| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2010-04-22 | s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level | Andrew Tridgell | 1 | -5/+5 | |
| This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org> | |||||
| 2010-04-22 | s4-drs: Use new samdb_rodc() function in s4 code | Fernando J V da Silva | 1 | -1/+3 | |
| This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
| 2010-04-22 | s4-drs: samdb_is_rodc() function and new samdb_rodc() function | Fernando J V da Silva | 1 | -1/+3 | |
| This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
| 2010-03-30 | s4:lsa implement lsaRSetForestTrustInformation | Simo Sorce | 1 | -5/+549 | |
| 2010-03-22 | s4:lsa Functions to set Domain Trust Information | Simo Sorce | 1 | -7/+592 | |
| 2010-03-22 | s4:lsa move code to add trusted domain user into its own function | Simo Sorce | 1 | -72/+101 | |
| 2010-03-22 | s4:lsa Abstract crypto (un)wrapping in separate functions | Simo Sorce | 1 | -81/+89 | |
| 2010-03-16 | s4-lsa: fix dcesrv_lsa_lsaRSetForestTrustInformation server stub. | Günther Deschner | 1 | -3/+3 | |
| Guenther Signed-off-by: Günther Deschner <gd@samba.org> | |||||
| 2010-03-06 | s4:lsa RPC - fix up "gendb_*" result codes | Matthias Dieter Wallnöfer | 1 | -10/+10 | |
| Make the resultcodes consistent: that means: result < 0 -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical error result >= 0 -> depends on the function usage. I tried to let the logic always as it was before. | |||||
| 2010-03-06 | s4:lsa RPC - Change some counters to be "unsigned" where needed | Matthias Dieter Wallnöfer | 1 | -13/+16 | |
| The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects. | |||||
| 2010-02-24 | s4:lsa use the correct way to store a domain sid | Simo Sorce | 1 | -7/+5 | |
| Converting the sid to a string and then storing a string does not save the sid in the right format. Causing following retrievals to fail to read back a sid with samdb_result_dom_sid(). | |||||
| 2010-02-24 | s4:lsa avoid confusing ourselves over sam_ldb | Simo Sorce | 1 | -39/+41 | |
| Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable. | |||||
| 2010-02-24 | s4:lsa cleanup trailing spaces and tabs | Simo Sorce | 1 | -35/+35 | |
| 2010-02-19 | s4:lsa open trusted domain also with dns name | Simo Sorce | 1 | -3/+7 | |
| When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available. | |||||
| 2010-02-19 | remove trailing tabs and spaces | Simo Sorce | 1 | -9/+9 | |
| 2010-02-16 | s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags | Andrew Tridgell | 1 | -1/+1 | |
| This allows for controls to be added easily where they are needed. | |||||
| 2010-02-14 | s4:dcesrv_lsa.c - remove a superfluous empty line | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
| One empty line is enough for code part divisions. | |||||
| 2010-02-13 | s4-rpcserver: use TYPESAFE_QSORT() in rpc servers | Andrew Tridgell | 1 | -4/+3 | |
| 2009-11-21 | s4:lsa RPC - Use more LDB constants | Matthias Dieter Wallnöfer | 1 | -16/+16 | |
| And fix an obvious bug (call of "samdb_msg_add_delete") | |||||
| 2009-10-23 | s4-dsdb: create a static system_session context | Andrew Tridgell | 1 | -2/+2 | |
| This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap | |||||
| 2009-10-21 | s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop. | Günther Deschner | 1 | -0/+9 | |
| Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther | |||||
| 2009-10-17 | s4-lsasrv: make sure only admins can alter privileges | Andrew Tridgell | 1 | -0/+6 | |
| 2009-10-17 | s4-privileges: moved privileges to private/privilege.ldb | Andrew Tridgell | 1 | -32/+37 | |
| We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database | |||||
| 2009-09-22 | s4-lsa: added support for QuerySecurity on LSA | Andrew Tridgell | 1 | -2/+85 | |
| This follows the sd pattern from samba3 | |||||
| 2009-09-19 | more include minimisation | Andrew Tridgell | 1 | -2/+0 | |
