summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6282: Before converting enum_dom_groups, better get the previous version a bitVolker Lendecke1-5/+13
closer to being correct. 'svn blame' shows CVSIN, but somehow I get the feeling this is my code... Volker (This used to be commit 5d34bd617535a26ae121a72add41dc7b8cec4580)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke3-6/+0
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6232: more cleanups; remove BUFFER3; rename BUFFER4 -> RPC_DATA_BLOB; ↵Gerald Carter1-2/+8
rename REG_CREATE_VALE -> REG_SET_VALUE (This used to be commit 28d433351cf813c7fb57ebac0e0f4973c85f73e8)
2007-10-10r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()Gerald Carter1-0/+1
Tested client and server code. (This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis6-11/+14
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6218: * fix a segv in EnumPrinters():rpc_buffer_alloc when the caller does ↵Gerald Carter2-32/+80
not provide an RPC_BUFFER in the request * add initial (but wire untested) support for RegRestoreKey() (This used to be commit 22855c7aae940cc4082c231a470f612b8fc6fa0d)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-3/+3
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r6127: Eliminated all compiler warnings pertaining to mismatched ↵Derrell Lipman1-0/+4
"qualifiers". The whole of samba comiles warning-free with the default compiler flags. Temporarily defined -Wall to locate other potential problems. Found an unused static function (#ifdefed out rather than deleted, in case it's needed for something in progress). There are also a number of uses of undeclared functions, mostly krb5_*. Files with these problems need to have appropriate header files included, but they are not fixed in this update. oplock_linux.c.c has undefined functions capget() and capset(), which need to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>, but that could potentially have other side effects, so that remains uncorrected as well. The flag -Wall should be added permanently to CFLAGS, and all warnings then generated should be eliminated. (This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-27/+10
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )Gerald Carter1-8/+24
* add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges <name>' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
2007-10-10r6037: little cleanup of unused vars and unnecessary codepathsGerald Carter1-12/+7
(This used to be commit 167f7d3caa84e612cf3af0095536734dc7c3ad29)
2007-10-10r6034: Check only onceSimo Sorce1-1/+3
(This used to be commit 5a4274371cdbbd278d8aaa922f3e5f51a3cb5aec)
2007-10-10r6016: Give access only to root and Domain UsersSimo Sorce1-11/+23
(This used to be commit d3557ed4b7c4d58a50cc6041c06cc4eff5ef659a)
2007-10-10r6014: rather large change set....Gerald Carter10-82/+1875
pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2007-10-10r6009: Add privillage check for SE_DISK_OP (is this the right privilage?)Jeremy Allison1-3/+15
before allowing users to shut down any sessions. Simo - please check security before allowing state changes. Please review this change. Jeremy. (This used to be commit 51beba71d4d5d3d259e567b65b1694d862814fe9)
2007-10-10r6004: Let's make server manager able to kill a user session.Simo Sorce2-0/+72
This will send a shutdown command to the right process by pid read from the sessions list. (This used to be commit 5d3d025db757f7d48f241142a60a93214f2b47ea)
2007-10-10r5965: Apply Volker's patch for "ldapsam trusted = yes" for ↵Jim McDonough1-45/+17
samr_lookup_rids. Gives us again up to ~6x improvement on group membership lookups. (This used to be commit e2117bcb09cbd21df3b6621c2794a006418c1d9e)
2007-10-10r5961: final round of compiler warning fixes based on feedback from Jason MaderGerald Carter1-3/+3
(This used to be commit 9e77da9320c900b3e437d534e31fa5ff81e9acfd)
2007-10-10r5950: more compiler warning's from Jason MaderGerald Carter1-4/+2
(This used to be commit 27c6e85ad59a86ab45ae3297c7445c4ff15546c8)
2007-10-10r5948: more compile cleanups from Jason MaderGerald Carter1-1/+2
(This used to be commit cc6c769c3c26164919dd13777d671abe02c084d9)
2007-10-10r5943: remove unneccessary se_priv_copy()Gerald Carter1-3/+1
(This used to be commit 2db04a90c4197a3950bbc322948468cb306b3557)
2007-10-10r5909: Remove some unecessary casts. Patch from Jason Mader for bugzill #2468.Tim Potter1-1/+1
(This used to be commit ede9fd08cf0ce04528f73c74e2345ba46d26f1e2)
2007-10-10r5806: * fix a couple more segvs in spoolssGerald Carter2-14/+12
* comment out unused variable after jra's change to revert the 56bit des smb signing changes (This used to be commit 13ed08cd2a1097021cc44f4109859ba89db7df81)
2007-10-10r5805: merging spoolss parsing changes from trunk and cleaning up resulting ↵Gerald Carter1-399/+509
segvs (This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter2-7/+77
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r5647: Caches are good for performance, but you get a consistency problem.Volker Lendecke1-0/+2
Fix bug # 2401. Volker (This used to be commit eb4ef94f244d28fe531d0b9f724a66ed3834b687)
2007-10-10r5605: only display the publish check box on printer ifGerald Carter1-12/+20
we are a member of an AD domain clean up some hardcoded constands with the REG_XXX constant. (This used to be commit a1d0be740d9ea8c9ea8c04950da826dd84bbc51b)
