1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1930 Commits

Author SHA1 Message Date
Amitay Isaacs
e398bdb76b s4:rpc-dnsserver: Add multiple DNS records in a single operation
This allows to add dnsNode objectclass with multiple DNS records in a
single operation. Useful for creating @ record which has NS and SOA
records.
2011-12-23 16:18:25 +11:00
Amitay Isaacs
f14ddcc2e1 s4:rpc-dnsserver: Use handy macros for error checking 2011-12-23 16:18:25 +11:00
Amitay Isaacs
3d139b49cb s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation 2011-12-23 16:18:24 +11:00
Amitay Isaacs
07639b5023 s4:rpc-dnsserver: Fix the enumeration of DNS records
If a node has data and children, do not return the children unless
the node is the top level node.
2011-12-23 16:18:24 +11:00
Amitay Isaacs
fe0e08acfb s4:rpc-dnsserver: Use cached zone information to get rootservers
This removes the hardcoded search for DC=RootDNSServers, and uses
the cached zone information.
2011-12-23 16:17:10 +11:00
Amitay Isaacs
6a5352da59 s4:rpc-dnsserver: Implement EnumDirectoryPartition operation 2011-12-23 16:17:10 +11:00
Amitay Isaacs
5673e2cec9 s4:rpc-dnsserver: Cache DNS partition information
This information will be used for the RPC calls for partition
information.
2011-12-23 16:17:09 +11:00
Amitay Isaacs
9f76e076fa s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag
And use fReverse flag in the enumeration of zones.
2011-12-23 16:17:09 +11:00
Amitay Isaacs
0120a397a7 s4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to compare 2011-12-23 16:17:09 +11:00
Stefan Metzmacher
b2bace63d3 s4:drsuapi/getncchanges: return WERR_NOMEM if talloc_array() fails
metze
2011-12-19 11:49:19 +01:00
Matthieu Patou
3164d7bdd5 s4-drs: introduce a timeout in the getncchanges processing to always return something in less than x seconds
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19 11:49:19 +01:00
Matthieu Patou
55af1a7cf7 s4-drs: avoid calling unecesserly ldb_msg_find_attr_as_* as this call in unefficient
Current implementation of ldb_msg_find_attr_as_* iterate on the list of
attributes returned by the search and make a string comparison. As we
sorting the array of messages / guids we tend to call this function many
times. By storing the GUID and the USN in a separate structure we are
sure to call this function only once per attribute and object.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-12-19 11:49:19 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
2011-12-12 12:57:07 +01:00
Andrew Bartlett
e42e1ac089 s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest test
This allows us to move this test to knownfail from skip
2011-12-12 12:57:07 +01:00
Jelmer Vernooij
05bc4de083 Revert making public of the samba-module library.
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.

Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec  3 08:36:33 CET 2011 on sn-devel-104
2011-12-03 08:36:30 +01:00
Matthias Dieter Wallnöfer
521c708fe4 s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctly
The rules are explained in MS-NRPC 2.2.1.2.1.

Patch inspired by Matthieu Patou.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27 12:51:54 +01:00
Matthieu Patou
1770dafafd s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we are unable to translate the domain to a dn
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27 12:50:49 +01:00
Matthieu Patou
b8a077296a s4-drs: check if we have a domain level >= 2k8r2 as before the isRecycled do not exists and so is always False
Having a false value cause the link on removed attribute to be always
returned which is what we try to avoid.
2011-11-13 14:11:25 +01:00
Amitay Isaacs
8b33c48ba5 s4-dnsserver: Fix enumeration of zones in ComplexOperation RPC call
zone_request_flags are interpreted in different groups rather than
a single group. This correctly returns 0 zones when there are no
reverse zones and DNS_ZONE_REQUEST_REVERSE is set in zone_request_flags.
2011-11-08 09:50:26 +11:00
Amitay Isaacs
8dca18a71a s4-dnsserver: Handle the case when the dns name is NULL
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Amitay Isaacs
6e800bfba7 s4-dnsserver: Build a dns name tree for correct enumeration
The result of EnumRecords/EnumRecords2 RPC calls, is a list of
dns records that are one level below in the name hierarchy starting
from the search name. This patch builds a tree of names to get
the list of records one level below the search names and correctly
count the number of child records for each of those.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Amitay Isaacs
0d3aff7324 s4-dnsserver: List dns zones matching the search filter
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Amitay Isaacs
c1b45afcf2 s4-dnsserver: Compare two dns names using last uncommon name components
When search_name is not NULL, use the second last component of name
instead of the last name.

