sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
76,389 Commits 60 Branches 1,144 Tags 452 MiB
10fdc9ad68
Commit Graph

1795 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
ace4378de1 s4:lsa RPC server - use LDB result constant 2010-10-15 08:45:14 +02:00
Matthias Dieter Wallnöfer
9bc57e19e6 s4:dsdb - remove "samdb_msg_add_value" 
This can be substituted by "ldb_msg_add_value".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
 2010-10-15 00:21:53 +00:00
Matthias Dieter Wallnöfer
a0e9814c0d s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", "samdb_result_uint64" and "samdb_result_string" 
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-15 08:36:01 +11:00
Andrew Bartlett
f7ffc12e2d libcli/security Use static SIDs rather than parsing from strings 
This should make the security_token_is_*() calls a little faster.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-10-14 02:35:05 +00:00
Matthieu Patou
f81c840380 s4 rpc_server: fix a build error on freebsd 
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Oct 13 10:48:04 UTC 2010 on sn-devel-104
 2010-10-13 10:48:04 +00:00
Andrew Bartlett
8beaa29242 s4-libcli/security Use seperate subsystem for session related functions 
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.

Andrew Bartlett
 2010-10-12 02:54:16 +00:00
Andrew Bartlett
0487ef0a70 libcli/security Add debug class to security_token_debug() et al 
This will allow it to replace functions in source3 that use debug classes.

Andrew Bartlett
 2010-10-12 02:54:16 +00:00
Andrew Bartlett
5cd9495fb3 s4-param Refactor secrets code to not require an event context. 
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.

Andrew Bartlett
 2010-10-11 13:02:15 +00:00
Jelmer Vernooij
ffd7cee150 torture: Link against rpc server itself, not service module. (against which we can't link). 2010-10-11 01:06:36 +02:00
Jelmer Vernooij
93126b3315 samdb: Add flags argument to samdb_connect(). 2010-10-10 23:08:49 +02:00
Günther Deschner
b7683a2c9d samr: for correctness, rename samr_RidTypeArray to samr_RidAttrArray. 
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Oct  7 12:04:32 UTC 2010 on sn-devel-104
 2010-10-07 12:04:32 +00:00
Günther Deschner
e0b340247a s4-samr: Fix dcesrv_samr_QueryGroupMember. 
Guenther
 2010-10-07 13:24:22 +02:00
Matthias Dieter Wallnöfer
0e5b77bec4 s4:kdc - use "userAccountControl" always unsigned 
It doesn't change much but it's nicer to have it consistent.
 2010-10-05 08:43:19 +00:00
Jelmer Vernooij
5548d3d41e Add missing dependencies for com_err. 2010-10-05 00:38:35 +02:00
Günther Deschner
279e0c9610 spoolss: fill in spoolss_SetPort IDL. 
Guenther
 2010-10-04 09:29:47 +02:00
Matthias Dieter Wallnöfer
e3081b92c1 s4:dsdb - substitute the "show_deleted" with the "show_recycled" control 
We intend to see always all objects with the "show_deleted" control specified.
To see also recycled objects (beginning with 2008_R2 function level) we need to
use the new "show_recycled" control.

As far as I see this is only internal code and therefore we don't run into
problems if we do substitute it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Matthias Dieter Wallnöfer
55e3720470 s4:getncchanges.c - fix some counter types 2010-10-03 12:05:13 +02:00
Stefan Metzmacher
d05ae9451a s4:rpc_server/echo: fix compiler warning 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Oct  3 09:41:51 UTC 2010 on sn-devel-104
 2010-10-03 09:41:51 +00:00
Stefan Metzmacher
76232a40d8 s4:rpc_server/netlogon: don't use dcerpc_binding_handle_call_send/recv() directly 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct  2 03:11:38 UTC 2010 on sn-devel-104
 2010-10-02 03:11:38 +00:00
Andrew Tridgell
75a542a1d9 s4-drs: put the GCSPN flag into the repsTo if requested 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-30 14:36:12 -07:00
Andrew Tridgell
46ec7d7851 s4-drs: added support for level 10 of getncchanges 
added a simple mapping from req8
 2010-09-30 16:45:13 +00:00
Andrew Tridgell
1ec5f5c09c s4-drs: implement PAS checks and access checks for getncchanges 
This implements partial attribute set checking on getncchanges. If the
client sends a partial_attribute_set then we only return the specified 
attributes.

This also implements access checking on the NC root for the access
right GUIDs for requests with and without reveal secrets 

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 16:36:22 -07:00
Andrew Tridgell
eebe5e1251 s4-drs: added drs_security_access_check_nc_root() 
this checks securiity on the NC root of the specified naming context
 2010-09-29 16:36:22 -07:00
Andrew Tridgell
f4177b66c5 s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ 
this extended getncchanges operation replicates a single object
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
9aa07e72c8 s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges 
this allows for replication by GUID or SID
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
d4939ce4fc s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c 
this will be used outside of the drs server.