2007-10-10r5580: Fix "net rpc trustdom add". Much closer to what windows does. Also stopJim McDonough1-15/+0
referencing unknown_6 from sam, because it's just fixed at 1260, the max len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb. (This used to be commit ffac752875938d510446ebbeba6fc983f65cda1e)
2007-10-10r5471: In cli_samr_lookup_rids, flags is not a flags but an array size. W2k3 ↵Volker Lendecke1-3/+4
rejects everything but 1000 here, so there's no point in exposing that to the caller. Thanks, Volker (This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
2007-10-10r5469: Fix error codes of samr_lookup_rids: There's also STATUS_SOME_UNMAPPED.Volker Lendecke1-11/+26
Thanks, Volker (This used to be commit 43dcf0f5cb5dc2dd37ab3cdc2905970d9cc50ba4)
2007-10-10r5467: Optimize _samr_query_groupmem with LDAP backend for large domains.Volker Lendecke1-38/+14
Could someone else please look at this patch, verifying that I did not break the ldapsam:trusted = False fallback to the old behaviour? It works fine for me, but you never know. You're certainly free to review the new code as well :-) Thanks, Volker (This used to be commit e1c3ca182b299dc65da1fa39aadb69876b5e16b8)
2007-10-10r5460: Fix "restrict anonymous = 1". If we have schannel connection, we must beJim McDonough1-0/+4
validated with a user, so allow it even if pipe itself had an anonymous connection. (This used to be commit 469a649ad7271159960335419fd3ce2633cf2c8b)
2007-10-10r5458: Generate a sane response to exceeding lookupsids limit. Truncate ↵Jim McDonough1-2/+3
list to zero and return NT_STATUS_NONE_MAPPED. This does not crash windows and maintains the benefit of not overallocating memory. The previous response of truncating to the MAX limit was not useful because it crashed lsass.exe on windows (bug opened with MS), and it was also misleading the client to believe that a complete answer was received. (This used to be commit c03a93957404663bbd026668fb95d6c253524fe9)
2007-10-10r5419: Fix some unitialized variable warningsVolker Lendecke1-3/+3
(This used to be commit 9004b7897416d142ab9e3bee60c7bda589f94750)
2007-10-10r5383: add missing checks to allow root to manage user rightsGerald Carter1-2/+12
(This used to be commit ead54b14f6b34f087d3affc2853e16bbbaceb7cc)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner3-30/+31
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r5264: Log with loglevel 0 when account-administration scripts fail.Günther Deschner1-2/+2
Guenther (This used to be commit 3d391ef149639750db376b05528a27422f8a3321)
2007-10-10r5262: Fix server_role in the samr_query_dom_info calls. When we are a BDC weGünther Deschner1-6/+23
should not say we are a PDC. Guenther (This used to be commit 6cdf3b97de2c28ac92f972621b0ce04c1c80cea5)
2007-10-10r5246: We can't use a pointer to struct lsa_info until is has beenTim Potter1-1/+1
initialised. Fix for bugzilla #2315. Can the privileges dude(s) please verify this? (This used to be commit bc4f884104c04f7c9ab7d370586115a9328ce9b1)
2007-10-10r5205: more fixups for BUG 2291Gerald Carter1-27/+30
(This used to be commit 62e7cc7c3b2fe5187c99e0a1491843579ab997e7)
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-8/+18
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r5180: Call the "add machine script" to create all kinds of trust accountsGünther Deschner1-1/+1
(this restores old behaviour). Fixes #2291. Guenther (This used to be commit 5ca0d1b87cd20f538a13321eb11ef97d00bf5133)
2007-10-10r5150: consolidate the samr_make.*obj_sd() functions to share codeGerald Carter1-157/+41
(This used to be commit 5bd03d59263ab619390062c1d023ad1ba54dce6a)
2007-10-10r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask defineGerald Carter2-10/+20
* make sure to apply the rights_mask and not just the saved bits from the mask in access_check_samr_object() * allow root to grant/revoke privileges (in addition to Domain Admins) as suggested by Volker. Tested machine joins from XP, 2K, and NT4 with and without pre-existing machine trust accounts. Also tested basic file operations using cmd.exe and explorer.exe after changing the STANDARD_RIGHTS_WRITE_ACCESS bitmask. (This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
2007-10-10r5028: * check acb_info mask in _samr_create_user instead of the last characterGerald Carter1-36/+21
of the user name * fix some access_mask checks in _samr_set_userinfo2 (getting join from XP without being a member of domain admins working) (This used to be commit 04030534ffd35f8ebc997d9403fd87309403dcbf)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-336/+407
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r4972: Fix a warning and some debugging-outputs.Günther Deschner1-1/+1
Guenther (This used to be commit 1eabfa050b661168b42892c2d841c7891e59cf5f)
2007-10-10r4931: Add get_user_info_7 in SAMR. This just gives out the username. (InGünther Deschner1-0/+42
preparation of adding the ability of renaming users via setuserinfo level 7). Guenther (This used to be commit 6f34ed6c203fa11182640da97581075612d26c0e)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2-30/+31
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4871: BUG 603: patch by Daniel Beschorner <db@unit-netz.de>. Correct ↵Gerald Carter1-1/+4
access mask check for _samr_lookup_domain() to work with Windows RAS server (This used to be commit 2e7a5608ac6a11f4e9e8bda69abb984fb4f86eb8)