e.g. To compare following two names,
   _ldap._tcp.gc, and
   _ldap._tcp.Default-First-Site-Name._sites.gc

with search_name=NULL, it is gc and gc
with search_name=gc, it is _tcp and _sites

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Amitay Isaacs
c651b4e99b s4-dnsserver: Set DNS_DP_AUTOCREATED flag for the zone information
This make the zone information similar to windows (W2K8r2).

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Andrew Bartlett
7f8f7159af lib/util Rename samba_modules_load -> samba_module_init_fns_for_subsystem
This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
0ce09fcf7a lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_run
This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
1b7cc4ac7c lib/util Rename samba_init_module_fn -> samba_module_init_fn
This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
87354c9a6d lib/util Split samba-modules library into public and private parts
This will allow OpenChange to get at the symbols it needs, without
exposing any more of this as a public API than we must.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
b7b798e15b lib/util Rename load_samba_modules -> samba_modules_load
This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
ce0ccc2a2e lib/util Rename run_init_functions -> samba_init_module_fns_run
This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett
2011-10-28 13:10:28 +02:00
Andrew Bartlett
1935b7b6c2 lib/util Rename init_module_fn to samba_init_module_fn
This prepares for making the samba_module.h header public again, for OpenChange.

I am keen to avoid too much API namespace pollution if we can.
2011-10-28 13:10:28 +02:00
Amitay Isaacs
2feb81f659 s4-dns: Update serial number for zone on dns updates
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-10-20 05:53:05 +02:00
Amitay Isaacs
8df2ed42cc s4-dns: Added DCERPC dns server for DNS management
dnsserver.h - typedefs and prototypes
dnsserver.c - RPC API and implementation methods
dnsdb.c     - samdb operations
dnsdata.c   - functions to manipulate dns structures
dnsutils.c  - function for serverinfo and zoneinfo structures

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-10-20 05:53:05 +02:00
Andrew Bartlett
e7d5f0a357 gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security
context structure long term.

In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:33 +11:00
Andrew Bartlett
5603dab647 libcli/auth: Provide a struct loadparm_context to schannel calls
This will allow us to pass this down to the tdb_wrap layer.

Andrew Bartlett
2011-10-13 14:06:07 +02:00
Andrew Bartlett
7d33ec3dfe lib/util: consolidate module loading into common code
This creates a samba-modules private libary that handles the details.

Andrew Bartlett
2011-10-06 07:18:07 +02:00
Andrew Tridgell
28a6881d4f s4-lsa: fixed set of trust password with old password
the calculation of add_incoming and add_outgoing was not correct when
a trust was already in place

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:58 +11:00
Andrew Tridgell
efb3f45a81 s4-drs: added DSDB_REPL_FLAG_ADD_NCNAME to DsAddEntry call
we want new NCs to be created
2011-10-04 15:08:57 +11:00
Andrew Tridgell
0167b0447f s4-drs: allow replication of the GC partial attribute set
when a DC has the GUID_DRS_GET_FILTERED_ATTRIBUTES right on a NC, we
need to allow it to replicate if all the attributes it is asking for
are in the GC partial attribute set