This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
8045b35b1b s4-drs: Added check for drs-manage-topology to updateRefs. 2010-09-28 11:36:40 -07:00
Nadezhda Ivanova
440cee48b9 s4-drs: Added drs_security_access_check function 
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
c4d2b6fbc2 s4-netlogon: added RODC DNS update call fwded to dnsupdate task 
when we get a netlogon RODC DNS update, we send it to the dnsupdate
task
 2010-09-27 22:55:05 -07:00
Stefan Metzmacher
9d8b886b3e s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the socket fd twice. 
metze
 2010-09-28 03:48:10 +02:00
Andrew Tridgell
8e1a3c8cca s4-drs: make getncchanges debug less verbose 
quieten make test a little
 2010-09-27 23:18:23 +00:00
Anatoliy Atanasov
2cf0525b23 s4/irpc: Add security token to the binding handle when doing irp call forwarding 2010-09-27 09:59:21 -07:00
Andrew Tridgell
785410c493 s4-drs: fixed comment in getncchanges code 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
 2010-09-27 04:54:43 +00:00
Andrew Tridgell
f33fc39f37 s4-drs: use the system sam_ctx for updaterefs 
this is needed for RODC clients calling updaterefs
 2010-09-26 06:29:06 +00:00
Andrew Tridgell
d72dbe847e s4-repl: make getncchanges a bit less verbose 
this should reduce some of the clutter in make test
 2010-09-25 10:38:45 -07:00
Matthias Dieter Wallnöfer
80f3e92d0a s4:rpc_server/dcerpc_server.c - fix a "const" warning 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:41 +10:00
Anatoliy Atanasov
859f3cdd4a s4/eventlog6: Add dummy implementation for calls 0x5 and 0xB 
The code is enough to let us run all dcdiag tests against samba4 server
 2010-09-23 13:34:09 -07:00
Anatoliy Atanasov
411e6bc3f2 s4/eventlog6: Build and hook EventLog6 RPC endpont mapper and idl 2010-09-23 13:34:08 -07:00
Anatoliy Atanasov
b23609812a s4/eventlog6: Add endpoint server for EventLog6 RPC 
The file is generated using PIDL --template command.
 2010-09-23 13:34:08 -07:00
Anatoliy Atanasov
b4eba4268d s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test 2010-09-20 09:46:10 -07:00
Andrew Tridgell
dc59de5627 s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords 
this is used by a RODC to do DNS updates, as TSIG updates are not
allowed by RODCs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 21:09:17 +10:00
Andrew Tridgell
5958997a9b s4-rpcserver: allow saving of bad RPC packets 
use:
	dcesrv:stubs directory = .

to save files like this:

  RPC-netlogon-48-pullfail.dat

when a RPC packet can't be parsed or is unknown. Only enabled in
developer builds

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 21:09:17 +10:00
Andrew Tridgell
377ffcb029 s4-drs: make debugging DsUpdateRefs a bit easier 2010-09-16 16:08:46 +10:00
Andrew Tridgell
e5cd023a41 s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls 2010-09-16 16:08:46 +10:00
Andrew Tridgell
4cf53c6d0b s4-drs: removed a debug print in repl secret 2010-09-16 16:08:46 +10:00
Andrew Tridgell
e2b6d171d4 s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm() 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Kamen Mazdrashki
7f1db0d8df s4-drs: Wait DsReplicaSync for as long as it takes to complete 
In case the caller wants sync execution, we should
not cancel the call for internal timeout reason,
but rather wait for its execution
 2010-09-16 00:15:38 +03:00
Kamen Mazdrashki
ee169d7347 s4-irpc: Add 'timeout' param for dcesrv_irpc_forward_rpc_call() call 
It is to be used when caller wants to explicitly
specify the timeout for the call
 2010-09-16 00:15:38 +03:00
Andrew Tridgell
e7f21fa941 s4-rpcserver: set unbind method to NULL in remote server 
this prevents a possible crash on disconnect
 2010-09-15 23:08:18 +10:00
Anatoliy Atanasov
4608721935 s4/fsmo: Remove empty new lines 2010-09-15 14:00:27 +03:00
Andrew Tridgell
a498ab90fb s4-rpc: fixed double free in RPC proxy 
the unbind method is only called when the dcesrv_connection_context is
being destroyed (its called from the destructor). That means that priv
is either already free, or is about to be freed, so don't free it
again
 2010-09-15 15:39:36 +10:00
Jelmer Vernooij
48976ac497 rpc_server: Remove unnecessary dependency on server modules, build 
system will take care of that.
 2010-09-14 17:24:05 +02:00
Matthias Dieter Wallnöfer
7e710c4de9 s4:rpc_server/common/common.h - introduce two forward declarations to suppress parameter declaration warnings 
Always Tru64 in file "param/loadparm.c" and possibly others.
 2010-09-11 18:04:48 +02:00
Matthias Dieter Wallnöfer
83cd3f7630 s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are returned here 
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
 2010-09-11 14:34:37 +02:00
Andrew Bartlett
e84ab1b35f s4-privs Fix enum privileges in LSARPC server 
We were returning the index, not the LUID value

