summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2012-07-17s4:rpc_server/netlogon: add support for AES based netlogon schannelStefan Metzmacher1-0/+4
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for itStefan Metzmacher1-26/+31
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: implement netr_LogonGetCapabilitiesStefan Metzmacher1-2/+20
This is also needed to support AES. metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcpAndreas Schneider1-0/+10
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for npAndreas Schneider3-0/+45
2012-07-06s4-lsarpc: Restrict LookupSids3 to crypto connections only.Andreas Schneider1-0/+10
2012-07-06s4-lsarpc: Restrict LookupNames4 to crypto connections only.Andreas Schneider1-0/+10
2012-07-06s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.Andreas Schneider1-46/+48
2012-07-06s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.Andreas Schneider1-49/+53
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett4-8/+8
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-01Revert "waf-mitkrb5: enable dcerpc_server library to support OpenChange ↵Alexander Bokovoy1-37/+20
client code" This reverts commit f8c447b1a48eaf12dcf70b92fd7525c4ad26c246. After discussing with Julien (Openchange) and Metze, I decided to revert this code. Instead I made a patch to Openchange which allows to build client side only. Openchange server code requires working s4 member DC and --without-ad-dc build does not provide working provisioning even if we enable dcerpc_server and end point mapper. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Fri Jun 1 16:46:08 CEST 2012 on sn-devel-104
2012-06-01waf-mitkrb5: enable dcerpc_server library to support OpenChange client codeAlexander Bokovoy1-20/+37
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2-12/+60
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23auth and s4-rpc_server: Do not use features we currently can't implement ↵Simo Sorce1-0/+6
with MIT Kerbros build
2012-05-04Fix direct access to krb5_principal structureSimo Sorce1-2/+4
2012-04-20Move kdc_get_policy helper in the lsa server where it belongs.Simo Sorce2-2/+26
This was used in only 2 places, db-glue.c and the lsa server. In db-glue.c it is awkward though, as it forces to use an unconvenient lsa structure and conversions from time_t to nt_time only to have nt_times converted back to time_t for actual use. This is silly. Also the kdc-policy file was a single funciton library, that's just ridiculous. The loadparm helper is all we need to keep the values consistent, and if we ever end up doing something with group policies we will care about it when it's the time. the code would have to change quite a lot anyway. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
2012-03-21s4-rpc: dnsserver: Fix IPv6 reverse zone handlingAmitay Isaacs1-0/+7
Thanks to Marcel Ritter <marcel.ritter@rrze.fau.de> for the patch.
2012-03-20libndr: Rename policy_handle_empty to ndr_policy_handle_empty.Jelmer Vernooij1-1/+1
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-20libndr: Rename ndr64_transfer_syntax and null_ndr_syntax_id so they have a ↵Jelmer Vernooij2-8/+8
ndr_ prefix. This makes the NDR namespace a bit clearer, in preparation of ABI checking.
2012-03-02s4-rpc: dnsserver: Fix the typo in comparing two DNS recordsAmitay Isaacs1-2/+2
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Mar 2 10:27:41 CET 2012 on sn-devel-104
2012-03-02s4-rpc: dnsserver: Update data type for TXT DNS recordsAmitay Isaacs1-6/+25
2012-02-27s4-netlogond: Fix use of uninitialised value dns_nameAndrew Bartlett1-19/+8
The GET_CHECK_STR macro (now unrolled) did not initialise the trusts->array[n].dns_name when the value was not set. New tests for our trusted domains code create domain trusts without a DNS domain name. Found by the autobuild flakey build detector. Andrew Bartlett
2012-02-23dcerpc_server: Add 'modulesdir' variable to pkg-config file.Jelmer Vernooij1-0/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Feb 23 16:26:25 CET 2012 on sn-devel-104
2012-01-26s4-rpc_server: Fix search for existing trust to actually look for the dns nameAndrew Bartlett1-1/+1
Found by a eagle-eyed user. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
2012-01-12s4-rpc:dnsserver: DNS names are case insensitiveAmitay Isaacs3-17/+17
2012-01-06s4-rpc:dnsserver: Do not replace @ with zone_name in update operationAmitay Isaacs1-1/+6
This fixes the problem when updating DNS record for '@' or domain name.
