summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2010-06-10s4:dcesrv_samr_Add/DeleteAliasMember - provide better NTSTATUS return codes ↵Matthias Dieter Wallnöfer1-6/+19
when something didn't work
2010-06-10s4:dcesrv_samr_GetAliasMembership - fix type of counter variablesMatthias Dieter Wallnöfer1-1/+2
2010-06-10s4:dcesrv_samr_DeleteAliasMember - add more braces to fit better the coding ↵Matthias Dieter Wallnöfer1-4/+6
styles
2010-06-10s4:dcesrv_samr_AddAliasMembership - Merge the two error blocks into oneMatthias Dieter Wallnöfer1-6/+3
2010-06-10s4:dcesrv_samr_Add/DelGroupMember - remove the account type checkMatthias Dieter Wallnöfer1-11/+10
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users.
2010-06-10s4:dcesrv_samr_AddGroupMember - also the error code ↵Matthias Dieter Wallnöfer1-0/+1
"LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS" is allowed This is returned when the group is the primary group of the specified entry.
2010-05-31s3/s4:netrEnumerateTrustedDomains - this call returns a "NTSTATUS" resultMatthias Dieter Wallnöfer1-2/+2
See MS-NRPC 3.5.5.6.3.
2010-05-31s4:dcesrv_netr_DsrEnumerateDomainTrusts - fix an integer typeMatthias Dieter Wallnöfer1-1/+1
2010-05-30Revert "s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with ↵Matthias Dieter Wallnöfer1-12/+2
Windows 2000" This reverts commit 1cf5be39e30f9478606a5525eb7beeb21ee83c24. My fix approach isn't such appreciated therefore revert this.
2010-05-30s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000Matthias Dieter Wallnöfer1-2/+12
Windows 2000 does strictly request header signing on some requests also if the server doesn't provide it. But there is a small trick (don't reset the actual session info) to make these special RPC operations work without a full header signing implementation. This fixes for example the list of domain groups in local groups when displayed sing the local user/group management tool. And this should finally fix bug #7113. The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729
2010-05-26s4:smbd: Use tstream_npa_accept_existing to accept named pipe connectionsSimo Sorce1-14/+14
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
2010-05-24s4:dsdb_enum_group_mem - use "unsigned" countersMatthias Dieter Wallnöfer1-5/+3
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned".
2010-05-24s4:idmap Adjust code to new idmap structure names and layout.Andrew Bartlett1-16/+12
Andrew Bartlett
2010-05-24s4:samr Push most of samr_LookupRids into a helper functionAndrew Bartlett1-52/+16
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Push most of samr_QueryGroupMember into a helper functionAndrew Bartlett1-80/+53
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Move most of samr_CreateDomAlias into a helper functionAndrew Bartlett1-52/+8
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split most of samr_CreateDomainGroup into a helper functionAndrew Bartlett1-60/+9
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split the guts of samr_CreateUser2 into a helper functionAndrew Bartlett1-186/+8
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:LogonGetDomainInfo - allow to set DNS hostname for the first timeMatthias Dieter Wallnöfer1-11/+14
Otherwise it obviously can never be set.
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij8-59/+32
2010-05-10s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer2-96/+21
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
2010-05-03s4:LogonGetDomainInfo - fix a potential crash sourceMatthias Dieter Wallnöfer1-0/+4
2010-05-03s4:LogonGetDomainInfo - fix indentationMatthias Dieter Wallnöfer1-2/+2
2010-05-03s4:LogonGetDomainInfo - remove singular "dNSHostName" check - this doesn't ↵Matthias Dieter Wallnöfer1-19/+1
belong here I'm not really sure if this check is really done on Windows Server. And if it is done, then it's on the LDB level (module).
