summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2003-03-07Limit the number of SIDs that may be looked up, in line with existing codeAndrew Bartlett1-0/+5
for name->sid. (This used to be commit 0ebccc0dbeecc10d423529909a2563fbc3bf9857)
2003-02-21Fixed compiler warning.Tim Potter1-1/+1
(This used to be commit b3f9cf8c1c293e905a536dfa5bb6a827627b7024)
2003-02-12initial server side privileges implementation, using a tdb. This needs to be ↵Andrew Tridgell1-5/+32
hooked into pdb, and we need some access control on changing privileges. That's next (This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
2003-02-11added server stubs for lsa_enum_acct_with_rightAndrew Tridgell1-0/+29
(This used to be commit aa2abacaf48924797b6803786c14c9f303185e4a)
2003-02-06added the LSA privileges server backend stubs. Right now they just logAndrew Tridgell1-0/+81
what was requested. (This used to be commit 64ac6c2bcb729c4658de48e929cc792681903ecc)
2003-01-17reverted this patch till I sort out the craziness with UNIHDRAndrew Tridgell1-10/+13
(This used to be commit e3d00fa47d38cd214f5e350e1d6b30d90ed8a52c)
2003-01-17This removes the 3rd argument from init_unistr2(). There were 240Andrew Tridgell1-13/+10
calls to init_unistr2() in the code and every one of them got the 3rd argument incorrect, so I thought it best just to remove the argument. The incorrect usage was caused by callers using strlen() to determine the length of the string. The 3rd argument to init_unistr2() was supposed to be the character length, not the byte length of the string, so for non-english this could come out wrong. I also removed the bogus 'always allocate at least 256 bytes' hack. There may be some code that relies on this, but if there is then the code is broken and needs fixing. (This used to be commit b9eff31b1433c81fbff733e194914a40f25e3bda)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-22/+19
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-10-21This moves the group mapping API into the passdb backend.Volker Lendecke1-9/+9
Currently this calls back to mapping.c, but we have the framework to get the information into LDAP and the passdb.tdb (should we? I think so..). This has received moderate testing with net rpc vampire and usrmgr. I found the add_groupmem segfault in add_aliasmem as well, but that will be another checkin. Volker (This used to be commit f30095852fea19421ac8e25dfe9c5cd4b2206f84)
2002-09-06This is the 'easy' parts of the trusted domains patch n+3 patch fromAndrew Bartlett1-0/+2
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> It includes a conversion of make_user_info*() to NTSTATUS and some minor changes to other files. It also picks up on a nasty segfault that can occour in some security=domain cases. Andrew Bartlett (This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
2002-07-30Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough1-1/+96
is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone). (This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
2002-07-07Updates to the 'name -> sid' code:Andrew Bartlett1-1/+1
Correct the 'none mapped' behaviour, (so that it matches Win2k) and add a function to make the SID types appear as text strings in logs/rpcclient. Also, remove a silly case that would cause 'failure' to be 'success'. (Might look at this a bit more in future). Andrew Bartlett (This used to be commit c20d057f8821d13d3de61b319de44db23773516b)
2002-06-18more debug classess activatedSimo Sorce1-0/+3
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett1-8/+7
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-05-18A few things in this commit:Andrew Bartlett1-2/+2
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-05-17A few more trusted domains updates from mimir.Andrew Bartlett1-6/+16
I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
2002-04-14Partly based on the work by mimir (Rafal SzczesniakAndrew Bartlett1-6/+14
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
2002-04-09Add a become_root()/unbecome_root() pair to allow acces to the passdb forAndrew Bartlett1-0/+4
SID lookup. This fixes a bug where SIDs (rather than names) are displayed in windows ACL lists (This used to be commit e60c509813a9113cd76135b6ded3018ff04d49f2)
2002-03-29Don't core dump listing thousands of users in usrmgr.Jeremy Allison1-9/+20
Jeremy. (This used to be commit c6566fa5fadf37a2b133e7be1f13c0de93efab34)
2002-03-29Ensure we return a parseable value if invalid handle given.Jeremy Allison1-17/+17
Jeremy. (This used to be commit f169f3f4df81537426f708d68da44e0fc40ad15e)
2002-01-31this fixes the problem of not being able to add a SD to a file on aAndrew Tridgell1-2/+1
non-domain Samba server from a NT4 client. Note that this exactly reverses a change by Jeremy on the 18th of December 2001, reverting the code back to what JF originally wrote. I have looked carefully with a sniffer and JFs original NULL sid is correct (ie. it matches what NT4 does) and also fixes the problem. Sending a blank sid (which is what jeremy's patch did) causes NT4 to give a classic "parameter is incorrect error" and prevents the addition of new ACLs. (This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Move the lsa code across to the changed args for lookup_name, and surround itAndrew Bartlett1-2/+11
