summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7582: Better way to have a fast path searching for a specific DN.Simo Sorce1-17/+14
Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-19/+19
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5585: LDB interfaces change:Simo Sorce1-59/+59
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-34/+34
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r5034: - added a type mapping function in pidl, so the type names in our IDLAndrew Tridgell1-2/+2
files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2007-10-10r4713: Add initial support for QueryTrustedDomainInfo on LSA.Andrew Bartlett1-6/+47
(more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2007-10-10r4703: Add support for EnumTrustDomain, and expand the testsuite.Andrew Bartlett1-5/+81
Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2007-10-10r4698: - Initial implementation of trusted domains in LSA.Andrew Bartlett1-142/+378
- Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2007-10-10r4695: Leave less memory handing around on long-term TALLOC_CTX.Andrew Bartlett1-19/+29
Add lsa_Delete() support for secrets. Andrew Bartlett (This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
2007-10-10r4694: 'fix' the behaviour for setting only the old, but not the new secret.Andrew Bartlett1-3/+43
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2007-10-10r4682: A LDB-based secrets implementation in Samba4.Andrew Bartlett1-17/+466
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2007-10-10r4640: first stage in the server side support for multiple context_ids on ↵Andrew Tridgell1-28/+5
one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-2/+2
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4563: fixed lsa_EnumAccounts() server side to return all accounts that have ↵Andrew Tridgell1-1/+2
privileges, as volker discovered (This used to be commit 09edc31f3b92105dab585614553ba5e94ccdf588)
2007-10-10r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()Andrew Tridgell1-42/+138
(This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2007-10-10r4433: added the boilerplate for the new w2k3 LSA functions in preparationAndrew Tridgell1-0/+220
for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2007-10-10r4416: [in,out] variables do have an r->out component...Volker Lendecke1-1/+1
Volker (This used to be commit 97247c902962b7c0ac69691ae8d7300321de41d5)
2007-10-10r4340: - simplify lsa_GetUserName() server code,Stefan Metzmacher1-29/+5
we don't need to do db lookups as we already known who the user is metze (This used to be commit cef0d1eb29c6c5d41591a5c0beaed1dc26961211)
2007-10-10r4323: - implement the lsa_GetUserName() server callStefan Metzmacher1-18/+106
- give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2007-10-10r4283: adding a privilege that an account already has is not an errorAndrew Tridgell1-60/+90
(This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2007-10-10r4280: added server side support for lsa_AddPrivilegesToAccount() and ↵Andrew Tridgell1-119/+203
lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2007-10-10r4278: - added server support for lsa_EnumPrivsAccount()Andrew Tridgell1-6/+52
(This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2007-10-10r4277: - added server support for lsa_EnumAccounts()Andrew Tridgell1-1/+62
- expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2007-10-10r4276: added server side support for lsa_OpenAccount()Andrew Tridgell1-2/+73
(This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2007-10-10r4206: fixed a status code check in lsa_LookupNames2 that could cause a segvAndrew Tridgell1-3/+4
(This used to be commit 31ab04f790ff4349dbc8a24c07fa35e10b831baf)
2007-10-10r4202: added smbclient commands "addprivileges" and "delprivileges" forAndrew Tridgell1-0/+3
easily adding/removing privileges from users (This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)
2007-10-10r4199: - added server side code for lsa_RemoveAccountRights (sharing codeAndrew Tridgell1-18/+42
with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2007-10-10r4198: - added server side code for lsa_AddAccountRightsAndrew Tridgell1-5/+63
(This used to be commit ba87142586672a1082200048e7d1ae865d266d6c)
2007-10-10r4196: - added server side code for lsa_LookupPrivDisplayNameAndrew Tridgell1-4/+51
- added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2007-10-10r4195: added IDL, test suite and server side code for lsa_LookupPrivValueAndrew Tridgell1-7/+25
(This used to be commit 7bddd4740332017bb5f4bddcc9ba0234d05378bd)
2007-10-10r4194: added server side implementation of lsa_EnumPrivsAndrew Tridgell1-1/+34
(This used to be commit 710732033261f6355893b94b43e6c532baa105e0)
2007-10-10r4193: added server side implementation of lsa_EnumAccountsWithUserRightAndrew Tridgell1-7/+48
(This used to be commit 5088a6cbf70fe6eff94f07e2f5874525539c46fa)
2007-10-10r4192: added server side implementation of lsa_EnumAccountRightsAndrew Tridgell1-3/+47
the "privilege" command in smbclient now works against Samba4 (This used to be commit 8a3f2650500e11d1d38d76421f8373e5088d2dc5)
2007-10-10r4012: split out the lsa lookup single name logic into a separate functionAndrew Tridgell1-24/+34
(This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)
2007-10-10r3994: - removed the unused reference count code in lsa serverAndrew Tridgell1-37/+39
- fixed the sid_index field in lsa LookupSids and LookupNames (This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)
2007-10-10r3992: provide hooks for lsa to lookup sids allocated using the linear ↵Andrew Tridgell1-17/+43
id->sid mapping (This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
2007-10-10r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2()Andrew Tridgell1-36/+179
(This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)
2007-10-10r3979: added server side code for lsa_LookupSids2() and fixed authority_nameAndrew Tridgell1-33/+110
return code to include our own domain. editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes (This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)
2007-10-10r3917: A few more LSA RPCs found in my wanderings (for trusted domains, theseAndrew Bartlett1-6/+6
seem to be 'shortcut' RPCs, that just avoid an open/query pair). Rename a few others to give us a slightly sensible pattern. Andrew Bartlett (This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
2007-10-10r3907: * Rename lsa_Name to lsa_StringAndrew Bartlett1-17/+17
* Add new IDL to LSA, to query information about trusted domains (for cross-check with SamSync). Andrew Bartlett (This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
2007-10-10r3904: * Add new LSA calls to open trusted domainsAndrew Bartlett1-2/+2
* Add new tests for ACCOUNTs in SamSync * Clean up names in NETLOGON and LSA * Verify Security Descriptors against LSA, as well as SamR Andrew Bartlett (This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)
2007-10-10r3837: added support for LsaLookupSids in the LSA rpc server. This allows ↵Andrew Tridgell1-2/+124
the GUI ACL editor on w2k to correctly display names instead of SIDs. (This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
2007-10-10r3468: split out dcerpc_server.hAndrew Tridgell1-0/+1
(This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell1-0/+1
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r2635: mem_ctx cleanups on the lsa and netlogon pipes in the rpc serverAndrew Tridgell1-15/+7
(This used to be commit 1ee5ed4197f49f12372835f66160801f19ee35a6)
2007-10-10r2051: switched the samdb over to using the new destructor and referenceAndrew Tridgell1-3/+1
count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2007-10-10r1814: Fix the build.Volker Lendecke1-63/+192
Tridge, in rpc_epmapper.c there's a whole bunch of "return NT_STATUS_NOT_IMPLEMENTED". You told me that's wrong, you should generate the correct fault pdu. Or is epmapper special in that respect? Volker (This used to be commit 48df39c133cd08f1eb8007c7986a675f129d0cae)
2007-10-10r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and serverAndrew Tridgell1-26/+72
- added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2007-10-10r917: - added the start of a LSA server to samba4.Andrew Tridgell1-0/+646
- added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)