sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code
85,728 Commits 60 Branches 1,145 Tags 452 MiB
beead4d431
Commit Graph

20 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
6df6364220 s4:drsuapi RPC server - fix "enum security_user_level" warning on Tru64 2010-11-27 21:50:42 +01:00
Andrew Tridgell
eebe5e1251 s4-drs: added drs_security_access_check_nc_root() 
this checks securiity on the NC root of the specified naming context
 2010-09-29 16:36:22 -07:00
Nadezhda Ivanova
440cee48b9 s4-drs: Added drs_security_access_check function 
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
 2010-09-28 11:36:40 -07:00
Andrew Tridgell
dc7cf47371 s4-drs: added sam_ctx_system on DRS bind state 
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Andrew Tridgell
45a2b408ba s4-drs: added domain_sid to DRS security checks 
we need the domain_sid to determine if the account is a RODC for our
domain

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:50 +10:00
Andrew Tridgell
bb1ba4ff76 s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level 
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
 2010-04-22 19:36:16 +10:00
Andrew Tridgell
acf33e0d58 s4-drs: moved the DsWriteAccountSpn call to its own file 2010-01-09 18:56:29 +11:00
Andrew Tridgell
701148bbe9 s4-drs: we are doing the sorting for getncchanges in the app code now 
the sorting is quite delicate, and easier to get right in the
getncchanges code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-02 08:16:52 +11:00
Andrew Tridgell
59818f2f79 s4-drs: implement more of DsUpdateRefs 
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes. 

This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
 2009-10-15 08:20:37 +11:00
Andrew Tridgell
8aa85d7cbe s4-drsuapi: state variable for getncchanges 2009-09-28 10:24:50 +10:00
Anatoliy Atanasov
4f9de0e995 s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_SPECIAL_SECRET_PROCESSING in getncchanges 
When this flag is specified in the request these attributes are treated as
secret: currentValue, dBCSPwd, initialAuthIncoming, initialAuthOutgoing,
lmPwdHistory, ntPwdHistory, priorValue, supplementalCredentials,
trustAuthIncoming, trustAuthOutgoing, unicodePwd
Their value is changed to NULL and the meta_data.originating_change_time to 0
 2009-09-23 17:10:27 -07:00
Anatoliy Atanasov
c9dc6506e6 s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchanges 2009-09-23 15:50:51 -07:00
Andrew Tridgell
ee4f7f1209 s4-drsserver: sort by DN to give tree order 
This might help the windows client with ordered requests. Later we
need to support the "ancestors" mode flag.
 2009-09-22 17:10:06 -07:00
Anatoliy Atanasov
6e56261eb7 Add drs_security_level_check for dcesrv calls security checks 
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
 2009-09-19 15:39:40 -07:00
Andrew Tridgell
51baffab5f s4:drs split addentry and getncchanges into separate files 
These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow
 2009-09-09 21:06:36 +10:00
Andrew Tridgell
91805627c9 s4: implemented server side of DSUpdateRefs call 
This call is made by DCs to tell us we should notify them of directory
changes
 2009-09-08 11:52:45 +10:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3 
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
 2007-10-10 14:59:12 -05:00
Stefan Metzmacher
89e28a0ec8 r21512: finish DsBind() in the DRSUAPI server: 
- fill in our on bind_info struct correctly
- remember the local and remote DsBindInfo28 struct
- remember the remote bind_buid

w2k3 now tries replicate using DsGetNCChanges() from us,
after the NET-API-BECOME-DC test created the domain controller
and replicated all data.

(But we still give a DCERPC fault in DsGetNCChanges()...)

metze
(This used to be commit 33550c063d)
 2007-10-10 14:48:47 -05:00
Stefan Metzmacher
43f500244b r3784: do a samdb lookup for the DsCrackNames server 
metze
(This used to be commit a2776eca83)
 2007-10-10 13:05:53 -05:00
Stefan Metzmacher
3dd56175ab r2889: add DRSUAPI server 
- with DsBind and DsUnbind implmented :-)
  the RPC-DRSUAPI test works

metze
(This used to be commit 536af87ef1)
 2007-10-10 12:59:42 -05:00