1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00

1357 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
8b345ef19e s4:netlogon RPC - Fix up the error handling 2009-11-22 15:51:18 +01:00
Matthias Dieter Wallnöfer
1fb28b0204 s4:netlogon RPC - Fix up a comment
Now we have Windows 7 released so don't refer to a beta anymore.
2009-11-22 15:50:36 +01:00
Matthias Dieter Wallnöfer
ae1e949810 s4:lsa RPC - Fix type of variable "atype"
This is an unsigned 32bit integer.
2009-11-21 19:53:37 +01:00
Matthias Dieter Wallnöfer
7d5367fc99 s4:samr RPC - Use more LDB constants 2009-11-21 19:53:37 +01:00
Matthias Dieter Wallnöfer
e8e76eb83a s4:lsa RPC - Use more LDB constants
And fix an obvious bug (call of "samdb_msg_add_delete")
2009-11-21 19:53:29 +01:00
Matthias Dieter Wallnöfer
bda1c701f4 s4:WINREG RPC server - Cosmetic 2009-11-21 11:38:20 +01:00
Andrew Tridgell
92eff41ca5 s4-dsdb: some more attribuutes that we should only give if asked for 2009-11-20 15:19:35 +11:00
Andrew Tridgell
18cacc506e s4-drs: we need to specifically ask for ntSecurityDescriptor
ntSecurityDescriptor is no longer included by default
2009-11-20 14:57:04 +11:00
Matthias Dieter Wallnöfer
a31838eb3c s4:WINREG RPC server - remove a "talloc_free"
I assume that this "talloc_free" isn't necessary since the DCERPC server frees
the handle itself (we got always warnings about this).
2009-11-17 19:56:14 +01:00
Erick Nascimento
a3632f22ec s4-drs: DsExecuteKCC() implementation
I implemented the DsExecuteKCC() handling code on kccsrv_execute_kcc().

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-14 12:11:02 +11:00
Matthias Dieter Wallnöfer
fd4061dadd s4:dcesrv_samr - Add more checks for invalid levels
Add more checks on valid levels, mark unimplemented ones as "UNSUPPORTED" and
otherwise as "INVALID_INFO_CLASS" to be safe.
2009-11-10 16:26:23 +01:00
Matthias Dieter Wallnöfer
c9df4a3c28 s4:dcesrv_samr_ValidatePassword - naturally this was only for debugging the failure 2009-11-06 15:21:56 +01:00
Matthias Dieter Wallnöfer
7cf98abd03 s4:dcesrv_samr_ValidatePassword - adapt call to "samdb_check_password"
I've forgotten that PIDL converts UTF16 parameters automatically back to the
UNIX charset (in most cases UTF16). So I don't have to do this here.
2009-11-06 15:19:40 +01:00
Matthias Dieter Wallnöfer
6afee5f130 s4:dcesrv_samr_ValidatePassword - I forgot to create an out buffer 2009-11-06 15:19:39 +01:00
Matthias Dieter Wallnöfer
3372e2a0cc s4:dcesrv_samr - Implement "dcesrv_samr_ValidatePassword" using my new check password call
This implements a very basic method for password validation using my new
"samdb_check_password" call.
2009-11-05 12:43:03 +01:00
Stefan Metzmacher
a07eb08870 s4:dcesrv_samr: always use mem_ctx as initial parent for samr_*_state
We always steal the state to the policy handle on success,
but untill then keep it on the short term context.

metze
2009-10-24 11:59:16 +02:00
Andrew Tridgell
4ad0397d8a s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.

The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
2009-10-23 14:52:17 +11:00
Andrew Tridgell
98e4393df9 s4-dsdb: create a static system_session context
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
2009-10-23 14:52:17 +11:00
Andrew Tridgell
77991fc6f8 s4-lsa: fixed breakage of lsa server 2009-10-22 19:05:02 +11:00
Andrew Tridgell
fc97c60c56 s4-lsa: fixed the lsa server to cope with the new tests from gd 2009-10-22 14:44:47 +11:00
Andrew Bartlett
a0a787ad78 s4:rpc_server Ensure we talloc_free handles when we delete objects
If we don't talloc_free the handle, we leak the memory onto the long-term
context.

Andrew Bartlett
2009-10-21 22:43:56 +11:00
Andrew Bartlett
fcbe6163f6 s4:samr Don't leak the whole user onto the long-term handle
The user entry is only required for this function, so use
mem_ctx to hold it.

Andrew Bartlett
2009-10-21 22:43:56 +11:00
Andrew Bartlett
47daa272c0 s4:epmapper Create a proper talloc tree of endpoint floors
Andrew Bartlett
2009-10-21 22:43:55 +11:00
Günther Deschner
4b6cfbb6d2 s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.
Found by RPC-LSA-TRUSTED-DOMAIN torture test.

