summaryrefslogtreecommitdiff
path: root/source3/lsarpcd/srv_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-134/+137
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-10rpcclient registry commands.Luke Leighton1-1/+1
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
1998-10-23set netlogon negotiation flags to 0x1ff, not to what the client requests.Luke Leighton1-9/+10
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4. (This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
1998-10-22bug fix in lsa_trans_names.Luke Leighton1-1/+3
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does decimal not hexadecimal oops. (This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-4/+4
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-15bug-fixing against:Luke Leighton1-0/+42
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-09-30lsa_lookup_sids command added. severe debugging needed on lookup_sidsLuke Leighton1-60/+85
code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-30/+40
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-08-26use a separate ZERO_ARRAY() macro instead of ZERO_STRUCT() forAndrew Tridgell1-1/+1
arrays. This prevents (harmless) warnings from some compilers (This used to be commit c2da46d1d0820a86e7f77506563cfe7f67b08fee)
1998-08-24Changed ASSERT macros to SMB_ASSERT macros as some systems alreadyJeremy Allison1-4/+4
have an ASSERT macro defined. Jeremy. (This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
1998-08-22added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberallyAndrew Tridgell1-0/+8
in the rpc code. (This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)
1998-08-21use ZERO_STRUCT() to initialise lots of structures.Andrew Tridgell1-1/+30
Luke, you need to do something similar in the rest of the rpc code. Have fun! (This used to be commit bdd8aaa544780898e20189195d4019b9beb4445c)
1998-06-10De-coupled the mapping of a Windows to UNIX username from the Get_PwnamJeremy Allison1-1/+12
username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
1998-05-24more warnings, from Tim WindersLuke Leighton1-1/+1
(This used to be commit eb157d6da4719b415a1f5202364aa77f2596bc03)
1998-05-18- renamed some of the passdb.c functions: they have a prefix pdb_ on themLuke Leighton1-1/+1
- split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
1998-05-14Fixed dce/rpc to use global_machine_sid (auto generated in server.c ifJeremy Allison1-10/+4
not present in smb.conf). Jeremy. (This used to be commit e7c1100390b714bf2f489a9032156b0c9272e403)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison1-32/+43
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+444
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)