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 20 13:47:38 CEST 2011 on sn-devel-104
2011-09-20 13:47:38 +02:00
Andrew Bartlett
e8aed9472a s4-drsuapi Allow DsAddEntry of normal objects
We previously only allowed objects of class ntDSDSA

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Aug 26 15:34:21 CEST 2011 on sn-devel-104
2011-08-26 15:34:21 +02:00
Andrew Tridgell
dea4f3941b s4-drs: fixed msdcs DNS name in getncchanges 2011-08-25 07:39:39 +10:00
Andrew Tridgell
67651905f9 s4-samr: fixed subtree search
this needs to be on the domain NC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25 07:39:37 +10:00
Simo Sorce
c84caabf8c s4:misc: remove last usage of legacy event_ fn names
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Sun Aug 14 00:38:13 CEST 2011 on sn-devel-104
2011-08-14 00:38:13 +02:00
Andrew Bartlett
2993113a56 s4-dsdb Add ability to force a particular SID in the upgrade case 2011-08-13 12:30:49 +10:00
Matthieu Patou
4659b07eb9 s4-drs: In dcesrv_drsuapi_DsRemoveDSServer use the subtree control to delete the NTDS entry
This entry has most of the time subelements (connections between DCs)
that will forbid a simple (non recursive) delete
2011-08-10 01:44:44 +04:00
Andrew Bartlett
35b309fa0c gensec: clarify memory ownership for gensec_session_info() and gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.

Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.

Andrew Bartlett
2011-08-03 18:48:02 +10:00
Andrew Bartlett
d3fe48ba48 gensec: Remove mem_ctx from calls that do not return memory
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:01 +10:00
Andrew Bartlett
ee20a27d41 s4-lsa Use the supplied handle in LsaLookupNames2
In my rework of this function in 2006 with
459a2301a5 I ignored the incoming
handle, instead feching the LSA state again (dispite the commit
message indicating otherwise).

This means that data->access_mask is uninitialised, which doesn't
matter right now, but will once we start checking that.

Andrew Bartlett
2011-07-29 04:24:06 +02:00
Matthieu Patou
a5ba41881c s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 loops when joining s4 domains
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Jul 27 00:46:56 CEST 2011 on sn-devel-104
2011-07-27 00:46:56 +02:00
Günther Deschner
e898ad3ffe s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with unencrypted auth info.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
2011-07-15 19:57:48 +02:00
Günther Deschner
ee1f25dc2a lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
lsa_TrustDomainInfoAuthInfoInternal.

Guenther
2011-07-15 17:56:39 +02:00
Günther Deschner
3af3e4843f lsa: rename auth info argument in lsa_CreateTrustedDomainEx2
Guenther
2011-07-15 17:55:20 +02:00
Matthieu Patou
723fc5fadd s4-drs: do not return links pointed to unexistant objects
When an object is deleted, link pointed to it are marked as inactive.
When the same object is purged we do not remmove the link pointed to it
(we can't know them) so they stay in the database, it turns to be a
problem for Windows 2008.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11 14:32:45 +10:00
Sumit Bose
3ee4b5f20b s4-lsa: Fix typo
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jun 24 16:19:36 CEST 2011 on sn-devel-104
2011-06-24 16:19:36 +02:00
Andrew Bartlett
38b5beb33d param: Remove "announce as" parameter 2011-06-23 13:47:27 +02:00
Andrew Bartlett
a1f04e8abc libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbol
The two error tables need to be combined, but for now seperate the names.

(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
2011-06-20 08:12:03 +02:00
Andrew Tridgell
73cbcd9c99 s4-drs: added debug lines for missing linked attribute fields
this improved the logging of bugs related to linked attribute
replication

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Jun 10 03:26:21 CEST 2011 on sn-devel-104
2011-06-10 03:26:21 +02:00
Andrew Tridgell
3e4c08096d s4-drs: cope with missing RMD_ADDTIME in linked attributes
upgraded links can be missing the RMD_ADDTIME field
2011-06-10 10:14:56 +10:00
Andrew Bartlett
d057116cc2 server_id.idl: Bring server_id.idl in common
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09 12:40:08 +02:00
Matthias Dieter Wallnöfer
9f02fb51d4 s4:rpc_server/dcesrv_samr.c - quiet enum warnings
When we are acting in the role of a PDC then please return it as status information.

