summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_samr_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2009-05-15Ensure users with SeAddUser privs get full access toJeremy Allison1-3/+3
groups/aliases when opening. Jeremy.
2009-05-15Add extra abilities for a user with SeAddUsers, so theyJeremy Allison1-2/+15
can manipulate groups and aliases. Jeremy.
2009-05-15DeleteUser doesn't need the priv checks, this is done at OpenUser time.Jeremy Allison1-20/+0
Jeremy.
2009-05-15s3-samr: Fix samr access checks in _samr_RemoveMemberFromForeignDomain().Günther Deschner1-1/+1
Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_SetUserInfo().Günther Deschner1-14/+109
Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_QueryUserInfo().Günther Deschner1-3/+71
Guenther
2009-05-15s3-samr: in _samr_QueryUserInfo() make sure to not return any info in error ↵Günther Deschner1-1/+6
case. Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_SetDomainInfo().Günther Deschner1-7/+22
Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_QueryDomainInfo().Günther Deschner1-1/+31
Guenther
2009-05-15s3-samr: use normal integer in r->in.level switch statements.Günther Deschner1-29/+29
Guenther
2009-05-14Fix the core of the SAMR access functions. This passes make test, butJeremy Allison1-197/+156
usrmgr fails against it. The core of this patch is to move all the access mask setup into the _samr_OpenXXX functions, and then have each specific function check the attached access_mask against the required bits. We can then go through the MS-SAMR doc and match things up. Signed off by Guenther, and writespace cleanup removal by Volker. Jeremy.
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison1-2/+2
Should make Solaris 10 builds look cleaner. Jeremy.
2009-05-12s3-samr: implement _samr_RidToSid().Günther Deschner1-10/+30
Guenther
2009-05-12s3-samr: Let _samr_TestPrivateFunctionsDomain() return ↵Günther Deschner1-1/+0
NT_STATUS_NOT_SUPPORTED to make RPC-SAMR happy. Guenther
2009-05-11s3-samr: Fix Bug #5859, renaming of samr objects failed due to samr ↵Günther Deschner1-0/+3
setuserinfo access checks. Torture test to follow... Guenther
2009-05-09s3-samr: Fix SetUserInfo level 7 when there has been no name change.Günther Deschner1-0/+6
Found by torture test. Guenther
2009-05-08s3-samr: more accurateness in _samr_SetDomainInfo().Günther Deschner1-3/+3
Guenther
2009-05-08s3-samr: implement more info levels in _samr_QueryDomainInfo().Günther Deschner1-0/+82
Gets us closer to pass RPC-SAMR. Guenther
2009-05-08s3-samr: Fix potential memory leak in _samr_ChangePasswordUser().Günther Deschner1-1/+2
Guenther
2009-05-08s3-selftest: need to enable lanman auth in order make RPC-SAMR-PASSWORDS pass.Günther Deschner1-0/+4
Guenther
2009-05-08s3-samr: Do not leak information whether a user exist or not in pwd change ↵Günther Deschner1-0/+11
calls. Found by torture test. Guenther
2009-05-08s3-samr: implement _samr_ChangePasswordUser().Günther Deschner1-10/+106
This is vastly copied from samba4 samr server. Guenther
2009-05-08s3-samr: implement _samr_OemChangePasswordUser2().Günther Deschner1-10/+48
Guenther
2009-05-08s3-samr: Let _samr_TestPrivateFunctionsUser() return not supported.Günther Deschner1-1/+0
This is to get us closer to pass RPC-SAMR-USERS. Guenther
2009-05-08s3-samr: Do not return users in _samr_QueryDisplayInfo() for builtin domain.Günther Deschner1-0/+5
Found by torture test. Guenther
2009-05-08s3-samr: let set_user_info_16 and 20 follow the same pattern as all other ↵Günther Deschner1-29/+17
levels. Guenther
2009-05-08s3-samr: support some more info levels in samr_SetUserInfo calls.Günther Deschner1-0/+230
Guenther
2009-05-08s3-samr: support some more info levels in samr_QueryUser calls.Günther Deschner1-0/+266
Guenther
2009-05-07s3-samr: Fix _samr_Connect5(). In error case it still needs to return empty ↵Günther Deschner1-1/+2
info1. Guenther
2009-04-21Remove "struct samr_info"Volker Lendecke1-108/+0
2009-04-21Fix _samr_QuerySecurityVolker Lendecke1-43/+82
2009-04-21Fix samr_SetSecurityVolker Lendecke1-15/+15
2009-04-21Convert the alias handles to type-safe policy handlesVolker Lendecke1-106/+65
2009-04-21Convert the group handles to type-safe policy handlesVolker Lendecke1-104/+70
2009-04-21Convert the user handles to type-safe policy handlesVolker Lendecke1-92/+60
2009-04-20Merge commit 'origin/master' into libcli-auth-merge-without-netlogondAndrew Bartlett1-360/+265
2009-04-20Convert the domain handles to type-safe policy handlesVolker Lendecke1-283/+197
2009-04-19Make force_flush_samr_cache use a dom_sid to find what to flushVolker Lendecke1-16/+18
2009-04-19Remove flag "builtin_domain" from disp_infoVolker Lendecke1-9/+5
2009-04-19Remove flag "builtin_domain" from samr_infoVolker Lendecke1-6/+3
2009-04-19Make get_samr_info_by_sid use recent coding conventionsVolker Lendecke1-9/+5
2009-04-19Add "uint32_t access_granted" to policy handlesVolker Lendecke1-36/+27
All policy handles have a mask of allowed operations attached that were calculated at creation time, so they should carry this mask. This is the basis for consolidating all our policy handle access checks. If you want to do your own more complicated access checks further down, just pass "0" to policy_handle_find.
2009-04-18Convert the samr connect_handles to type-safe callsVolker Lendecke1-23/+37
2009-04-17s3-samr: set the builtin_domain bool flag in get_samr_dispinfo_by_sid().Günther Deschner1-0/+2
Volker, please check. Found by torture test RPC-SAMR-PASSWORDS-PWDLASTSET (which we pass with this fix). Guenther
2009-04-15Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+Jeremy Allison1-10/+3
What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy.
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-9/+10
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-06s3-samr: add support for _samr_Connect3() while planning to pass a s4 ↵Günther Deschner1-10/+19
smbtorture test. Guenther
2009-04-03s3-samr: add support for setting password hashes via samr_SetUserInfo level 21.Günther Deschner1-4/+53
Guenther
2009-03-20s3-samr: try to to fix password_expired flag handling.Günther Deschner1-49/+71
Guenther
2009-03-18s3: remove POLICY_HND.Günther Deschner1-15/+8
Guenther