Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-07-25 | Fix a 32/64bit stack corruption bug | Volker Lendecke | 1 | -1/+1 | |
2009-07-17 | s3-lsa: let _lsa_Delete return NT_STATUS_NOT_SUPPORTED as w2k3 does. | Günther Deschner | 1 | -6/+10 | |
Guenther | |||||
2009-07-17 | s3-lsa: Fix access_mask calculation for new handle in _lsa_CreateAccount(). | Günther Deschner | 1 | -6/+24 | |
Guenther | |||||
2009-07-17 | s3-lsa: add (not yet activate) level specific access checks for ↵ | Günther Deschner | 1 | -0/+42 | |
_lsa_QueryInfoPolicy. Guenther | |||||
2009-07-17 | s3-lsa: also implement level 13 in lsa_QueryInfoPolicy. | Günther Deschner | 1 | -19/+24 | |
Guenther | |||||
2009-07-17 | s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject(). | Günther Deschner | 1 | -4/+14 | |
Guenther | |||||
2009-07-17 | s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity(). | Günther Deschner | 1 | -13/+3 | |
Guenther | |||||
2009-07-17 | s3-lsa: implement _lsa_LookupPrivName(). | Günther Deschner | 1 | -6/+45 | |
Guenther | |||||
2009-07-17 | s3-lsa: implement _lsa_EnumAccountsWithUserRight(). | Günther Deschner | 1 | -6/+57 | |
Guenther | |||||
2009-07-13 | s3-rpc_server: pass down full unix token to map_max_allowed_access(). | Günther Deschner | 1 | -2/+6 | |
Also use unix_token->uid instead of geteuid() when checking for mapping of the SEC_FLAG_MAXIMUM_ALLOWED flag. Guenther | |||||
2009-07-04 | Handle LSA_POLICY_INFO_DNS | Volker Lendecke | 1 | -0/+26 | |
2009-07-04 | Implement QueryInfoPolicy2 similar to s4: Make it the same as QueryInfoPolicy | Volker Lendecke | 1 | -3/+15 | |
Don't reply to it for non-pdb-ads to keep up our old behaviour | |||||
2009-06-28 | _lsa_QueryInfoPolicy: Use symbolic info level names | Volker Lendecke | 1 | -4/+4 | |
2009-06-23 | s3-lsa: Fix error path in _lsa_EnumAccountRights. | Günther Deschner | 1 | -2/+11 | |
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND again as described in MS-LSAD 3.1.4.5.10 and tested with the RPC-SAMR-USER-PRIVILEGES test. Guenther | |||||
2009-06-16 | _lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return an | Jeremy Allison | 1 | -19/+17 | |
empty set of privilages if the SID doesn't have any. (From [MS-LSAD.pdf]) Jeremy. | |||||
2009-06-08 | s3-lsa: remove old code that we cannot even compile anymore. | Günther Deschner | 1 | -111/+0 | |
Guenther | |||||
2009-05-20 | Add a security model to LSA. Similar to the SAMR code - using | Jeremy Allison | 1 | -88/+227 | |
the MS-LSA docs. Jeremy. | |||||
2009-05-18 | Change access_check_samr_object -> access_check_object. | Jeremy Allison | 1 | -15/+9 | |
Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy. | |||||
2009-05-19 | s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2(). | Günther Deschner | 1 | -37/+6 | |
Guenther | |||||
2009-05-18 | s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount(). | Günther Deschner | 1 | -3/+23 | |
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-05-18 | s3-lsa: start a very basic implementation of _lsa_DeleteObject(). | Günther Deschner | 1 | -1/+23 | |
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-05-11 | s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵ | Günther Deschner | 1 | -0/+1 | |
a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther | |||||
2009-04-30 | s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount(). | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-04-16 | s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3. | Günther Deschner | 1 | -1/+9 | |
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED. Guenther (cherry picked from commit 1c9266c8caa59e287b993393b6050732a0b33547) | |||||
2009-04-02 | s3-lsa: use LSA_ROLE definitions in _lsa_QueryInfoPolicy(). | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-04-02 | s3-lsa: don't SAFE_FREE talloced structs. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-03-24 | Fix bug 6097 | Volker Lendecke | 1 | -0/+4 | |