Reviewed-by: Tridge

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Jun  9 12:06:36 CEST 2011 on sn-devel-104
2011-06-09 12:06:36 +02:00
Andrew Tridgell
4afe426877 s4-ipv6: fill in pdc_ip in DsRGetDCNameEx2
this may be different from the CLDAP response, as it can be IPv6

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun  8 06:07:29 CEST 2011 on sn-devel-104
2011-06-08 06:07:29 +02:00
Andrew Bartlett
907cdb5de7 s4-modules Remove lp_ctx from init functions that no longer need it
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.

Andrew Bartlett
2011-06-06 17:37:51 +10:00
Andrew Tridgell
40dc94a53f s4-ipv6: update callers to load_interface_list() 2011-06-06 12:26:10 +10:00
Andrew Tridgell
8f3ce14ea7 s4-ipv6: use "ip" instead of "ipv4" for servers
this allows stream_setup_socket() to work with both v4 and v6
addresses
2011-06-06 12:26:10 +10:00
Andrew Tridgell
dc8c8fd9e4 s4-ipv6: use iface_list_wildcard() to listen on IPv6
when we need to listen on a wildcard address, we now listen on a list
of sockets, usually 0.0.0.0 and ::
2011-06-06 12:26:10 +10:00
Matthias Dieter Wallnöfer
67bf5cfc08 s4:lsa RPC server - handle LDB flags as "unsigned"
Signed-off-by: Metze
2011-05-21 16:21:14 +02:00
Kamen Mazdrashki
647827d09c s4/getncchanges: Pre-mark extended requests as success in case a sub-function "forget" to do this 2011-05-11 21:10:53 +03:00
Kamen Mazdrashki
55916e273f s4/getncchanges: Implement placeholder for handling ex-op collection of objects
Right now it is solely based on function that handles objects
in normal DsGetNCChanges calls.
2011-05-11 21:10:53 +03:00
Kamen Mazdrashki
88a9f793aa s4/getncchanges: Move the code that collects objects into separate function 2011-05-11 21:10:52 +03:00
Kamen Mazdrashki
41496e782d s4/getncchanges: Don't mask Extended operation result - callers need it 2011-05-11 21:10:52 +03:00
Kamen Mazdrashki
232a8dfb06 s4/getncchanges: Fail extended request rather than failing whole request
in case that destination_dsa_guid is not valid
2011-05-11 21:10:51 +03:00
Andrew Bartlett
8882dab93e s4-samr Remove incorrect transaction_cancel() in error path
The transactions are now handled entirely within dsdb_add_user()

Andrew Bartlett
2011-05-08 17:36:25 +02:00
Andrew Bartlett
22cb631b4f s4-interfaces Rename interfaces code so not to conflict with source3/
The iface_count, iface_n_bcast, and load_interfaces functions
conflicted with functions of the same name in source3, so the source4
functions were renamed.  Hopefully we can actually wrap one around the
other in future.

Andrew Bartlett
2011-05-08 12:57:04 +02:00
Andrew Bartlett
ea0ac9cdfc s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-08 10:56:26 +02:00
Andrew Bartlett
cdd802af83 s4-messaging Rename messaging -> imessaging
This avoid symbol and structure conflicts between Samba3 and Samba4,
and chooses a less generic name.

