summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa/dcesrv_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett1-0/+1
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-2/+2
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-2/+2
2010-10-05s4:kdc - use "userAccountControl" always unsignedMatthias Dieter Wallnöfer1-1/+1
It doesn't change much but it's nicer to have it consistent.
2010-09-11s4-privs Fix enum privileges in LSARPC serverAndrew Bartlett1-1/+1
We were returning the index, not the LUID value Andrew Bartlett
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett1-37/+49
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11s4-lsa: privilege IDs should use the enum, not an intAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵Andrew Bartlett1-1/+1
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-5/+5
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett1-3/+3
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-25s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.Günther Deschner1-42/+12
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-1/+1
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-1/+1
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-4/+4
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-07s4:rpc_server/lsa: better include a .h file don't include a .c fileStefan Metzmacher1-1/+2
This fixes the build with --nonshared-binary=smbtorture, as use by the source3/ make test. metze
2010-08-07s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objectsMatthias Dieter Wallnöfer1-3/+3
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-6/+6
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-06s4:rpc_server/lsa/dcesrv_lsa.c - fix typoSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-28s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"Matthias Dieter Wallnöfer1-3/+6
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code
2010-06-26s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable codeMatthias Dieter Wallnöfer1-2/+0
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-10/+3
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-5/+5
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+3
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva1-1/+3
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-03-30s4:lsa implement lsaRSetForestTrustInformationSimo Sorce1-5/+549
2010-03-22s4:lsa Functions to set Domain Trust InformationSimo Sorce1-7/+592
2010-03-22s4:lsa move code to add trusted domain user into its own functionSimo Sorce1-72/+101
2010-03-22s4:lsa Abstract crypto (un)wrapping in separate functionsSimo Sorce1-81/+89
2010-03-16s4-lsa: fix dcesrv_lsa_lsaRSetForestTrustInformation server stub.Günther Deschner1-3/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-06s4:lsa RPC - fix up "gendb_*" result codesMatthias Dieter Wallnöfer1-10/+10
Make the resultcodes consistent: that means: result < 0 -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical error result >= 0 -> depends on the function usage. I tried to let the logic always as it was before.
2010-03-06s4:lsa RPC - Change some counters to be "unsigned" where neededMatthias Dieter Wallnöfer1-13/+16
The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects.
2010-02-24s4:lsa use the correct way to store a domain sidSimo Sorce1-7/+5
Converting the sid to a string and then storing a string does not save the sid in the right format. Causing following retrievals to fail to read back a sid with samdb_result_dom_sid().
2010-02-24s4:lsa avoid confusing ourselves over sam_ldbSimo Sorce1-39/+41
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable.
2010-02-24s4:lsa cleanup trailing spaces and tabsSimo Sorce1-35/+35
2010-02-19s4:lsa open trusted domain also with dns nameSimo Sorce1-3/+7
When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available.
2010-02-19remove trailing tabs and spacesSimo Sorce1-9/+9
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell1-1/+1
This allows for controls to be added easily where they are needed.
2010-02-14s4:dcesrv_lsa.c - remove a superfluous empty lineMatthias Dieter Wallnöfer1-1/+0
One empty line is enough for code part divisions.
2010-02-13s4-rpcserver: use TYPESAFE_QSORT() in rpc serversAndrew Tridgell1-4/+3
2009-11-21s4:lsa RPC - Use more LDB constantsMatthias Dieter Wallnöfer1-16/+16
And fix an obvious bug (call of "samdb_msg_add_delete")
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-2/+2
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-21s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-17s4-lsasrv: make sure only admins can alter privilegesAndrew Tridgell1-0/+6
2009-10-17s4-privileges: moved privileges to private/privilege.ldbAndrew Tridgell1-32/+37
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database
2009-09-22s4-lsa: added support for QuerySecurity on LSAAndrew Tridgell1-2/+85
This follows the sd pattern from samba3
2009-09-19more include minimisationAndrew Tridgell1-2/+0
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-10/+0
2009-07-16lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL.Günther Deschner1-1/+1
Guenther
2009-04-23Fix Coverity ID 628, Andrew B., please check!Volker Lendecke1-1/+1
2009-02-02s4:rpc_server/lsa: s/delete/del s/open/opnStefan Metzmacher1-30/+32
metze