summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2011-03-01s4:drsuapi RPC server - check for the "SPN" attribute != NULLMatthias Dieter Wallnöfer1-0/+6
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer
2011-03-01s4:dsdb - always handle the attribute "options" as 32bit unsigned integerMatthias Dieter Wallnöfer1-1/+1
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as 64-bit integer. Reviewed by: Kamenim and Metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
2011-03-01s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer3-12/+10
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-28Fix some typesJelmer Vernooij1-3/+3
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-24build: moved librpc/rpc/*.c into a rpccommon libraryAndrew Tridgell3-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Feb 24 02:42:37 CET 2011 on sn-devel-104
2011-02-24build: moved libds/common/flag_mapping.c into a common subsystemAndrew Tridgell2-0/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett1-3/+3
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-18s4-idl: rename s4 server_id.idl to server_id4.idlAndrew Tridgell1-1/+1
this avoids a conflict with the new s3 server_id.idl Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18s4-auth: rename 'auth' subsystem to 'auth4'Andrew Tridgell1-1/+1
this prevents conflicts with the s3 auth modules. The auth modules in samba3 may appear in production smb.conf files, so it is preferable to rename the s4 modules for minimal disruption. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-15s4:samr RPC server - QueryDisplayInfo returns always all domains users, ↵Matthias Dieter Wallnöfer1-34/+40
aliases and groups That means when calling "QueryDisplayInfo" on the BUILTIN handle we still get all related domain objects - for example all domain (global + universal) groups. This is contrary to the "EnumDomain..." calls which do really only return the objects in the specified domain policy handle. This has been observed against Windows Server 2008 and confirmed by dochelp. In the same occasion I've converted from a "gendb*"-oriented search call to "dsdb_search". Patch-reviewed-by: Andrew Tridgell <tridge@samba.org>
2011-02-15s4:drsuapi/getncchanges: make sure we don't process filteres objects more ↵Stefan Metzmacher1-3/+3
than once metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104
2011-02-14s4-dsdb: cleanups to the backupkey RPC serverAndrew Tridgell1-15/+15
- fixed some warnings - change the debug levels to something more reasonable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-14s4: Add server side implementation of backup key remote protocolMatthieu Patou2-0/+1315
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell2-3/+3
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2-9/+9
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-02s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()Stefan Metzmacher1-10/+83
We need to check for invalid parameters before we check for access denied. metze
2011-02-02s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on ↵Stefan Metzmacher1-2/+3
INVALID_PARAMETER/INFO_CLASS metze
2011-02-02s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid ↵Stefan Metzmacher1-1/+1
netr_Validation levels metze
2011-01-15s4:samr RPC server - always interpret filter integer values as signedMatthias Dieter Wallnöfer1-4/+4
To prevent platform-dependant problems. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
2010-12-21s4-auth Remove event context from privilage database handlingAndrew Bartlett1-1/+1
These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
2010-12-19dcesrv_srvsvc: Use constants.Jelmer Vernooij1-3/+3
2010-12-16spoolss: fill in PerMachineConnections add and delete IDL.Günther Deschner1-9/+9
Guenther
2010-12-09s4-lsa Implement kerberos ticket life policyAndrew Bartlett2-7/+5
We now no longer print tickets with a potentially infinite life, and we report the same life over LSA as we use in the KDC. We should get this from group policy, but for now it's parametric smb.conf options. Andrew Bartlett
2010-12-08s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell1-1/+1
this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-1/+1
2010-12-04s4:samr RPC server - dcesrv_samr_GetBootKeyInformation - return NOT_SUPPORTEDMatthias Dieter Wallnöfer1-1/+2
Windows Server 2008 does this Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Dec 4 12:11:47 CET 2010 on sn-devel-104
2010-12-03s3/s4:lsa.idl - QueryDomainInformationPolicy - the "unknown6" field is ↵Matthias Dieter Wallnöfer1-0/+1
called "reserved" MS-LSAD 3.1.1.1 - http://msdn.microsoft.com/en-us/library/cc234319(v=PROT.13).aspx
2010-12-03s4:lsa RPC server - always initialise "info" structuresMatthias Dieter Wallnöfer1-2/+2
This should help to fix bug #7769
2010-12-03s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of reworkMatthias Dieter Wallnöfer1-21/+35
- Added 'out of memory' checks - Added checks regarding return values - Switch to "ldb_msg_add_string" where possible Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104
2010-11-29s4:dcesrv_drsuapi RPC server - remove unreachable statementMatthias Dieter Wallnöfer1-1/+0
2010-11-27s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64Matthias Dieter Wallnöfer6-10/+9
2010-11-27s4:wkssvc RPC server - better solution for srvsvc* enum's in server_info.cMatthias Dieter Wallnöfer2-1/+2
Reworked version of commit 7e710c4de92c310897817acc06d229cce763d2d7
2010-11-27Revert "s4:rpc_server/common/common.h - introduce two forward declarations ↵Matthias Dieter Wallnöfer1-3/+0
to suppress parameter declaration warnings" This reverts commit 7e710c4de92c310897817acc06d229cce763d2d7. This causes more noise than it's useful.
2010-11-28s4-drs: allow DrsReplicaGetInfo as a DCAndrew Tridgell1-1/+1
2010-11-25s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer1-2/+2
domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer1-2/+2
is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-11-19s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"Matthias Dieter Wallnöfer1-25/+37
- Performs the short computer name check against the sam account name. - Enhances the LogonGetDomainInfo testsuite which checks the NULL "dns_hostname" behaviour Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104
2010-11-16s4-eventlog: fixed dcerpc handle returnAndrew Tridgell1-4/+12
2010-11-16Update dcerpc_server.pc library name to match reality.Brad Hards1-1/+1
2010-11-15smb_server: Build as shared module.Jelmer Vernooij1-1/+1
2010-11-15s4: Build ldap and samba3_smb services as shared modules.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
2010-11-15s4-server: make server sockets a child of the task contextAndrew Tridgell1-4/+4
We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-13s4-drs: fixed a crash in writspnAndrew Tridgell1-2/+8
sam_ctx_system may be NULL for non-privileged users Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
2010-11-09s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we ↵Stefan Metzmacher1-1/+0
don't use it metze
2010-11-09s4:rpc_server/drsuapi: make msg_attrs static constStefan Metzmacher1-1/+3
metze
2010-11-09s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use ↵Stefan Metzmacher1-5/+1
DSDB_SECRET_ATTRIBUTES We should replicate all secret attributes back to other DCs. metze
2010-11-08s4:drsuapi RPC server - writespn.c - fix indentationsMatthias Dieter Wallnöfer1-15/+24
2010-11-08s4-drs: allow bypass of writespn checking for some SPNsAndrew Tridgell1-1/+111
this allows accounts (and in particular RODCs) to make SPN updates on their own account if they take the form SERVICE/hostname we may be able to remove this in the future after some changes in our ACL checking for userPrincipalName Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
2010-11-07samdb: Lowercase library name.Jelmer Vernooij1-4/+4