Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-11-21 | s4:lsa RPC - Fix type of variable "atype" | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
This is an unsigned 32bit integer. | |||||
2009-11-21 | s4:samr RPC - Use more LDB constants | Matthias Dieter Wallnöfer | 2 | -12/+12 | |
2009-11-21 | s4:lsa RPC - Use more LDB constants | Matthias Dieter Wallnöfer | 1 | -16/+16 | |
And fix an obvious bug (call of "samdb_msg_add_delete") | |||||
2009-11-21 | s4:WINREG RPC server - Cosmetic | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2009-11-20 | s4-dsdb: some more attribuutes that we should only give if asked for | Andrew Tridgell | 1 | -1/+8 | |
2009-11-20 | s4-drs: we need to specifically ask for ntSecurityDescriptor | Andrew Tridgell | 1 | -1/+1 | |
ntSecurityDescriptor is no longer included by default | |||||
2009-11-17 | s4:WINREG RPC server - remove a "talloc_free" | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
I assume that this "talloc_free" isn't necessary since the DCERPC server frees the handle itself (we got always warnings about this). | |||||
2009-11-14 | s4-drs: DsExecuteKCC() implementation | Erick Nascimento | 1 | -1/+10 | |
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc(). Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-11-10 | s4:dcesrv_samr - Add more checks for invalid levels | Matthias Dieter Wallnöfer | 1 | -3/+27 | |
Add more checks on valid levels, mark unimplemented ones as "UNSUPPORTED" and otherwise as "INVALID_INFO_CLASS" to be safe. | |||||
2009-11-06 | s4:dcesrv_samr_ValidatePassword - naturally this was only for debugging the ↵ | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
failure | |||||
2009-11-06 | s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password" | Matthias Dieter Wallnöfer | 1 | -6/+3 | |
I've forgotten that PIDL converts UTF16 parameters automatically back to the UNIX charset (in most cases UTF16). So I don't have to do this here. | |||||
2009-11-06 | s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer | Matthias Dieter Wallnöfer | 1 | -4/+6 | |
2009-11-05 | s4:dcesrv_samr - Implement "dcesrv_samr_ValidatePassword" using my new check ↵ | Matthias Dieter Wallnöfer | 1 | -7/+49 | |
password call This implements a very basic method for password validation using my new "samdb_check_password" call. | |||||
2009-10-24 | s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state | Stefan Metzmacher | 1 | -7/+7 | |
We always steal the state to the policy handle on success, but untill then keep it on the short term context. metze | |||||
2009-10-23 | s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect() | Andrew Tridgell | 2 | -3/+3 | |
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context. | |||||
2009-10-23 | s4-dsdb: create a static system_session context | Andrew Tridgell | 4 | -10/+10 | |
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap | |||||
2009-10-22 | s4-lsa: fixed breakage of lsa server | Andrew Tridgell | 1 | -0/+1 | |
2009-10-22 | s4-lsa: fixed the lsa server to cope with the new tests from gd | Andrew Tridgell | 1 | -12/+33 | |
2009-10-21 | s4:rpc_server Ensure we talloc_free handles when we delete objects | Andrew Bartlett | 1 | -0/+3 | |
If we don't talloc_free the handle, we leak the memory onto the long-term context. Andrew Bartlett | |||||
2009-10-21 | s4:samr Don't leak the whole user onto the long-term handle | Andrew Bartlett | 1 | -2/+2 | |
The user entry is only required for this function, so use mem_ctx to hold it. Andrew Bartlett | |||||
2009-10-21 | s4:epmapper Create a proper talloc tree of endpoint floors | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett | |||||
2009-10-21 | s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop. | Günther Deschner | 1 | -0/+9 | |
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther | |||||
2009-10-20 | s4: ran minimal_includes.pl on source4/rpc_server | Andrew Tridgell | 9 | -25/+0 | |
2009-10-18 | s4:sites - get the server site (name) from DSDB | Matthias Dieter Wallnöfer | 1 | -1/+3 | |
2009-10-18 | s4:dcerpc_netlogon - unify the two workstation object lookups (DNS hostname ↵ | Matthias Dieter Wallnöfer | 1 | -20/+26 | |
and supported encryption types) This is simply for better performance (no functional change). | |||||
2009-10-17 | s4-lsasrv: make sure only admins can alter privileges | Andrew Tridgell | 1 | -0/+6 | |
2009-10-17 | s4-privileges: moved privileges to private/privilege.ldb | Andrew Tridgell | 3 | -32/+45 | |
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database | |||||
2009-10-15 | s4:dcerpc_server - Read the generic session key out from ↵ | Matthias Dieter Wallnöfer | 1 | -5/+2 | |
