summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2013-01-17drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett1-1/+2
This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-16spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container.Günther Deschner1-3/+2
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-07spoolss: add stubs for new JobNamedProperty dcerpc calls.Günther Deschner1-0/+37
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 7 19:06:25 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: try to behave more like windows for usn order (bug #9508)Stefan Metzmacher1-11/+18
We don't behave completely like a Windows server, but it's much more identical than before. The partition head is always the first object followed by the rest sorted by uSNChanged. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 1 21:09:42 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: make use of LDB_TYPESAFE_QSORT() and pass getnc_stateStefan Metzmacher1-10/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we report the meta data from the cycle start (bug #9508)Stefan Metzmacher1-9/+38
We should build the final highwatermark and uptodatevector of a replication cycle at the start of the cycle. Before we search for the currently missing objects. Otherwise we risk that some objects get lost. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: check the source_dsa_invocation_id (bug #9508)Stefan Metzmacher1-0/+15
The given highwatermark is only valid relative to the specified source_dsa_invocation_id. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we never return the same highwatermark twice in a ↵Stefan Metzmacher1-0/+36
replication cycle (bug #9508) If the highwatermark given by the client is not the one we expect, we need to start a new replication cycle. Otherwise the destination dsa skips objects and linked attribute values. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: add drsuapi_DsReplicaHighWaterMark_cmp()Stefan Metzmacher1-0/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: always use the current uptodateness_vectorStefan Metzmacher1-11/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: avoid a ldb_dn_copy() and use talloc_move() insteadStefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: remove unused 'highest_usn' from drsuapi_getncchanges_stateStefan Metzmacher1-4/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: move struct drsuapi_getncchanges_state to the top of getncchanges.cStefan Metzmacher1-17/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-16s4-rpc_server: use netlogon_creds_encrypt_samlogon().Günther Deschner1-34/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
2012-12-12s4-rpc_server: limit allowed transports for samr_ValidatePassword().Günther Deschner1-0/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-11s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checksMichael Adam1-47/+65
This matches the windows behavior. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner1-5/+23
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-10-19s3:build: move sessionid_tdb.o and conn_tdb.o to SMBD_OBJ_BASEGregor Beck1-1/+1
and use SMBD_OBJ_BASE for a couple of targets where sessionid_tdb and conn_tdb were used. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-09s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserverAmitay Isaacs1-0/+4
..TrustAnchors zone is not interpreted by RPC dnsserver code. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Tue Oct 9 03:21:07 CEST 2012 on sn-devel-104
2012-10-07drsuapi: Validate the input parameters for the drsuapi_UpdateRefs functionMatthieu Patou1-0/+16
2012-10-07drsuapi: check more carefully the validity of the NCMatthieu Patou1-4/+11
Check that both the GUID and DN are the GUID/DN of a NC if not return WERR_DS_DRA_BAD_NC
2012-10-07s4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGESMatthieu Patou1-0/+24
2012-10-07s4-drs: EXOP_REPL_SECRETS can be called by RW DC as wellMatthieu Patou1-7/+15
2012-10-07drs-getncchanges: do not set the highestUsn to 0Matthieu Patou1-1/+0
Paragraph 4.1.10.5 says that if err = 0 then msgOut.pNC := msgIn.pNC msgOut.usnvecFrom := msgIn.usnvecFrom so no need to set the highestUsn to 0
2012-10-07kcc: return invalid parameter if the taskId is not 0Matthieu Patou1-1/+3
2012-10-07Implement the LIST_INFO_FOR_SERVER input formatMatthieu Patou1-1/+2
2012-10-07getdcinfo: Check that the server object has a serverreference objects ↵Matthieu Patou1-2/+4
pointing to a DC object The problem was found by the DRSR testsuite where server objects were created in the Site container without serverrefrence attribute triggering error in the testsuite.
2012-09-26netlogon: Per MS-NRPC, don't send unknown workstation flags back to theJelmer Vernooij1-1/+2
client.
2012-09-25s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in ↵Stefan Metzmacher1-1/+1
dcesrv_drsuapi_DsBind() metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 25 03:06:13 CEST 2012 on sn-devel-104
2012-09-25s4:rpc_server/drsuapi: fix a crash in ↵Stefan Metzmacher1-6/+6
dcesrv_drsuapi_DsGetDomainControllerInfo_1() metze
2012-08-14s4-repl: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-15/+13
2012-08-14s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett2-3/+3
As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-08-10build: rename security → samba-securityBjörn Jacke1-2/+2
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
2012-07-24lib/param: Remove "ntptr providor" and hard-code in s4 spoolss serverAndrew Bartlett1-1/+1
This stub codebase does not justify a merged parameter. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-17s4:rpc_server/netlogon: add support for AES based netlogon schannelStefan Metzmacher1-0/+4
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for itStefan Metzmacher1-26/+31
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: implement netr_LogonGetCapabilitiesStefan Metzmacher1-2/+20
This is also needed to support AES. metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcpAndreas Schneider1-0/+10
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for npAndreas Schneider3-0/+45
2012-07-06s4-lsarpc: Restrict LookupSids3 to crypto connections only.Andreas Schneider1-0/+10
2012-07-06s4-lsarpc: Restrict LookupNames4 to crypto connections only.Andreas Schneider1-0/+10
2012-07-06s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.Andreas Schneider1-46/+48
2012-07-06s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.Andreas Schneider1-49/+53
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett4-8/+8
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-01Revert "waf-mitkrb5: enable dcerpc_server library to support OpenChange ↵Alexander Bokovoy1-37/+20
client code" This reverts commit f8c447b1a48eaf12dcf70b92fd7525c4ad26c246. After discussing with Julien (Openchange) and Metze, I decided to revert this code. Instead I made a patch to Openchange which allows to build client side only. Openchange server code requires working s4 member DC and --without-ad-dc build does not provide working provisioning even if we enable dcerpc_server and end point mapper. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Fri Jun 1 16:46:08 CEST 2012 on sn-devel-104
2012-06-01waf-mitkrb5: enable dcerpc_server library to support OpenChange client codeAlexander Bokovoy1-20/+37
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2-12/+60
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23auth and s4-rpc_server: Do not use features we currently can't implement ↵Simo Sorce1-0/+6
with MIT Kerbros build
2012-05-04Fix direct access to krb5_principal structureSimo Sorce1-2/+4