in become_root()/unbecome_root(). Also only allocate the memory the client reqests - and don't allow the client to trigger an SMB_ASSERT if they ask for 'more'. Up the maximum number of sids allowed, and note that this is an arbiary guess, and can be raised without consequence. Andrew Bartlett (This used to be commit 6e7667125d142670db7393ed7a48386f3821d896)
2001-12-31- portablitity fixes for cc -64 on irixAndrew Tridgell1-1/+0
- fixed gid* bug in rpc_server (This used to be commit 48aa90c48c5f0e3054c4acdc49668e222e7c0d36)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-1/+2
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-18I'm pretty sure we need to return our netbios name for LSA_QUERY_INFOJeremy Allison1-1/+1
level 5 when we're a standalone server. This makes the security dialogs return correct info. JF - please check ! Jeremy. (This used to be commit dd13daf52bc96637ef3d40920cbd3bcadb7e08f5)
2001-12-18in lsa_query_info at level 5 in member mode, we must reply our machineJean-François Micouleau1-1/+1
name and not our domain name. I thought it has been already fixed ! J.F. (This used to be commit 1fbb01868b489c896ad1c65ded223999b0ee6013)
2001-12-17there is no unknown field in LSA_SEC_QOSJean-François Micouleau1-67/+208
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the length fields are not correct but that's what NT send. We don't anymore underflow or overflow the decoding. added the domain admins group to the default SD. we are now checking the desired access flag in the lsa_open_policy_X() calls and in most functions also. J.F. (This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
2001-12-14add lsa_query_secobj server code. level 4 is the ACL, level 1 is theJean-François Micouleau1-0/+70
owner. that's basic stuff. got the POLICY_ define from TNG but they are also in an include file in the NT SDK. J.F. (This used to be commit 84289a9bf42847981926e198ad36c050904fa9ed)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-6/+8
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-11-29Changed again how the privilege list is handled in the group mapping code.Jean-François Micouleau1-17/+162
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
2001-11-23return NO_MORE_ENTRIES in lsa_enum_trust_dom. UserManager is happier :-)Jean-François Micouleau1-1/+1
J.F. (This used to be commit 75ee50bbef531a1487c1f8b76b8e70627fbdbdf1)
2001-11-23Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau1-5/+7
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
2001-11-22added lsa_enum_sids to rpcclientJean-François Micouleau1-10/+20
fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22fixing enum_privs and get_dispname server code.Jean-François Micouleau1-20/+20
That works as expected now. J.F. (This used to be commit f2766932d693fc601b2c3e7853e61f751435ec3c)
2001-11-22add a command to rpcclient: enumprivsJean-François Micouleau1-1/+1
J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-10-09Fixes from John Trostel (modified somewhat by me) to ensure that all lookup_XXJeremy Allison1-2/+2
functions correctly deal with the SID_NAME_TYPE. One fix for connection user lookup in LSA. Jeremy. (This used to be commit 29730027d8118ec7d207c89d0fd7fb24ac173fde)
2001-10-03fix some possible memleaks and not tested reallocs spotted by Andreas MoroderSimo Sorce1-0/+1
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17move to SAFE_FREE()Simo Sorce1-3/+3
(This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-32/+32
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-27started converting NTSTATUS to be a structure on systems with gcc in order ↵Andrew Tridgell1-1/+1
to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs (This used to be commit 1b778bc7d22efff3f90dc450eb12baa1241cf68f)
2001-08-24Fixed malloc -> talloc problems pointed out by Simo.Jeremy Allison1-1/+1
Jeremy (This used to be commit 0f5b187387fb536a6866d9109eff82411798f79e)
2001-07-25Held a shoot-out between NT_STATUS_NO_PROBLEMO and NT_STATUS_NOPROBLEMO.Tim Potter1-10/+10
According to the incorruptible judges find and grep, the latter won. Mmm - procrastination. (-: (This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
2001-07-12Removed unused variable.Tim Potter1-1/+0
(This used to be commit 914e78f05356c66665ede6948ec18814c2c2c503)
2001-07-09implement:Jean-François Micouleau1-1/+216
LSA_ENUM_PRIVS LSA_PRIV_GET_DISPNAME LSA_ENUM_ACCOUNTS LSA_OPENACCOUNT LSA_ENUMPRIVSACCOUNT LSA_GETSYSTEMACCOUNT It's a work in progress. nobody should expect it to work J.F. (This used to be commit 3056357cd8d4b2460f73ba8a8931a143f07fa2a6)
2001-07-04The big character set handling changeover!Andrew Tridgell1-18/+9
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-29Added LsaGetConnectedCredentials patch from Manoj Naik <manoj@almaden.ibm.com>.Jeremy Allison1-0/+30
Jeremy. (This used to be commit 7079300da6dbd950e55dc5871851250d5a3717ff)
2001-06-05Merge of lsa_lookup_names() i18n bugfix from appliance.Tim Potter1-0/+5
(This used to be commit 84a22d5f0a74f440a5288fedf07055ddc8da208e)
2001-06-02Merge of i18n domain name fix for lsa_query_info_policy() from applianceTim Potter1-9/+13
branch. (This used to be commit e7a4dd7612d79bb24be68c601eccc987aba6b497)