summaryrefslogtreecommitdiff
path: root/source3/include/rpc_lsa.h
AgeCommit message (Collapse)AuthorFilesLines
2003-05-06sort out some include dependenciesSimo Sorce1-20/+0
split out privileges from rpc_lsa.h (This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
2003-03-15Minor fixes.Andrew Bartlett1-1/+1
- signed/unsigned - quieten warning about assignment as truth value - whitespace Andrew Bartlett (This used to be commit a13ce0df4b4a776fa635a1fb804dd00d195f58d0)
2003-02-10added the 'lsaenumacctwithright' command to rpcclient. This allows youAndrew Tridgell1-1/+17
to lookup what SIDs have a particular privilege (that is how privileges are stored). (This used to be commit 3ddb5fb0dd33992b7db54a661752551a3fefc0b4)
2003-02-06added the LSA privileges server backend stubs. Right now they just logAndrew Tridgell1-2/+0
what was requested. (This used to be commit 64ac6c2bcb729c4658de48e929cc792681903ecc)
2003-01-28added LsaRemoveAccountRightsAndrew Tridgell1-3/+20
this now gives us complete remove privileges control in the client libs, so we are in good shape for starting on the server side. (This used to be commit bf99440398db86f46233eb2f5adddffb61280a1b)
2003-01-28cleaned up the lsa_enum_acct_rights function and added aAndrew Tridgell1-5/+20
lsa_add_acct_rights function. This allows us to add privileges remotely to accounts using rpcclient. (This used to be commit 2e5e659e095a94b0716d97f673f993f0af99aabe)
2003-01-15added cli_lsa_enum_account_rights() call. Note that this is inAndrew Tridgell1-0/+17
principal similar to the existing cli_lsa_enum_privsaccount() call, except that cli_lsa_enum_account_rights() doesn't require a call to open_account first. There is also the minor matter that cli_lsa_enum_account_rights() works whereas cli_lsa_enum_privsaccount() doesn't! this call can be used to find what privileges an account or group has. This is a first step towards proper privileges support in Samba. (This used to be commit 65bac11d716f873dcdbda528313c33634c26a072)
2002-07-30Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough1-0/+38
is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone). (This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
2002-07-08(this should have been part of the previous commit)Andrew Bartlett1-13/+0
Add a function to display 'sid types' as strings - makes rpcclient outptut and DEBUG() logs much eaiser to understand. Move the enum for SID types to smb.h, becouse is really isn't LSA specific any more. Andrew Bartlett (This used to be commit fc9739861104df4ddc93efab3275275307e4fbb9)
2002-04-14Partly based on the work by mimir (Rafal SzczesniakAndrew Bartlett1-2/+2
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Move the lsa code across to the changed args for lookup_name, and surround itAndrew Bartlett1-4/+2
in become_root()/unbecome_root(). Also only allocate the memory the client reqests - and don't allow the client to trigger an SMB_ASSERT if they ask for 'more'. Up the maximum number of sids allowed, and note that this is an arbiary guess, and can be raised without consequence. Andrew Bartlett (This used to be commit 6e7667125d142670db7393ed7a48386f3821d896)
2002-01-11Correct4ed comment.Tim Potter1-1/+1
(This used to be commit 78814664ef7d41c2f6637b508711ab45647a64f9)
2002-01-02Doc.Martin Pool1-2/+1
(This used to be commit b354163834e0f2da7d3caacfe8d2ac6e2a6949e8)
2001-12-17there is no unknown field in LSA_SEC_QOSJean-François Micouleau1-1/+0
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the length fields are not correct but that's what NT send. We don't anymore underflow or overflow the decoding. added the domain admins group to the default SD. we are now checking the desired access flag in the lsa_open_policy_X() calls and in most functions also. J.F. (This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
2001-12-14add lsa_query_secobj server code. level 4 is the ACL, level 1 is theJean-François Micouleau1-16/+47
owner. that's basic stuff. got the POLICY_ define from TNG but they are also in an include file in the NT SDK. J.F. (This used to be commit 84289a9bf42847981926e198ad36c050904fa9ed)
2001-11-29Changed again how the privilege list is handled in the group mapping code.Jean-François Micouleau1-0/+42
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
2001-11-24added lsaenumprivsaccount and lsalookupprivvalue to rpcclientJean-François Micouleau1-0/+13
and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-09-14Oops.Tim Potter1-1/+1
(This used to be commit 4c92d82bdb35db3e01a162fb0aa00a6fe7486c70)
2001-09-13Discovered a whole lot more opcodes on the LSA pipe while writing a rpcTim Potter1-6/+38
scanner. There's lots of quota, privilege, and trusted domain goodness waiting to be reverse engineered here! Unfortunately the scanner can crash LSASS.EXE on NT4 just by writing packets containing 0xdeadbeef. )-: (This used to be commit f0ef301cff57c9bf07694e0675eec67c61367afb)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-1/+0
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27started converting NTSTATUS to be a structure on systems with gcc in order ↵Andrew Tridgell1-16/+16
to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs (This used to be commit 1b778bc7d22efff3f90dc450eb12baa1241cf68f)
2001-07-09implement:Jean-François Micouleau1-2/+150
LSA_ENUM_PRIVS LSA_PRIV_GET_DISPNAME LSA_ENUM_ACCOUNTS LSA_OPENACCOUNT LSA_ENUMPRIVSACCOUNT LSA_GETSYSTEMACCOUNT It's a work in progress. nobody should expect it to work J.F. (This used to be commit 3056357cd8d4b2460f73ba8a8931a143f07fa2a6)