2010-04-29s4/rodc: RODC FAS initial implementationAnatoliy Atanasov1-11/+10
2010-04-28s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUIDKamen Mazdrashki1-4/+4
This function is used in DRSUpdateRefs() implementation where we get DSA's objectGUID rather than invocationId
2010-04-27s4:rpc_server: remove unused socket_address based functionsStefan Metzmacher1-18/+0
metze
2010-04-28s4-netlogon: fixed getDcNameEx2 for blank inputsAndrew Tridgell1-1/+1
w2k8r2 returns the local DC information on no inputs for getDcNameEx2. This is needed for starting dsa.msc (ADUC) on Win7. CDLAP on the same call returns an error. This uses a parameter fill_on_blank_request to distinguish the two cases.
2010-04-27s4:rpc_server: remove 'socket_address' based functionsStefan Metzmacher3-23/+0
metze
2010-04-27s4:rpc_server/srvsvc: pass tsocket_address to the ntvfs layerStefan Metzmacher1-13/+5
metze
2010-04-27s4:rpc_server/spoolss: use tsocket_address in dcesrv_spoolss_check_server_name()Stefan Metzmacher1-4/+7
metze
2010-04-27s4:rpc_server/netlogon: use tsocket_address in dcesrv_netr_DsRGetDCNameEx2()Stefan Metzmacher1-5/+9
metze
2010-04-27s4:rpc_server: remember the local and remote addressStefan Metzmacher3-0/+18
metze
2010-04-27s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the ↵Matthias Dieter Wallnöfer1-16/+98
client site information This behaviour should be similar to the one of Windows Server (in my case 2008)
2010-04-27Revert "s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly ↵Matthias Dieter Wallnöfer1-93/+16
with the client site information" This reverts commit 908d982980846257b65ab576d31131e8793e9399. I need to merge the improved version of this commit.
2010-04-27Revert "s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch"Matthias Dieter Wallnöfer1-0/+6
This reverts commit e88a54a87e185b44e2d216bd853e6a87bf950be6. This isn't the correct behaviour. See MS-NRPC documentation under the "GetAnyDCName" section.
2010-04-27s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patchAndrew Tridgell1-6/+0
We should respond when we are the PDC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-27s4:netlogon RPC server - we don't need "are we DC" proofsMatthias Dieter Wallnöfer1-8/+0
When we aren't a DC we shouldn't have the netlogon pipe available. [MS-NRPC 1.3] says that we can only have DCs on the server side. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementationMatthias Dieter Wallnöfer1-1/+23
Does for now only return DC's primary site. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the ↵Matthias Dieter Wallnöfer1-1/+13
MS-NRPC docs Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC ↵Matthias Dieter Wallnöfer1-7/+55
documentation This implementation checks if the domainname is valid for us or a trusted domain. Then I've also added the PDC location functionality. That means that we should return "WERR_NO_SUCH_DOMAIN" (MS-NRPC 3.5.5.2.5). Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the ↵Matthias Dieter Wallnöfer1-16/+93
client site information This behaviour should be similar to the one of Windows Server (in my case 2008) Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27s4-getncchanges: honor DRSUAPI_DRS_REF_GCSPNAndrew Tridgell1-1/+3
this is an alternative way of establishing repsTo
2010-04-26s4-drs: don't send uninstantiated objects in getncchangesAndrew Tridgell1-0/+5
This includes deleted partitions Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: validate RODC credentials via the user_sidAndrew Tridgell1-27/+12
This checks whether a replication client is a RODC by inclusion of the the DOMAIN_RID_ENTERPRISE_READONLY_DCS sid in the users token Pair-Programmed-With: Rusty Russell <rusty@samba.org> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell7-27/+47
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-drs: only allow replication with the right invocationIdAndrew Tridgell1-1/+20
Non-administrator replication checks the invocationId matches the sid of the user token being used Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+3
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: Do not send RODC filtered attributes to RODCs on GetNCChanges replyFernando J V da Silva1-0/+14
During building an object to send it on a GetNCChanges reply, it checks the attributes and if any of them is a RODC filtered and the recipient is a RODC, then such attribute is not sent. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva2-2/+16
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>