Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-08-23 | s4-drs: show the user sid that does the GetNCChanges call | Andrew Tridgell | 1 | -2/+3 | |
this is useful when debugging replication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-23 | s4-drs: removed the warning on WRIT_REP being set | Andrew Tridgell | 1 | -4/+2 | |
we just need to clear this flag | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 4 | -6/+6 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-20 | librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c | Stefan Metzmacher | 1 | -174/+0 | |
metze | |||||
2010-08-20 | s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls | Andrew Tridgell | 1 | -10/+8 | |
when we deny a EXOP_REPL_SECRET call we should set the exop error code to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based on observing windows server behaviour) Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-20 | s4-drs: bring us much closer to the docs for DRS secret replication | Andrew Tridgell | 1 | -9/+241 | |
The rules for when a RODC can replicate secrets are: - it can always replicate its own acct - it can also replicate its krbtgt acct - it can't replicate other krbtgt accts - it can't replicate interdomain trust accounts - it can't replicate users in the denied group list - it can replicate users in the allowed group list otherwise it can't replicate Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-20 | s4-drs: implement RODC attribute filtering override | Andrew Tridgell | 1 | -24/+50 | |
When a RODC uses extended getncchanges operation DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to replicate the secret attributes. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-20 | s4-drs: added sam_ctx_system on DRS bind state | Andrew Tridgell | 2 | -0/+20 | |
The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-19 | s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if ↵ | Kamen Mazdrashki | 1 | -1/+2 | |
it exists | |||||
2010-08-19 | s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs | Kamen Mazdrashki | 1 | -3/+16 | |
Depending on which NC is being replicated, GetNCChanges() returns either ATTID based on local prefixMap or msDs-IntId value of the attributeSchema class for the attribute being replicated. If set, msDs-IntId value is always returned when replicating object form NC other than Schema NC. Objects in Schema NC replica always use prefixMap based ATTIDs. | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 4 | -7/+7 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-17 | s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵ | Matthias Dieter Wallnöfer | 1 | -2/+43 | |
here the new password change syntax | |||||
2010-08-17 | s4:samr RPC server - samr_password.c - make real user password changes work | Matthias Dieter Wallnöfer | 1 | -50/+74 | |
Now it's finally possible that the user can change his password with a DSDB connection using his credentials. | |||||
2010-08-17 | s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵ | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
password sets | |||||
2010-08-17 | s4-rpcserver: log unknown RPC calls at debug level 3 | Andrew Tridgell | 1 | -0/+6 | |
This was added as we are occasionally getting an encrypted unknown netlogon call, and I'm having trouble looking at it in wireshark | |||||
2010-08-17 | s4-netlogon: added SEC_CHAN_RODC | Andrew Tridgell | 1 | -0/+5 | |
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs | |||||
2010-08-17 | s4-drs: allow getncchanges from RODC with WRIT_REP set | Andrew Tridgell | 1 | -2/+2 | |
w2k8r2 is setting this bit as a RODC. Instead of refusing the replication, we now remove the bit from req8, which means other places in the code that check this bit can stay the same Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-drs: added domain_sid to DRS security checks | Andrew Tridgell | 6 | -10/+14 | |
we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-17 | s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages | Andrew Tridgell | 1 | -4/+4 | |
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-14 | s4:auth Move struct auth_usersupplied_info to a common location | Andrew Bartlett | 1 | -5/+1 | |
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett | |||||
2010-08-14 | s4-build: fixed library name in dcerpc_server.pc.in | Andrew Tridgell | 1 | -1/+1 | |
Thanks to Metze for spotting this | |||||
2010-08-09 | s4-rpc_server: Fixed the build of the dcerpc_server library. | Andreas Schneider | 1 | -1/+1 | |
Brad please check! | |||||
2010-08-09 | s4-build: use @PACKAGE_VERSION@ in s4 pc.in files | Andrew Tridgell | 1 | -1/+1 | |
this gets replaced by vnum from the build rule | |||||
2010-08-09 | s4-build: added dcerpc_server library | Brad Hards | 2 | -3/+16 | |
OpenChange needs this for dcerpc_register_ep_server() Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-08-07 | s4:rpc_server/lsa: better include a .h file don't include a .c file | Stefan Metzmacher | 1 | -1/+2 | |
This fixes the build with --nonshared-binary=smbtorture, as use by the source3/ make test. metze | |||||
2010-08-07 | s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objects | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-07-31 | s4:dcesrv_netr_LogonGetDomainInfo - improve the client OS informations update | Matthias Dieter Wallnöfer | 1 | -19/+8 | |
As ekacnet pointed out on the mailing list we don't need to do a delete if we (re)set the values afterwards - only if we don't set any new ones. | |||||
2010-07-16 | s4-loadparm: 2nd half of lp_ to lpcfg_ conversion | Andrew Tridgell | 19 | -98/+98 | |
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-09 | s4:drsuapi: don't return all linked attributes at the same time | Stefan Metzmacher | 1 | -8/+51 | |
Windows gives them in chunks, but I don't know the correct rule to calculate the chunk size. For now I'll use 1500 as the max size. Windows isn't happy when it gets ~ 100000 linked attributes in one response. It corrupts its directory index and later moves some objects to the LostAndFound folder. metze | |||||
2010-07-08 | s4:drsuapi RPC server - "result_site_name" - fix variable denomination | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-07-06 | s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flag | Matthias Dieter Wallnöfer | 1 | -3/+22 | |
It has to consider the "password_expires" flag to known if the "pwdLastSet" has to be updated or to be resetted. | |||||
2010-07-06 | s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag ↵ | Matthias Dieter Wallnöfer | 1 | -1/+6 | |
on level 21 Taken from the s3 server code | |||||
2010-07-06 | s4:rpc_server/lsa/dcesrv_lsa.c - fix typo | Sumit Bose | 1 | -1/+1 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-07-05 | s4:samr RPC server - "SetUserInfo" - allow some more informations to be set | Matthias Dieter Wallnöfer | 1 | -0/+25 | |
Taken from the s3 implementation. | |||||
2010-06-29 | s4:rpc_server/browser.c - remove unused code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
Spotted by the Solaris 10 compiler | |||||
2010-06-28 | s4:dcesrv_drsuapi.c - fix a counter variable | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-06-28 | s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject" | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour | Matthias Dieter Wallnöfer | 1 | -1/+72 | |
Behaviour as the torture SAMR passwords tests show. | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0 | Matthias Dieter Wallnöfer | 1 | -0/+9 | |
Taken from s3 | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵ | Matthias Dieter Wallnöfer | 1 | -0/+8 | |
from s3 to s4 | |||||
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement password set level 21 | Matthias Dieter Wallnöfer | 1 | -0/+33 | |
2010-06-28 | s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵ | Matthias Dieter Wallnöfer | 1 | -0/+10 | |
user password | |||||
2010-06-28 | s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
haven't activated the the lanman auth This is what s3 does. | |||||
2010-06-28 | s4:samr_password.c - add a function which sets the password through ↵ | Matthias Dieter Wallnöfer | 1 | -0/+48 | |
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21. | |||||
2010-06-26 | s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -36/+0 | |
2010-06-26 | s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -4/+0 | |
2010-06-26 | s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-06-26 | s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs | Matthias Dieter Wallnöfer | 1 | -3/+4 | |
To suppress warnings on Solaris 10 | |||||
2010-06-26 | s4:rpc_server/drsuapi/drsutil.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-06-26 | s4:rpc_server/dcesrv_auth.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |