summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2010-08-23s4-drs: show the user sid that does the GetNCChanges callAndrew Tridgell1-2/+3
this is useful when debugging replication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-23s4-drs: removed the warning on WRIT_REP being setAndrew Tridgell1-4/+2
we just need to clear this flag
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett4-6/+6
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-20librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.cStefan Metzmacher1-174/+0
metze
2010-08-20s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges callsAndrew Tridgell1-10/+8
when we deny a EXOP_REPL_SECRET call we should set the exop error code to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based on observing windows server behaviour) Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: bring us much closer to the docs for DRS secret replicationAndrew Tridgell1-9/+241
The rules for when a RODC can replicate secrets are: - it can always replicate its own acct - it can also replicate its krbtgt acct - it can't replicate other krbtgt accts - it can't replicate interdomain trust accounts - it can't replicate users in the denied group list - it can replicate users in the allowed group list otherwise it can't replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: implement RODC attribute filtering overrideAndrew Tridgell1-24/+50
When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-20s4-drs: added sam_ctx_system on DRS bind stateAndrew Tridgell2-0/+20
The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-19s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if ↵Kamen Mazdrashki1-1/+2
it exists
2010-08-19s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDsKamen Mazdrashki1-3/+16
Depending on which NC is being replicated, GetNCChanges() returns either ATTID based on local prefixMap or msDs-IntId value of the attributeSchema class for the attribute being replicated. If set, msDs-IntId value is always returned when replicating object form NC other than Schema NC. Objects in Schema NC replica always use prefixMap based ATTIDs.
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett4-7/+7
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-17s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵Matthias Dieter Wallnöfer1-2/+43
here the new password change syntax
2010-08-17s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer1-50/+74
Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
2010-08-17s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer1-3/+3
password sets
2010-08-17s4-rpcserver: log unknown RPC calls at debug level 3Andrew Tridgell1-0/+6
This was added as we are occasionally getting an encrypted unknown netlogon call, and I'm having trouble looking at it in wireshark
2010-08-17s4-netlogon: added SEC_CHAN_RODCAndrew Tridgell1-0/+5
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
2010-08-17s4-drs: allow getncchanges from RODC with WRIT_REP setAndrew Tridgell1-2/+2
w2k8r2 is setting this bit as a RODC. Instead of refusing the replication, we now remove the bit from req8, which means other places in the code that check this bit can stay the same Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-drs: added domain_sid to DRS security checksAndrew Tridgell6-10/+14
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-4/+4
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-14s4:auth Move struct auth_usersupplied_info to a common locationAndrew Bartlett1-5/+1
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
2010-08-14s4-build: fixed library name in dcerpc_server.pc.inAndrew Tridgell1-1/+1
Thanks to Metze for spotting this
2010-08-09s4-rpc_server: Fixed the build of the dcerpc_server library.Andreas Schneider1-1/+1
Brad please check!
2010-08-09s4-build: use @PACKAGE_VERSION@ in s4 pc.in filesAndrew Tridgell1-1/+1
this gets replaced by vnum from the build rule
2010-08-09s4-build: added dcerpc_server libraryBrad Hards2-3/+16
OpenChange needs this for dcerpc_register_ep_server() Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-07s4:rpc_server/lsa: better include a .h file don't include a .c fileStefan Metzmacher1-1/+2
This fixes the build with --nonshared-binary=smbtorture, as use by the source3/ make test. metze
2010-08-07s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objectsMatthias Dieter Wallnöfer1-3/+3
2010-07-31s4:dcesrv_netr_LogonGetDomainInfo - improve the client OS informations updateMatthias Dieter Wallnöfer1-19/+8
As ekacnet pointed out on the mailing list we don't need to do a delete if we (re)set the values afterwards - only if we don't set any new ones.
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell19-98/+98
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-09s4:drsuapi: don't return all linked attributes at the same timeStefan Metzmacher1-8/+51
Windows gives them in chunks, but I don't know the correct rule to calculate the chunk size. For now I'll use 1500 as the max size. Windows isn't happy when it gets ~ 100000 linked attributes in one response. It corrupts its directory index and later moves some objects to the LostAndFound folder. metze
2010-07-08s4:drsuapi RPC server - "result_site_name" - fix variable denominationMatthias Dieter Wallnöfer1-3/+3
2010-07-06s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flagMatthias Dieter Wallnöfer1-3/+22
It has to consider the "password_expires" flag to known if the "pwdLastSet" has to be updated or to be resetted.
2010-07-06s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag ↵Matthias Dieter Wallnöfer1-1/+6
on level 21 Taken from the s3 server code
2010-07-06s4:rpc_server/lsa/dcesrv_lsa.c - fix typoSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-05s4:samr RPC server - "SetUserInfo" - allow some more informations to be setMatthias Dieter Wallnöfer1-0/+25
Taken from the s3 implementation.
2010-06-29s4:rpc_server/browser.c - remove unused codeMatthias Dieter Wallnöfer1-2/+0
Spotted by the Solaris 10 compiler
2010-06-28s4:dcesrv_drsuapi.c - fix a counter variableMatthias Dieter Wallnöfer1-2/+1
2010-06-28s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"Matthias Dieter Wallnöfer1-3/+6
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code
2010-06-28s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviourMatthias Dieter Wallnöfer1-1/+72
Behaviour as the torture SAMR passwords tests show.
2010-06-28s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0Matthias Dieter Wallnöfer1-0/+9
Taken from s3
2010-06-28s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵Matthias Dieter Wallnöfer1-0/+8
from s3 to s4
2010-06-28s4:dcesrv_samr_SetUserInfo - implement password set level 21Matthias Dieter Wallnöfer1-0/+33
2010-06-28s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵Matthias Dieter Wallnöfer1-0/+10
user password
2010-06-28s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵Matthias Dieter Wallnöfer1-1/+1
haven't activated the the lanman auth This is what s3 does.
2010-06-28s4:samr_password.c - add a function which sets the password through ↵Matthias Dieter Wallnöfer1-0/+48
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21.
2010-06-26s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable codeMatthias Dieter Wallnöfer1-36/+0
2010-06-26s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable codeMatthias Dieter Wallnöfer1-4/+0
2010-06-26s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable codeMatthias Dieter Wallnöfer1-2/+0
2010-06-26s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDsMatthias Dieter Wallnöfer1-3/+4
To suppress warnings on Solaris 10
2010-06-26s4:rpc_server/drsuapi/drsutil.c - remove unreachable codeMatthias Dieter Wallnöfer1-1/+0
2010-06-26s4:rpc_server/dcesrv_auth.c - remove unreachable codeMatthias Dieter Wallnöfer1-2/+0