summaryrefslogtreecommitdiff
path: root/source3/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2012-05-01Fix bug #8873 - self granting privileges in security=ads.Jeremy Allison1-4/+12
Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue May 1 01:04:46 CEST 2012 on sn-devel-104
2012-03-13s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.Alexander Bokovoy1-61/+66
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption. However, this was not done for trusted domain-related modifying operations. As result, Samba 4 client libraries do not work against Samba 3 while working against Windows 2008 r2. Solved this by introducing "session_extract_session_key()" function that allows to specify intent of use of the key. Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett1-1/+1
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-11-08s3: Remove two unused variablesVolker Lendecke1-2/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 8 10:14:36 CET 2011 on sn-devel-104
2011-11-02s3-lsa: Let passdb backend handle the DOMAIN$ userSumit Bose1-101/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2011-10-12s3-group-mapping: Remove fstrings from GROUP_MAP.Simo Sorce1-3/+13
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-09-12s3-lsa: Add conversion for auth info structsSumit Bose1-33/+14
struct lsa_TrustDomainInfoAuthInfo and struct trustAuthInOutBlob can store the same information for different usage. The added routines can convert one struct into the other. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
2011-08-31s3-lsa: Add _lsa_SetInformationTrustedDomain() and related callsSumit Bose1-21/+312
The following LSA calls are added: - _lsa_SetInformationTrustedDomain() - _lsa_SetTrustedDomainInfo() -_lsa_SetTrustedDomainInfoByName() Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31s3-lsa: Update _lsa_QueryTrustedDomainInfo()Sumit Bose1-8/+63
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31s3-lsa: Fix access mapping in_lsa_OpenTrustedDomain_base()Sumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31s3-lsa: Fix typo and use right pdb interfaceSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-01s3-lsa: Fix crypto prototypes.Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Aug 1 00:18:34 CEST 2011 on sn-devel-104
2011-07-31s3-lsa: support secret objects in _lsa_QuerySecurity().Günther Deschner1-0/+1
Guenther
2011-07-31s3-lsa: support secret objects in _lsa_DeleteObject().Günther Deschner1-0/+6
Guenther
2011-07-31s3-lsa: implement _lsa_QuerySecret().Günther Deschner1-6/+86
Guenther
2011-07-31s3-lsa: implement _lsa_SetSecret().Günther Deschner1-2/+66
Guenther
2011-07-31s3-lsa: implement _lsa_CreateSecret().Günther Deschner1-2/+78
Guenther
2011-07-31s3-lsa: implement _lsa_OpenSecret().Günther Deschner1-2/+58
Guenther
2011-07-31s3-lsa: add LSA_HANDLE_SECRET_TYPE.Günther Deschner1-1/+2
Guenther
2011-07-31s3-lsa: Fix _lsa_DeleteObject to handle trusted domain objects.Günther Deschner1-0/+6
Guenther
2011-07-20s3-auth Remove seperate guest booleanAndrew Bartlett1-1/+1
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett1-1/+1
This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-1/+1
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-6/+6
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-15lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, notGünther Deschner1-1/+4
lsa_TrustDomainInfoAuthInfoInternal. Guenther
2011-07-15lsa: rename auth info argument in lsa_CreateTrustedDomainEx2Günther Deschner1-5/+5
Guenther
2011-06-09s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett1-8/+8
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-9/+9
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-06-09s3-talloc Change TALLOC_P() to talloc()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_P isn't standard talloc.
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-4/+4
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-06-09s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
2011-05-18s3-lib Replace StrCaseCmp() with strcasecmp_m()Andrew Bartlett1-4/+4
strcasecmp_m() never needs to call to talloc, and via next_codepoint() still has an ASCII fast-path bypassing iconv() calls. Andrew Bartlett
2011-05-02s3: include ntdomain.h before including generated srv_ headers.Günther Deschner1-1/+1
Guenther
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-1/+1
2011-03-30s3: Fix Coverity ID 2332: MISSING_BREAKVolker Lendecke1-0/+1
2011-03-30s3-rpc_server: move access check functions out of samr server.Günther Deschner1-0/+1
Guenther
2011-03-30s3: only include lib/privileges.h where needed.Günther Deschner1-0/+1
This finally removes the global lsa.h inclusion. Guenther
2011-03-30s3-includes: only include ntdomain.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-auth: rpc_server needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: add passdb.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-27s3: Fix Coverity ID 2327: FORWARD_NULLVolker Lendecke1-0/+2
Make check_ft_info robust against an invalid type. Günther, please check!
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell1-2/+1
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-16s3: Fix Coverity ID 2213, PASS_BY_VALUEVolker Lendecke1-6/+6
There's little point to pass a copy of this structure on the stack. Günther, please check!
2011-03-16s3: Fix Coverity ID 1012, CHECKED_RETURNVolker Lendecke1-6/+5
This is probably more or less taste. Removing the necessity for a comment is a good thing though IMO.
2011-03-16s3: Fix Coverity ID 1013, CHECKED_RETURNVolker Lendecke1-6/+5
This is probably more or less taste. Removing the necessity for a comment is a good thing though IMO.
2011-03-03s3: Use dom_sid_string in _lsa_lookup_sids_internalVolker Lendecke1-4/+1
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-23/+23
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-21s3-lsa: fix some uninitialized variables in our lsa server.Günther Deschner1-3/+3
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Feb 21 18:47:30 CET 2011 on sn-devel-104
2011-02-17s3-lsa: support trust objects in _lsa_QuerySecurity().Günther Deschner1-0/+1
Guenther