summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-21s3-lsa: Fix sid in DEBUG in_lsa_EnumAccountRights.Günther Deschner1-2/+1
Andrew, you removed the sid_copy buit forgot the sid, please check. Guenther
2010-09-20s3-util: use shared dom_sid_dup.Günther Deschner1-6/+6
Guenther
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-1/+2
Guenther
2010-09-11s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmapAndrew Bartlett1-56/+18
This avoids us dealing with the privilege bitmap in the LSA server, and overhauls much of the rest of the handling to be currnet with the modern world of talloc. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Hide the bitmap-based grant_privilege and revoke_privilegeAndrew Bartlett1-12/+3
The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Make privilege_enum_sids() take an LUID, not a bitmapAndrew Bartlett1-3/+4
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rework access_check_object() to take two privilegesAndrew Bartlett1-5/+5
This allows the privileges bitmap to be used only when setting privileges, and uses an the LUID constant for all 'does this user have this privilege' operations. The advantage is that we now only need one API to determine if a token has a privilege, and much less code needs to know what type is used for the underlying bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()Andrew Bartlett1-3/+9
These functions duplicate other functions in the merged code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer from grant_privilege()Andrew Bartlett1-1/+1
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove pointer indirection from se_priv_to_privilege_set()Andrew Bartlett1-2/+2
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Remove a pointer indirection from revoke_privilege()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Don't export privs[] as a global variableAndrew Bartlett1-5/+2
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-lsa Use sec_privilege_id() to lookup name to LUIDAndrew Bartlett1-9/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security Return number of entries in the old source3 listAndrew Bartlett1-1/+1
This ensures there isn't a behaviour change when the source3 list is combined with the longer source4 list. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/privileges Simplify get_privilege_luid() to return just the enumAndrew Bartlett1-4/+2
As Samba only deals with the lower 32 bits of the LUID, just return those and let the LSA layer deal with the upper 0 bits. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett1-4/+2
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Rename structure elements for greater clarityAndrew Bartlett1-1/+1
It is important to make clear which is the LUID and which is the Samba-only bitmap mask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Further changes to remove SE_PRIVAndrew Bartlett1-6/+6
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-25s3-lsa: separate out init_lsa headers.Günther Deschner1-0/+1
Guenther
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-07-28s3-dcerpc: Use dcerpc_AuthType in pipe_auth_dataSimo Sorce1-2/+2
2010-07-28s3-lsa: Use struct pipes_struct.Andreas Schneider1-83/+120
2010-07-13s3-dceprc: Store opnum in its own variableSimo Sorce1-2/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-07s3-privileges: use LUID defines from lsa IDL.Günther Deschner1-6/+4
Guenther
2010-06-03s3-security: use shared "Standard access rights.".Günther Deschner1-2/+2
Guenther
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-17/+17
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-6/+6
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner1-1/+1
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner1-1/+1
Guenther
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner1-1/+1
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-03-16s3-lsa: fix _lsa_lsaRSetForestTrustInformation server stub.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org>
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke1-2/+1
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner1-0/+1
samba. Guenther
2009-11-03s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy().Günther Deschner1-0/+32
Add dummys (just like s4 does) and fill in some more appropriate error codes. Guenther
2009-10-30s3-lsa: expand struct lsa_info to carry name and sd.Günther Deschner1-0/+2
Guenther
2009-10-30s3-lsa: use switch in _lsa_QuerySecurity().Günther Deschner1-3/+7
Guenther
2009-10-28s3-lsa: add lsa_trusted_domain_mapping.Günther Deschner1-0/+7
Guenther
2009-10-28s3-lsa: add lsa_secret_mapping.Günther Deschner1-0/+7
Guenther
2009-10-28s3-lsa: use correct function name in_lsa_RemoveAccountRights().Günther Deschner1-1/+1
Guenther
2009-10-28s3-lsa: pure cosmetic indentation fixes.Günther Deschner1-18/+16
Guenther
2009-10-28s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags().Günther Deschner1-7/+8
Guenther
2009-10-21s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-21s3-lsa: make s3 pass against RPC-LSA-LOOKUPNAMES again.Günther Deschner1-6/+7
Do what W2k8 does and return the builtin domain for a NULL name. Guenther
2009-10-20s3-lsa: Fix _lsa_EnumTrustDom().Günther Deschner1-41/+25
Windows clients were showing a lot of duplicates in their list of trusted domains. Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-20s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.Günther Deschner1-0/+5
Found by RPC-LSA-PRIVILEGES torture test. Guenther
2009-10-20s3-lsa: When looking up domains in LookupNames, do not strip the sid.Günther Deschner1-1/+5
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-10-20s3-lsa: allow to have NULL strings in lsa LookupName queries.Günther Deschner1-1/+4
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther