summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa/dcesrv_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2012-07-06s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for npAndreas Schneider1-0/+10
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett1-2/+2
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-05-23auth and s4-rpc_server: Do not use features we currently can't implement ↵Simo Sorce1-0/+6
with MIT Kerbros build
2012-04-20Move kdc_get_policy helper in the lsa server where it belongs.Simo Sorce1-1/+25
This was used in only 2 places, db-glue.c and the lsa server. In db-glue.c it is awkward though, as it forces to use an unconvenient lsa structure and conversions from time_t to nt_time only to have nt_times converted back to time_t for actual use. This is silly. Also the kdc-policy file was a single funciton library, that's just ridiculous. The loadparm helper is all we need to keep the values consistent, and if we ever end up doing something with group policies we will care about it when it's the time. the code would have to change quite a lot anyway. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
2012-01-26s4-rpc_server: Fix search for existing trust to actually look for the dns nameAndrew Bartlett1-1/+1
Found by a eagle-eyed user. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett1-3/+19
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-12-12s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest testAndrew Bartlett1-14/+17
This allows us to move this test to knownfail from skip
2011-10-04s4-lsa: fixed set of trust password with old passwordAndrew Tridgell1-14/+13
the calculation of add_incoming and add_outgoing was not correct when a trust was already in place Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-15s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with ↵Günther Deschner1-15/+16
unencrypted auth info. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
2011-07-15lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, notGünther Deschner1-1/+6
lsa_TrustDomainInfoAuthInfoInternal. Guenther
2011-07-15lsa: rename auth info argument in lsa_CreateTrustedDomainEx2Günther Deschner1-3/+3
Guenther
2011-06-24s4-lsa: Fix typoSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jun 24 16:19:36 CEST 2011 on sn-devel-104
2011-05-21s4:lsa RPC server - handle LDB flags as "unsigned"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Metze
2011-04-04s4-rpc: improved error mapping for several RPC server callsAndrew Tridgell1-2/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-01s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer1-6/+5
This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-2/+2
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2010-12-09s4-lsa Implement kerberos ticket life policyAndrew Bartlett1-6/+4
We now no longer print tickets with a potentially infinite life, and we report the same life over LSA as we use in the KDC. We should get this from group policy, but for now it's parametric smb.conf options. Andrew Bartlett
2010-12-06s4:fix some shadowed declaration warnings on Solaris by renaming the symbolsMatthias Dieter Wallnöfer1-1/+1
2010-12-03s3/s4:lsa.idl - QueryDomainInformationPolicy - the "unknown6" field is ↵Matthias Dieter Wallnöfer1-0/+1
called "reserved" MS-LSAD 3.1.1.1 - http://msdn.microsoft.com/en-us/library/cc234319(v=PROT.13).aspx
2010-12-03s4:lsa RPC server - always initialise "info" structuresMatthias Dieter Wallnöfer1-2/+2
This should help to fix bug #7769
2010-12-03s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of reworkMatthias Dieter Wallnöfer1-21/+35
- Added 'out of memory' checks - Added checks regarding return values - Switch to "ldb_msg_add_string" where possible Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104
2010-11-25s4:lsa RPC server / objectclass LDB module - fix the creation of trusted ↵Matthias Dieter Wallnöfer1-2/+2
domain objects Tridge pointed out that it is to dangerous to allow them to be created with SYSTEM permissions. The solution using the "untrusted" flag should be much more viable. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-24s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control ↵Matthias Dieter Wallnöfer1-2/+2
is specified This fits better than the RELAX one. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-10-16s4:dsdb - fix unsigned integer save problems using the "%u" specifierMatthias Dieter Wallnöfer1-12/+12
The issue here is that we have not yet first cast to int32_t explicitly, before we cast to an signed int to printf() into the %d or cast to a int64_t before we then cast to a long long to printf into a %lld. There are *no* unsigned integers in Active Directory LDAP, even the RID allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities. (See the schema, and the syntax definitions in schema_syntax.c). The failure has been detected by Matthieu Patou on the buildfarm host "tridge" due to a malformed "groupType" attribute. The solution is to use the "%d" specifier. Either to use it directly - or better (when possible) use the call "samdb_msg_add_uint" (which encapsulates it). This patch changes such problematic situations.
2010-10-15s4:lsa RPC server - use LDB result constantMatthias Dieter Wallnöfer1-1/+1
2010-10-15s4:dsdb - remove "samdb_msg_add_value"Matthias Dieter Wallnöfer1-7/+4
This can be substituted by "ldb_msg_add_value". Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer1-8/+7
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12s4-libcli/security Use seperate subsystem for session related functionsAndrew Bartlett1-0/+1
The merged I plan in this area require spliting security.h into two header files, a common header and a session.h for the remaining source4-specific code. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-2/+2
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-2/+2
2010-10-05s4:kdc - use "userAccountControl" always unsignedMatthias Dieter Wallnöfer1-1/+1
It doesn't change much but it's nicer to have it consistent.
2010-09-11s4-privs Fix enum privileges in LSARPC serverAndrew Bartlett1-1/+1
We were returning the index, not the LUID value Andrew Bartlett
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett1-37/+49
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11s4-lsa: privilege IDs should use the enum, not an intAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵Andrew Bartlett1-1/+1
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-5/+5
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett1-3/+3
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-25s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.Günther Deschner1-42/+12
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-1/+1
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-1/+1
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-4/+4
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-07s4:rpc_server/lsa: better include a .h file don't include a .c fileStefan Metzmacher1-1/+2
This fixes the build with --nonshared-binary=smbtorture, as use by the source3/ make test. metze
2010-08-07s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objectsMatthias Dieter Wallnöfer1-3/+3
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-6/+6
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-06s4:rpc_server/lsa/dcesrv_lsa.c - fix typoSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-28s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"Matthias Dieter Wallnöfer1-3/+6
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code
2010-06-26s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable codeMatthias Dieter Wallnöfer1-2/+0
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-10/+3
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-5/+5
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+3
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>