summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-27/+10
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )Gerald Carter1-8/+24
* add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges <name>' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
2007-10-10r6037: little cleanup of unused vars and unnecessary codepathsGerald Carter1-12/+7
(This used to be commit 167f7d3caa84e612cf3af0095536734dc7c3ad29)
2007-10-10r6034: Check only onceSimo Sorce1-1/+3
(This used to be commit 5a4274371cdbbd278d8aaa922f3e5f51a3cb5aec)
2007-10-10r6016: Give access only to root and Domain UsersSimo Sorce1-11/+23
(This used to be commit d3557ed4b7c4d58a50cc6041c06cc4eff5ef659a)
2007-10-10r6014: rather large change set....Gerald Carter10-82/+1875
pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2007-10-10r6009: Add privillage check for SE_DISK_OP (is this the right privilage?)Jeremy Allison1-3/+15
before allowing users to shut down any sessions. Simo - please check security before allowing state changes. Please review this change. Jeremy. (This used to be commit 51beba71d4d5d3d259e567b65b1694d862814fe9)
2007-10-10r6004: Let's make server manager able to kill a user session.Simo Sorce2-0/+72
This will send a shutdown command to the right process by pid read from the sessions list. (This used to be commit 5d3d025db757f7d48f241142a60a93214f2b47ea)
2007-10-10r5965: Apply Volker's patch for "ldapsam trusted = yes" for ↵Jim McDonough1-45/+17
samr_lookup_rids. Gives us again up to ~6x improvement on group membership lookups. (This used to be commit e2117bcb09cbd21df3b6621c2794a006418c1d9e)
2007-10-10r5961: final round of compiler warning fixes based on feedback from Jason MaderGerald Carter1-3/+3
(This used to be commit 9e77da9320c900b3e437d534e31fa5ff81e9acfd)
2007-10-10r5950: more compiler warning's from Jason MaderGerald Carter1-4/+2
(This used to be commit 27c6e85ad59a86ab45ae3297c7445c4ff15546c8)
2007-10-10r5948: more compile cleanups from Jason MaderGerald Carter1-1/+2
(This used to be commit cc6c769c3c26164919dd13777d671abe02c084d9)
2007-10-10r5943: remove unneccessary se_priv_copy()Gerald Carter1-3/+1
(This used to be commit 2db04a90c4197a3950bbc322948468cb306b3557)
2007-10-10r5909: Remove some unecessary casts. Patch from Jason Mader for bugzill #2468.Tim Potter1-1/+1
(This used to be commit ede9fd08cf0ce04528f73c74e2345ba46d26f1e2)
2007-10-10r5806: * fix a couple more segvs in spoolssGerald Carter2-14/+12
* comment out unused variable after jra's change to revert the 56bit des smb signing changes (This used to be commit 13ed08cd2a1097021cc44f4109859ba89db7df81)
2007-10-10r5805: merging spoolss parsing changes from trunk and cleaning up resulting ↵Gerald Carter1-399/+509
segvs (This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter2-7/+77
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r5647: Caches are good for performance, but you get a consistency problem.Volker Lendecke1-0/+2
Fix bug # 2401. Volker (This used to be commit eb4ef94f244d28fe531d0b9f724a66ed3834b687)
2007-10-10r5605: only display the publish check box on printer ifGerald Carter1-12/+20
we are a member of an AD domain clean up some hardcoded constands with the REG_XXX constant. (This used to be commit a1d0be740d9ea8c9ea8c04950da826dd84bbc51b)
2007-10-10r5580: Fix "net rpc trustdom add". Much closer to what windows does. Also stopJim McDonough1-15/+0
referencing unknown_6 from sam, because it's just fixed at 1260, the max len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb. (This used to be commit ffac752875938d510446ebbeba6fc983f65cda1e)
2007-10-10r5471: In cli_samr_lookup_rids, flags is not a flags but an array size. W2k3 ↵Volker Lendecke1-3/+4
rejects everything but 1000 here, so there's no point in exposing that to the caller. Thanks, Volker (This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
2007-10-10r5469: Fix error codes of samr_lookup_rids: There's also STATUS_SOME_UNMAPPED.Volker Lendecke1-11/+26
Thanks, Volker (This used to be commit 43dcf0f5cb5dc2dd37ab3cdc2905970d9cc50ba4)
2007-10-10r5467: Optimize _samr_query_groupmem with LDAP backend for large domains.Volker Lendecke1-38/+14
Could someone else please look at this patch, verifying that I did not break the ldapsam:trusted = False fallback to the old behaviour? It works fine for me, but you never know. You're certainly free to review the new code as well :-) Thanks, Volker (This used to be commit e1c3ca182b299dc65da1fa39aadb69876b5e16b8)
2007-10-10r5460: Fix "restrict anonymous = 1". If we have schannel connection, we must beJim McDonough1-0/+4
validated with a user, so allow it even if pipe itself had an anonymous connection. (This used to be commit 469a649ad7271159960335419fd3ce2633cf2c8b)
2007-10-10r5458: Generate a sane response to exceeding lookupsids limit. Truncate ↵Jim McDonough1-2/+3