2001-06-29Added LsaGetConnectedCredentials patch from Manoj Naik <manoj@almaden.ibm.com>.Jeremy Allison1-0/+28
Jeremy. (This used to be commit 7079300da6dbd950e55dc5871851250d5a3717ff)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-0/+1
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-02-26Started conversion of lsa server code to canonical format (as srv_reg andJeremy Allison1-0/+19
srv_samr have been). Jeremy. (This used to be commit f434cda9774b4864321b37b0f8f42e6e8dee8d5b)
2001-01-25Fixed "object picker can't determine if object in domain" bug seen from W2KJeremy Allison1-7/+26
clients. Did this by importing Samba-TNG code that correctly handles LSA lookups. *MANY* thanks to Luke, Sander, Elrond and the rest of the TNG gang ! Jeremy (This used to be commit f76dc952f70862a6a390e9f35edd651867842a01)
2001-01-11Merge of various fixes from the tng headers.Tim Potter1-5/+5
(This used to be commit a6d4aad391d2a9e38cbb28d9ddc3e4ff454a759d)
2000-12-13make protoTim Potter1-2/+2
Updates for dynamic sized lookup names/sids (This used to be commit 34743c157632b1784bd15e3ca97380b1f9754e46)
2000-12-12Merged in Tim's changes : Removed static limit of MAX_LOOKUP_SIDS in rpc ↵Jeremy Allison1-5/+5
server and client lsa_lookup_names() and lsa_lookup_sids(). Jeremy. (This used to be commit 9e9c71c8b3194b7cd02fea0b6a000d4f2940d905)
2000-12-08Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions fromTim Potter1-1/+1
TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-09-20Some code moved back from TNG - updates to LSA stuff. Not yet used butJeremy Allison1-2/+19
will be needed soon. Jeremy. (This used to be commit f0aa8f9314c837fe39b6d1b0c41d5cfae2e4098f)
2000-09-06Fix for the SID history problem when using a Win2k domain controllerJeremy Allison1-1/+1
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs. Jeremy. (This used to be commit 2b1f66eb82f05fe0b85ac5b4916e32847b8de675)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-91/+32
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-11-18added regqueryval command (experimental) to get reg_io_q_info() andLuke Leighton1-1/+1
reg_io_r_info() working properly. previously they weren't well understood (well, they were the first of the registry functions i did, back in december 97, ok??? :-) set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv. (This used to be commit 98ddeaf442cb30972cb281bf0489a6e5f7eb2883)
1999-11-01added lsaenumdomains command.Luke Leighton1-8/+10
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H querysecret to work, it keeps returning access denied. (This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac)
1999-03-24Fixed LSA Lookup Names. There were a few too many NULL pointers in aMatthew Chapman1-2/+4
negative response, which tended to crash lsass.exe. (This used to be commit 6d03f61d2536630968007958345cf44a42b03584)
1999-03-19Implemented encryption algorithm used for a number of RPC buffers.Matthew Chapman1-1/+1
(actually, decryption only currently because I need to get some sleep). Basically another Microsoft twist on DES; the "master key" is the user's NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys. (This used to be commit f09388fa6f41a13ca035b5b2ff40be804608f619)
1999-03-18Adding LSA_OPENSECRET (-> LsarOpenSecret) and LSA_QUERYSECRETMatthew Chapman1-1/+59
(-> LsarQuerySecret) on client side, including rpcclient command "querysecret" for others to play with. The major obstacle is working out the encryption algorithm used for the secret value. It definitely uses the NT hash as part of the key, and it seems the block size is 64 bits - probably DES based - but I can't work out what's done in between. Help required. (This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa)
1998-12-20fix for potential lsass.exe crashing due to negative response fromLuke Leighton1-1/+1
LsaLookupNames being incorrect. this is a bit wierd: why would the lsass.exe on the nt _client_ crash due to an LsaLookupNames response from a samba _server_? (This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton1-23/+20
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-10rpcclient registry commands.Luke Leighton1-11/+8
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
1998-10-15bug-fixing against:Luke Leighton1-4/+24
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-09-30lsa_lookup_sids command added. severe debugging needed on lookup_sidsLuke Leighton1-19/+40
code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-29added in some pdb_xxx routines that are needed by nispass.cLuke Leighton1-11/+12
(This used to be commit 5212dd69d05a0d26dddcb4a0d9efca195436bfda)
1998-08-22expanded MAX_LOOKUP_SIDS to 30 (I saw 21 in a packet)Andrew Tridgell1-1/+1
(This used to be commit bd9290c36c9993a994e485da0a81df926f8662e4)
1998-06-09loadparm.c: Removed 'domain other sids' parameter.Jeremy Allison1-4/+4
lib/rpc/include/rpc_lsa.h: Changed #defines for RPC calls - moved some, made LSA_LOOKUPNAMES correct. lib/rpc/include/rpc_misc.h: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Changed bitmasks for uid to rid to be 1 bit. lib/rpc/parse/parse_misc.c: Changed make_unistr2 to put length as given, max length as one more. lib/rpc/server/srv_netlog.c: Removed 'domain other sids' parameter. lib/rpc/server/srv_samr.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. lib/rpc/server/srv_util.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Jeremy. (This used to be commit 34c91840a3d8c252715dc2f749b7a3b171a5b74f)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+288
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)