Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-05-18 | Change access_check_samr_object -> access_check_object. | Jeremy Allison | 2 | -24/+18 | |
Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy. | |||||
2009-05-19 | s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2(). | Günther Deschner | 1 | -37/+6 | |
Guenther | |||||
2009-05-18 | Fix SAMR server for winbindd access. Ensure we allow | Jeremy Allison | 1 | -2/+2 | |
MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy. | |||||
2009-05-18 | s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount(). | Günther Deschner | 1 | -3/+23 | |
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-05-18 | s3-lsa: start a very basic implementation of _lsa_DeleteObject(). | Günther Deschner | 1 | -1/+23 | |
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther | |||||
2009-05-15 | Ensure users with SeAddUser privs get full access to | Jeremy Allison | 1 | -3/+3 | |
groups/aliases when opening. Jeremy. | |||||
2009-05-15 | Add extra abilities for a user with SeAddUsers, so they | Jeremy Allison | 1 | -2/+15 | |
can manipulate groups and aliases. Jeremy. | |||||
2009-05-15 | DeleteUser doesn't need the priv checks, this is done at OpenUser time. | Jeremy Allison | 1 | -20/+0 | |
Jeremy. | |||||
2009-05-15 | s3-samr: Fix samr access checks in _samr_RemoveMemberFromForeignDomain(). | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-05-15 | s3-samr: Fix samr access checks in _samr_SetUserInfo(). | Günther Deschner | 1 | -14/+109 | |
Guenther | |||||
2009-05-15 | s3-samr: Fix samr access checks in _samr_QueryUserInfo(). | Günther Deschner | 1 | -3/+71 | |
Guenther | |||||
2009-05-15 | s3-samr: in _samr_QueryUserInfo() make sure to not return any info in error ↵ | Günther Deschner | 1 | -1/+6 | |
case. Guenther | |||||
2009-05-15 | s3-samr: Fix samr access checks in _samr_SetDomainInfo(). | Günther Deschner | 1 | -7/+22 | |
Guenther | |||||
2009-05-15 | s3-samr: Fix samr access checks in _samr_QueryDomainInfo(). | Günther Deschner | 1 | -1/+31 | |
Guenther | |||||
2009-05-15 | s3-samr: use normal integer in r->in.level switch statements. | Günther Deschner | 1 | -29/+29 | |
Guenther | |||||
2009-05-14 | Fix the core of the SAMR access functions. This passes make test, but | Jeremy Allison | 1 | -197/+156 | |
usrmgr fails against it. The core of this patch is to move all the access mask setup into the _samr_OpenXXX functions, and then have each specific function check the attached access_mask against the required bits. We can then go through the MS-SAMR doc and match things up. Signed off by Guenther, and writespace cleanup removal by Volker. Jeremy. | |||||
2009-05-13 | s3-printing: no need to define struct table_node 4 times. | Günther Deschner | 1 | -7/+1 | |
Guenther | |||||
2009-05-11 | Fix a bunch of compiler warnings about wrong format types. | Jeremy Allison | 1 | -2/+2 | |
Should make Solaris 10 builds look cleaner. Jeremy. | |||||
2009-05-12 | s3-samr: implement _samr_RidToSid(). | Günther Deschner | 1 | -10/+30 | |
Guenther | |||||
2009-05-12 | s3-samr: Let _samr_TestPrivateFunctionsDomain() return ↵ | Günther Deschner | 1 | -1/+0 | |
NT_STATUS_NOT_SUPPORTED to make RPC-SAMR happy. Guenther | |||||
2009-05-11 | s3-samr: Fix Bug #5859, renaming of samr objects failed due to samr ↵ | Günther Deschner | 1 | -0/+3 | |
setuserinfo access checks. Torture test to follow... Guenther | |||||
2009-05-11 | s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵ | Günther Deschner | 1 | -0/+1 | |
a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther | |||||
2009-05-11 | s3-net: add "net dom renamecomputer" to rename machines in a domain. | Günther Deschner | 1 | -2/+1 | |
dmarkey, please test :) Guenther | |||||
2009-05-09 | s3-samr: Fix SetUserInfo level 16 and 21 w.r.t. ACB_AUTOLOCK acct_flag. | Günther Deschner | 1 | -0/+10 | |
It is not allowed to *set* this flag remotely if it has been not set already. Found by torture test. Guenther | |||||
