summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-6/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9195: setting log level to 2 instead of 0Gerald Carter1-1/+1
(This used to be commit 3a633a509e8e8e5239d456960f3014172f1e4b3d)
2007-10-10r9194: do not enumerate privileges when they are not enabledGerald Carter1-1/+6
(This used to be commit ff6e3464a2df7fd8a79da8f059a080934d9b3749)
2007-10-10r7995: * privileges are local except when they're *not*Gerald Carter1-1/+1
printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions. (This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-1/+40
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6536: Jeremy, did you actually test this part of revision 801? I just ↵Volker Lendecke1-2/+0
tested that Windows 2003 returns "4 (Local Group)" for rpcclient -c 'lookupnames "System Operators"' Before #ifdef'ing that out again I would like to see a sniff how you get a "5" (WKN_GRP) out of lsa_lookupnames. Volker (This used to be commit f6e27305101ab0c7e04e55b4905e91c19b31f9ef)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-2/+0
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()Gerald Carter1-0/+1
Tested client and server code. (This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-2/+2
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )Gerald Carter1-8/+24
* add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges <name>' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter1-6/+38
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r5458: Generate a sane response to exceeding lookupsids limit. Truncate ↵Jim McDonough1-2/+3
list to zero and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains the benefit of not overallocating memory. The previous response of truncating to the MAX limit was not useful because it crashed lsass.exe on windows (bug opened with MS), and it was also misleading the client to believe that a complete answer was received. (This used to be commit c03a93957404663bbd026668fb95d6c253524fe9)
2007-10-10r5383: add missing checks to allow root to manage user rightsGerald Carter1-2/+12
(This used to be commit ead54b14f6b34f087d3affc2853e16bbbaceb7cc)
2007-10-10r5246: We can't use a pointer to struct lsa_info until is has beenTim Potter1-1/+1
initialised. Fix for bugzilla #2315. Can the privileges dude(s) please verify this? (This used to be commit bc4f884104c04f7c9ab7d370586115a9328ce9b1)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter1-6/+16
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+3
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter1-43/+63
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter1-4/+30
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter1-0/+107
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4739: require membership in Domain Admins to be able to set privilegesGerald Carter1-0/+25
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-159/+140
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-15/+13
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3875: Allow to look up at least or own sid in _lsa_lookup_sids.Günther Deschner1-2/+2
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally installed on NT4 in a samba-controlled domain. Guenther (This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
2007-10-10r1340: _samr_lookupsids with more than 32 (MAX_REF_DOMAINS) SIDs failed. ThisVolker Lendecke1-1/+1
happened because init_dom_ref did not find the domain in question in the list of already mentioned domains. Could others please double-check this? Thanks, Volker (This used to be commit d7b2e41f00491ecf57db70e4da8cf8a3d2469c2b)
2007-10-10r911: Patch from "Jerome Borsboom" <j.borsboom@erasmusmc.nl>, don'tJeremy Allison1-6/+6
overwrite error code. Jeremy. (This used to be commit 735e49ddc3c4485c7b43208345d0e3e2b8960ad4)
2007-10-10r810: Fix from "Jerome Borsboom" <j.borsboom@erasmusmc.nl> to ensure error ↵Jeremy Allison1-6/+6
status codes don't get overwritten. Jeremy. (This used to be commit c179451b07c2315a667c2ff683cd30c4d224758e)
2007-10-10r801: Fix from "Jianliang Lu" <j.lu@tiesse.com> to return correct groupJeremy Allison1-0/+2
types. Jeremy. (This used to be commit d97b9146a137d43278f3125bafe8a453da82f4ce)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-5/+4
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+5
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2007-10-10r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, butJim McDonough1-0/+6
we never checked if it was a domain user and didn't find a local one. (This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
2004-02-19Fixup correct (as per W2K3) returns for lookupsids as well as lookupnames.Jeremy Allison1-6/+7
Inspired by Volkers patch. Jeremy. (This used to be commit a47127e90e7d0928b772ba45bd843eeeacc9ef8a)
2004-02-17Fix based on Volker's code to correctly return code from lsa_lookup_sidsJeremy Allison1-17/+19
on unmapped sids. Jeremy. (This used to be commit 37a52c31682fcf115eefc31381c02a3ec29c1f8d)
2004-01-30Fix up name canonicalization (needed for krb5 keytab support later).Jeremy Allison1-1/+1
Remove source_env handler (no longer used in any codepath). Jeremy. (This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
2003-12-10Fix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail ↵Gerald Carter1-1/+1
on local files on on domain members; bug 875 (This used to be commit c6594e35573186966a4d57404f1c06b98670db06)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter1-1/+8
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
2003-10-06split some security related functions in their own files.Simo Sorce1-35/+35
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-38/+33
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-19Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison1-1/+1
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-1/+1
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-1/+1
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-20/+38
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-05-07Set our 'global sam name' in one place. For domain controllers, this isAndrew Bartlett1-19/+4
lp_workgroup(), for all other server this is global_myname(). This is the name of the domain for accounts on *this* system, and getting this wrong caused interesting bugs with 'take ownership' on member servers and standalone servers at Snap. (They lookup the username that they got, then convert that to a SID - but becouse the domain out of the smbpasswd entry was wrong, we would fail the lookup). Andrew Bartlett (This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)
2003-04-22Oops...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 898ff89632a394ff32fd38f1c4e94412388fa8bd)
2003-04-22Make our 'get DNS domain name' code try a bit harder - if gethostname() doesn'tAndrew Bartlett1-3/+11
include a domain portion, do a gethostbyname() lookup on that name. Use this name in our PolicyPrimaryDomainInformation reply (_lsa_query_info2) that Win2k uses when trying to trust us as a trusted domain. (We need to do a better mapping between our Netbios and Win2k domain names, but this will do for now - particularly annoying is the way this possibly needs to map with our kerberos realm). Andrew Bartlett (This used to be commit 3be03271030208a69da29c6e2a7b92cdbaa8c6aa)
2003-03-13Merge of Andrew Bartlett's SID limit fix from HEAD.Jeremy Allison1-0/+5
Jeremy. (This used to be commit 98ed7e0cbbc693b486bb91855cb3331e51daef6c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-22/+19
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-9/+9
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-0/+2
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with HEADJelmer Vernooij1-1/+96
(This used to be commit e01596853e3eea533baa08c33f26ded75f33fdd4)