summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2009-05-20Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison1-88/+227
the MS-LSA docs. Jeremy.
2009-05-18Change access_check_samr_object -> access_check_object.Jeremy Allison2-24/+18
Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy.
2009-05-19s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2().Günther Deschner1-37/+6
Guenther
2009-05-18Fix SAMR server for winbindd access. Ensure we allowJeremy Allison1-2/+2
MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy.
2009-05-18s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount().Günther Deschner1-3/+23
Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-18s3-lsa: start a very basic implementation of _lsa_DeleteObject().Günther Deschner1-1/+23
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-15Ensure users with SeAddUser privs get full access toJeremy Allison1-3/+3
groups/aliases when opening. Jeremy.
2009-05-15Add extra abilities for a user with SeAddUsers, so theyJeremy Allison1-2/+15
can manipulate groups and aliases. Jeremy.
2009-05-15DeleteUser doesn't need the priv checks, this is done at OpenUser time.Jeremy Allison1-20/+0
Jeremy.
2009-05-15s3-samr: Fix samr access checks in _samr_RemoveMemberFromForeignDomain().Günther Deschner1-1/+1
Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_SetUserInfo().Günther Deschner1-14/+109
Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_QueryUserInfo().Günther Deschner1-3/+71
Guenther
2009-05-15s3-samr: in _samr_QueryUserInfo() make sure to not return any info in error ↵Günther Deschner1-1/+6
case. Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_SetDomainInfo().Günther Deschner1-7/+22
Guenther
2009-05-15s3-samr: Fix samr access checks in _samr_QueryDomainInfo().Günther Deschner1-1/+31
Guenther
2009-05-15s3-samr: use normal integer in r->in.level switch statements.Günther Deschner1-29/+29
Guenther
2009-05-14Fix the core of the SAMR access functions. This passes make test, butJeremy Allison1-197/+156
usrmgr fails against it. The core of this patch is to move all the access mask setup into the _samr_OpenXXX functions, and then have each specific function check the attached access_mask against the required bits. We can then go through the MS-SAMR doc and match things up. Signed off by Guenther, and writespace cleanup removal by Volker. Jeremy.
2009-05-13s3-printing: no need to define struct table_node 4 times.Günther Deschner1-7/+1
Guenther
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison1-2/+2
Should make Solaris 10 builds look cleaner. Jeremy.
2009-05-12s3-samr: implement _samr_RidToSid().Günther Deschner1-10/+30
Guenther
2009-05-12s3-samr: Let _samr_TestPrivateFunctionsDomain() return ↵Günther Deschner1-1/+0
NT_STATUS_NOT_SUPPORTED to make RPC-SAMR happy. Guenther
2009-05-11s3-samr: Fix Bug #5859, renaming of samr objects failed due to samr ↵Günther Deschner1-0/+3
setuserinfo access checks. Torture test to follow... Guenther
2009-05-11s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵Günther Deschner1-0/+1
a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther
2009-05-11s3-net: add "net dom renamecomputer" to rename machines in a domain.Günther Deschner1-2/+1
dmarkey, please test :) Guenther
2009-05-09s3-samr: Fix SetUserInfo level 16 and 21 w.r.t. ACB_AUTOLOCK acct_flag.Günther Deschner1-0/+10
It is not allowed to *set* this flag remotely if it has been not set already. Found by torture test. Guenther
2009-05-09s3-samr: Fix SetUserInfo level 7 when there has been no name change.Günther Deschner1-0/+6
Found by torture test. Guenther
2009-05-08s3-samr: more accurateness in _samr_SetDomainInfo().Günther Deschner1-3/+3
Guenther
2009-05-08s3-samr: implement more info levels in _samr_QueryDomainInfo().Günther Deschner1-0/+82
Gets us closer to pass RPC-SAMR. Guenther
2009-05-08s3-samr: Fix potential memory leak in _samr_ChangePasswordUser().Günther Deschner1-1/+2
Guenther
2009-05-08s3-selftest: need to enable lanman auth in order make RPC-SAMR-PASSWORDS pass.Günther Deschner1-0/+4
Guenther
2009-05-08s3-samr: Do not leak information whether a user exist or not in pwd change ↵Günther Deschner1-0/+11
calls. Found by torture test. Guenther
2009-05-08s3-samr: implement _samr_ChangePasswordUser().Günther Deschner1-10/+106
This is vastly copied from samba4 samr server. Guenther
2009-05-08s3-samr: implement _samr_OemChangePasswordUser2().Günther Deschner1-10/+48
Guenther
2009-05-08s3-samr: Let _samr_TestPrivateFunctionsUser() return not supported.Günther Deschner1-1/+0
This is to get us closer to pass RPC-SAMR-USERS. Guenther
2009-05-08s3-samr: Do not return users in _samr_QueryDisplayInfo() for builtin domain.Günther Deschner1-0/+5
Found by torture test. Guenther
2009-05-08s3-samr: let set_user_info_16 and 20 follow the same pattern as all other ↵Günther Deschner2-29/+38
levels. Guenther
2009-05-08s3-samr: support some more info levels in samr_SetUserInfo calls.Günther Deschner2-0/+448
Guenther
2009-05-08s3-samr: support some more info levels in samr_QueryUser calls.Günther Deschner1-0/+266
Guenther
2009-05-07s3-samr: Fix _samr_Connect5(). In error case it still needs to return empty ↵Günther Deschner1-1/+2
info1. Guenther
2009-05-06After getting confirmation from Guenther, add 3 changes we'llJeremy Allison1-13/+23
ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
2009-05-06s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 ↵Günther Deschner1-2/+6
joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Guenther
2009-05-06s3-printing: simplify print_queue helper functions and return WERROR.Günther Deschner1-9/+3
Guenther
2009-04-30s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount().Günther Deschner1-1/+2
Guenther
2009-04-30s3-spoolss: avoid referring to uid 0 in spoolss server (use ↵Günther Deschner1-3/+3
sec_initial_uid() instead). Guenther
2009-04-28s3-svcctl: Fix crash in _svcctl_EnumServicesStatusW().Günther Deschner1-1/+3
The resume handle is a unique pointer, always check before dereference. Guenther
2009-04-27s3:registry: replace typedef REGISTRY_VALUE by struct regval_blobMichael Adam3-7/+7
Michael
2009-04-27s3:registry: replace typedef REGVAL_CTR by struct regval_ctr.Michael Adam2-2/+2
This paves the way for hiding the typedef and the implementation from the surface. Michael
2009-04-24s3-svcctl: fix _svcctl_ControlService.Günther Deschner1-1/+1
Guenther
2009-04-23Fix coverity #908, #909, uninitialized variable.Jeremy Allison1-2/+2
Jeremy.
2009-04-23Fix coverity #910, uninitialized variable.Jeremy Allison1-1/+1
Jeremy.