Andrew Bartlett
2011-05-03 07:37:07 +02:00
Andrew Tridgell
f0e7303023 s4-rpc: improved error mapping for several RPC server calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-04-04 10:30:30 +10:00
Jelmer Vernooij
5cb8f6b9f1 Fix compilation without external heimdal.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Apr  3 17:18:56 CEST 2011 on sn-devel-104
2011-04-03 17:18:56 +02:00
Jelmer Vernooij
09289c073c use system heimdal headers if possible, fix missing dependencies on hx509 and krb5 libraries. 2011-04-03 16:33:04 +02:00
Jeremy Allison
0c5214e2eb Ensure convert_string_XXX is always called with a valid converted_size pointer.
Preparation for cleaning up this API.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
2011-03-29 21:01:49 +02:00
Andrew Bartlett
b5616adc8a lib/util/charset rename iconv_convenience to iconv_handle
This better reflects what this structure is

Andrew Bartlett
2011-03-25 04:37:06 +01:00
Andrew Tridgell
15e84a9a09 charcnv: removed the allow_badcharcnv and allow_bad_conv options to convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-24 01:47:26 +01:00
Jelmer Vernooij
c296748cba rpc_server/remote: Add missing prototype. 2011-03-19 15:34:45 +01:00
Jelmer Vernooij
d415a7f788 source4/rpc_server: Fix prototypes for all functions. 2011-03-19 03:20:05 +01:00
Simo Sorce
2a608ba856 dcerpc: we do not need these as public headers
latest openchange doesn't need these headers either
fix _PRINTF_ATTRIBUTE in tdr.h, as it was failing to work after removing
proto.h due to side effects. PRINTF_ATTRIBUTE is ok and is define in talloc.h
which is included by tdr.h

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Wed Mar 16 23:45:20 CET 2011 on sn-devel-104
2011-03-16 23:45:20 +01:00
Andrew Tridgell
7c83f69383 s4-rpc: added dcesrv_call_account_name()
this will be used by openchange

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Mar 15 06:14:00 CET 2011 on sn-devel-104
2011-03-15 06:14:00 +01:00
Andrew Tridgell
803136a184 s4-rpc: make common/proto.h public
this is needed by public header common.h
2011-03-15 12:22:19 +11:00
Andrew Tridgell
48ea48d503 s4-rpc: added public APIs for dce_call authentication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-15 12:22:18 +11:00
Jelmer Vernooij
431853c846 Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
2011-03-14 23:53:46 +01:00
Stefan Metzmacher
38be8c24fc s4:rpc_server/remote: use dcerpc_binding_handle_call_*() instead of dcerpc_ndr_request_*()
metze
2011-03-13 10:34:22 +01:00
Matthias Dieter Wallnöfer
349b9b72ec s4:dsdb - we don't need to check if a DN != NULL if we call "ldb_dn_validate"
"ldb_dn_validate" is NULL-safe and does the check implicitly.

Reviewed by: Tridge
2011-03-04 22:07:24 +01:00
Matthias Dieter Wallnöfer
80995fde5a s4:drsuapi RPC server - this resembles more "samdb_is_gc"
Reviewed by: Jelmer

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar  1 17:57:47 CET 2011 on sn-devel-104
2011-03-01 17:57:47 +01:00
Matthias Dieter Wallnöfer
0b5719f5fc s4:netlogon RPC server - "LogonGetDomainInfo" - check for NULL attributes
This is needed to complete the transition from "samdb_msg_add_string" to
"ldb_msg_add_string".
And this patch yields better NTSTATUS error results than before
(INVALID_PARAMETER rather than OUT_OF_MEMORY).

Reviewed-by: Jelmer

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar  1 14:42:15 CET 2011 on sn-devel-104
2011-03-01 14:42:15 +01:00
Matthias Dieter Wallnöfer
fecf925043 s4:drsuapi RPC server - check for the "SPN" attribute != NULL
The SPN attribute could derive from an untrusted source (client).

Reviewed-by: Jelmer
2011-03-01 13:55:45 +01:00
Matthias Dieter Wallnöfer
0e68867b26 s4:dsdb - always handle the attribute "options" as 32bit unsigned integer
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as
64-bit integer.

