summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13458: Add parsing functions - but stub internals for lookupnames3 and 4.Jeremy Allison1-0/+17
Jeremy. (This used to be commit f1a362580ae37730dc8393a79f832aed5d0ea4be)
2007-10-10r13456: Add lsa_lookup_names2.Jeremy Allison1-0/+89
Jeremy. (This used to be commit b57406c89feaf550f6c2d29ef0ed73a935908add)
2007-10-10r13455: Prepare to add lookupnames2.Jeremy Allison1-13/+12
Jeremy. (This used to be commit 2274709587bd1f27bea2eacf633182f20cd07b1e)
2007-10-10r13449: Ensure we don't crash if no dc struct on pipe.Jeremy Allison1-0/+5
Jeremy. (This used to be commit a9e1d0f3b4fd7a0732a5023d0b4dcc2c4b1b03f8)
2007-10-10r13447: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3.Jeremy Allison1-65/+233
Jeremy. (This used to be commit a164cfab420a2439dad8fd85f8b4d652087fa6b9)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-123/+133
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-5/+4
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-3/+4
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-54/+69
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r12043: It's amazing the warnings you find when compiling on a 64-bitJeremy Allison1-20/+20
box with gcc4 and -O6... Fix a bunch of C99 dereferencing type-punned pointer will break strict-aliasing rules errors. Also added prs_int32 (not uint32...) as it's needed in one place. Find places where prs_uint32 was being used to marshall/unmarshall a time_t (a big no no on 64-bits). More warning fixes to come. Thanks to Volker for nudging me to compile like this. Jeremy. (This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-6/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9195: setting log level to 2 instead of 0Gerald Carter1-1/+1
(This used to be commit 3a633a509e8e8e5239d456960f3014172f1e4b3d)
2007-10-10r9194: do not enumerate privileges when they are not enabledGerald Carter1-1/+6
(This used to be commit ff6e3464a2df7fd8a79da8f059a080934d9b3749)
2007-10-10r7995: * privileges are local except when they're *not*Gerald Carter1-1/+1
printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions. (This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-1/+40
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6536: Jeremy, did you actually test this part of revision 801? I just ↵Volker Lendecke1-2/+0
tested that Windows 2003 returns "4 (Local Group)" for rpcclient -c 'lookupnames "System Operators"' Before #ifdef'ing that out again I would like to see a sniff how you get a "5" (WKN_GRP) out of lsa_lookupnames. Volker (This used to be commit f6e27305101ab0c7e04e55b4905e91c19b31f9ef)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-2/+0
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()Gerald Carter1-0/+1
Tested client and server code. (This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-2/+2
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )Gerald Carter1-8/+24
* add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges <name>' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter1-6/+38
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r5458: Generate a sane response to exceeding lookupsids limit. Truncate ↵Jim McDonough1-2/+3
list to zero and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains the benefit of not overallocating memory. The previous response of truncating to the MAX limit was not useful because it crashed lsass.exe on windows (bug opened with MS), and it was also misleading the client to believe that a complete answer was received. (This used to be commit c03a93957404663bbd026668fb95d6c253524fe9)
2007-10-10r5383: add missing checks to allow root to manage user rightsGerald Carter1-2/+12
(This used to be commit ead54b14f6b34f087d3affc2853e16bbbaceb7cc)
2007-10-10r5246: We can't use a pointer to struct lsa_info until is has beenTim Potter1-1/+1
initialised. Fix for bugzilla #2315. Can the privileges dude(s) please verify this? (This used to be commit bc4f884104c04f7c9ab7d370586115a9328ce9b1)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter1-6/+16
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+3
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter1-43/+63
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter1-4/+30
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter1-0/+107
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4739: require membership in Domain Admins to be able to set privilegesGerald Carter1-0/+25
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-159/+140
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-15/+13
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3875: Allow to look up at least or own sid in _lsa_lookup_sids.Günther Deschner1-2/+2
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally installed on NT4 in a samba-controlled domain. Guenther (This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
2007-10-10r1340: _samr_lookupsids with more than 32 (MAX_REF_DOMAINS) SIDs failed. ThisVolker Lendecke1-1/+1
happened because init_dom_ref did not find the domain in question in the list of already mentioned domains. Could others please double-check this? Thanks, Volker (This used to be commit d7b2e41f00491ecf57db70e4da8cf8a3d2469c2b)
2007-10-10r911: Patch from "Jerome Borsboom" <j.borsboom@erasmusmc.nl>, don'tJeremy Allison1-6/+6
overwrite error code. Jeremy. (This used to be commit 735e49ddc3c4485c7b43208345d0e3e2b8960ad4)
2007-10-10r810: Fix from "Jerome Borsboom" <j.borsboom@erasmusmc.nl> to ensure error ↵Jeremy Allison1-6/+6
status codes don't get overwritten. Jeremy. (This used to be commit c179451b07c2315a667c2ff683cd30c4d224758e)
2007-10-10r801: Fix from "Jianliang Lu" <j.lu@tiesse.com> to return correct groupJeremy Allison1-0/+2
types. Jeremy. (This used to be commit d97b9146a137d43278f3125bafe8a453da82f4ce)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-5/+4
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+5
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2007-10-10r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, butJim McDonough1-0/+6
we never checked if it was a domain user and didn't find a local one. (This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
2004-02-19Fixup correct (as per W2K3) returns for lookupsids as well as lookupnames.Jeremy Allison1-6/+7
Inspired by Volkers patch. Jeremy. (This used to be commit a47127e90e7d0928b772ba45bd843eeeacc9ef8a)
2004-02-17Fix based on Volker's code to correctly return code from lsa_lookup_sidsJeremy Allison1-17/+19
on unmapped sids. Jeremy. (This used to be commit 37a52c31682fcf115eefc31381c02a3ec29c1f8d)
2004-01-30Fix up name canonicalization (needed for krb5 keytab support later).Jeremy Allison1-1/+1
Remove source_env handler (no longer used in any codepath). Jeremy. (This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
2003-12-10Fix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail ↵Gerald Carter1-1/+1
on local files on on domain members; bug 875 (This used to be commit c6594e35573186966a4d57404f1c06b98670db06)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter1-1/+8
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
2003-10-06split some security related functions in their own files.Simo Sorce1-35/+35
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-38/+33
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-19Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison1-1/+1
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-1/+1
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)