summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke1-2/+1
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner1-0/+1
samba. Guenther
2009-11-03s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy().Günther Deschner1-0/+32
Add dummys (just like s4 does) and fill in some more appropriate error codes. Guenther
2009-10-30s3-lsa: expand struct lsa_info to carry name and sd.Günther Deschner1-0/+2
Guenther
2009-10-30s3-lsa: use switch in _lsa_QuerySecurity().Günther Deschner1-3/+7
Guenther
2009-10-28s3-lsa: add lsa_trusted_domain_mapping.Günther Deschner1-0/+7
Guenther
2009-10-28s3-lsa: add lsa_secret_mapping.Günther Deschner1-0/+7
Guenther
2009-10-28s3-lsa: use correct function name in_lsa_RemoveAccountRights().Günther Deschner1-1/+1
Guenther
2009-10-28s3-lsa: pure cosmetic indentation fixes.Günther Deschner1-18/+16
Guenther
2009-10-28s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags().Günther Deschner1-7/+8
Guenther
2009-10-21s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-21s3-lsa: make s3 pass against RPC-LSA-LOOKUPNAMES again.Günther Deschner1-6/+7
Do what W2k8 does and return the builtin domain for a NULL name. Guenther
2009-10-20s3-lsa: Fix _lsa_EnumTrustDom().Günther Deschner1-41/+25
Windows clients were showing a lot of duplicates in their list of trusted domains. Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-20s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.Günther Deschner1-0/+5
Found by RPC-LSA-PRIVILEGES torture test. Guenther
2009-10-20s3-lsa: When looking up domains in LookupNames, do not strip the sid.Günther Deschner1-1/+5
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-10-20s3-lsa: allow to have NULL strings in lsa LookupName queries.Günther Deschner1-1/+4
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-09-11lsa: fill in more unknowns in lsa_LookupSid calls.Günther Deschner1-2/+2
Guenther
2009-07-25Fix a 32/64bit stack corruption bugVolker Lendecke1-1/+1
2009-07-17s3-lsa: let _lsa_Delete return NT_STATUS_NOT_SUPPORTED as w2k3 does.Günther Deschner1-6/+10
Guenther
2009-07-17s3-lsa: Fix access_mask calculation for new handle in _lsa_CreateAccount().Günther Deschner1-6/+24
Guenther
2009-07-17s3-lsa: add (not yet activate) level specific access checks for ↵Günther Deschner1-0/+42
_lsa_QueryInfoPolicy. Guenther
2009-07-17s3-lsa: also implement level 13 in lsa_QueryInfoPolicy.Günther Deschner1-19/+24
Guenther
2009-07-17s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject().Günther Deschner1-4/+14
Guenther
2009-07-17s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity().Günther Deschner1-13/+3
Guenther
2009-07-17s3-lsa: implement _lsa_LookupPrivName().Günther Deschner1-6/+45
Guenther
2009-07-17s3-lsa: implement _lsa_EnumAccountsWithUserRight().Günther Deschner1-6/+57
Guenther
2009-07-13s3-rpc_server: pass down full unix token to map_max_allowed_access().Günther Deschner1-2/+6
Also use unix_token->uid instead of geteuid() when checking for mapping of the SEC_FLAG_MAXIMUM_ALLOWED flag. Guenther
2009-07-04Handle LSA_POLICY_INFO_DNSVolker Lendecke1-0/+26
2009-07-04Implement QueryInfoPolicy2 similar to s4: Make it the same as QueryInfoPolicyVolker Lendecke1-3/+15
Don't reply to it for non-pdb-ads to keep up our old behaviour
2009-06-28_lsa_QueryInfoPolicy: Use symbolic info level namesVolker Lendecke1-4/+4
2009-06-23s3-lsa: Fix error path in _lsa_EnumAccountRights.Günther Deschner1-2/+11
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND again as described in MS-LSAD 3.1.4.5.10 and tested with the RPC-SAMR-USER-PRIVILEGES test. Guenther
2009-06-16_lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return anJeremy Allison1-19/+17
empty set of privilages if the SID doesn't have any. (From [MS-LSAD.pdf]) Jeremy.
2009-06-08s3-lsa: remove old code that we cannot even compile anymore.Günther Deschner1-111/+0
Guenther
2009-05-20Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison1-88/+227
the MS-LSA docs. Jeremy.
2009-05-18Change access_check_samr_object -> access_check_object.Jeremy Allison1-15/+9
Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy.
2009-05-19s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2().Günther Deschner1-37/+6
Guenther
2009-05-18s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount().Günther Deschner1-3/+23
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-18s3-lsa: start a very basic implementation of _lsa_DeleteObject().Günther Deschner1-1/+23
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-11s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵Günther Deschner1-0/+1
a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther
2009-04-30s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount().Günther Deschner1-1/+2
Guenther
2009-04-16s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3.Günther Deschner1-1/+9
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED. Guenther (cherry picked from commit 1c9266c8caa59e287b993393b6050732a0b33547)
2009-04-02s3-lsa: use LSA_ROLE definitions in _lsa_QueryInfoPolicy().Günther Deschner1-2/+2
Guenther
2009-04-02s3-lsa: don't SAFE_FREE talloced structs.Günther Deschner1-2/+2
Guenther
2009-03-24Fix bug 6097Volker Lendecke1-0/+4
A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel <wylda@volny.cz> for the bug report!
2009-01-08Now that all policy_handle free_fn's are just TALLOC_FREE, dump free_fnVolker Lendecke1-17/+8
2009-01-08Use TALLOC for struct lsa_infoVolker Lendecke1-11/+13
2009-01-06s3-lsa: avoid all init_lsa* functions.Günther Deschner1-3/+7
Guenther
2008-11-24Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS!Volker Lendecke1-17/+25
2008-10-31Unify se_access_check with the S4 code. Will makeJeremy Allison1-2/+4
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
2008-10-27s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl.Günther Deschner1-3/+5
Guenther