Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-07 | s3-privileges: use LUID defines from lsa IDL. | Günther Deschner | 1 | -6/+4 | |
Guenther | |||||
2010-06-03 | s3-security: use shared "Standard access rights.". | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2010-05-28 | s3:auth use info3 in auth_serversupplied_info | Simo Sorce | 1 | -1/+1 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-21 | s3:dom_sid Global replace of DOM_SID with struct dom_sid | Andrew Bartlett | 1 | -17/+17 | |
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-18 | s3-secdesc: remove "typedef struct security_descriptor SEC_DESC". | Günther Deschner | 1 | -6/+6 | |
Guenther | |||||
2010-05-18 | s3-secdesc: remove "typedef struct security_acl SEC_ACL". | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-05-18 | s3-secdesc: remove "typedef struct security_ace SEC_ACE". | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-05-18 | s3-rpc_misc: clean out include/rpc_misc.h. | Günther Deschner | 1 | -1/+1 | |
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther | |||||
2010-03-16 | s3-lsa: fix _lsa_lsaRSetForestTrustInformation server stub. | Günther Deschner | 1 | -1/+1 | |
Guenther Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-01-10 | s3: Replace most calls to sid_append_rid() by sid_compose() | Volker Lendecke | 1 | -2/+1 | |
2009-11-26 | s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵ | Günther Deschner | 1 | -0/+1 | |
samba. Guenther | |||||
2009-11-03 | s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy(). | Günther Deschner | 1 | -0/+32 | |
Add dummys (just like s4 does) and fill in some more appropriate error codes. Guenther | |||||
2009-10-30 | s3-lsa: expand struct lsa_info to carry name and sd. | Günther Deschner | 1 | -0/+2 | |
Guenther | |||||
2009-10-30 | s3-lsa: use switch in _lsa_QuerySecurity(). | Günther Deschner | 1 | -3/+7 | |
Guenther | |||||
2009-10-28 | s3-lsa: add lsa_trusted_domain_mapping. | Günther Deschner | 1 | -0/+7 | |
Guenther | |||||
2009-10-28 | s3-lsa: add lsa_secret_mapping. | Günther Deschner | 1 | -0/+7 | |
Guenther | |||||
2009-10-28 | s3-lsa: use correct function name in_lsa_RemoveAccountRights(). | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-10-28 | s3-lsa: pure cosmetic indentation fixes. | Günther Deschner | 1 | -18/+16 | |
Guenther | |||||
2009-10-28 | s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags(). | Günther Deschner | 1 | -7/+8 | |
Guenther | |||||
2009-10-21 | s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop. | Günther Deschner | 1 | -0/+9 | |
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther | |||||
2009-10-21 | s3-lsa: make s3 pass against RPC-LSA-LOOKUPNAMES again. | Günther Deschner | 1 | -6/+7 | |
Do what W2k8 does and return the builtin domain for a NULL name. Guenther | |||||
2009-10-20 | s3-lsa: Fix _lsa_EnumTrustDom(). | Günther Deschner | 1 | -41/+25 | |
Windows clients were showing a lot of duplicates in their list of trusted domains. Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther | |||||
2009-10-20 | s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED. | Günther Deschner | 1 | -0/+5 | |
Found by RPC-LSA-PRIVILEGES torture test. Guenther | |||||
2009-10-20 | s3-lsa: When looking up domains in LookupNames, do not strip the sid. | Günther Deschner | 1 | -1/+5 | |
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther | |||||
2009-10-20 | s3-lsa: allow to have NULL strings in lsa LookupName queries. | Günther Deschner | 1 | -1/+4 | |
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther | |||||
2009-09-11 | lsa: fill in more unknowns in lsa_LookupSid calls. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-07-25 | Fix a 32/64bit stack corruption bug | Volker Lendecke | 1 | -1/+1 | |
2009-07-17 | s3-lsa: let _lsa_Delete return NT_STATUS_NOT_SUPPORTED as w2k3 does. | Günther Deschner | 1 | -6/+10 | |
Guenther | |||||
2009-07-17 | s3-lsa: Fix access_mask calculation for new handle in _lsa_CreateAccount(). | Günther Deschner | 1 | -6/+24 | |
Guenther | |||||
2009-07-17 | s3-lsa: add (not yet activate) level specific access checks for ↵ | Günther Deschner | 1 | -0/+42 | |
_lsa_QueryInfoPolicy. Guenther | |||||
2009-07-17 | s3-lsa: also implement level 13 in lsa_QueryInfoPolicy. | Günther Deschner | 1 | -19/+24 | |
Guenther | |||||
2009-07-17 | s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject(). | Günther Deschner | 1 | -4/+14 | |
Guenther | |||||
2009-07-17 | s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity(). | Günther Deschner | 1 | -13/+3 | |
Guenther | |||||
2009-07-17 | s3-lsa: implement _lsa_LookupPrivName(). | Günther Deschner | 1 | -6/+45 | |
Guenther | |||||
2009-07-17 | s3-lsa: implement _lsa_EnumAccountsWithUserRight(). | Günther Deschner | 1 | -6/+57 | |
Guenther | |||||
2009-07-13 | s3-rpc_server: pass down full unix token to map_max_allowed_access(). | Günther Deschner | 1 | -2/+6 | |
Also use unix_token->uid instead of geteuid() when checking for mapping of the SEC_FLAG_MAXIMUM_ALLOWED flag. Guenther | |||||
2009-07-04 | Handle LSA_POLICY_INFO_DNS | Volker Lendecke | 1 | -0/+26 | |
2009-07-04 | Implement QueryInfoPolicy2 similar to s4: Make it the same as QueryInfoPolicy | Volker Lendecke | 1 | -3/+15 | |
Don't reply to it for non-pdb-ads to keep up our old behaviour | |||||
2009-06-28 | _lsa_QueryInfoPolicy: Use symbolic info level names | Volker Lendecke | 1 | -4/+4 | |
2009-06-23 | s3-lsa: Fix error path in _lsa_EnumAccountRights. | Günther Deschner | 1 | -2/+11 | |
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND again as described in MS-LSAD 3.1.4.5.10 and tested with the RPC-SAMR-USER-PRIVILEGES test. Guenther | |||||
2009-06-16 | _lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return an | Jeremy Allison | 1 | -19/+17 | |
empty set of privilages if the SID doesn't have any. (From [MS-LSAD.pdf]) Jeremy. | |||||
2009-06-08 | s3-lsa: remove old code that we cannot even compile anymore. | Günther Deschner | 1 | -111/+0 | |
Guenther | |||||
2009-05-20 | Add a security model to LSA. Similar to the SAMR code - using | Jeremy Allison | 1 | -88/+227 | |
the MS-LSA docs. Jeremy. | |||||
2009-05-18 | Change access_check_samr_object -> access_check_object. | Jeremy Allison | 1 | -15/+9 | |
Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy. | |||||
2009-05-19 | s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2(). | Günther Deschner | 1 | -37/+6 | |
Guenther | |||||
2009-05-18 | s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount(). | Günther Deschner | 1 | -3/+23 | |
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-05-18 | s3-lsa: start a very basic implementation of _lsa_DeleteObject(). | Günther Deschner | 1 | -1/+23 | |
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-05-11 | s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵ | Günther Deschner | 1 | -0/+1 | |
a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther | |||||
2009-04-30 | s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount(). | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-04-16 | s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3. | Günther Deschner | 1 | -1/+9 | |
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED. Guenther (cherry picked from commit 1c9266c8caa59e287b993393b6050732a0b33547) |