Andrew Bartlett
 2010-09-11 22:32:43 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges 
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
da9bca6282 s4-rpc_server Put all 'logon failure' messages at the same debug level 4 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Tridgell
45aecc2833 s4-lsa: privilege IDs should use the enum, not an int 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure 
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. 
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:10 +10:00
Andrew Bartlett
9abfd8fe3b s4-privs Add a lookup by index of privilages 
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:05 +10:00
Matthias Dieter Wallnöfer
4fc1319db9 s4:getncchanges_change_master - also in this call "i" needs to be unsigned 2010-09-10 20:20:26 +02:00
Kamen Mazdrashki
25dd9fae66 s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_ret 
in case we are handling extended operation.

It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS
and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit
more picky on this.
 2010-09-10 13:08:25 +03:00
Kamen Mazdrashki
611cd51096 s4-drs: Hanlde extended operations only once 
Most of extended operations I know of work like:
1. do extended operation
2. collect a set of objects to return and start replication cycle
3. continue returning object as we have no more to give

This way we ensure we are doing 1. only once
 2010-09-10 13:08:24 +03:00
Nadezhda Ivanova
5ba2858b02 s4-rpc: Added handling of fsmo role transfer to GetNCChanges 
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE
and DRSUAPI_EXOP_FSMO_REQ_PDC.
Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-10 13:08:18 +03:00
Kamen Mazdrashki
3f109f8fd7 s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs call 2010-09-07 17:09:34 +03:00
Stefan Metzmacher
5c73c84f29 s4:rpc_server/netlogon: use irpc_binding_handle_by_name() 
metze
 2010-09-03 17:00:20 +02:00
Stefan Metzmacher
f2422a0faa s4:rpc_server/common: use irpc_binding_handle_by_name() in dcesrv_irpc_forward_rpc_call() 
metze
 2010-09-03 17:00:19 +02:00
Kamen Mazdrashki
fdffa90ef9 s4-drs: A quick fix for DRSUAPI_EXOP_FSMO_RID_ALLOC extended_op handling 
When DRSUAPI_EXOP_FSMO_RID_ALLOC extended op is handled
in DsGetNCChanges() stub, we need to returned a well know set of
object - see: [ms-adts], 3.1.1.5.1.7

With this hack we are going to return just objects modified
during RID allocation procedure - i.e. "RID Manager$", "RID Set" for
computer object and computer object itself.

Which is a close approximation of what we are expected to return.
 2010-09-03 13:23:48 +03:00
Günther Deschner
e2f15d2a25 s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support. 
Also remove bogus trustCurrentPasswords struct which we just had because our IDL
was incorrect.

Guenther
 2010-08-25 13:27:50 +02:00
Matthias Dieter Wallnöfer
2d80364f1b s4:getncchanges.c - fix some counter variable types 
They should be "unsigned" since they count LDB objects. And also the SID array
can be counted as "unsigned".
 2010-08-23 18:05:52 +02:00
Andrew Tridgell
635c41ab82 s4-drs: show the user sid that does the GetNCChanges call 
this is useful when debugging replication

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
826177bd24 s4-drs: removed the warning on WRIT_REP being set 
we just need to clear this flag
 2010-08-23 15:55:39 +10:00
Andrew Bartlett
6cf29b3e4f s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid 
This makes the structure much more like NT_USER_TOKEN in the source3/
code.  (The remaining changes are that privilages still need to be merged)

Andrew Bartlett
 2010-08-23 08:50:55 +10:00
Stefan Metzmacher
fe7819ae6f librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c 
metze
 2010-08-20 18:09:25 +02:00
Andrew Tridgell
f1c6bab60e s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls 
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Andrew Tridgell
4cc6b5a69b s4-drs: bring us much closer to the docs for DRS secret replication 
The rules for when a RODC can replicate secrets are:

 - it can always replicate its own acct
 - it can also replicate its krbtgt acct
 - it can't replicate other krbtgt accts
 - it can't replicate interdomain trust accounts
 - it can't replicate users in the denied group list
 - it can replicate users in the allowed group list

otherwise it can't replicate

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Andrew Tridgell
c122939919 s4-drs: implement RODC attribute filtering override 
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Andrew Tridgell
dc7cf47371 s4-drs: added sam_ctx_system on DRS bind state 
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Kamen Mazdrashki
89899f55dc s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if it exists 2010-08-19 03:34:05 +03:00
Kamen Mazdrashki
6a51afcfdb s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs 
Depending on which NC is being replicated, GetNCChanges() returns
either ATTID based on local prefixMap or msDs-IntId value of
the attributeSchema class for the attribute being replicated.

