summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2010-02-24s4:lsa avoid confusing ourselves over sam_ldbSimo Sorce1-39/+41
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable.
2010-02-24s4:lsa cleanup trailing spaces and tabsSimo Sorce1-35/+35
2010-02-24s4:netlogon remove wrong ZERO_STRUCT of outputSimo Sorce1-6/+0
This was causing marshalling faults when we returned errors.
2010-02-23s4:schannel merge code with s3Simo Sorce1-24/+15
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-23s4:schannel more readable check logicSimo Sorce1-12/+44
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on the caller's security requirements (Integrity/Privacy/Both/None) This is the same change applied to s3
2010-02-23s4:netlogon RPC - fix the indentationMatthias Dieter Wallnöfer1-15/+15
Simo, I'm not really sure that those checks are valid. I read MS-NRPC section 3.5.4.1 about LOGONSRV_HANDLEs ("server_name" is of this type). There isn't stated that the server name has necessarily to be in the DNS form and should also be valid when it's NULL (if DCE server and client are the same - I don't know if me make use of it in s4).
2010-02-22s4:netlogon GetTrustedDomainInformationSimo Sorce1-6/+172
start implementing calls related to trusted domain information
2010-02-22s4:netlogon fix segfaultSimo Sorce1-12/+19
2010-02-21s4:netlogon enhance DsrEnumerateDomainTrustsSimo Sorce1-27/+178
Actually return trust relationships by searching the appropriate entries in the SAM database. Add checks and return the correct flags, type and attributes.
2010-02-21cleanupSimo Sorce1-133/+131
remove trailing spaces, tabs and blank lines
2010-02-19s4:lsa open trusted domain also with dns nameSimo Sorce1-3/+7
When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available.
2010-02-19remove trailing tabs and spacesSimo Sorce1-9/+9
2010-02-19readability reformattingSimo Sorce1-28/+36
stop this function from maiking my eyes bleed
2010-02-20s4:rpc_server Add a 'if_version' parameter to the bind operation.Andrew Bartlett3-4/+6
This allows the interface version to be forwarded to the remote server in the RPC proxy, both in the endpoint lookup and the subsequent bind. Andrew Bartlett
2010-02-19s4:rpc_server Record the remote connections association group IDAndrew Bartlett2-6/+39
By recording the association group the remote server assigned to our proxied RPC connection, we can ensure we use the same value when the client wishes to use it. This isn't stored in a private pointer, as mapiproxy will want to use this feature too. Andrew Bartlett
2010-02-16s4-dcerpc: fixed auth padding to be relative to the stub, not packetAndrew Tridgell1-5/+10
The recent dcerpc padding changes made our padding relative to the packet header, instead of the start of the stub. Surprisingly, this broke w2k8r2 doing a dcpromo join to a s4 server. It seems that w2k8r2 is very fussy about the padding it gets in some circumstances.
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell4-8/+8
This allows for controls to be added easily where they are needed.
2010-02-16s4-dsdb: replace dsdb_modify_permissive() with dsdb_modify() and dsdb_flagsAndrew Tridgell2-2/+4
2010-02-15s4-drs: replace manual checks with dsdb_modify_permissive()Andrew Tridgell1-32/+1
Much simpler to use the permissive control instead of manually munging the SPN list.
2010-02-15s4-drs: use a permissive modify in addentryAndrew Tridgell1-1/+1
It is not an error if entries already exist.
2010-02-14s4:dcesrv_lsa.c - remove a superfluous empty lineMatthias Dieter Wallnöfer1-1/+0
One empty line is enough for code part divisions.
2010-02-14s4-rpcserver: teach the rpc server to cope with bad sig_size estimatesAndrew Tridgell1-18/+14
2010-02-14a4-dcerpc: another attempt at dcerpc auth paddingAndrew Tridgell1-4/+4
The last change broke net vampire against w2k8r2
2010-02-13s4-rpc: be more careful about DCERPC auth paddingAndrew Tridgell1-55/+24
Cope with a wider range of auth padding in dcerpc bind_ack and alter_context packets. We now use a helper function that calculates the right auth padding.