A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel <wylda@volny.cz> for the bug report! | |||||
2009-01-08 | Now that all policy_handle free_fn's are just TALLOC_FREE, dump free_fn | Volker Lendecke | 1 | -17/+8 | |
2009-01-08 | Use TALLOC for struct lsa_info | Volker Lendecke | 1 | -11/+13 | |
2009-01-06 | s3-lsa: avoid all init_lsa* functions. | Günther Deschner | 1 | -3/+7 | |
Guenther | |||||
2008-11-24 | Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! | Volker Lendecke | 1 | -17/+25 | |
2008-10-31 | Unify se_access_check with the S4 code. Will make | Jeremy Allison | 1 | -2/+4 | |
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy. | |||||
2008-10-27 | s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl. | Günther Deschner | 1 | -3/+5 | |
Guenther | |||||
2008-10-21 | s3-build: fix the build. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2008-10-21 | s3-lsa-server: fix _lsa_GetUserName. | Günther Deschner | 1 | -8/+21 | |
Guenther | |||||
2008-10-17 | Unify access checks for lsa server functions. | Jeremy Allison | 1 | -4/+17 | |
Jeremy. | |||||
2008-10-15 | s3: fix s3 lsa server. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2008-10-09 | Remove SEC_ACCESS. It's a uint32_t. | Jeremy Allison | 1 | -7/+3 | |
Jeremy. | |||||
2008-07-18 | Fix typos. | Karolin Seeger | 1 | -14/+14 | |
the user have -> has Karolin (This used to be commit 1ee2ad1051e6076709ef8ed2f45bebff10b0c3cf) | |||||
2008-06-26 | Remove p->vuid | Volker Lendecke | 1 | -7/+3 | |
The users can use p->server_info. Now pipes_struct is decoupled from the SMB transport. (This used to be commit d4cf5a131919530317cd457006b4df5af2c69fa7) | |||||
2008-06-16 | Fix bug 5500 -- thanks to mathion at thorrovydeti.com for reporting | Volker Lendecke | 1 | -0/+2 | |
(cherry picked from commit 996c3ce6f0dbe79b0679ae30afd873c24fe5b1eb) (This used to be commit 1f86c7a2a19e66948c9b51572d3c078b6e03ef52) | |||||
2008-05-05 | Remove "userdom_struct user" from "struct user_struct" | Volker Lendecke | 1 | -2/+2 | |
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805) | |||||
2008-05-05 | Remove "guest" from "struct user_struct" | Volker Lendecke | 1 | -1/+1 | |
(This used to be commit 570a6b80feb5b0dc23213ba936c721e766cd4818) | |||||
2008-03-04 | Fix counter mismatch in lsa_LookupNames3 server. | Günther Deschner | 1 | -2/+2 | |
Guenther (This used to be commit e052d6f2c82a644986e5d99f640310d71cd5c396) | |||||
2008-03-04 | Fix counter mismatch in lsa_LookupNames server. | Günther Deschner | 1 | -2/+2 | |
Guenther (This used to be commit 80fd085c34befd38d33cf6e59080a2a36016a92d) | |||||
2008-03-04 | Fix lsa_QueryInfoPolicy: make proper talloc copies of the sids. | Günther Deschner | 1 | -4/+11 | |
Guenther (This used to be commit b9441232d66d78e66464be6c9748a023681ce6ca) | |||||
2008-03-04 | Zero more structs initially in LSA rpc server. | Günther Deschner | 1 | -0/+4 | |
Guenther (This used to be commit d7ce643285276790a65faff76666498595a508d7) | |||||
2008-03-03 | Zero out the out policy handler in lsa_Close | Volker Lendecke | 1 | -0/+1 | |
... after a REALLY long session staring at sniffs we can now join XP to v3-2-test again... Apparently not doing this makes XP keep an internal handle to LSA open which confuses the hell out of it. Karolin, this needs to be in v3-2-stable :-) Volker (This used to be commit 2c42fc21d8bede226e411623aecd69038477373b) | |||||
2008-02-27 | Add my copyright. | Günther Deschner | 1 | -0/+1 | |
Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97) | |||||
2008-02-27 | Move LSA_AUDIT_NUM_CATEGORIES defines to lsa rpc_server. | Günther Deschner | 1 | -0/+4 | |
Guenther (This used to be commit 9e7d32e28ce40ff158f3705354e8673f99b462bc) |