summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa/dcesrv_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2010-02-24s4:lsa use the correct way to store a domain sidSimo Sorce1-7/+5
Converting the sid to a string and then storing a string does not save the sid in the right format. Causing following retrievals to fail to read back a sid with samdb_result_dom_sid().
2010-02-24s4:lsa avoid confusing ourselves over sam_ldbSimo Sorce1-39/+41
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable.
2010-02-24s4:lsa cleanup trailing spaces and tabsSimo Sorce1-35/+35
2010-02-19s4:lsa open trusted domain also with dns nameSimo Sorce1-3/+7
When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available.
2010-02-19remove trailing tabs and spacesSimo Sorce1-9/+9
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell1-1/+1
This allows for controls to be added easily where they are needed.
2010-02-14s4:dcesrv_lsa.c - remove a superfluous empty lineMatthias Dieter Wallnöfer1-1/+0
One empty line is enough for code part divisions.
2010-02-13s4-rpcserver: use TYPESAFE_QSORT() in rpc serversAndrew Tridgell1-4/+3
2009-11-21s4:lsa RPC - Use more LDB constantsMatthias Dieter Wallnöfer1-16/+16
And fix an obvious bug (call of "samdb_msg_add_delete")
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-2/+2
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-21s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-17s4-lsasrv: make sure only admins can alter privilegesAndrew Tridgell1-0/+6
2009-10-17s4-privileges: moved privileges to private/privilege.ldbAndrew Tridgell1-32/+37
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database
2009-09-22s4-lsa: added support for QuerySecurity on LSAAndrew Tridgell1-2/+85
This follows the sd pattern from samba3
2009-09-19more include minimisationAndrew Tridgell1-2/+0
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-10/+0
2009-07-16lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL.Günther Deschner1-1/+1
Guenther
2009-04-23Fix Coverity ID 628, Andrew B., please check!Volker Lendecke1-1/+1
2009-02-02s4:rpc_server/lsa: s/delete/del s/open/opnStefan Metzmacher1-30/+32
metze
2008-10-28s4: lsa-server: fix crash bugs related to [out,ref] ** changesStefan Metzmacher1-4/+4
metze
2008-10-28s4-lsa-server: remove merge leftover.Günther Deschner1-1/+0
Guenther
2008-10-27s4-lsa: merge lsa_QueryInfoPolicy/{2} from s3 lsa idl.Günther Deschner1-19/+18
Guenther
2008-10-27s4-lsa: merge lsa_QueryDomainInformationPolicy from s3 lsa idl.Günther Deschner1-7/+10
Guenther
2008-10-27s4-lsa: merge lsa_QueryTrustedDomainInfoByName from s3 lsa idl.Günther Deschner1-2/+2
Guenther
2008-10-27s4-lsa: merge lsa_QueryTrustedDomainInfo from s3 idl.Günther Deschner1-14/+18
Guenther
2008-10-27s4-lsa: merge lsa_QueryTrustedDomainInfoBySid from s3 lsa idl.Günther Deschner1-2/+2
Guenther
2008-10-27s4-lsa: merge lsa_LookupPrivName from s3 lsa idl.Günther Deschner1-3/+7
Guenther
2008-10-27s4-lsa: merge lsa_EnumPrivsAccount from s3 lsa idl.Günther Deschner1-13/+29
Guenther
2008-10-27s4-lsa: merge lsa_LookupPrivDisplayName from s3 lsa idl.Günther Deschner1-5/+9
Guenther
2008-10-27s4-lsa: merge lsa_GetUserName from s3 lsa idl.Günther Deschner1-11/+15
Guenther
2008-10-20Make the updated RPC-LSA pass against Win2008, and Samba4 to matchAndrew Bartlett1-0/+1
2008-10-20LSA Patch for User ManagerMatthias Dieter Wallnöfer1-4/+37
New (major) patch ================= - Enhances the "lsa.idl" file in the sense that it adds more values to "PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls. - Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy* calls) to enable the "Audit" option in the "User Manager for Domains" (at least readable). - Adds to the "lsa.idl" file the system access mode flags needed for the calls "lsa_*SystemAccessAccount". - Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights" option in the "User Manager for Domains" (at least readable). - Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in one using "if"'s for a few separations. - Add a torture test for "lsa_GetSystemAccessAccount". - Some cosmetic-only changes (unifications) in output strings in the "LSA" torture test. The work has been done using the Microsoft WSPP docs. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-13/+8
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-10-06Store trusted domain passwords in the LSA serverAndrew Bartlett1-4/+64
2008-10-03updated the LSA and NETLOGON servers with fixes resulting from the ADAndrew Tridgell1-6/+51
plugfest in Redmond
2008-09-29Rework to match new trustDomainPasswords IDLAndrew Bartlett1-5/+5
2008-09-29Fix parsing of the trust passwords in LSA CreateTrustedDomainEx*Andrew Bartlett1-4/+4
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-08Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.Andrew Bartlett1-51/+64
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
2008-09-08More work towards trusted domains support in Samba4's LSAAndrew Bartlett1-50/+323
Make 'lsar_CreateTrustedDomain' consistant with lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle Implement LSA server logic to create the cn=users trust account for incoming trusts. Andrew Bartlett (This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
2008-09-01Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.Andrew Bartlett1-0/+6
Also check we get the defaults correct with a query in the torture suite. Andrew Bartlett (This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
2008-08-26More LSA server and testuite work.Andrew Bartlett1-1/+38
- Implement QueryDomainInformationPolicy in Samba4 - Allow RPC-LSA to pass against Windows 2008 (which does not allow the Audit privilage to be removed) Andrew Bartlett (This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
2008-08-26Implement matching logic to Windows 2008 on handling of secrets.Andrew Bartlett1-16/+8
This is enforced by the new RPC-LSA test. Andrew Bartlett (This used to be commit da200ac64485fd9531b1aa048570c682b680b012)
2008-08-26Fix LSA server to pass more of RPC-LSA and match Windows 2008Andrew Bartlett1-17/+32
This fixes some info levels in the QueryTrustedDomainInfo call, and changes from implementing lsa_Delete to lsa_DeleteObject (which has an explicit close and reutrns a NULL handle). Andrew Bartlett (This used to be commit 1f12c368b2566b378a6c521c389b8b1bafbcf916)
2008-07-21Remove bogus test in 'enum trusted domains' LSA server.Andrew Bartlett1-6/+0
The change to the RPC-LSA test proves that when the remote server has 0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not NT_STATUS_OK. Andrew Bartlett (This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-2/+2
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-03-20More kludge ACLs!Andrew Bartlett1-1/+47
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2008-03-13Show why a LookupName fails (help debugging)Andrew Bartlett1-3/+20
Andrew Bartlett (This used to be commit 9bfc4757887ceabb4c621d62c140515794679250)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij1-0/+1
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
generated by cgit (git 2.34.1) at 2024-07-26 02:46:48 +0000