Age | Commit message (Collapse) | Author | Files | Lines |
|
the repl_secret code needs to set it to avoid too many duplicate
attributes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
initiate a repl secret extended op when requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
- use generic parameter names
- trigger a run of pending ops on all extended ops
- don't prevent parallel fsmo transfers
- moved extended op code into drepl_extended
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives the caller the other server parameters
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is needed to get the repsFrom DNS entry right
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This can be used to return structures from other python interfaces as
python objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this is not part of the rid allocation logic
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Multiple calls are allowed to run in parallel as long as they don't
conflict.
This also cleans up the variable names in the extended op calls.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
In case the caller wants sync execution, we should
not cancel the call for internal timeout reason,
but rather wait for its execution
|
|
|
|
It is to be used when caller wants to explicitly
specify the timeout for the call
|
|
|
|
this prevents a possible crash on disconnect
|
|
|
|
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa
Conflicts:
source4/dsdb/repl/drepl_ridalloc.c
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
when running with valgrind on the server, enable logging in the xterm
so you get a permanent record of any errors
|
|
the unbind method is only called when the dcesrv_connection_context is
being destroyed (its called from the destructor). That means that priv
is either already free, or is about to be freed, so don't free it
again
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this matches the behaviour of our DNS resolver
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we skip a DC because it doesn't have the required server type
bits, show what bits we wanted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
once we get the 1C lookup reply, use a CLDAP query to find the details
for the server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we now require the full domain name, for the DNS/CLDAP lookup
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The DC is now found via DNS/CLDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives access to the CLDAP/DNS finddc code from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this prevents conflicts with old generated files and we can only even
return one DC with this interface.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
finddcs_nbt is currently unused, but will later be a fallback is a
cldap DC find fails.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this may later be changed to do fallback to NBT as well, but for now
cldap is sufficient
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this finds DCs with a specified set of server_type bit using SRV
lookups and CLDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we already have a 'v' in scope
|
|
this allows for multiple replies to a SRV lookup
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The secure channel type is needed to work out what DC to connect to
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
As a RODC we need to forward some auth requests to a writable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are an RODC we need to be able to allow multiple auth backends
to process a single auth request. First the sam backend will try to
authenticate, using locally stored passwords. If this backend can't
find local passwords then it will try the winbind backend and
authenticate via a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the mixture of async and sync code in gensec makes a EOF on a socket
during a session setup cause a crash. The simplest solution is to
stop processing events on the socket until the session setup is
complete.
|
|
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|