Age | Commit message (Collapse) | Author | Files | Lines |
|
When windows abandons a DRS sync, it will sometimes re-use the same bind handle for
a new sync. This means we need to check the DN of the sync and blank the getnc_state
if the DN has changed.
This also fixes the UDV to use the highest uSN for the partition, not for
the whole SAM.
|
|
Also here we waste memory - therefore free the pointless handle after the delete.
|
|
Better use "talloc_unlink" here Since we could have more than one reference.
|
|
This reverts commit 87b6f2e863c6e117643ab6704e50167e849b69cc.
This was the cause of the breakage of the "LogonGetDomainInfo" testsuite. I
think my behaviour is more correct to Windows Server since the test works
against it (at least release 2003 R2).
One problem I discovered is that freshly joined workstations don't get their
DNS name into the directory. Therefore I think also another part (maybe another
RPC call) is able to do this.
|
|
|
|
|
|
Now we have Windows 7 released so don't refer to a beta anymore.
|
|
This is an unsigned 32bit integer.
|
|
|
|
And fix an obvious bug (call of "samdb_msg_add_delete")
|
|
|
|
|
|
ntSecurityDescriptor is no longer included by default
|
|
I assume that this "talloc_free" isn't necessary since the DCERPC server frees
the handle itself (we got always warnings about this).
|
|
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Add more checks on valid levels, mark unimplemented ones as "UNSUPPORTED" and
otherwise as "INVALID_INFO_CLASS" to be safe.
|
|
failure
|
|
I've forgotten that PIDL converts UTF16 parameters automatically back to the
UNIX charset (in most cases UTF16). So I don't have to do this here.
|
|
|
|
password call
This implements a very basic method for password validation using my new
"samdb_check_password" call.
|
|
We always steal the state to the policy handle on success,
but untill then keep it on the short term context.
metze
|
|
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
|
|
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
|
|
|
|
|
If we don't talloc_free the handle, we leak the memory onto the long-term
context.
Andrew Bartlett
|
|
The user entry is only required for this function, so use
mem_ctx to hold it.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
Found by RPC-LSA-TRUSTED-DOMAIN torture test.
Guenther
|
|
|
|
|
|
and supported encryption types)
This is simply for better performance (no functional change).
|
|
|
|
We were storing privileges in the sam, which was OK when we were a
standalone DC, but is no good when we replicate with a windows DC.
This moves the privileges to a separate (local) database
|
|
"dcerpc_generic_session_key"
I don't think that this code needs to exist identically on the server and on the
client side. This patch leaves it on the client side (dcerpc lib) and calls it
from the server.
|
|
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs
call on behalf of the client after the DsGetNCChanges call. The lack
of support for this option may explain why the repsTo attribute was
not being created for w2k8-r2 replication partners.
|
|
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes.
This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
|
|
Check the validity of the requested options in DsGetNCChanges
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
|
|
In this code part under certain circumstances we can end up with an empty message.
Since our new behaviour denies them (like the real AD) we need to bypass them
on LDB modify calls.
|
|
|
|
Make more use of constants and add some braces around "if" blocks
|
|
When we indicate that a getncchanges request is not complete, we set
the more_data flag to true in the response. The client usually then
asks for the next block of data. If the client decides it wants to
skip that replication and do a different replication then we need to
make sure that the next call is in fact a continuation of the existing
call, and not a new call.
This relies on returning the results sorted by uSNChanged, as the
client uses the tmp_highest_usn in each result to see if progress is
being made.
|
|
|
|
|
|
|
|
Now that the bind opens samdb with the right credentials, we no longer
need the re-open in updaterefs and getncchanges
|
|
|
|
When a DC connects to DRS, open the samdb with system session
credentials, so that we don't have to re-open it each time on other
calls.
|