list to zero and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains the benefit of not overallocating memory. The previous response of truncating to the MAX limit was not useful because it crashed lsass.exe on windows (bug opened with MS), and it was also misleading the client to believe that a complete answer was received. (This used to be commit c03a93957404663bbd026668fb95d6c253524fe9)
2007-10-10r5419: Fix some unitialized variable warningsVolker Lendecke1-3/+3
(This used to be commit 9004b7897416d142ab9e3bee60c7bda589f94750)
2007-10-10r5383: add missing checks to allow root to manage user rightsGerald Carter1-2/+12
(This used to be commit ead54b14f6b34f087d3affc2853e16bbbaceb7cc)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner3-30/+31
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r5264: Log with loglevel 0 when account-administration scripts fail.Günther Deschner1-2/+2
Guenther (This used to be commit 3d391ef149639750db376b05528a27422f8a3321)
2007-10-10r5262: Fix server_role in the samr_query_dom_info calls. When we are a BDC weGünther Deschner1-6/+23
should not say we are a PDC. Guenther (This used to be commit 6cdf3b97de2c28ac92f972621b0ce04c1c80cea5)
2007-10-10r5246: We can't use a pointer to struct lsa_info until is has beenTim Potter1-1/+1
initialised. Fix for bugzilla #2315. Can the privileges dude(s) please verify this? (This used to be commit bc4f884104c04f7c9ab7d370586115a9328ce9b1)
2007-10-10r5205: more fixups for BUG 2291Gerald Carter1-27/+30
(This used to be commit 62e7cc7c3b2fe5187c99e0a1491843579ab997e7)
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-8/+18
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r5180: Call the "add machine script" to create all kinds of trust accountsGünther Deschner1-1/+1
(this restores old behaviour). Fixes #2291. Guenther (This used to be commit 5ca0d1b87cd20f538a13321eb11ef97d00bf5133)
2007-10-10r5150: consolidate the samr_make.*obj_sd() functions to share codeGerald Carter1-157/+41
(This used to be commit 5bd03d59263ab619390062c1d023ad1ba54dce6a)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter2-10/+20
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r5028: * check acb_info mask in _samr_create_user instead of the last characterGerald Carter1-36/+21
of the user name * fix some access_mask checks in _samr_set_userinfo2 (getting join from XP without being a member of domain admins working) (This used to be commit 04030534ffd35f8ebc997d9403fd87309403dcbf)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-336/+407
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r4972: Fix a warning and some debugging-outputs.Günther Deschner1-1/+1
Guenther (This used to be commit 1eabfa050b661168b42892c2d841c7891e59cf5f)
2007-10-10r4931: Add get_user_info_7 in SAMR. This just gives out the username. (InGünther Deschner1-0/+42
preparation of adding the ability of renaming users via setuserinfo level 7). Guenther (This used to be commit 6f34ed6c203fa11182640da97581075612d26c0e)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2-30/+31
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter1-1/+4
access mask check for _samr_lookup_domain() to work with Windows RAS server (This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)
2007-10-10r4856: after testing a simple add printer script, i realized that you still ↵Gerald Carter2-21/+21
have to be root to send the message to all smbds that the config file has been updated (This used to be commit 6409de1a1ef34bb41c3efeebfabdf13be5e08613)
2007-10-10r4852: merge simo changes to srv_srvsvc_nt.c from trunkGerald Carter1-30/+13
that allows the add/change share command to create the directory passed in as an arguement and not require that it pre-exist. Also finish testing of SeDiskOperatorPrivilege via srvmgr.exe (This used to be commit 9af83a7d70324846e6a2660c73589ee68340b4aa)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter1-100/+258
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-7/+13
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4825: Printing changesGerald Carter2-45/+136
---------------- * bracket the add/delete/set printer scripts with checks for se_print_op * slight change to the add/set printer script semantics. smbd no longer relies on output from the script (on stdout) to re-read smb.conf * remove SIGHUP from set/add/delete printin script code and now just use MSG_SMB_CONF_UPDATED * bracket the add/delete/set share scripts with checks for se_print_op (this includes setting share ACLs) (This used to be commit 8ab8113d2e1bec6a1dbf464882ad724c7c591be4)
2007-10-10r4824: wrap the shutdown and abort_shutdown calls in check for the ↵Gerald Carter1-1/+24
SE_REMOTE_SHUTDOWN privilege (This used to be commit d11339b7e3b890b8e01744b6b309efaa7ad328e1)
2007-10-10r4822: fix return code when you ask for a non-privileged SID via one of the ↵Gerald Carter1-0/+3
privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3)
2007-10-10r4805: Last planned change to the privileges infrastructure:Gerald Carter3-47/+72
* rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)