Age | Commit message (Collapse) | Author | Files | Lines |
|
Windows 2000"
This reverts commit 1cf5be39e30f9478606a5525eb7beeb21ee83c24.
My fix approach isn't such appreciated therefore revert this.
|
|
Windows 2000 does strictly request header signing on some requests also if the
server doesn't provide it. But there is a small trick (don't reset the actual
session info) to make these special RPC operations work without a full header
signing implementation.
This fixes for example the list of domain groups in local groups when displayed
sing the local user/group management tool.
And this should finally fix bug #7113.
The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729
|
|
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
|
|
"size_t" counters aren't really needed here (we don't check data lengths).
And we save the result in a certain "num_sids" variable which is of type
"unsigned".
|
|
Andrew Bartlett
|
|
This is a rewrite of the lookup_rids code, using a query based on the
extended DN for a clearer interface.
By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.
Andrew Bartlett
|
|
This is a rewrite of the group membership lookup code, using the
stored extended DNs to avoid doing the lookup into each member to find
the SID
By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.
Andrew Bartlett
|
|
This allows this logic to be shared, rather than copied, into a passdb
wrapper.
Andrew Bartlett
|
|
This allows this logic to be shared, rather than copied, into a passdb
wrapper.
Andrew Bartlett
|
|
This allows this logic to be shared, rather than copied, into a passdb
wrapper.
Andrew Bartlett
|
|
Otherwise it obviously can never be set.
|
|
|
|
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.
An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
|
|
|
|
|
|
belong here
I'm not really sure if this check is really done on Windows Server. And if it
is done, then it's on the LDB level (module).
|
|
|
|
This function is used in DRSUpdateRefs() implementation where we
get DSA's objectGUID rather than invocationId
|
|
metze
|
|
w2k8r2 returns the local DC information on no inputs for
getDcNameEx2. This is needed for starting dsa.msc (ADUC) on
Win7.
CDLAP on the same call returns an error. This uses a parameter
fill_on_blank_request to distinguish the two cases.
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)
|
|
with the client site information"
This reverts commit 908d982980846257b65ab576d31131e8793e9399.
I need to merge the improved version of this commit.
|
|
This reverts commit e88a54a87e185b44e2d216bd853e6a87bf950be6.
This isn't the correct behaviour. See MS-NRPC documentation under the
"GetAnyDCName" section.
|
|
We should respond when we are the PDC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When we aren't a DC we shouldn't have the netlogon pipe available.
[MS-NRPC 1.3] says that we can only have DCs on the server side.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Does for now only return DC's primary site.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
MS-NRPC docs
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
documentation
This implementation checks if the domainname is valid for us or a trusted domain.
Then I've also added the PDC location functionality. That means that we should
return "WERR_NO_SUCH_DOMAIN" (MS-NRPC 3.5.5.2.5).
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this is an alternative way of establishing repsTo
|
|
This includes deleted partitions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This checks whether a replication client is a RODC by inclusion of the
the DOMAIN_RID_ENTERPRISE_READONLY_DCS sid in the users token
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
Non-administrator replication checks the invocationId matches
the sid of the user token being used
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
During building an object to send it on a GetNCChanges reply, it checks
the attributes and if any of them is a RODC filtered and the recipient
is a RODC, then such attribute is not sent.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
metze
|
|
These are needed for dcpromo from w2k8r2
|
|
short domainname discovery
Here we don't need to use "lp_sam_name" since in this function we are always a
DC.
|
|
|
|
On the base of the "fill_netlogon_samlogon_response" call.
This removes duplicated code.
|
|
|
|
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
|