Reviewed by: Kamenim and Metze

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar  1 12:46:15 CET 2011 on sn-devel-104
2011-03-01 12:46:15 +01:00
Matthias Dieter Wallnöfer
c66780332b s4:remove many invocations of "samdb_msg_add_string"
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-03-01 06:29:03 +01:00
Jelmer Vernooij
59a077d8f5 Fix some types
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28 23:30:06 +01:00
Andrew Tridgell
5ec284d152 build: moved librpc/rpc/*.c into a rpccommon library
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Feb 24 02:42:37 CET 2011 on sn-devel-104
2011-02-24 02:42:37 +01:00
Andrew Tridgell
94c04b10db build: moved libds/common/flag_mapping.c into a common subsystem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24 11:57:48 +11:00
Andrew Tridgell
8dbe665a0c build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24 11:57:48 +11:00
Andrew Bartlett
e3821f2c40 s4-auth Move libcli/security/session.c to the top level
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.

Andrew Bartlett
2011-02-22 16:20:11 +11:00
Andrew Tridgell
bed374215f s4-idl: rename s4 server_id.idl to server_id4.idl
this avoids a conflict with the new s3 server_id.idl

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 18:41:00 +11:00
Andrew Tridgell
ed71c1ef1f s4-auth: rename 'auth' subsystem to 'auth4'
this prevents conflicts with the s3 auth modules. The auth modules in
samba3 may appear in production smb.conf files, so it is preferable to
rename the s4 modules for minimal disruption.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 15:09:46 +11:00
Matthias Dieter Wallnöfer
2e0a933ac8 s4:samr RPC server - QueryDisplayInfo returns always all domains users, aliases and groups
That means when calling "QueryDisplayInfo" on the BUILTIN handle we
still get all related domain objects - for example all domain (global
+ universal) groups. This is contrary to the "EnumDomain..." calls which
do really only return the objects in the specified domain policy handle.

This has been observed against Windows Server 2008 and confirmed by
dochelp.

In the same occasion I've converted from a "gendb*"-oriented search call to "dsdb_search".

Patch-reviewed-by: Andrew Tridgell <tridge@samba.org>
2011-02-15 16:56:19 +01:00
Stefan Metzmacher
3c5f537302 s4:drsuapi/getncchanges: make sure we don't process filteres objects more than once
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104
2011-02-15 09:46:55 +01:00
Andrew Tridgell
12a1e02002 s4-dsdb: cleanups to the backupkey RPC server
- fixed some warnings
- change the debug levels to something more reasonable

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-14 17:55:09 +11:00
Matthieu Patou
ac82dbd897 s4: Add server side implementation of backup key remote protocol
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-14 10:57:32 +11:00
Andrew Tridgell
8dc92c8f71 ldb: use #include <ldb.h> for ldb
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10 06:51:07 +01:00
Andrew Bartlett
a2ce53c1f5 s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc.  This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.

The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.

Andrew Barltett
2011-02-09 01:11:06 +01:00
Stefan Metzmacher
a4d4217dfa s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
We need to check for invalid parameters before we check for
access denied.

metze
2011-02-02 11:58:26 +01:00
Stefan Metzmacher
578e87dbf2 s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
metze
2011-02-02 11:58:26 +01:00
Stefan Metzmacher
97727e1068 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
metze
2011-02-02 11:58:26 +01:00
Matthias Dieter Wallnöfer
3f6ae9422b s4:samr RPC server - always interpret filter integer values as signed
To prevent platform-dependant problems.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
2011-01-15 14:54:13 +01:00
Andrew Bartlett
94a59b781c s4-auth Remove event context from privilage database handling
These local TDB operations can quite safely be handled in a new/nested
event context, rather than using the main event context.