If set, msDs-IntId value is always returned when replicating
object form NC other than Schema NC.
Objects in Schema NC replica always use prefixMap based ATTIDs.
 2010-08-19 03:34:03 +03:00
Andrew Bartlett
7c6ca95bec s4:security Remove use of user_sid and group_sid from struct security_token 
This makes the structure more like Samba3's NT_USER_TOKEN
 2010-08-18 09:50:38 +10:00
Matthias Dieter Wallnöfer
786c41b095 s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also here the new password change syntax 2010-08-17 19:24:23 +02:00
Matthias Dieter Wallnöfer
cd711da6ca s4:samr RPC server - samr_password.c - make real user password changes work 
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
 2010-08-17 18:45:34 +02:00
Matthias Dieter Wallnöfer
2a423e0547 s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform password sets 2010-08-17 18:45:34 +02:00
Andrew Tridgell
8835a360ca s4-rpcserver: log unknown RPC calls at debug level 3 
This was added as we are occasionally getting an encrypted unknown
netlogon call, and I'm having trouble looking at it in wireshark
 2010-08-17 21:21:51 +10:00
Andrew Tridgell
2688375ffe s4-netlogon: added SEC_CHAN_RODC 
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
 2010-08-17 21:21:51 +10:00
Andrew Tridgell
21729b63f0 s4-drs: allow getncchanges from RODC with WRIT_REP set 
w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:50 +10:00
Andrew Tridgell
45a2b408ba s4-drs: added domain_sid to DRS security checks 
we need the domain_sid to determine if the account is a RODC for our
domain

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:50 +10:00
Andrew Tridgell
6baa834ebe s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages 
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.

This will allow us to use some of the other flags bits for internal
markers on elements

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:50 +10:00
Andrew Bartlett
272e49e85c s4:auth Move struct auth_usersupplied_info to a common location 
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional.  Some elements may only make sense in Samba3, which I hope
will use this common structure.

Andrew Bartlett
 2010-08-14 11:58:13 +10:00
Andrew Tridgell
952ef310b5 s4-build: fixed library name in dcerpc_server.pc.in 
Thanks to Metze for spotting this
 2010-08-14 11:58:13 +10:00
Andreas Schneider
46bcb62780 s4-rpc_server: Fixed the build of the dcerpc_server library. 
Brad please check!
 2010-08-09 15:57:59 +02:00
Andrew Tridgell
56db40d5fd s4-build: use @PACKAGE_VERSION@ in s4 pc.in files 
this gets replaced by vnum from the build rule
 2010-08-09 12:27:23 +10:00
Brad Hards
ebd4ea7338 s4-build: added dcerpc_server library 
OpenChange needs this for dcerpc_register_ep_server()

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-08-09 12:27:23 +10:00
Stefan Metzmacher
6598d6dc41 s4:rpc_server/lsa: better include a .h file don't include a .c file 
This fixes the build with --nonshared-binary=smbtorture,
as use by the source3/ make test.

metze
 2010-08-07 18:16:29 +02:00
Matthias Dieter Wallnöfer
67b1e1b8f3 s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objects 2010-08-07 14:22:42 +02:00
Matthias Dieter Wallnöfer
f5f236a4b9 s4:dcesrv_netr_LogonGetDomainInfo - improve the client OS informations update 
As ekacnet pointed out on the mailing list we don't need to do a delete if we
(re)set the values afterwards - only if we don't set any new ones.
 2010-07-31 20:44:29 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion 
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-16 18:24:27 +10:00
Stefan Metzmacher
02a627e719 s4:drsuapi: don't return all linked attributes at the same time 
Windows gives them in chunks, but I don't know the correct
rule to calculate the chunk size.

For now I'll use 1500 as the max size.

