sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code
samba-mirror/source4/rpc_server/drsuapi/dcesrv_drsuapi.h

85 lines
3.0 KiB
C
Raw Normal View History

r2889: add DRSUAPI server - with DsBind and DsUnbind implmented :-) the RPC-DRSUAPI test works metze (This used to be commit 536af87ef12024615728ce0060b557f6f504e33f)
2004-10-10 01:35:33 +00:00
/*
Unix SMB/CIFS implementation.
endpoint server for the drsuapi pipe
Copyright (C) Stefan Metzmacher 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
r2889: add DRSUAPI server - with DsBind and DsUnbind implmented :-) the RPC-DRSUAPI test works metze (This used to be commit 536af87ef12024615728ce0060b557f6f504e33f)
2004-10-10 01:35:33 +00:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r2889: add DRSUAPI server - with DsBind and DsUnbind implmented :-) the RPC-DRSUAPI test works metze (This used to be commit 536af87ef12024615728ce0060b557f6f504e33f)
2004-10-10 01:35:33 +00:00
*/
/*
this type allows us to distinguish handle types
*/
enum drsuapi_handle {
DRSUAPI_BIND_HANDLE,
};
/*
state asscoiated with a drsuapi_DsBind*() operation
*/
struct drsuapi_bind_state {
r21512: finish DsBind() in the DRSUAPI server: - fill in our on bind_info struct correctly - remember the local and remote DsBindInfo28 struct - remember the remote bind_buid w2k3 now tries replicate using DsGetNCChanges() from us, after the NET-API-BECOME-DC test created the domain controller and replicated all data. (But we still give a DCERPC fault in DsGetNCChanges()...) metze (This used to be commit 33550c063d4e206fce63fdd99dc93a56995db580)
2007-02-23 07:56:29 +00:00
struct ldb_context *sam_ctx;
s4-drs: added sam_ctx_system on DRS bind state The getncchanges call needs to be able to access the sam as the system user for RODC clients. To do this it needs a sam_ctx connection with system credentials Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-18 14:27:17 +10:00
struct ldb_context *sam_ctx_system;
r21512: finish DsBind() in the DRSUAPI server: - fill in our on bind_info struct correctly - remember the local and remote DsBindInfo28 struct - remember the remote bind_buid w2k3 now tries replicate using DsGetNCChanges() from us, after the NET-API-BECOME-DC test created the domain controller and replicated all data. (But we still give a DCERPC fault in DsGetNCChanges()...) metze (This used to be commit 33550c063d4e206fce63fdd99dc93a56995db580)
2007-02-23 07:56:29 +00:00
struct GUID remote_bind_guid;
Extend DsBind and DsGetDomainControllerInfo to work with w2k8. W2K8 Clients ask for DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 on DsBind. W2K8 expect this to be set (with server fl 2k8) or else they do not call DsGetDomainControllerInfo. If DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 is set, DsGetDomainControllerInfo must be able to return DCInfo Level 3. If Samba4 AD ist set to work as 2k8, with >2k8 clients the following will not work as expected: * Group Policy Editor Infrastructure Discovery * nltest /dclist:<domain> * w32tm /monitor BUG: https://bugzilla.samba.org/show_bug.cgi?id=9971 BUG: https://bugzilla.samba.org/show_bug.cgi?id=9976 Signed-off-by: Dirk Godau <voidswitch@gmail.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu May 26 06:21:10 CEST 2016 on sn-devel-144
2016-05-25 11:49:24 +12:00
struct drsuapi_DsBindInfoCtr *remote_info;
struct drsuapi_DsBindInfoCtr *local_info;
s4-drsuapi: state variable for getncchanges
2009-09-25 15:18:02 -07:00
struct drsuapi_getncchanges_state *getncchanges_state;
r2889: add DRSUAPI server - with DsBind and DsUnbind implmented :-) the RPC-DRSUAPI test works metze (This used to be commit 536af87ef12024615728ce0060b557f6f504e33f)
2004-10-10 01:35:33 +00:00
};
s4: implemented server side of DSUpdateRefs call This call is made by DCs to tell us we should notify them of directory changes
2009-09-08 11:49:28 +10:00
/* prototypes of internal functions */
drepl_server: Allow refresh of partitions on UpdateRef When we call UpdateRef, the push replication will not begin until the drepl_server has done its periodic refresh. If UpdateRefs is called, we should just send an IRPC message to call the refresh. NOTE: This has the same dependencies and issues as repl_secrets in auth_sam.c in terms of IRPC implementation. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 11:24:50 +13:00
WERROR drsuapi_UpdateRefs(struct imessaging_context *msg_ctx,
struct tevent_context *event_ctx,
struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx,
s4-drs: implement more of DsUpdateRefs The DsUpdateRefs calls takes a set of flags that indicates if the server should ignore specific add/delete error codes. This patch also exposes the core UpdateRefs call into a public function, so that it can be called from DsGetNCChanges
2009-10-14 20:25:48 +11:00
struct drsuapi_DsReplicaUpdateRefsRequest1 *req);
s4: implemented server side of DSUpdateRefs call This call is made by DCs to tell us we should notify them of directory changes
2009-09-08 11:49:28 +10:00
WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaUpdateRefs *r);
s4:drs split addentry and getncchanges into separate files These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
2009-09-09 21:00:01 +10:00
WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsGetNCChanges *r);
WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsAddEntry *r);
s4-drs: moved the DsWriteAccountSpn call to its own file
2010-01-09 17:11:01 +11:00
WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsWriteAccountSpn *r);
s4: implemented server side of DSUpdateRefs call This call is made by DCs to tell us we should notify them of directory changes
2009-09-08 11:49:28 +10:00
char *drs_ObjectIdentifier_to_string(TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaObjectIdentifier *nc);
s4:drs split addentry and getncchanges into separate files These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
2009-09-09 21:00:01 +10:00
int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_result **_res,
struct ldb_dn *basedn,
enum ldb_scope scope,
const char * const *attrs,
s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchanges
2009-09-23 15:47:14 -07:00
const char *filter);
s4:drs split addentry and getncchanges into separate files These will get quite complex eventually, I think we are better separating them so the code is a bit easier to follow
2009-09-09 21:00:01 +10:00
Add drs_security_level_check for dcesrv calls security checks There is also an option to disable the security check by specifying in the smb.conf file: drs:disable_sec_check = true
2009-09-19 15:08:19 -07:00
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
s4-drs: added domain_sid to DRS security checks we need the domain_sid to determine if the account is a RODC for our domain Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 14:12:21 +10:00
const char* call, enum security_user_level minimum_level,
const struct dom_sid *domain_sid);
s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges When this flag is specified in the request these attributes are treated as secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing, lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials, trustAuthIncoming, trustAuthOutgoing, unicodePwd Their value is changed to NULL and the meta_data.originating_change_time to 0
2009-09-23 16:51:55 -07:00
void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
struct drsuapi_DsReplicaMetaData *meta_data);
s4-drs: Added drs_security_access_check function It takes a security token, an ldb_context, and the desired CAR and checks if the principal has this CAR granted
2010-09-26 21:14:45 -07:00
WERROR drs_security_access_check(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
struct security_token *token,
struct drsuapi_DsReplicaObjectIdentifier *nc,
const char *ext_right);
s4-drs: added drs_security_access_check_nc_root() this checks securiity on the NC root of the specified naming context
2010-09-29 15:46:23 -07:00
WERROR drs_security_access_check_nc_root(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
struct security_token *token,
struct drsuapi_DsReplicaObjectIdentifier *nc,
const char *ext_right);
Copy Permalink