1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

1481 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
a4e35df3f5 s4:LogonGetDomainInfo - fix a potential crash source 2010-05-03 17:25:03 +02:00
Matthias Dieter Wallnöfer
e8a001c516 s4:LogonGetDomainInfo - fix indentation 2010-05-03 17:25:02 +02:00
Matthias Dieter Wallnöfer
8ed5e8ac9d s4:LogonGetDomainInfo - remove singular "dNSHostName" check - this doesn't belong here
I'm not really sure if this check is really done on Windows Server. And if it
is done, then it's on the LDB level (module).
2010-05-03 17:25:02 +02:00
Anatoliy Atanasov
dbbbc7d1f8 s4/rodc: RODC FAS initial implementation 2010-04-29 10:18:06 +03:00
Kamen Mazdrashki
bf49ac99c9 s4/dsdb: dsdb_validate_invocation_id() should validate by objectGUID
This function is used in DRSUpdateRefs() implementation where we
get DSA's objectGUID rather than invocationId
2010-04-28 12:11:03 +03:00
Stefan Metzmacher
7ca576e5c4 s4:rpc_server: remove unused socket_address based functions
metze
2010-04-27 17:05:30 +02:00
Andrew Tridgell
91bb4893c4 s4-netlogon: fixed getDcNameEx2 for blank inputs
w2k8r2 returns the local DC information on no inputs for
getDcNameEx2. This is needed for starting dsa.msc (ADUC) on
Win7.

CDLAP on the same call returns an error. This uses a parameter
fill_on_blank_request to distinguish the two cases.
2010-04-28 00:19:30 +10:00
Stefan Metzmacher
7bbaab8dff s4:rpc_server: remove 'socket_address' based functions
metze
2010-04-27 13:00:25 +02:00
Stefan Metzmacher
32bcc73cf8 s4:rpc_server/srvsvc: pass tsocket_address to the ntvfs layer
metze
2010-04-27 13:00:25 +02:00
Stefan Metzmacher
772cf15eb9 s4:rpc_server/spoolss: use tsocket_address in dcesrv_spoolss_check_server_name()
metze
2010-04-27 13:00:25 +02:00
Stefan Metzmacher
606025f11d s4:rpc_server/netlogon: use tsocket_address in dcesrv_netr_DsRGetDCNameEx2()
metze
2010-04-27 13:00:25 +02:00
Stefan Metzmacher
c42bb8e49c s4:rpc_server: remember the local and remote address
metze
2010-04-27 13:00:25 +02:00
Matthias Dieter Wallnöfer
2654e34cf0 s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)
2010-04-27 08:09:12 +02:00
Matthias Dieter Wallnöfer
bb91afe50c Revert "s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information"
This reverts commit 908d982980846257b65ab576d31131e8793e9399.

I need to merge the improved version of this commit.
2010-04-27 08:08:42 +02:00
Matthias Dieter Wallnöfer
581f86ba73 Revert "s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch"
This reverts commit e88a54a87e185b44e2d216bd853e6a87bf950be6.

This isn't the correct behaviour. See MS-NRPC documentation under the
"GetAnyDCName" section.
2010-04-27 08:07:19 +02:00
Andrew Tridgell
e88a54a87e s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch
We should respond when we are the PDC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-27 15:24:43 +10:00
Matthias Dieter Wallnöfer
cfbd5ef8c4 s4:netlogon RPC server - we don't need "are we DC" proofs
When we aren't a DC we shouldn't have the netlogon pipe available.
[MS-NRPC 1.3] says that we can only have DCs on the server side.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27 15:24:43 +10:00
Matthias Dieter Wallnöfer
4686305feb s4:dcesrv_netr_DsrGetDcSiteCoverageW - provide a basic implementation
Does for now only return DC's primary site.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27 15:24:42 +10:00
Matthias Dieter Wallnöfer
3b4137c7be s4:dcesrv_netr_DsRGetSiteName - provide an implementation according to the MS-NRPC docs
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27 15:24:41 +10:00
Matthias Dieter Wallnöfer
5fc7118675 s4:dcesrv_netr_GetAnyDCName - improve the call according to the MS-NRPC documentation
This implementation checks if the domainname is valid for us or a trusted domain.

Then I've also added the PDC location functionality. That means that we should
return "WERR_NO_SUCH_DOMAIN"  (MS-NRPC 3.5.5.2.5).