Windows isn't happy when it gets ~ 100000 linked attributes in one
response. It corrupts its directory index and later moves some objects
to the LostAndFound folder.

metze
 2010-07-09 16:43:17 +02:00
Matthias Dieter Wallnöfer
38896f3362 s4:drsuapi RPC server - "result_site_name" - fix variable denomination 2010-07-08 19:28:44 +02:00
Matthias Dieter Wallnöfer
b03040c5a9 s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flag 
It has to consider the "password_expires" flag to known if the "pwdLastSet" has
to be updated or to be resetted.
 2010-07-06 21:54:21 +02:00
Matthias Dieter Wallnöfer
7f15ca4427 s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag on level 21 
Taken from the s3 server code
 2010-07-06 21:54:21 +02:00
Sumit Bose
4efa1081aa s4:rpc_server/lsa/dcesrv_lsa.c - fix typo 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-07-06 17:22:42 +02:00
Matthias Dieter Wallnöfer
afcf18f3c9 s4:samr RPC server - "SetUserInfo" - allow some more informations to be set 
Taken from the s3 implementation.
 2010-07-05 15:36:12 +02:00
Matthias Dieter Wallnöfer
95127b3f5f s4:rpc_server/browser.c - remove unused code 
Spotted by the Solaris 10 compiler
 2010-06-29 22:32:05 +02:00
Matthias Dieter Wallnöfer
e5c5d371d1 s4:dcesrv_drsuapi.c - fix a counter variable 2010-06-28 14:51:09 +02:00
Matthias Dieter Wallnöfer
4826fdf95f s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject" 
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically performed by
  the DCE/RPC server code
 2010-06-28 14:51:08 +02:00
Matthias Dieter Wallnöfer
d6098de507 s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour 
Behaviour as the torture SAMR passwords tests show.
 2010-06-28 14:51:05 +02:00
Matthias Dieter Wallnöfer
3c1a9fb87f s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0 
Taken from s3
 2010-06-28 14:51:05 +02:00
Matthias Dieter Wallnöfer
ea83d21341 s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
4c63bb312f s4:dcesrv_samr_SetUserInfo - implement password set level 21 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
b705026771 s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the user password 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
8feda76d4f s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth 
This is what s3 does.
 2010-06-28 14:51:03 +02:00
Matthias Dieter Wallnöfer
8f20a5512a s4:samr_password.c - add a function which sets the password through encrypted password hashes 
Used for password sets on "samr_SetUserInfo" level 18 and 21.
 2010-06-28 14:51:03 +02:00
Matthias Dieter Wallnöfer
6f6365daba s4:rpc_server/srvsvc/dcesrv_srvsvc.c - remove unreachable code 2010-06-26 20:08:47 +02:00
Matthias Dieter Wallnöfer
f12dab8e00 s4:rpc_server/wkssvc/dcesrv_wkssvc.c - remove unreachable code 2010-06-26 20:08:47 +02:00
Matthias Dieter Wallnöfer
3c3ecf40e5 s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code 2010-06-26 20:08:46 +02:00
Matthias Dieter Wallnöfer
d85d6054c9 s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs 
To suppress warnings on Solaris 10
 2010-06-26 20:08:45 +02:00
Matthias Dieter Wallnöfer
3f2e9ce2b4 s4:rpc_server/drsuapi/drsutil.c - remove unreachable code 2010-06-26 19:46:33 +02:00
Matthias Dieter Wallnöfer
e5e4184e5a s4:rpc_server/dcesrv_auth.c - remove unreachable code 2010-06-26 19:45:45 +02:00
Matthias Dieter Wallnöfer
eff7d2db31 s4:samr RPC server - make use of LDB constants in macros 2010-06-22 22:21:12 +02:00
Matthias Dieter Wallnöfer
2f49c8f58e s4:samr RPC server - fix Solaris build warning 2010-06-20 22:33:01 +02:00
Matthias Dieter Wallnöfer
871cdec414 s4:registry RPC server - quite some build warnings on Solaris 2010-06-20 22:33:01 +02:00
Matthias Dieter Wallnöfer
82fd483758 s4:lsa_lookup.c - fix type argument 2010-06-20 22:33:00 +02:00
Matthias Dieter Wallnöfer
0bf26edf6c s4:rpc_server/service_rpc.c - fix warnings on Solaris 2010-06-20 22:32:59 +02:00
Matthias Dieter Wallnöfer
c972e6ec23 s4:rpc_server/service_rpc.c - deactivate the 0-length struct 
This should fix the build on Solaris
 2010-06-20 22:32:59 +02:00
Matthias Dieter Wallnöfer
56e4822566 s4:dcesrv_netr_DsRAddressToSitenamesExW - fix the detection of the address family in a better way 
Obviously the last attempt wasn't enough. Now we do really only read the first
byte in the address buffer which on little endian transmission does always
contain the address family (MS-NRPC 2.2.1.2.4.1).
This should now be working platform-independently.
 2010-06-18 10:03:08 +02:00
