summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa/dcesrv_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2008-09-08Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.Andrew Bartlett1-51/+64
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
2008-09-08More work towards trusted domains support in Samba4's LSAAndrew Bartlett1-50/+323
Make 'lsar_CreateTrustedDomain' consistant with lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle Implement LSA server logic to create the cn=users trust account for incoming trusts. Andrew Bartlett (This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
2008-09-01Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.Andrew Bartlett1-0/+6
Also check we get the defaults correct with a query in the torture suite. Andrew Bartlett (This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
2008-08-26More LSA server and testuite work.Andrew Bartlett1-1/+38
- Implement QueryDomainInformationPolicy in Samba4 - Allow RPC-LSA to pass against Windows 2008 (which does not allow the Audit privilage to be removed) Andrew Bartlett (This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
2008-08-26Implement matching logic to Windows 2008 on handling of secrets.Andrew Bartlett1-16/+8
This is enforced by the new RPC-LSA test. Andrew Bartlett (This used to be commit da200ac64485fd9531b1aa048570c682b680b012)
2008-08-26Fix LSA server to pass more of RPC-LSA and match Windows 2008Andrew Bartlett1-17/+32
This fixes some info levels in the QueryTrustedDomainInfo call, and changes from implementing lsa_Delete to lsa_DeleteObject (which has an explicit close and reutrns a NULL handle). Andrew Bartlett (This used to be commit 1f12c368b2566b378a6c521c389b8b1bafbcf916)
2008-07-21Remove bogus test in 'enum trusted domains' LSA server.Andrew Bartlett1-6/+0
The change to the RPC-LSA test proves that when the remote server has 0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not NT_STATUS_OK. Andrew Bartlett (This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-2/+2
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-03-20More kludge ACLs!Andrew Bartlett1-1/+47
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2008-03-13Show why a LookupName fails (help debugging)Andrew Bartlett1-3/+20
Andrew Bartlett (This used to be commit 9bfc4757887ceabb4c621d62c140515794679250)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-0/+1
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26296: Store loadparm context in DCE/RPC server context.Jelmer Vernooij1-7/+7
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21r26205: Pass loadparm_context to secrets_db_connect() rather than using ↵Jelmer Vernooij1-2/+4
global context. (This used to be commit 5718b6cfee86ddfc9cf405c98c68ba848df4d9d7)
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-5/+6
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-0/+1
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-5/+5
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-4/+4
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, withAndrew Bartlett1-844/+6
a new torture suite to match. This should fix bug #4954 by Matthias Wallnöfer <mwallnoefer@yahoo.de> Previously we had no knowlege of BUILTIN or well-known names. This code needs expansion to check with winbind for trusted domains. Andrew Bartlett (This used to be commit e6fc0e1f54ad64bdddc88e9ebd0d8d181b6ce26a)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24987: Clarify error conditions in secrets handling, before I add ACLs toAndrew Bartlett1-3/+3
secrets.ldb Andrew Bartlett (This used to be commit 17a61bd5690f60d762b9c7171f1269fe1a311bab)
2007-10-10r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit)Andrew Bartlett1-1/+1
and improve error strings returned from samdb.c Andrew Bartlett (This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23382: Fill in lsa_lsaRQueryForestTrustInformation.Günther Deschner1-3/+3
Guenther (This used to be commit 54fa6d453c628039e5ec9053b0693229efdbe011)
2007-10-10r21518: fix panic, sorry...Stefan Metzmacher1-1/+1
metze (This used to be commit 3c786eb6bdb3289a237d231e75092a8b3ca56197)
2007-10-10r21499: fill in the correct forest dns nameStefan Metzmacher1-2/+35
metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij1-138/+138
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r20354: Trusted domains don't have a surname, I think we want 'cn' here.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit 05debeaced7296762b293cc804a71abcfb096066)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-9/+10
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r20034: Start using ldb_search_exp_fmt()Simo Sorce1-10/+8
(This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-10/+10
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-14/+12
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19682: Fix comments.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 4c349f44f8a018e1ad6ed8e92c5083abc4979324)
2007-10-10r19573: Move secrets.o into param/ (subsystems haven't been integrated yet).Jelmer Vernooij1-1/+1
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-1/+1
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r18364: Get us closer to schema compliance. The corrent names for "secret"Andrew Bartlett1-10/+10
and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2007-10-10r18362: Make LookupSids map onto LookupSids2, as they both take a policyAndrew Bartlett1-16/+17
handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2007-10-10r18361: Invert the way we handle LookupSids2/LookupSids3 and ↵Andrew Bartlett1-36/+85
LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2007-10-10r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries,Andrew Bartlett1-2/+2
which has been recently fixed to cope with NULL pointers (fix segfault on Solaris). Andrew Bartlett (This used to be commit ce36069765e8dff3bbdabed5d50af1c7a8fa8e45)
2007-10-10r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUPAndrew Bartlett1-0/+236
is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2007-10-10r17956: LSA Cleanup!Andrew Bartlett1-70/+325
This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-2/+4
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-5/+5
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett1-3/+4
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-5/+5
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-48/+149
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16236: Add a proper baseDN to a large number of queries. Searching the NULLAndrew Bartlett1-1/+2
baseDN won't work once the partitions module is loaded. Andrew Bartlett (This used to be commit c4ab9e8a754ca4a23a47f38a2344df305b4a351d)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15319: remove unneeded macrosStefan Metzmacher1-4/+4
metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2007-10-10r14964: - move sidmap code from ntvfs_common to SAMDBStefan Metzmacher1-2/+0
- make ntvfs_common a library - create sys_notify library metze (This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15)