Guenther
2009-10-21 03:14:00 +02:00
Andrew Tridgell
95e895d880 s4: ran minimal_includes.pl on source4/rpc_server 2009-10-20 16:04:56 +11:00
Matthias Dieter Wallnöfer
85e4995364 s4:sites - get the server site (name) from DSDB 2009-10-18 14:33:43 +02:00
Matthias Dieter Wallnöfer
5d4093a937 s4:dcerpc_netlogon - unify the two workstation object lookups (DNS hostname and supported encryption types)
This is simply for better performance (no functional change).
2009-10-18 14:32:59 +02:00
Andrew Tridgell
9526487010 s4-lsasrv: make sure only admins can alter privileges 2009-10-17 13:01:02 +11:00
Andrew Tridgell
30be3fd143 s4-privileges: moved privileges to private/privilege.ldb
We were storing privileges in the sam, which was OK when we were a
standalone DC, but is no good when we replicate with a windows DC.

This moves the privileges to a separate (local) database
2009-10-17 13:01:02 +11:00
Matthias Dieter Wallnöfer
c35f18513a s4:dcerpc_server - Read the generic session key out from "dcerpc_generic_session_key"
I don't think that this code needs to exist identically on the server and on the
client side. This patch leaves it on the client side (dcerpc lib) and calls it
from the server.
2009-10-15 13:27:38 +02:00
Andrew Tridgell
d1784e7ca9 s4-drs: support DRSUAPI_DRS_ADD_REF flag
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs
call on behalf of the client after the DsGetNCChanges call. The lack
of support for this option may explain why the repsTo attribute was
not being created for w2k8-r2 replication partners.
2009-10-15 08:20:37 +11:00
Andrew Tridgell
59818f2f79 s4-drs: implement more of DsUpdateRefs
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes. 

This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
2009-10-15 08:20:37 +11:00
Andrew Tridgell
f1bf262497 drs: improved error checking
Check the validity of the requested options in DsGetNCChanges
2009-10-15 08:20:37 +11:00
Matthias Dieter Wallnöfer
e9686985cb s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
2009-10-14 10:50:43 +02:00
Matthias Dieter Wallnöfer
c183acc782 s4:dcesrv_samr - add another constant 2009-10-13 17:29:52 +02:00
Matthias Dieter Wallnöfer
6b91a2ad8e s4:dcesrv_samr - prevent "ldb_modify" on a possibly empty message
In this code part under certain circumstances we can end up with an empty message.
Since our new behaviour denies them (like the real AD) we need to bypass them
on LDB modify calls.
2009-10-13 00:53:47 +02:00
Matthias Dieter Wallnöfer
7c53386adf s4:dcesrv_samr - Add additional "talloc_free"s 2009-10-13 00:53:47 +02:00
Matthias Dieter Wallnöfer
6e19a9e05d s4:dcesrv_samr - Cosmetics
Make more use of constants and add some braces around "if" blocks
2009-10-13 00:53:25 +02:00
Andrew Tridgell
4423173b08 s4-repl: check that a DsGetNCChanges is a continuation, and fix sorting
When we indicate that a getncchanges request is not complete, we set
the more_data flag to true in the response. The client usually then
asks for the next block of data. If the client decides it wants to
skip that replication and do a different replication then we need to
make sure that the next call is in fact a continuation of the existing
call, and not a new call.

This relies on returning the results sorted by uSNChanged, as the
client uses the tmp_highest_usn in each result to see if progress is
being made.
2009-10-13 13:09:07 +11:00
Andrew Tridgell
0c0eb14767 s4-drs: make DsBind a bit less verbose 2009-10-12 13:30:52 +11:00
Matthias Dieter Wallnöfer
607ceff234 s3/s4 - Adapt the IDL changes on various locations 2009-10-08 09:50:19 +02:00
Andrew Tridgell
a44030fc10 s4-drs: added some debug lines to DsAddEntry() 2009-10-06 18:59:47 +11:00
Andrew Tridgell
0285d568c5 s4-drs: take advantage of system session auth in dsbind
Now that the bind opens samdb with the right credentials, we no longer
need the re-open in updaterefs and getncchanges
2009-10-06 18:59:30 +11:00
Andrew Tridgell
f800d4998d s4-drs: fixed error message for drs_security_level_check 2009-10-06 18:58:41 +11:00
Andrew Tridgell
a021d55138 s4-drs: open samdb with system credentials when authorised
When a DC connects to DRS, open the samdb with system session
credentials, so that we don't have to re-open it each time on other
calls.
2009-10-06 18:58:13 +11:00
Matthias Dieter Wallnöfer
44df2488e3 s4: fix various warnings (not "const" related ones) 2009-10-02 15:33:48 +02:00
Matthias Dieter Wallnöfer
f390daef47 s4/srvsvc: deactivate a "ntvfs_connect" with a wrong parameter
In the srvsvc code for s4 (NTVFS module) there exists a call to "ntvfs_connect"
which is performed with a totally wrong argument. Since I'm not able to fix
this, I commented it out and added a "FIXME" comment.
2009-10-02 15:33:40 +02:00
Andrew Tridgell
caa9e3ff8e s4-samr: fake up a samr_ValidatePassword response
mdw is working on the correct call to check the password strength
2009-10-02 16:02:42 +10:00
Andrew Tridgell
4cb055cacd ds-flags: use the new name DS_DNS_FOREST_ROOT
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer
what this bit means (according to MS-ADTS doc)
2009-10-02 12:02:00 +10:00
Andrew Tridgell
0d810fceaf s4-drs: removed debug code that replicated a maximum of 10 objects at a time 2009-09-28 10:24:58 +10:00