Matthias Dieter Wallnöfer
d9c81e3ea5 s4:dcesrv_netr_DsRAddressToSitenamesExW - fix the read of the IP packet version 
This should make it clearer by the use of the standardised "sa_family_t" type
and hopefully fixes the problems on platforms other than Linux (NetBSD in the
buildfarm for example).
 2010-06-16 21:47:22 +02:00
Matthias Dieter Wallnöfer
1137e8e95e s4:SAMR server - cosmetic fix 2010-06-14 11:41:32 +02:00
Matthias Dieter Wallnöfer
f0ab520f6e s4:SAMR server - on alias search operations do never use the domain DN as base dn 
Aliases (especially in the "builtin" domain) are often domain-independant.
 2010-06-14 11:37:11 +02:00
Matthias Dieter Wallnöfer
731b4469cb s4:dcesrv_samr_GetGroupsForUser - return error code if a SID wasn't found 
This shouldn't happen since SIDs are mandatory for security objects
 2010-06-12 17:50:52 +02:00
Matthias Dieter Wallnöfer
a67fa2db3b s4:dcesrv_samr_QueryGroupMember/GetMembersInAlias - unify the structure 
Mostly cosmetic fixes
 2010-06-12 17:45:14 +02:00
Matthias Dieter Wallnöfer
d2c25e1b11 s4:dcesrv_samr_GetAliasMembership - provide a correct implementation 
We could also have no valid SID specified at all and also then we have to
return an empty array with "NT_STATUS_OK". This shows the torture testsuite.
 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
4a8ee9a333 s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the database is corrupted 
Group/User/Alias entries do always have a SID (it's a mandatory attribute in the
SAM directory)!
 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
4659b3c4fd s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it wasn't found 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
d2099a1def s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo" 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
776eb25ef7 s4:dcesrv_samr_QueryUserInfo - minor fixes 
Return  "NT_STATUS_NO_SUCH_USER" when user account doesn't exist.
 2010-06-12 16:45:47 +02:00
Matthias Dieter Wallnöfer
cdecae6c03 s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when really needed 
That means the allocation should move after the lookup (as it is on
"QueryUserInfo"). Return "NT_STATUS_NO_SUCH_DOMAIN" on an invalid domain.
 2010-06-12 16:45:47 +02:00
Matthias Dieter Wallnöfer
0171f714b4 s4:dcesrv_samr_EnumDomainGroups - mostly small fixes 2010-06-12 16:45:47 +02:00
Matthias Dieter Wallnöfer
f2c3d39e72 s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry was returned 2010-06-12 16:45:46 +02:00
Matthias Dieter Wallnöfer
5a1cb7029c s4:dcesrv_samr_EnumDomainAliases - mostly small fixes 
The biggest change consists in the implementation of the Windows Server
return size formula MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER).
 2010-06-12 16:45:46 +02:00
Matthias Dieter Wallnöfer
84bda98066 s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases" 
That means that the lookup is now also done by "samdb_search_domain" to be more
consistent.
 2010-06-12 16:45:46 +02:00
Matthias Dieter Wallnöfer
9f95298864 s4:dcesrv_samr_Add/DeleteAliasMember - provide better NTSTATUS return codes when something didn't work 2010-06-10 16:22:08 +02:00
Matthias Dieter Wallnöfer
7374cd0358 s4:dcesrv_samr_GetAliasMembership - fix type of counter variables 2010-06-10 16:22:07 +02:00
Matthias Dieter Wallnöfer
34b43a8642 s4:dcesrv_samr_DeleteAliasMember - add more braces to fit better the coding styles 2010-06-10 16:22:07 +02:00
Matthias Dieter Wallnöfer
305f2c7043 s4:dcesrv_samr_AddAliasMembership - Merge the two error blocks into one 2010-06-10 16:22:07 +02:00
Matthias Dieter Wallnöfer
13b1f7a2b3 s4:dcesrv_samr_Add/DelGroupMember - remove the account type check 
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users.
 2010-06-10 16:22:06 +02:00
Matthias Dieter Wallnöfer
f95634dbe0 s4:dcesrv_samr_AddGroupMember - also the error code "LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS" is allowed 
This is returned when the group is the primary group of the specified entry.
 2010-06-10 16:22:06 +02:00
Matthias Dieter Wallnöfer
11e2608ba9 s3/s4:netrEnumerateTrustedDomains - this call returns a "NTSTATUS" result 
See MS-NRPC 3.5.5.6.3.
 2010-05-31 12:08:59 +02:00
Matthias Dieter Wallnöfer
0eec33417e s4:dcesrv_netr_DsrEnumerateDomainTrusts - fix an integer type 2010-05-31 12:08:58 +02:00
Matthias Dieter Wallnöfer
55df7606e3 Revert "s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000" 
This reverts commit 1cf5be39e3.