Andrew Bartlett
2010-12-21 15:10:38 +11:00
Jelmer Vernooij
2f4bd23e9e dcesrv_srvsvc: Use constants. 2010-12-19 21:44:06 +01:00
Günther Deschner
1b293c90be spoolss: fill in PerMachineConnections add and delete IDL.
Guenther
2010-12-16 10:52:50 +01:00
Andrew Bartlett
f681859eb8 s4-lsa Implement kerberos ticket life policy
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC.  We should get
this from group policy, but for now it's parametric smb.conf options.

Andrew Bartlett
2010-12-09 18:02:59 +11:00
Andrew Tridgell
735c1cd2da s4-pkgconfig: add @LIB_RPATH@ to our link flags
this is only set when rpath is used on install. It ensures that
applications that link against Samba libraries get the rpath right

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec  8 12:46:00 CET 2010 on sn-devel-104
2010-12-08 12:46:00 +01:00
Matthias Dieter Wallnöfer
93d85ca5fd s4:fix some shadowed declaration warnings on Solaris by renaming the symbols 2010-12-06 11:28:58 +01:00
Matthias Dieter Wallnöfer
14d3027458 s4:samr RPC server - dcesrv_samr_GetBootKeyInformation - return NOT_SUPPORTED
Windows Server 2008 does this

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Dec  4 12:11:47 CET 2010 on sn-devel-104
2010-12-04 12:11:47 +01:00
Matthias Dieter Wallnöfer
70eaa3fd0c s3/s4:lsa.idl - QueryDomainInformationPolicy - the "unknown6" field is called "reserved"
MS-LSAD 3.1.1.1 - http://msdn.microsoft.com/en-us/library/cc234319(v=PROT.13).aspx
2010-12-03 22:56:19 +01:00
Matthias Dieter Wallnöfer
d0b3932447 s4:lsa RPC server - always initialise "info" structures
This should help to fix bug #7769
2010-12-03 22:47:21 +01:00
Matthias Dieter Wallnöfer
aebc90f974 s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of rework
- Added 'out of memory' checks
- Added checks regarding return values
- Switch to "ldb_msg_add_string" where possible

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec  3 21:41:39 CET 2010 on sn-devel-104
2010-12-03 21:41:39 +01:00
Matthias Dieter Wallnöfer
40db0b8386 s4:dcesrv_drsuapi RPC server - remove unreachable statement 2010-11-29 14:48:13 +01:00
Matthias Dieter Wallnöfer
6df6364220 s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64 2010-11-27 21:50:42 +01:00
Matthias Dieter Wallnöfer
4010eff80b s4:wkssvc RPC server - better solution for srvsvc* enum's in server_info.c
Reworked version of commit 7e710c4de9
2010-11-27 21:50:41 +01:00
Matthias Dieter Wallnöfer
3c343fec8a Revert "s4:rpc_server/common/common.h - introduce two forward declarations to suppress parameter declaration warnings"
This reverts commit 7e710c4de9.
This causes more noise than it's useful.
2010-11-27 21:50:41 +01:00
Andrew Tridgell
8310375a04 s4-drs: allow DrsReplicaGetInfo as a DC 2010-11-28 00:16:38 +11:00
Matthias Dieter Wallnöfer
ae61408e2f s4:lsa RPC server / objectclass LDB module - fix the creation of trusted domain objects
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-25 13:05:56 +01:00
Matthias Dieter Wallnöfer
1352a9406f s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control is specified
This fits better than the RELAX one.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-11-24 18:23:01 +01:00
Matthias Dieter Wallnöfer
d0993e1278 s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"
- Performs the short computer name check against the sam account name.
- Enhances the LogonGetDomainInfo testsuite which checks the NULL
  "dns_hostname" behaviour

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104
2010-11-19 12:50:32 +01:00
Andrew Tridgell
2421c0dcfb s4-eventlog: fixed dcerpc handle return 2010-11-16 07:16:04 +00:00
Brad Hards
c8c52be455 Update dcerpc_server.pc library name to match reality. 2010-11-16 16:42:50 +11:00
Jelmer Vernooij
f7bccc6628 smb_server: Build as shared module. 2010-11-15 11:43:05 +00:00
Jelmer Vernooij
1409c97899 s4: Build ldap and samba3_smb services as shared modules.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
2010-11-15 03:04:40 +00:00
Andrew Tridgell
ef7f4a1420 s4-server: make server sockets a child of the task context
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.