2011-12-23s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explainationMatthias Dieter Wallnöfer1-0/+5
NETLOGON pipe is only thought for DCs. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4:drsuapi/getncchanges: the default for isRecycled is FALSEStefan Metzmacher1-1/+1
metze Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104
2011-12-23s4-drsuapi: we store boolean in upppercase so we need to test them in uppercaseMatthieu Patou1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23s4:rpc-dnsserver: Set the rank for the new DNS record correctlyAmitay Isaacs1-0/+8
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Dec 23 07:56:34 CET 2011 on sn-devel-104
2011-12-23s4:rpc-dnsserver: Add commentsAmitay Isaacs1-0/+7
2011-12-23s4:rpc-dnsserver: Make sure that zone information is filled inAmitay Isaacs1-0/+10
This fixes the problem of NULL zone in zone operations when specific zone is specified and no zone filter is specified.
2011-12-23s4:rpc-dnsserver: Implement zone management RPC operationsAmitay Isaacs3-2/+436
- ZoneCreate operation to create zone. - DeleteZoneFromDs operation to delete zone When a zone is deleted, all the records in that zone are also deleted.
2011-12-23s4:rpc-dnsserver: Add multiple DNS records in a single operationAmitay Isaacs1-11/+16
This allows to add dnsNode objectclass with multiple DNS records in a single operation. Useful for creating @ record which has NS and SOA records.
2011-12-23s4:rpc-dnsserver: Use handy macros for error checkingAmitay Isaacs1-11/+3
2011-12-23s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operationAmitay Isaacs3-1/+151
2011-12-23s4:rpc-dnsserver: Fix the enumeration of DNS recordsAmitay Isaacs1-0/+10
If a node has data and children, do not return the children unless the node is the top level node.
2011-12-23s4:rpc-dnsserver: Use cached zone information to get rootserversAmitay Isaacs1-9/+6
This removes the hardcoded search for DC=RootDNSServers, and uses the cached zone information.
2011-12-23s4:rpc-dnsserver: Implement EnumDirectoryPartition operationAmitay Isaacs2-1/+36
2011-12-23s4:rpc-dnsserver: Cache DNS partition informationAmitay Isaacs4-89/+151
This information will be used for the RPC calls for partition information.
2011-12-23s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flagAmitay Isaacs2-3/+14
And use fReverse flag in the enumeration of zones.
2011-12-23s4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to ↵Amitay Isaacs1-1/+1
compare
2011-12-19s4:drsuapi/getncchanges: return WERR_NOMEM if talloc_array() failsStefan Metzmacher1-0/+3
metze
2011-12-19s4-drs: introduce a timeout in the getncchanges processing to always return ↵Matthieu Patou1-6/+27
something in less than x seconds Signed-off-by: Andrew Tridgell <tridge@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19s4-drs: avoid calling unecesserly ldb_msg_find_attr_as_* as this call in ↵Matthieu Patou1-26/+45
unefficient Current implementation of ldb_msg_find_attr_as_* iterate on the list of attributes returned by the search and make a string comparison. As we sorting the array of messages / guids we tend to call this function many times. By storing the GUID and the USN in a separate structure we are sure to call this function only once per attribute and object. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett2-4/+20
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-12-12s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest testAndrew Bartlett1-14/+17
This allows us to move this test to knownfail from skip
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-6/+6
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-11-27s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctlyMatthias Dieter Wallnöfer1-0/+14
The rules are explained in MS-NRPC 2.2.1.2.1. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we ↵Matthieu Patou1-1/+1
are unable to translate the domain to a dn Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>