My fix approach isn't such appreciated therefore revert this.
 2010-05-30 14:53:36 +02:00
Matthias Dieter Wallnöfer
1cf5be39e3 s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000 
Windows 2000 does strictly request header signing on some requests also if the
server doesn't provide it. But there is a small trick (don't reset the actual
session info) to make these special RPC operations work without a full header
signing implementation.

This fixes for example the list of domain groups in local groups when displayed
sing the local user/group management tool.

And this should finally fix bug #7113.

The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729
 2010-05-30 12:39:30 +02:00
Simo Sorce
3c8dc5cd21 s4:smbd: Use tstream_npa_accept_existing to accept named pipe connections 
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
 2010-05-26 09:24:05 +02:00
Matthias Dieter Wallnöfer
189950ce06 s4:dsdb_enum_group_mem - use "unsigned" counters 
"size_t" counters aren't really needed here (we don't check data lengths).
And we save the result in a certain "num_sids" variable which is of type
"unsigned".
 2010-05-24 22:01:36 +02:00
Andrew Bartlett
285647664c s4:idmap Adjust code to new idmap structure names and layout. 
Andrew Bartlett
 2010-05-24 23:08:56 +10:00
Andrew Bartlett
f6aa090202 s4:samr Push most of samr_LookupRids into a helper function 
This is a rewrite of the lookup_rids code, using a query based on the
extended DN for a clearer interface.

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett
 2010-05-24 23:08:56 +10:00
Andrew Bartlett
c6ffd884d9 s4:samr Push most of samr_QueryGroupMember into a helper function 
This is a rewrite of the group membership lookup code, using the
stored extended DNs to avoid doing the lookup into each member to find
the SID

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett
 2010-05-24 23:08:49 +10:00
Andrew Bartlett
20d2847492 s4:samr Move most of samr_CreateDomAlias into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
fc04e565b0 s4:samr Split most of samr_CreateDomainGroup into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
43c931b2d4 s4:samr Split the guts of samr_CreateUser2 into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Matthias Dieter Wallnöfer
8e1e6b0112 s4:LogonGetDomainInfo - allow to set DNS hostname for the first time 
Otherwise it obviously can never be set.
 2010-05-24 14:01:06 +02:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Matthias Dieter Wallnöfer
6e8098b261 s4:samdb_set_password/samdb_set_password_sid - Rework 
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.

An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
 2010-05-10 19:07:46 +02:00
Matthias Dieter Wallnöfer
a4e35df3f5 s4:LogonGetDomainInfo - fix a potential crash source 2010-05-03 17:25:03 +02:00
Matthias Dieter Wallnöfer
e8a001c516 s4:LogonGetDomainInfo - fix indentation 2010-05-03 17:25:02 +02:00
Matthias Dieter Wallnöfer
8ed5e8ac9d s4:LogonGetDomainInfo - remove singular "dNSHostName" check - this doesn't belong here 
I'm not really sure if this check is really done on Windows Server. And if it
is done, then it's on the LDB level (module).
 2010-05-03 17:25:02 +02:00
Anatoliy Atanasov
dbbbc7d1f8 s4/rodc: RODC FAS initial implementation 2010-04-29 10:18:06 +03:00
Kamen Mazdrashki
bf49ac99c9 s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUID 
This function is used in DRSUpdateRefs() implementation where we
get DSA's objectGUID rather than invocationId
 2010-04-28 12:11:03 +03:00
Stefan Metzmacher
7ca576e5c4 s4:rpc_server: remove unused socket_address based functions 
metze
 2010-04-27 17:05:30 +02:00
Andrew Tridgell
91bb4893c4 s4-netlogon: fixed getDcNameEx2 for blank inputs 
w2k8r2 returns the local DC information on no inputs for
getDcNameEx2. This is needed for starting dsa.msc (ADUC) on
Win7.

CDLAP on the same call returns an error. This uses a parameter
fill_on_blank_request to distinguish the two cases.
 2010-04-28 00:19:30 +10:00
Stefan Metzmacher
7bbaab8dff s4:rpc_server: remove 'socket_address' based functions 
metze
 2010-04-27 13:00:25 +02:00
Stefan Metzmacher
32bcc73cf8 s4:rpc_server/srvsvc: pass tsocket_address to the ntvfs layer 
metze
 2010-04-27 13:00:25 +02:00
Stefan Metzmacher
772cf15eb9 s4:rpc_server/spoolss: use tsocket_address in dcesrv_spoolss_check_server_name() 
metze
 2010-04-27 13:00:25 +02:00
Stefan Metzmacher
606025f11d s4:rpc_server/netlogon: use tsocket_address in dcesrv_netr_DsRGetDCNameEx2() 
metze
 2010-04-27 13:00:25 +02:00
Stefan Metzmacher
c42bb8e49c s4:rpc_server: remember the local and remote address 
metze
 2010-04-27 13:00:25 +02:00
Matthias Dieter Wallnöfer
2654e34cf0 s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information 
This behaviour should be similar to the one of Windows Server (in my case 2008)
 2010-04-27 08:09:12 +02:00
Matthias Dieter Wallnöfer
bb91afe50c Revert "s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information" 
This reverts commit 908d982980.