Making them a child of the task allows the task to terminate and take
all its sockets with it.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15 10:19:34 +11:00
Andrew Tridgell
b9cfe10945 s4-drs: fixed a crash in writspn
sam_ctx_system may be NULL for non-privileged users

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
2010-11-13 08:52:53 +00:00
Stefan Metzmacher
198049f3c6 s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we don't use it
metze
2010-11-09 22:52:55 +01:00
Stefan Metzmacher
f6e20bf52f s4:rpc_server/drsuapi: make msg_attrs static const
metze
2010-11-09 22:25:55 +01:00
Stefan Metzmacher
9fa71f8f57 s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use DSDB_SECRET_ATTRIBUTES
We should replicate all secret attributes back to other DCs.

metze
2010-11-09 22:25:53 +01:00
Matthias Dieter Wallnöfer
e2efb098ab s4:drsuapi RPC server - writespn.c - fix indentations 2010-11-08 09:59:22 +01:00
Andrew Tridgell
b38a9a8999 s4-drs: allow bypass of writespn checking for some SPNs
this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname

we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 08:45:16 UTC 2010 on sn-devel-104
2010-11-08 08:45:16 +00:00
Jelmer Vernooij
0878399bd5 samdb: Lowercase library name. 2010-11-07 01:52:13 +01:00
Matthias Dieter Wallnöfer
9ff8428c6f s4:samr RPC server - "dcesrv_samr_RemoveMemberFromForeignDomain"
- Remove TODO comment: MS-SAMR 3.1.5.8.7 explicitly states:
  "The SamrRemoveMemberFromForeignDomain method removes a member from all
  aliases."

- Remove the search attributes since they aren't strictly needed.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov  6 18:07:57 UTC 2010 on sn-devel-104
2010-11-06 18:07:57 +00:00
Andrew Tridgell
5fcb426d9a s4-drs: reduce the memory usage of the getncchanges server
we now keep just a list of GUIDs around between getncchanges calls,
instead of an entire db search. This makes the overhead of having a
pending getncchanges call much smaller.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-05 23:42:09 +11:00
Matthias Dieter Wallnöfer
4902b71a60 s4:RPC server - always set the response pad data in base of the request one
Otherwise it could remain uninitialised - should fix bug #7769.
2010-11-03 09:30:00 +01:00
Matthias Dieter Wallnöfer
5516191e72 s4:RPC server - cosmetic fixes - indentation, comments 2010-11-03 09:23:00 +01:00
Andrew Tridgell
28c1e4d3eb s4-modules: get rid of the remaining static prototypes for modules
the waf build now generates the prototype declarations for us
2010-11-01 18:55:19 +11:00
Kamen Mazdrashki
717b1158a6 idl: Use DRSUAPI_ATTID_ prefix instead of DRSUAPI_ATTRIBUTE_ for ATTID values
Those values are actually ATTID values and such, they are used
for ATTIDs for Attributes, Classes and Syntaxes.
2010-10-31 23:54:04 +00:00
Matthias Dieter Wallnöfer
229f3cc9e8 s4:netlogon RPC server - "LogonGetDomainInfo" - always check the LDB return codes
Plus some cosmetic indentation fixes

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 31 19:26:45 UTC 2010 on sn-devel-104
2010-10-31 19:26:45 +00:00
Matthias Dieter Wallnöfer
39d40892c6 s4:netlogon RPC server - point out that the "LogonGetDomainInfo" "servicePrincipalName" generation is still needed 2010-10-31 18:44:06 +00:00