| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit 6924d1cd443e4f7eb7b634c97c92effd6373ff12)
|
|
Jeremy.
(This used to be commit 1d9dbe3b662ea757224ca4d8c991ae73bb92ae8d)
|
|
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
|
|
Jeremy.
(This used to be commit 46e575af17cefb0ce7a1fdfacf29f90ae36fa72e)
|
|
(This used to be commit 62e58d939bf3abf71bb19aade57d406e07403bc8)
|
|
Jeremy.
(This used to be commit 6ec0e9124a1a7b19c9853b8e26075cbbb8751f10)
|
|
Jeremy.
(This used to be commit f1a362580ae37730dc8393a79f832aed5d0ea4be)
|
|
Jeremy.
(This used to be commit 2274709587bd1f27bea2eacf633182f20cd07b1e)
|
|
Jeremy.
(This used to be commit a164cfab420a2439dad8fd85f8b4d652087fa6b9)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
Guenther
(This used to be commit 02f13dee6d0bbca71a991682bfe214ed8363e818)
|
|
(This used to be commit 623d2e69319ffead31a780a4d6156dae45f386d7)
|
|
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
(This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
Tested client and server code.
(This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
|
|
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
to give back better error messages.
(This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
|
|
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
|
|
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
|
|
(This used to be commit 0c205bcc864c8dc01124a5d654792de0cbf79a63)
|
|
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
|
|
parsing bugs related to that code
(This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
rpc_parse/parse_lsa.c:
nsswitch/winbindd_rpc.c:
nsswitch/winbindd.h:
- Add const
libads/ads_ldap.c:
- Cleanup function for use
nsswitch/winbindd_ads.c:
- Use new utility function ads_sid_to_dn
- Don't search for 'dn=', rather call the ads_search_retry_dn()
nsswitch/winbindd_ads.c:
include/rpc_ds.h:
rpc_client/cli_ds.c:
- Fixup braindamage in cli_ds_enum_domain_trusts():
- This function was returning a UNISTR2 up to the caller, and
was doing nasty (invalid, per valgrind) things with memcpy()
- Create a new structure that represents this informaiton in a useful way
and use talloc.
Andrew Bartlett
(This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)
|
|
Jeremy.
(This used to be commit 3ebbd67dec2044ed8022491747e65b90f1354602)
|
|
(no need to include all of smbd files to use some basic sec functions)
also minor compile fixes
couldn't compile to test these due to some kerberos problems wirh 3.0,
but on HEAD they're working well, so I suppose it's ok to commit
(This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
|
|
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
This is not the case. Count it after conversion.
Jeremy.
(This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
|
|
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
|
|
Jeremy.
(This used to be commit d6f23166420d89ea7d3d5433e3234529681cb330)
|
|
signed/unsigned (mostly i counters)
a little bit of const.
Andrew Bartlett
(This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727)
|
|
Jeremy
(This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
|
|
Jeremy.
(This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
|
|
(This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
and should be rewritten, just not now... :-).
Jeremy.
(This used to be commit 5de792e7e9c2ad1422ac146caba632baa3f4e5c5)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
just make it harder to debug (gcc stips optomises them away).
(This used to be commit 100d2705ddfa1fde73a0bb06e8e097b2b1cbf36a)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the
length fields are not correct but that's what NT send. We don't anymore
underflow or overflow the decoding.
added the domain admins group to the default SD.
we are now checking the desired access flag in the lsa_open_policy_X()
calls and in most functions also.
J.F.
(This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
|
|
(This used to be commit 359ca8f246c46b1700418fe0226458023f808d67)
|
|
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
|
|
(This used to be commit 3f1cfb62e85343a45817651f111f01051fc66b18)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