I need to merge the improved version of this commit.
 2010-04-27 08:08:42 +02:00
Matthias Dieter Wallnöfer
581f86ba73 Revert "s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch" 
This reverts commit e88a54a87e.

This isn't the correct behaviour. See MS-NRPC documentation under the
"GetAnyDCName" section.
 2010-04-27 08:07:19 +02:00
Andrew Tridgell
e88a54a87e s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch 
We should respond when we are the PDC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-27 15:24:43 +10:00
Matthias Dieter Wallnöfer
cfbd5ef8c4 s4:netlogon RPC server - we don't need "are we DC" proofs 
When we aren't a DC we shouldn't have the netlogon pipe available.
[MS-NRPC 1.3] says that we can only have DCs on the server side.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-27 15:24:43 +10:00
Matthias Dieter Wallnöfer
4686305feb s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementation 
Does for now only return DC's primary site.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-27 15:24:42 +10:00
Matthias Dieter Wallnöfer
3b4137c7be s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the MS-NRPC docs 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-27 15:24:41 +10:00
Matthias Dieter Wallnöfer
5fc7118675 s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC documentation 
This implementation checks if the domainname is valid for us or a trusted domain.

Then I've also added the PDC location functionality. That means that we should
return "WERR_NO_SUCH_DOMAIN"  (MS-NRPC 3.5.5.2.5).

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-27 15:24:41 +10:00
Matthias Dieter Wallnöfer
908d982980 s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information 
This behaviour should be similar to the one of Windows Server (in my case 2008)

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-27 15:24:41 +10:00
Andrew Tridgell
c375b90f5d s4-getncchanges: honor DRSUAPI_DRS_REF_GCSPN 
this is an alternative way of establishing repsTo
 2010-04-27 10:38:58 +10:00
Andrew Tridgell
6ee1c503bf s4-drs: don't send uninstantiated objects in getncchanges 
This includes deleted partitions

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-26 19:06:07 +10:00
Andrew Tridgell
e7262b51d1 s4-drs: validate RODC credentials via the user_sid 
This checks whether a replication client is a RODC by inclusion of the
the DOMAIN_RID_ENTERPRISE_READONLY_DCS sid in the users token

Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-22 19:36:16 +10:00
Andrew Tridgell
bb1ba4ff76 s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level 
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
 2010-04-22 19:36:16 +10:00
Andrew Tridgell
90230ce27e s4-drs: only allow replication with the right invocationId 
Non-administrator replication checks the invocationId matches
the sid of the user token being used

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-22 19:36:16 +10:00
Fernando J V da Silva
73513fb7e7 s4-drs: Use new samdb_rodc() function in s4 code 
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-22 19:36:15 +10:00
Fernando J V da Silva
d940a44496 s4-drs: Do not send RODC filtered attributes to RODCs on GetNCChanges reply 
During building an object to send it on a GetNCChanges reply, it checks
the attributes and if any of them is a RODC filtered and the recipient
is a RODC, then such attribute is not sent.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-22 19:36:15 +10:00
Fernando J V da Silva
57bcdf008f s4-drs: samdb_is_rodc() function and new samdb_rodc() function 
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-22 19:36:15 +10:00
Matthias Dieter Wallnöfer
3a8b67fd36 s4:netlogon RPC server - fix a counter variable type 2010-04-21 18:06:17 +02:00
Stefan Metzmacher
135208d990 s4:rpc_server/netlogon: add no memory checks 
metze
 2010-04-20 16:02:14 +02:00
Andrew Tridgell
b4b43fcb4c s4-netlogon: fixed dc_unc and dc_address_type 
These are needed for dcpromo from w2k8r2
 2010-04-20 23:43:33 +10:00
Matthias Dieter Wallnöfer
41716a8c13 s4:netlogon RPC - "fill_one_domain_info" - use "lp_workgroup" for the DC short domainname discovery 
Here we don't need to use "lp_sam_name" since in this function we are always a
DC.
 2010-04-20 09:33:46 +02:00
Matthias Dieter Wallnöfer
84c901a619 s4:"samdb_server_site_name" uses - proof for out of memory 2010-04-13 15:45:29 +02:00
Matthias Dieter Wallnöfer
aa02f44255 s4:dcesrv_netr_DsRGetDCNameEx2 - provide a much better implementation 
On the base of the "fill_netlogon_samlogon_response" call.

This removes duplicated code.
 2010-04-13 15:26:54 +02:00
Matthias Dieter Wallnöfer
0dffa9caec s4:use "samdb_forest_name" for the forest DNS domainname lookup 2010-04-13 09:32:33 +02:00