summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2009-10-20s3-lsa: allow to have NULL strings in lsa LookupName queries.Günther Deschner1-1/+4
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-09-11lsa: fill in more unknowns in lsa_LookupSid calls.Günther Deschner1-2/+2
Guenther
2009-07-25Fix a 32/64bit stack corruption bugVolker Lendecke1-1/+1
2009-07-17s3-lsa: let _lsa_Delete return NT_STATUS_NOT_SUPPORTED as w2k3 does.Günther Deschner1-6/+10
Guenther
2009-07-17s3-lsa: Fix access_mask calculation for new handle in _lsa_CreateAccount().Günther Deschner1-6/+24
Guenther
2009-07-17s3-lsa: add (not yet activate) level specific access checks for ↵Günther Deschner1-0/+42
_lsa_QueryInfoPolicy. Guenther
2009-07-17s3-lsa: also implement level 13 in lsa_QueryInfoPolicy.Günther Deschner1-19/+24
Guenther
2009-07-17s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject().Günther Deschner1-4/+14
Guenther
2009-07-17s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity().Günther Deschner1-13/+3
Guenther
2009-07-17s3-lsa: implement _lsa_LookupPrivName().Günther Deschner1-6/+45
Guenther
2009-07-17s3-lsa: implement _lsa_EnumAccountsWithUserRight().Günther Deschner1-6/+57
Guenther
2009-07-13s3-rpc_server: pass down full unix token to map_max_allowed_access().Günther Deschner1-2/+6
Also use unix_token->uid instead of geteuid() when checking for mapping of the SEC_FLAG_MAXIMUM_ALLOWED flag. Guenther
2009-07-04Handle LSA_POLICY_INFO_DNSVolker Lendecke1-0/+26
2009-07-04Implement QueryInfoPolicy2 similar to s4: Make it the same as QueryInfoPolicyVolker Lendecke1-3/+15
Don't reply to it for non-pdb-ads to keep up our old behaviour
2009-06-28_lsa_QueryInfoPolicy: Use symbolic info level namesVolker Lendecke1-4/+4
2009-06-23s3-lsa: Fix error path in _lsa_EnumAccountRights.Günther Deschner1-2/+11
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND again as described in MS-LSAD 3.1.4.5.10 and tested with the RPC-SAMR-USER-PRIVILEGES test. Guenther
2009-06-16_lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return anJeremy Allison1-19/+17
empty set of privilages if the SID doesn't have any. (From [MS-LSAD.pdf]) Jeremy.
2009-06-08s3-lsa: remove old code that we cannot even compile anymore.Günther Deschner1-111/+0
Guenther
2009-05-20Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison1-88/+227
the MS-LSA docs. Jeremy.
2009-05-18Change access_check_samr_object -> access_check_object.Jeremy Allison1-15/+9
Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy.
2009-05-19s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2().Günther Deschner1-37/+6
Guenther
2009-05-18s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount().Günther Deschner1-3/+23
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-18s3-lsa: start a very basic implementation of _lsa_DeleteObject().Günther Deschner1-1/+23
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-11s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵Günther Deschner1-0/+1
a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther
2009-04-30s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount().Günther Deschner1-1/+2
Guenther
2009-04-16s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3.Günther Deschner1-1/+9
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED. Guenther (cherry picked from commit 1c9266c8caa59e287b993393b6050732a0b33547)
2009-04-02s3-lsa: use LSA_ROLE definitions in _lsa_QueryInfoPolicy().Günther Deschner1-2/+2
Guenther
2009-04-02s3-lsa: don't SAFE_FREE talloced structs.Günther Deschner1-2/+2
Guenther
2009-03-24Fix bug 6097Volker Lendecke1-0/+4
A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel <wylda@volny.cz> for the bug report!
2009-01-08Now that all policy_handle free_fn's are just TALLOC_FREE, dump free_fnVolker Lendecke1-17/+8
2009-01-08Use TALLOC for struct lsa_infoVolker Lendecke1-11/+13
2009-01-06s3-lsa: avoid all init_lsa* functions.Günther Deschner1-3/+7
Guenther
2008-11-24Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS!Volker Lendecke1-17/+25
2008-10-31Unify se_access_check with the S4 code. Will makeJeremy Allison1-2/+4
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
2008-10-27s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl.Günther Deschner1-3/+5
Guenther
2008-10-21s3-build: fix the build.Günther Deschner1-2/+2
Guenther
2008-10-21s3-lsa-server: fix _lsa_GetUserName.Günther Deschner1-8/+21
Guenther
2008-10-17Unify access checks for lsa server functions.Jeremy Allison1-4/+17
Jeremy.
2008-10-15s3: fix s3 lsa server.Günther Deschner1-2/+2
Guenther
2008-10-09Remove SEC_ACCESS. It's a uint32_t.Jeremy Allison1-7/+3
Jeremy.
2008-07-18Fix typos.Karolin Seeger1-14/+14
the user have -> has Karolin (This used to be commit 1ee2ad1051e6076709ef8ed2f45bebff10b0c3cf)
2008-06-26Remove p->vuidVolker Lendecke1-7/+3
The users can use p->server_info. Now pipes_struct is decoupled from the SMB transport. (This used to be commit d4cf5a131919530317cd457006b4df5af2c69fa7)
2008-06-16Fix bug 5500 -- thanks to mathion at thorrovydeti.com for reportingVolker Lendecke1-0/+2
(cherry picked from commit 996c3ce6f0dbe79b0679ae30afd873c24fe5b1eb) (This used to be commit 1f86c7a2a19e66948c9b51572d3c078b6e03ef52)
2008-05-05Remove "userdom_struct user" from "struct user_struct"Volker Lendecke1-2/+2
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
2008-05-05Remove "guest" from "struct user_struct"Volker Lendecke1-1/+1
(This used to be commit 570a6b80feb5b0dc23213ba936c721e766cd4818)
2008-03-04Fix counter mismatch in lsa_LookupNames3 server.Günther Deschner1-2/+2
Guenther (This used to be commit e052d6f2c82a644986e5d99f640310d71cd5c396)
2008-03-04Fix counter mismatch in lsa_LookupNames server.Günther Deschner1-2/+2
Guenther (This used to be commit 80fd085c34befd38d33cf6e59080a2a36016a92d)
2008-03-04Fix lsa_QueryInfoPolicy: make proper talloc copies of the sids.Günther Deschner1-4/+11
Guenther (This used to be commit b9441232d66d78e66464be6c9748a023681ce6ca)
2008-03-04Zero more structs initially in LSA rpc server.Günther Deschner1-0/+4
Guenther (This used to be commit d7ce643285276790a65faff76666498595a508d7)
2008-03-03Zero out the out policy handler in lsa_CloseVolker Lendecke1-0/+1
... after a REALLY long session staring at sniffs we can now join XP to v3-2-test again... Apparently not doing this makes XP keep an internal handle to LSA open which confuses the hell out of it. Karolin, this needs to be in v3-2-stable :-) Volker (This used to be commit 2c42fc21d8bede226e411623aecd69038477373b)
generated by cgit (git 2.34.1) at 2024-07-07 18:36:49 +0000