. | |||||
2010-09-20 | s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test | Anatoliy Atanasov | 1 | -29/+26 | |
2010-09-16 | s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords | Andrew Tridgell | 1 | -0/+20 | |
this is used by a RODC to do DNS updates, as TSIG updates are not allowed by RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-16 | s4-rpcserver: allow saving of bad RPC packets | Andrew Tridgell | 1 | -2/+28 | |
use: dcesrv:stubs directory = . to save files like this: RPC-netlogon-48-pullfail.dat when a RPC packet can't be parsed or is unknown. Only enabled in developer builds Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-16 | s4-drs: make debugging DsUpdateRefs a bit easier | Andrew Tridgell | 1 | -1/+8 | |
2010-09-16 | s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls | Andrew Tridgell | 1 | -3/+42 | |
2010-09-16 | s4-drs: removed a debug print in repl secret | Andrew Tridgell | 1 | -1/+0 | |
2010-09-16 | s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm() | Andrew Tridgell | 1 | -1/+1 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-16 | s4-drs: Wait DsReplicaSync for as long as it takes to complete | Kamen Mazdrashki | 1 | -2/+19 | |
In case the caller wants sync execution, we should not cancel the call for internal timeout reason, but rather wait for its execution | |||||
2010-09-16 | s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() call | Kamen Mazdrashki | 2 | -6/+14 | |
It is to be used when caller wants to explicitly specify the timeout for the call | |||||
2010-09-15 | s4-rpcserver: set unbind method to NULL in remote server | Andrew Tridgell | 2 | -1/+2 | |
this prevents a possible crash on disconnect | |||||
2010-09-15 | s4/fsmo: Remove empty new lines | Anatoliy Atanasov | 1 | -6/+0 | |
2010-09-15 | s4-rpc: fixed double free in RPC proxy | Andrew Tridgell | 1 | -12/+4 | |
the unbind method is only called when the dcesrv_connection_context is being destroyed (its called from the destructor). That means that priv is either already free, or is about to be freed, so don't free it again | |||||
2010-09-14 | rpc_server: Remove unnecessary dependency on server modules, build | Jelmer Vernooij | 1 | -1/+1 | |
system will take care of that. | |||||
2010-09-11 | s4:rpc_server/common/common.h - introduce two forward declarations to ↵ | Matthias Dieter Wallnöfer | 1 | -0/+3 | |
suppress parameter declaration warnings Always Tru64 in file "param/loadparm.c" and possibly others. | |||||
2010-09-11 | s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are ↵ | Matthias Dieter Wallnöfer | 1 | -2/+3 | |
returned here Tested using User Manager for Domains against Windows Server 2008. MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team. | |||||
2010-09-11 | s4-privs Fix enum privileges in LSARPC server | Andrew Bartlett | 1 | -1/+1 | |
We were returning the index, not the LUID value Andrew Bartlett | |||||
2010-09-11 | s4-privs Seperate rights and privileges | Andrew Bartlett | 1 | -37/+49 | |
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett | |||||
2010-09-11 | s4-rpc_server Put all 'logon failure' messages at the same debug level 4 | Andrew Bartlett | 1 | -4/+6 | |
Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s4-lsa: privilege IDs should use the enum, not an int | Andrew Tridgell | 1 | -1/+1 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-11 | libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵ | Andrew Bartlett | 1 | -1/+1 | |
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. | Andrew Bartlett | 1 | -5/+5 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s4-privs Add a lookup by index of privilages | Andrew Bartlett | 1 | -3/+3 | |
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-10 | s4:getncchanges_change_master - also in this call "i" needs to be unsigned | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-09-10 | s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_ret | Kamen Mazdrashki | 1 | -0/+1 | |
in case we are handling extended operation. It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit more picky on this. | |||||
2010-09-10 | s4-drs: Hanlde extended operations only once | Kamen Mazdrashki | 1 | -40/+45 | |
Most of extended operations I know of work like: 1. do extended operation 2. collect a set of objects to return and start replication cycle 3. continue returning object as we have no more to give This way we ensure we are doing 1. only once | |||||
2010-09-10 | s4-rpc: Added handling of fsmo role transfer to GetNCChanges | Nadezhda Ivanova | 1 | -0/+108 | |
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE and DRSUAPI_EXOP_FSMO_REQ_PDC. Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> | |||||
2010-09-07 | s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs call | Kamen Mazdrashki | 1 | -6/+10 | |
2010-09-03 | s4:rpc_server/netlogon: use irpc_binding_handle_by_name() | Stefan Metzmacher | 2 | -8/+11 | |
metze | |||||
2010-09-03 | s4:rpc_server/common: use irpc_binding_handle_by_name() in ↵ | Stefan Metzmacher | 1 | -16/+25 | |
dcesrv_irpc_forward_rpc_call() metze | |||||
2010-09-03 | s4-drs: A quick fix for DRSUAPI_EXOP_FSMO_RID_ALLOC extended_op handling | Kamen Mazdrashki | 1 | -0/+9 | |
When DRSUAPI_EXOP_FSMO_RID_ALLOC extended op is handled in DsGetNCChanges() stub, we need to returned a well know set of object - see: [ms-adts], 3.1.1.5.1.7 With this hack we are going to return just objects modified during RID allocation procedure - i.e. "RID Manager$", "RID Set" for computer object and computer object itself. Which is a close approximation of what we are expected to return. | |||||
2010-08-25 | s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support. | Günther Deschner | 1 | -42/+12 | |
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther | |||||
2010-08-23 | s4:getncchanges.c - fix some counter variable types | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
They should be "unsigned" since they count LDB objects. And also the SID array can be counted as "unsigned". |