summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15044: Fix the build. (void returning non-void).Günther Deschner1-1/+1
Guenther (This used to be commit 3ff278b852b4085461127bc7ccb2c5dba81fb3c8)
2007-10-10r15041: Adding rpc client calls to manipulate auditing policies on remote CIFSGünther Deschner1-16/+37
servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-1/+1
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14182: Ensure we know that dom_sid cannot be null.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e3a28bf4c8064f7053b7d1a25a2f087ac2095fcd)
2007-10-10r13553: Fix all our warnings at -O6 on an x86_64 box.Jeremy Allison1-10/+10
Jeremy. (This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
2007-10-10r13521: Implement LOOKUPNAME3 and 4.Jeremy Allison1-28/+257
Jeremy. (This used to be commit 6ec0e9124a1a7b19c9853b8e26075cbbb8751f10)
2007-10-10r13458: Add parsing functions - but stub internals for lookupnames3 and 4.Jeremy Allison1-0/+17
Jeremy. (This used to be commit f1a362580ae37730dc8393a79f832aed5d0ea4be)
2007-10-10r13456: Add lsa_lookup_names2.Jeremy Allison1-0/+89
Jeremy. (This used to be commit b57406c89feaf550f6c2d29ef0ed73a935908add)
2007-10-10r13455: Prepare to add lookupnames2.Jeremy Allison1-13/+12
Jeremy. (This used to be commit 2274709587bd1f27bea2eacf633182f20cd07b1e)
2007-10-10r13449: Ensure we don't crash if no dc struct on pipe.Jeremy Allison1-0/+5
Jeremy. (This used to be commit a9e1d0f3b4fd7a0732a5023d0b4dcc2c4b1b03f8)
2007-10-10r13447: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3.Jeremy Allison1-65/+233
Jeremy. (This used to be commit a164cfab420a2439dad8fd85f8b4d652087fa6b9)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-123/+133
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-5/+4
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-3/+4
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-54/+69
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r12043: It's amazing the warnings you find when compiling on a 64-bitJeremy Allison1-20/+20
box with gcc4 and -O6... Fix a bunch of C99 dereferencing type-punned pointer will break strict-aliasing rules errors. Also added prs_int32 (not uint32...) as it's needed in one place. Find places where prs_uint32 was being used to marshall/unmarshall a time_t (a big no no on 64-bits). More warning fixes to come. Thanks to Volker for nudging me to compile like this. Jeremy. (This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-6/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9195: setting log level to 2 instead of 0Gerald Carter1-1/+1
(This used to be commit 3a633a509e8e8e5239d456960f3014172f1e4b3d)
2007-10-10r9194: do not enumerate privileges when they are not enabledGerald Carter1-1/+6
(This used to be commit ff6e3464a2df7fd8a79da8f059a080934d9b3749)
2007-10-10r7995: * privileges are local except when they're *not*Gerald Carter1-1/+1
printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions. (This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-1/+40
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6536: Jeremy, did you actually test this part of revision 801? I just ↵Volker Lendecke1-2/+0
tested that Windows 2003 returns "4 (Local Group)" for rpcclient -c 'lookupnames "System Operators"' Before #ifdef'ing that out again I would like to see a sniff how you get a "5" (WKN_GRP) out of lsa_lookupnames. Volker (This used to be commit f6e27305101ab0c7e04e55b4905e91c19b31f9ef)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-2/+0
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()Gerald Carter1-0/+1
Tested client and server code. (This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-2/+2
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )Gerald Carter1-8/+24
* add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges <name>' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter1-6/+38
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r5458: Generate a sane response to exceeding lookupsids limit. Truncate ↵Jim McDonough1-2/+3
list to zero and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains the benefit of not overallocating memory. The previous response of truncating to the MAX limit was not useful because it crashed lsass.exe on windows (bug opened with MS), and it was also misleading the client to believe that a complete answer was received. (This used to be commit c03a93957404663bbd026668fb95d6c253524fe9)
2007-10-10r5383: add missing checks to allow root to manage user rightsGerald Carter1-2/+12
(This used to be commit ead54b14f6b34f087d3affc2853e16bbbaceb7cc)
2007-10-10r5246: We can't use a pointer to struct lsa_info until is has beenTim Potter1-1/+1
initialised. Fix for bugzilla #2315. Can the privileges dude(s) please verify this? (This used to be commit bc4f884104c04f7c9ab7d370586115a9328ce9b1)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter1-6/+16
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+3
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter1-43/+63
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter1-4/+30
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4742: add server support for lsa_add/remove_account_rights() and fix some ↵Gerald Carter1-0/+107
parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2007-10-10r4739: require membership in Domain Admins to be able to set privilegesGerald Carter1-0/+25
(This used to be commit e8b4cedc2081eeff53d86c2d894632e57a17926f)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-159/+140
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-15/+13
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3875: Allow to look up at least or own sid in _lsa_lookup_sids.Günther Deschner1-2/+2
This fixes Bugzilla #1076 and Exchange 5.5 SP4 can then be finally installed on NT4 in a samba-controlled domain. Guenther (This used to be commit bb191c1098dea06bf2cd89276c74e32279fbb3d4)
2007-10-10r1340: _samr_lookupsids with more than 32 (MAX_REF_DOMAINS) SIDs failed. ThisVolker Lendecke1-1/+1
happened because init_dom_ref did not find the domain in question in the list of already mentioned domains. Could others please double-check this? Thanks, Volker (This used to be commit d7b2e41f00491ecf57db70e4da8cf8a3d2469c2b)
2007-10-10r911: Patch from "Jerome Borsboom" <j.borsboom@erasmusmc.nl>, don'tJeremy Allison1-6/+6
overwrite error code. Jeremy. (This used to be commit 735e49ddc3c4485c7b43208345d0e3e2b8960ad4)
2007-10-10r810: Fix from "Jerome Borsboom" <j.borsboom@erasmusmc.nl> to ensure error ↵Jeremy Allison1-6/+6
status codes don't get overwritten. Jeremy. (This used to be commit c179451b07c2315a667c2ff683cd30c4d224758e)
2007-10-10r801: Fix from "Jianliang Lu" <j.lu@tiesse.com> to return correct groupJeremy Allison1-0/+2
types. Jeremy. (This used to be commit d97b9146a137d43278f3125bafe8a453da82f4ce)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-5/+4
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+5
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2007-10-10r91: Fix lsalookupnames. Previously we'd fail if we didn't find the name, butJim McDonough1-0/+6
we never checked if it was a domain user and didn't find a local one. (This used to be commit 68022f5ebc55d1f3403dee5198d364cff300baf5)
2004-02-19Fixup correct (as per W2K3) returns for lookupsids as well as lookupnames.Jeremy Allison1-6/+7
Inspired by Volkers patch. Jeremy. (This used to be commit a47127e90e7d0928b772ba45bd843eeeacc9ef8a)
2004-02-17Fix based on Volker's code to correctly return code from lsa_lookup_sidsJeremy Allison1-17/+19
on unmapped sids. Jeremy. (This used to be commit 37a52c31682fcf115eefc31381c02a3ec29c1f8d)
2004-01-30Fix up name canonicalization (needed for krb5 keytab support later).Jeremy Allison1-1/+1
Remove source_env handler (no longer used in any codepath). Jeremy. (This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
2003-12-10Fix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail ↵Gerald Carter1-1/+1
on local files on on domain members; bug 875 (This used to be commit c6594e35573186966a4d57404f1c06b98670db06)