Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa
Conflicts:
source4/dsdb/repl/drepl_ridalloc.c
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
when running with valgrind on the server, enable logging in the xterm
so you get a permanent record of any errors
|
|
the unbind method is only called when the dcesrv_connection_context is
being destroyed (its called from the destructor). That means that priv
is either already free, or is about to be freed, so don't free it
again
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this matches the behaviour of our DNS resolver
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we skip a DC because it doesn't have the required server type
bits, show what bits we wanted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
once we get the 1C lookup reply, use a CLDAP query to find the details
for the server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we now require the full domain name, for the DNS/CLDAP lookup
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The DC is now found via DNS/CLDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives access to the CLDAP/DNS finddc code from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this prevents conflicts with old generated files and we can only even
return one DC with this interface.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
finddcs_nbt is currently unused, but will later be a fallback is a
cldap DC find fails.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this may later be changed to do fallback to NBT as well, but for now
cldap is sufficient
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this finds DCs with a specified set of server_type bit using SRV
lookups and CLDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we already have a 'v' in scope
|
|
this allows for multiple replies to a SRV lookup
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The secure channel type is needed to work out what DC to connect to
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
As a RODC we need to forward some auth requests to a writable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
when we are an RODC we need to be able to allow multiple auth backends
to process a single auth request. First the sam backend will try to
authenticate, using locally stored passwords. If this backend can't
find local passwords then it will try the winbind backend and
authenticate via a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the mixture of async and sync code in gensec makes a EOF on a socket
during a session setup cause a crash. The simplest solution is to
stop processing events on the socket until the session setup is
complete.
|
|
when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
It can be useful for a irpc message to be one-way, where the client
sends a messages and the server does not reply. This will be used for
things like a triger message from an auth context to the drepl server
to tell it to try a REPL_SECRET on a user in a RODC.
Previously we've used raw messaging for messages that have no reply,
but that doesn't allow us to use messages described by IDL
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
el has already been checked for NULL
|
|
need to use ssize_t, not size_t for error handling
|
|
|
|
|
|
|
|
down_req is not initialised yet
|
|
|
|
|
|
|
|
system will take care of that.
|
|
of gensec on dcerpc.
|
|
Guenther
|
|
|
|
LDAP filters
This makes also lookups through special backends as "samba3sam" work.
|