2009-05-09 | s3-samr: Fix SetUserInfo level 7 when there has been no name change. | Günther Deschner | 1 | -0/+6 | |
Found by torture test. Guenther | |||||
2009-05-08 | s3-samr: more accurateness in _samr_SetDomainInfo(). | Günther Deschner | 1 | -3/+3 | |
Guenther | |||||
2009-05-08 | s3-samr: implement more info levels in _samr_QueryDomainInfo(). | Günther Deschner | 1 | -0/+82 | |
Gets us closer to pass RPC-SAMR. Guenther | |||||
2009-05-08 | s3-samr: Fix potential memory leak in _samr_ChangePasswordUser(). | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-05-08 | s3-selftest: need to enable lanman auth in order make RPC-SAMR-PASSWORDS pass. | Günther Deschner | 1 | -0/+4 | |
Guenther | |||||
2009-05-08 | s3-samr: Do not leak information whether a user exist or not in pwd change ↵ | Günther Deschner | 1 | -0/+11 | |
calls. Found by torture test. Guenther | |||||
2009-05-08 | s3-samr: implement _samr_ChangePasswordUser(). | Günther Deschner | 1 | -10/+106 | |
This is vastly copied from samba4 samr server. Guenther | |||||
2009-05-08 | s3-samr: implement _samr_OemChangePasswordUser2(). | Günther Deschner | 1 | -10/+48 | |
Guenther | |||||
2009-05-08 | s3-samr: Let _samr_TestPrivateFunctionsUser() return not supported. | Günther Deschner | 1 | -1/+0 | |
This is to get us closer to pass RPC-SAMR-USERS. Guenther | |||||
2009-05-08 | s3-samr: Do not return users in _samr_QueryDisplayInfo() for builtin domain. | Günther Deschner | 1 | -0/+5 | |
Found by torture test. Guenther | |||||
2009-05-08 | s3-samr: let set_user_info_16 and 20 follow the same pattern as all other ↵ | Günther Deschner | 2 | -29/+38 | |
levels. Guenther | |||||
2009-05-08 | s3-samr: support some more info levels in samr_SetUserInfo calls. | Günther Deschner | 2 | -0/+448 | |
Guenther | |||||
2009-05-08 | s3-samr: support some more info levels in samr_QueryUser calls. | Günther Deschner | 1 | -0/+266 | |
Guenther | |||||
2009-05-07 | s3-samr: Fix _samr_Connect5(). In error case it still needs to return empty ↵ | Günther Deschner | 1 | -1/+2 | |
info1. Guenther | |||||
2009-05-06 | After getting confirmation from Guenther, add 3 changes we'll | Jeremy Allison | 1 | -13/+23 | |
ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy. | |||||
2009-05-06 | s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 ↵ | Günther Deschner | 1 | -2/+6 | |
joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Guenther | |||||
2009-05-06 | s3-printing: simplify print_queue helper functions and return WERROR. | Günther Deschner | 1 | -9/+3 | |
Guenther | |||||
2009-04-30 | s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount(). | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-04-30 | s3-spoolss: avoid referring to uid 0 in spoolss server (use ↵ | Günther Deschner | 1 | -3/+3 | |
sec_initial_uid() instead). Guenther | |||||
2009-04-28 | s3-svcctl: Fix crash in _svcctl_EnumServicesStatusW(). | Günther Deschner | 1 | -1/+3 | |
The resume handle is a unique pointer, always check before dereference. Guenther | |||||
2009-04-27 | s3:registry: replace typedef REGISTRY_VALUE by struct regval_blob | Michael Adam | 3 | -7/+7 | |
Michael | |||||
2009-04-27 | s3:registry: replace typedef REGVAL_CTR by struct regval_ctr. | Michael Adam | 2 | -2/+2 | |
This paves the way for hiding the typedef and the implementation from the surface. Michael | |||||
2009-04-24 | s3-svcctl: fix _svcctl_ControlService. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-04-23 | Fix coverity #908, #909, uninitialized variable. | Jeremy Allison | 1 | -2/+2 | |
Jeremy. | |||||
2009-04-23 | Fix coverity #910, uninitialized variable. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2009-04-22 | Move serverinfo_to_SamInfo3() to rpc_server/ | Volker Lendecke | 1 | -0/+187 | |
Normally I hate moving around stuff, but this function is only called from the RPC server side and it pulls in passdb when trying to link in our rpc client routines. That seems unnecessary to me. |