2010-02-13s4: use LDB_TYPESAFE_QSORT() instead of ldb_qsort()Andrew Tridgell1-3/+2
2010-02-13s4-rpcserver: use TYPESAFE_QSORT() in rpc serversAndrew Tridgell3-24/+19
2010-02-11s4: Switch to S3-style id mapping data types.Kai Blin1-12/+12
2010-02-05s4/drs: propagate DRS_ extension flags in code baseKamen Mazdrashki1-1/+1
2010-01-21s4:rpc-server:samr: fix setting of lockout duration < lockout windowMichael Adam1-1/+22
This should return NT_STATUS_INVALID_PARAMETER. This makes samba pass the first part of the samr-lockout test. This constraint is documented here for the samr server: http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates and here for the ldap backend: http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx MS-ADTS 3.1.1.5.3.2 Constraints So the check should actually be moved down into the backend, i.e. under dsdb/samdb/ldb_modules - TODO.. Michael
2010-01-18idl: switched to using the WSPP names for the 'neighbour' DRS optionsAndrew Tridgell1-4/+4
The documentation shows that all these functions in fact use the same flags variable type. To be consistent between functions, and to allow easy reference to the WSPP docs, it is better for us to also use this generic DrsOptions bitfield rather than one per operations.
2010-01-17s4-drs: allow for security bypass for DsReplicaGetInfoAndrew Tridgell1-5/+9
Use --option=drs:disable_sec_check=true until the group membership bug with the PAC is fixed.
2010-01-16s4-dsdb: take advantage of local cursor and sortAndrew Tridgell1-34/+3
in getncchanges and repl task we don't need the extra load and sort any more.
2010-01-16s4-drs: use dsdb_load_udv_v2() in getncchanges codeAndrew Tridgell1-52/+6
2010-01-16s4-drs: better debug info when security checks failAndrew Tridgell1-3/+8
show the security token of the user at debug level 2
2010-01-16s4-dsdb: require admin access for DsReplicaGetInfoAndrew Tridgell1-5/+7
2010-01-16s4-drs: framework for DsGetReplInfo(), includes the DS_REPL_INFO_NEIGHBORS ↵Andrew Tridgell1-1/+11
infoType. This patch includes the framework for the implementation of all infoTypes of the DsGetReplInfo() call, and includes the implementation for the first one, the DS_REPL_INFO_NEIGHBORS. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-01-16s4-drs: give better debug info on unsupported DRS callsAndrew Tridgell1-14/+20
2010-01-14s4:SAMR RPC - Fix the criteria for group searchesMatthias Dieter Wallnöfer1-4/+4
This should match the MS-SAMR documentation (section 3.1.5.5.1.1)
2010-01-14s4-drs: switch the DRS server to the generic DRS options flagsAndrew Tridgell2-8/+8
2010-01-09s4-debug: lower the verbosity of a couple of common log messagesAndrew Tridgell1-1/+1
2010-01-09s4-drs: base is_nc_prefix on instanceTypeAndrew Tridgell1-1/+3
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09s4-drs: having no SPNs to change is not an errorAndrew Tridgell1-0/+7
2010-01-09s4-drs: fixed writespn to ignore add/delete errorsAndrew Tridgell1-3/+40
When a SPN is added and already exists, it is ignored. Similarly, when a SPN is deleted and doesn't exist, it is ignored.
2010-01-09s4-drs: moved the DsWriteAccountSpn call to its own fileAndrew Tridgell4-75/+104
2010-01-09s4-drs: need to set the getncchanges extended_ret on success tooAndrew Tridgell1-0/+3
2010-01-09s4-drs: be less verbose when we filter objects by UDVAndrew Tridgell1-5/+5
2010-01-09s4-drs: added filtering by udv in getncchangesAndrew Tridgell1-9/+57
When a client supplied an uptodateness_vector, we can use it to filter what objects we return. This greatly reduces the amount of replication traffic between DCs.
2010-01-09s4-drs: fixed the NC in the getncchanges RID alloc replyAndrew Tridgell1-11/+13
the search happens on a different DN to the NC of the request, but the reply is with the original NC
2010-01-09s4-drs: fixed usage of ldb_dn_new()Andrew Tridgell1-1/+1
2010-01-08s4-drs: added two more SPNs in addentryAndrew Tridgell1-13/+32
w2k8r2 wants these after a DCPROMO Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>