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27 15:24:41 +10:00
Matthias Dieter Wallnöfer
908d982980 s4:netr_DsRAddressToSitenames[Ex]W calls - implement them correctly with the client site information
This behaviour should be similar to the one of Windows Server (in my case 2008)

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-27 15:24:41 +10:00
Andrew Tridgell
c375b90f5d s4-getncchanges: honor DRSUAPI_DRS_REF_GCSPN
this is an alternative way of establishing repsTo
2010-04-27 10:38:58 +10:00
Andrew Tridgell
6ee1c503bf s4-drs: don't send uninstantiated objects in getncchanges
This includes deleted partitions

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-26 19:06:07 +10:00
Andrew Tridgell
e7262b51d1 s4-drs: validate RODC credentials via the user_sid
This checks whether a replication client is a RODC by inclusion of the
the DOMAIN_RID_ENTERPRISE_READONLY_DCS sid in the users token

Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22 19:36:16 +10:00
Andrew Tridgell
bb1ba4ff76 s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22 19:36:16 +10:00
Andrew Tridgell
90230ce27e s4-drs: only allow replication with the right invocationId
Non-administrator replication checks the invocationId matches
the sid of the user token being used

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-04-22 19:36:16 +10:00
Fernando J V da Silva
73513fb7e7 s4-drs: Use new samdb_rodc() function in s4 code
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
d940a44496 s4-drs: Do not send RODC filtered attributes to RODCs on GetNCChanges reply
During building an object to send it on a GetNCChanges reply, it checks
the attributes and if any of them is a RODC filtered and the recipient
is a RODC, then such attribute is not sent.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
57bcdf008f s4-drs: samdb_is_rodc() function and new samdb_rodc() function
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Matthias Dieter Wallnöfer
3a8b67fd36 s4:netlogon RPC server - fix a counter variable type 2010-04-21 18:06:17 +02:00
Stefan Metzmacher
135208d990 s4:rpc_server/netlogon: add no memory checks
metze
2010-04-20 16:02:14 +02:00
Andrew Tridgell
b4b43fcb4c s4-netlogon: fixed dc_unc and dc_address_type
These are needed for dcpromo from w2k8r2
2010-04-20 23:43:33 +10:00
Matthias Dieter Wallnöfer
41716a8c13 s4:netlogon RPC - "fill_one_domain_info" - use "lp_workgroup" for the DC short domainname discovery
Here we don't need to use "lp_sam_name" since in this function we are always a
DC.
2010-04-20 09:33:46 +02:00
Matthias Dieter Wallnöfer
84c901a619 s4:"samdb_server_site_name" uses - proof for out of memory 2010-04-13 15:45:29 +02:00
Matthias Dieter Wallnöfer
aa02f44255 s4:dcesrv_netr_DsRGetDCNameEx2 - provide a much better implementation
On the base of the "fill_netlogon_samlogon_response" call.

This removes duplicated code.
2010-04-13 15:26:54 +02:00
Matthias Dieter Wallnöfer
0dffa9caec s4:use "samdb_forest_name" for the forest DNS domainname lookup 2010-04-13 09:32:33 +02:00
Matthias Dieter Wallnöfer
ad9e407357 Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
2010-04-13 08:55:15 +02:00
Matthias Dieter Wallnöfer
1a27343366 s3/s4:netlogon IDL - fix up "struct netr_SamInfo6" regarding the "forest" attribute
According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the
forest one.
2010-04-12 18:49:01 +02:00
Matthias Dieter Wallnöfer
98ce053efd s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions
Purely cosmetic change.
2010-04-12 18:49:01 +02:00
Andrew Bartlett
2c193fe91a s4:auth Remove event context from anonymous_session()
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.

Andrew Bartlett
2010-04-11 13:36:04 +10:00
Andrew Bartlett
4b27cc0ea6 s4:rpc_server Fix segfault in modified SamLogon handling 2010-04-10 21:41:00 +10:00
Andrew Bartlett
0340826772 s4:rpc_server Add all SIDs into the netlogon SamLogon reply
We were missing the SIDs that are not in the domain.
2010-04-10 21:41:00 +10:00
Günther Deschner
35ef60918b s4-winreg: Fix dcesrv_winreg_CreateKey after rename.
Guenther
2010-04-09 13:57:18 +02:00
Günther Deschner
846813797d s4-winreg: add winreg_DeleteKeyEx stub.
Guenther
2010-04-09 00:27:58 +02:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
aa5e08eb83 s4-waf: install the rest of the headers 2010-04-06 20:27:09 +10:00
Andrew Tridgell
844acb2260 build: waf quicktest nearly works
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
2010-04-06 20:26:48 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00
Simo Sorce
4b249a616b s4:lsa implement lsaRSetForestTrustInformation 2010-03-30 17:46:52 -04:00
Matthias Dieter Wallnöfer
90d2902c73 s4:registry - move the UTF16 length calculation for "reg_key_get_info" into the RPC server code
It does fit better there.
2010-03-29 20:36:32 +02:00