| 2009-09-07 | s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret") | Matthias Dieter Wallnöfer | 1 | -10/+0 | |
| 2009-07-16 | lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL. | Günther Deschner | 1 | -1/+1 | |
| Guenther | |||||
| 2009-04-23 | Fix Coverity ID 628, Andrew B., please check! | Volker Lendecke | 1 | -1/+1 | |
| 2009-02-02 | s4:rpc_server/lsa: s/delete/del s/open/opn | Stefan Metzmacher | 1 | -30/+32 | |
| metze | |||||
| 2008-10-28 | s4: lsa-server: fix crash bugs related to [out,ref] ** changes | Stefan Metzmacher | 1 | -4/+4 | |
| metze | |||||
| 2008-10-28 | s4-lsa-server: remove merge leftover. | Günther Deschner | 1 | -1/+0 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_QueryInfoPolicy/{2} from s3 lsa idl. | Günther Deschner | 1 | -19/+18 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_QueryDomainInformationPolicy from s3 lsa idl. | Günther Deschner | 1 | -7/+10 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_QueryTrustedDomainInfoByName from s3 lsa idl. | Günther Deschner | 1 | -2/+2 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_QueryTrustedDomainInfo from s3 idl. | Günther Deschner | 1 | -14/+18 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_QueryTrustedDomainInfoBySid from s3 lsa idl. | Günther Deschner | 1 | -2/+2 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_LookupPrivName from s3 lsa idl. | Günther Deschner | 1 | -3/+7 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_EnumPrivsAccount from s3 lsa idl. | Günther Deschner | 1 | -13/+29 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_LookupPrivDisplayName from s3 lsa idl. | Günther Deschner | 1 | -5/+9 | |
| Guenther | |||||
| 2008-10-27 | s4-lsa: merge lsa_GetUserName from s3 lsa idl. | Günther Deschner | 1 | -11/+15 | |
| Guenther | |||||
| 2008-10-20 | Make the updated RPC-LSA pass against Win2008, and Samba4 to match | Andrew Bartlett | 1 | -0/+1 | |
| 2008-10-20 | LSA Patch for User Manager | Matthias Dieter Wallnöfer | 1 | -4/+37 | |
| New (major) patch ================= - Enhances the "lsa.idl" file in the sense that it adds more values to "PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls. - Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy* calls) to enable the "Audit" option in the "User Manager for Domains" (at least readable). - Adds to the "lsa.idl" file the system access mode flags needed for the calls "lsa_*SystemAccessAccount". - Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights" option in the "User Manager for Domains" (at least readable). - Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in one using "if"'s for a few separations. - Add a torture test for "lsa_GetSystemAccessAccount". - Some cosmetic-only changes (unifications) in output strings in the "LSA" torture test. The work has been done using the Microsoft WSPP docs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
| 2008-10-16 | Create a 'straight paper path' for UTF16 passwords. | Andrew Bartlett | 1 | -13/+8 | |
| This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett | |||||
| 2008-10-11 | Fix include paths to new location of libutil. | Jelmer Vernooij | 1 | -1/+1 | |
| 2008-10-06 | Store trusted domain passwords in the LSA server | Andrew Bartlett | 1 | -4/+64 | |
| 2008-10-03 | updated the LSA and NETLOGON servers with fixes resulting from the AD | Andrew Tridgell | 1 | -6/+51 | |
| plugfest in Redmond | |||||
| 2008-09-29 | Rework to match new trustDomainPasswords IDL | Andrew Bartlett | 1 | -5/+5 | |
| 2008-09-29 | Fix parsing of the trust passwords in LSA CreateTrustedDomainEx* | Andrew Bartlett | 1 | -4/+4 | |
| 2008-09-24 | Move source4/lib/crypto to lib/crypto. | Jelmer Vernooij | 1 | -1/+1 | |
| 2008-09-08 | Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008. | Andrew Bartlett | 1 | -51/+64 | |
| (This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1) | |||||
 |
index : samba | |
| Unnamed repository; edit this file 'description' to name the repository. | ben |
| summaryrefslogtreecommitdiff |