"dcerpc_generic_session_key" I don't think that this code needs to exist identically on the server and on the client side. This patch leaves it on the client side (dcerpc lib) and calls it from the server. | |||||
2009-10-15 | s4-drs: support DRSUAPI_DRS_ADD_REF flag | Andrew Tridgell | 1 | -5/+29 | |
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs call on behalf of the client after the DsGetNCChanges call. The lack of support for this option may explain why the repsTo attribute was not being created for w2k8-r2 replication partners. | |||||
2009-10-15 | s4-drs: implement more of DsUpdateRefs | Andrew Tridgell | 2 | -27/+63 | |
The DsUpdateRefs calls takes a set of flags that indicates if the server should ignore specific add/delete error codes. This patch also exposes the core UpdateRefs call into a public function, so that it can be called from DsGetNCChanges | |||||
2009-10-15 | drs: improved error checking | Andrew Tridgell | 1 | -16/+49 | |
Check the validity of the requested options in DsGetNCChanges | |||||
2009-10-14 | s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed | Matthias Dieter Wallnöfer | 3 | -9/+11 | |
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way. | |||||
2009-10-13 | s4:dcesrv_samr - add another constant | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2009-10-13 | s4:dcesrv_samr - prevent "ldb_modify" on a possibly empty message | Matthias Dieter Wallnöfer | 1 | -8/+10 | |
In this code part under certain circumstances we can end up with an empty message. Since our new behaviour denies them (like the real AD) we need to bypass them on LDB modify calls. | |||||
2009-10-13 | s4:dcesrv_samr - Add additional "talloc_free"s | Matthias Dieter Wallnöfer | 1 | -0/+4 | |
2009-10-13 | s4:dcesrv_samr - Cosmetics | Matthias Dieter Wallnöfer | 1 | -23/+31 | |
Make more use of constants and add some braces around "if" blocks | |||||
2009-10-13 | s4-repl: check that a DsGetNCChanges is a continuation, and fix sorting | Andrew Tridgell | 2 | -4/+17 | |
When we indicate that a getncchanges request is not complete, we set the more_data flag to true in the response. The client usually then asks for the next block of data. If the client decides it wants to skip that replication and do a different replication then we need to make sure that the next call is in fact a continuation of the existing call, and not a new call. This relies on returning the results sorted by uSNChanged, as the client uses the tmp_highest_usn in each result to see if progress is being made. | |||||
2009-10-12 | s4-drs: make DsBind a bit less verbose | Andrew Tridgell | 1 | -1/+1 | |
2009-10-08 | s3/s4 - Adapt the IDL changes on various locations | Matthias Dieter Wallnöfer | 1 | -19/+20 | |
2009-10-06 | s4-drs: added some debug lines to DsAddEntry() | Andrew Tridgell | 1 | -0/+3 | |
2009-10-06 | s4-drs: take advantage of system session auth in dsbind | Andrew Tridgell | 2 | -41/+21 | |
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges | |||||
2009-10-06 | s4-drs: fixed error message for drs_security_level_check | Andrew Tridgell | 1 | -1/+3 | |
2009-10-06 | s4-drs: open samdb with system credentials when authorised | Andrew Tridgell | 1 | -1/+14 | |
When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls. | |||||
2009-10-02 | s4: fix various warnings (not "const" related ones) | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2009-10-02 | s4/srvsvc: deactivate a "ntvfs_connect" with a wrong parameter | Matthias Dieter Wallnöfer | 1 | -1/+3 | |
In the srvsvc code for s4 (NTVFS module) there exists a call to "ntvfs_connect" which is performed with a totally wrong argument. Since I'm not able to fix this, I commented it out and added a "FIXME" comment. | |||||
2009-10-02 | s4-samr: fake up a samr_ValidatePassword response | Andrew Tridgell | 1 | -1/+5 | |
mdw is working on the correct call to check the password strength | |||||
2009-10-02 | ds-flags: use the new name DS_DNS_FOREST_ROOT | Andrew Tridgell | 1 | -1/+1 | |
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer what this bit means (according to MS-ADTS doc) | |||||
2009-09-28 | s4-drs: removed debug code that replicated a maximum of 10 objects at a time | Andrew Tridgell | 1 | -2/+1 | |
2009-09-28 | s4-drsuapi: state variable for getncchanges | Andrew Tridgell | 1 | -0/+1 | |
2009-09-28 | s4-dsruapi: plugfest updates | Andrew Tridgell | 1 | -77/+144 | |
- always fetch parentGUID from databases, don't rely on parentGUID in attributes - re-fetch nc root mesages to avoid the problem of dual messages for roots - support returning messages a chunk at a time, using max_object_count from request |