summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2010-09-29s4-drs: implement PAS checks and access checks for getncchangesAndrew Tridgell1-26/+130
This implements partial attribute set checking on getncchanges. If the client sends a partial_attribute_set then we only return the specified attributes. This also implements access checking on the NC root for the access right GUIDs for requests with and without reveal secrets Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-drs: added drs_security_access_check_nc_root()Andrew Tridgell2-12/+63
this checks securiity on the NC root of the specified naming context
2010-09-28s4-drs: added support for DRSUAPI_EXOP_REPL_OBJAndrew Tridgell1-1/+32
this extended getncchanges operation replicates a single object
2010-09-28s4-drs: use drs_ObjectIdentifier_*() calls in getncchangesAndrew Tridgell1-14/+16
this allows for replication by GUID or SID
2010-09-28s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.cAndrew Tridgell1-44/+0
this will be used outside of the drs server. This also fixes the handling of the ndr_size elements of the drs_ObjectIdentifier
2010-09-28s4-drs: Added check for drs-manage-topology to updateRefs.Nadezhda Ivanova1-7/+9
2010-09-28s4-drs: Added drs_security_access_check functionNadezhda Ivanova2-0/+64
It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
2010-09-27s4-netlogon: added RODC DNS update call fwded to dnsupdate taskAndrew Tridgell1-3/+89
when we get a netlogon RODC DNS update, we send it to the dnsupdate task
2010-09-28s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the ↵Stefan Metzmacher1-0/+1
socket fd twice. metze
2010-09-27s4-drs: make getncchanges debug less verboseAndrew Tridgell1-1/+1
quieten make test a little
2010-09-27s4/irpc: Add security token to the binding handle when doing irp call forwardingAnatoliy Atanasov1-0/+7
2010-09-27s4-drs: fixed comment in getncchanges codeAndrew Tridgell1-1/+1
Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
2010-09-26s4-drs: use the system sam_ctx for updaterefsAndrew Tridgell1-8/+9
this is needed for RODC clients calling updaterefs
2010-09-25s4-repl: make getncchanges a bit less verboseAndrew Tridgell1-1/+1
this should reduce some of the clutter in make test
2010-09-24s4:rpc_server/dcerpc_server.c - fix a "const" warningMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4/eventlog6: Add dummy implementation for calls 0x5 and 0xBAnatoliy Atanasov1-2/+6
The code is enough to let us run all dcdiag tests against samba4 server
2010-09-23s4/eventlog6: Build and hook EventLog6 RPC endpont mapper and idlAnatoliy Atanasov3-0/+21
2010-09-23s4/eventlog6: Add endpoint server for EventLog6 RPCAnatoliy Atanasov1-0/+319
The file is generated using PIDL --template command.
2010-09-20s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders testAnatoliy Atanasov1-29/+26
2010-09-16s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecordsAndrew Tridgell1-0/+20
this is used by a RODC to do DNS updates, as TSIG updates are not allowed by RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-rpcserver: allow saving of bad RPC packetsAndrew Tridgell1-2/+28
use: dcesrv:stubs directory = . to save files like this: RPC-netlogon-48-pullfail.dat when a RPC packet can't be parsed or is unknown. Only enabled in developer builds Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-drs: make debugging DsUpdateRefs a bit easierAndrew Tridgell1-1/+8
2010-09-16s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} callsAndrew Tridgell1-3/+42
2010-09-16s4-drs: removed a debug print in repl secretAndrew Tridgell1-1/+0
2010-09-16s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm()Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-drs: Wait DsReplicaSync for as long as it takes to completeKamen Mazdrashki1-2/+19
In case the caller wants sync execution, we should not cancel the call for internal timeout reason, but rather wait for its execution
2010-09-16s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() callKamen Mazdrashki2-6/+14
It is to be used when caller wants to explicitly specify the timeout for the call
2010-09-15s4-rpcserver: set unbind method to NULL in remote serverAndrew Tridgell2-1/+2
this prevents a possible crash on disconnect
2010-09-15s4/fsmo: Remove empty new linesAnatoliy Atanasov1-6/+0
2010-09-15s4-rpc: fixed double free in RPC proxyAndrew Tridgell1-12/+4
the unbind method is only called when the dcesrv_connection_context is being destroyed (its called from the destructor). That means that priv is either already free, or is about to be freed, so don't free it again
2010-09-14rpc_server: Remove unnecessary dependency on server modules, buildJelmer Vernooij1-1/+1
system will take care of that.
2010-09-11s4:rpc_server/common/common.h - introduce two forward declarations to ↵Matthias Dieter Wallnöfer1-0/+3
suppress parameter declaration warnings Always Tru64 in file "param/loadparm.c" and possibly others.
2010-09-11s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are ↵Matthias Dieter Wallnöfer1-2/+3
returned here Tested using User Manager for Domains against Windows Server 2008. MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
2010-09-11s4-privs Fix enum privileges in LSARPC serverAndrew Bartlett1-1/+1
We were returning the index, not the LUID value Andrew Bartlett
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett1-37/+49
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11s4-rpc_server Put all 'logon failure' messages at the same debug level 4Andrew Bartlett1-4/+6
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-lsa: privilege IDs should use the enum, not an intAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵Andrew Bartlett1-1/+1
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-5/+5
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett1-3/+3
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-10s4:getncchanges_change_master - also in this call "i" needs to be unsignedMatthias Dieter Wallnöfer1-1/+2
2010-09-10s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_retKamen Mazdrashki1-0/+1
in case we are handling extended operation. It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit more picky on this.
2010-09-10s4-drs: Hanlde extended operations only onceKamen Mazdrashki1-40/+45
Most of extended operations I know of work like: 1. do extended operation 2. collect a set of objects to return and start replication cycle 3. continue returning object as we have no more to give This way we ensure we are doing 1. only once
2010-09-10s4-rpc: Added handling of fsmo role transfer to GetNCChangesNadezhda Ivanova1-0/+108
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE and DRSUAPI_EXOP_FSMO_REQ_PDC. Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-07s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs callKamen Mazdrashki1-6/+10
2010-09-03s4:rpc_server/netlogon: use irpc_binding_handle_by_name()Stefan Metzmacher2-8/+11
metze
2010-09-03s4:rpc_server/common: use irpc_binding_handle_by_name() in ↵Stefan Metzmacher1-16/+25
dcesrv_irpc_forward_rpc_call() metze
2010-09-03s4-drs: A quick fix for DRSUAPI_EXOP_FSMO_RID_ALLOC extended_op handlingKamen Mazdrashki1-0/+9
When DRSUAPI_EXOP_FSMO_RID_ALLOC extended op is handled in DsGetNCChanges() stub, we need to returned a well know set of object - see: [ms-adts], 3.1.1.5.1.7 With this hack we are going to return just objects modified during RID allocation procedure - i.e. "RID Manager$", "RID Set" for computer object and computer object itself. Which is a close approximation of what we are expected to return.
2010-08-25s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.Günther Deschner1-42/+12
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
2010-08-23s4:getncchanges.c - fix some counter variable typesMatthias Dieter Wallnöfer1-3/+3
They should be "unsigned" since they count LDB objects. And also the SID array can be counted as "unsigned".