summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2009-11-05s4:dcesrv_samr - Implement "dcesrv_samr_ValidatePassword" using my new check ↵Matthias Dieter Wallnöfer1-7/+49
password call This implements a very basic method for password validation using my new "samdb_check_password" call.
2009-10-24s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_stateStefan Metzmacher1-7/+7
We always steal the state to the policy handle on success, but untill then keep it on the short term context. metze
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell2-3/+3
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell4-10/+10
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-22s4-lsa: fixed breakage of lsa serverAndrew Tridgell1-0/+1
2009-10-22s4-lsa: fixed the lsa server to cope with the new tests from gdAndrew Tridgell1-12/+33
2009-10-21s4:rpc_server Ensure we talloc_free handles when we delete objectsAndrew Bartlett1-0/+3
If we don't talloc_free the handle, we leak the memory onto the long-term context. Andrew Bartlett
2009-10-21s4:samr Don't leak the whole user onto the long-term handleAndrew Bartlett1-2/+2
The user entry is only required for this function, so use mem_ctx to hold it. Andrew Bartlett
2009-10-21s4:epmapper Create a proper talloc tree of endpoint floorsAndrew Bartlett1-1/+1
Andrew Bartlett
2009-10-21s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-20s4: ran minimal_includes.pl on source4/rpc_serverAndrew Tridgell9-25/+0
2009-10-18s4:sites - get the server site (name) from DSDBMatthias Dieter Wallnöfer1-1/+3
2009-10-18s4:dcerpc_netlogon - unify the two workstation object lookups (DNS hostname ↵Matthias Dieter Wallnöfer1-20/+26
and supported encryption types) This is simply for better performance (no functional change).
2009-10-17s4-lsasrv: make sure only admins can alter privilegesAndrew Tridgell1-0/+6
2009-10-17s4-privileges: moved privileges to private/privilege.ldbAndrew Tridgell3-32/+45
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database
2009-10-15s4:dcerpc_server - Read the generic session key out from ↵Matthias Dieter Wallnöfer1-5/+2
"dcerpc_generic_session_key" I don't think that this code needs to exist identically on the server and on the client side. This patch leaves it on the client side (dcerpc lib) and calls it from the server.
2009-10-15s4-drs: support DRSUAPI_DRS_ADD_REF flagAndrew Tridgell1-5/+29
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs call on behalf of the client after the DsGetNCChanges call. The lack of support for this option may explain why the repsTo attribute was not being created for w2k8-r2 replication partners.
2009-10-15s4-drs: implement more of DsUpdateRefsAndrew Tridgell2-27/+63
The DsUpdateRefs calls takes a set of flags that indicates if the server should ignore specific add/delete error codes. This patch also exposes the core UpdateRefs call into a public function, so that it can be called from DsGetNCChanges
2009-10-15drs: improved error checkingAndrew Tridgell1-16/+49
Check the validity of the requested options in DsGetNCChanges
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer3-9/+11
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-13s4:dcesrv_samr - add another constantMatthias Dieter Wallnöfer1-1/+1
2009-10-13s4:dcesrv_samr - prevent "ldb_modify" on a possibly empty messageMatthias Dieter Wallnöfer1-8/+10
In this code part under certain circumstances we can end up with an empty message. Since our new behaviour denies them (like the real AD) we need to bypass them on LDB modify calls.
2009-10-13s4:dcesrv_samr - Add additional "talloc_free"sMatthias Dieter Wallnöfer1-0/+4
2009-10-13s4:dcesrv_samr - CosmeticsMatthias Dieter Wallnöfer1-23/+31
Make more use of constants and add some braces around "if" blocks
2009-10-13s4-repl: check that a DsGetNCChanges is a continuation, and fix sortingAndrew Tridgell2-4/+17
When we indicate that a getncchanges request is not complete, we set the more_data flag to true in the response. The client usually then asks for the next block of data. If the client decides it wants to skip that replication and do a different replication then we need to make sure that the next call is in fact a continuation of the existing call, and not a new call. This relies on returning the results sorted by uSNChanged, as the client uses the tmp_highest_usn in each result to see if progress is being made.
2009-10-12s4-drs: make DsBind a bit less verboseAndrew Tridgell1-1/+1
2009-10-08s3/s4 - Adapt the IDL changes on various locationsMatthias Dieter Wallnöfer1-19/+20
2009-10-06s4-drs: added some debug lines to DsAddEntry()Andrew Tridgell1-0/+3
2009-10-06s4-drs: take advantage of system session auth in dsbindAndrew Tridgell2-41/+21
Now that the bind opens samdb with the right credentials, we no longer need the re-open in updaterefs and getncchanges
2009-10-06s4-drs: fixed error message for drs_security_level_checkAndrew Tridgell1-1/+3
2009-10-06s4-drs: open samdb with system credentials when authorisedAndrew Tridgell1-1/+14
When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls.
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-2/+2
2009-10-02s4/srvsvc: deactivate a "ntvfs_connect" with a wrong parameterMatthias Dieter Wallnöfer1-1/+3
In the srvsvc code for s4 (NTVFS module) there exists a call to "ntvfs_connect" which is performed with a totally wrong argument. Since I'm not able to fix this, I commented it out and added a "FIXME" comment.
2009-10-02s4-samr: fake up a samr_ValidatePassword responseAndrew Tridgell1-1/+5
mdw is working on the correct call to check the password strength
2009-10-02ds-flags: use the new name DS_DNS_FOREST_ROOTAndrew Tridgell1-1/+1
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer what this bit means (according to MS-ADTS doc)
2009-09-28s4-drs: removed debug code that replicated a maximum of 10 objects at a timeAndrew Tridgell1-2/+1
2009-09-28s4-drsuapi: state variable for getncchangesAndrew Tridgell1-0/+1
2009-09-28s4-dsruapi: plugfest updatesAndrew Tridgell1-77/+144
- always fetch parentGUID from databases, don't rely on parentGUID in attributes - re-fetch nc root mesages to avoid the problem of dual messages for roots - support returning messages a chunk at a time, using max_object_count from request
2009-09-28s4-drsutil: allow NULL filterAndrew Tridgell1-5/+0
2009-09-27rpc_server: Fix warnings.Jelmer Vernooij1-0/+2
2009-09-24s4-drs: el may not be a talloc pointerAndrew Tridgell1-1/+1
Use msg->elements for the new element values
2009-09-24s4-drs: include deleted objects in getncchanges replyAndrew Tridgell1-1/+6
Even though we don't create deleted objects ourselves yet, we need to pass along deleted objects we receive from other replication partners
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in ↵Anatoliy Atanasov3-4/+46
getncchanges When this flag is specified in the request these attributes are treated as secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing, lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials, trustAuthIncoming, trustAuthOutgoing, unicodePwd Their value is changed to NULL and the meta_data.originating_change_time to 0
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchangesAnatoliy Atanasov1-1/+7
When this flag is specified in the request we should return for ncRoot only and so scope of search is LDB_SCOPE_BASE.
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_SYNC_PACKET in getncchangesAnatoliy Atanasov1-0/+6
When this flag is specified in the request we shouldn't use the uptodateness vector in the request.
2009-09-23s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchangesAnatoliy Atanasov3-10/+15
2009-09-23s4-drs: fill in more guids and SIDs, plus filter rDNAndrew Tridgell1-3/+48
In DsGetNCChanges we need to fill in the parentGUID and objectGUID of each object, plus we need to filter out the rDN from the meta data, and always send the instanceType
2009-09-23s4-drsserver: fixed addition of sort controlAndrew Tridgell1-5/+7
2009-09-23s4-netlogon: always set the dNSHostName in GetDomainInfoAndrew Tridgell1-3/+7
This seems to be what w2k8 does
2009-09-23s4-netlogon: make GetDomainInfo response match w2k8Andrew Tridgell1-13/+21