summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s4-privs Fix enum privileges in LSARPC serverAndrew Bartlett1-1/+1
We were returning the index, not the LUID value Andrew Bartlett
2010-09-11s4-privs Seperate rights and privilegesAndrew Bartlett1-37/+49
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett
2010-09-11s4-lsa: privilege IDs should use the enum, not an intAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵Andrew Bartlett1-1/+1
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.Andrew Bartlett1-5/+5
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s4-privs Add a lookup by index of privilagesAndrew Bartlett1-3/+3
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-25s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.Günther Deschner1-42/+12
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
2010-08-23s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett1-1/+1
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-18s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett1-1/+1
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-17s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messagesAndrew Tridgell1-4/+4
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-07s4:rpc_server/lsa: better include a .h file don't include a .c fileStefan Metzmacher1-1/+2
This fixes the build with --nonshared-binary=smbtorture, as use by the source3/ make test. metze
2010-08-07s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objectsMatthias Dieter Wallnöfer1-3/+3
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell3-10/+10
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-06s4:rpc_server/lsa/dcesrv_lsa.c - fix typoSumit Bose1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-28s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"Matthias Dieter Wallnöfer1-3/+6
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code
2010-06-26s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable codeMatthias Dieter Wallnöfer1-2/+0
2010-06-26s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDsMatthias Dieter Wallnöfer1-3/+4
To suppress warnings on Solaris 10
2010-06-20s4:lsa_lookup.c - fix type argumentMatthias Dieter Wallnöfer1-1/+1
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-10/+3
2010-04-22s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER levelAndrew Tridgell1-5/+5
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22s4-drs: Use new samdb_rodc() function in s4 codeFernando J V da Silva1-1/+3
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22s4-drs: samdb_is_rodc() function and new samdb_rodc() functionFernando J V da Silva1-1/+3
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer1-2/+2
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-04-12s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functionsMatthias Dieter Wallnöfer1-1/+1
Purely cosmetic change.
2010-03-30s4:lsa implement lsaRSetForestTrustInformationSimo Sorce1-5/+549
2010-03-22s4:lsa Functions to set Domain Trust InformationSimo Sorce1-7/+592
2010-03-22s4:lsa move code to add trusted domain user into its own functionSimo Sorce1-72/+101
2010-03-22s4:lsa Abstract crypto (un)wrapping in separate functionsSimo Sorce1-81/+89
2010-03-16s4-lsa: fix dcesrv_lsa_lsaRSetForestTrustInformation server stub.Günther Deschner1-3/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-06s4:lsa RPC - fix up "gendb_*" result codesMatthias Dieter Wallnöfer2-33/+34
Make the resultcodes consistent: that means: result < 0 -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical error result >= 0 -> depends on the function usage. I tried to let the logic always as it was before.
2010-03-06s4:lsa RPC - Change some counters to be "unsigned" where neededMatthias Dieter Wallnöfer2-21/+24
The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects.
2010-02-24s4:lsa use the correct way to store a domain sidSimo Sorce1-7/+5
Converting the sid to a string and then storing a string does not save the sid in the right format. Causing following retrievals to fail to read back a sid with samdb_result_dom_sid().
2010-02-24s4:lsa avoid confusing ourselves over sam_ldbSimo Sorce1-39/+41
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable.
2010-02-24s4:lsa cleanup trailing spaces and tabsSimo Sorce1-35/+35
2010-02-19s4:lsa open trusted domain also with dns nameSimo Sorce1-3/+7
When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available.
2010-02-19remove trailing tabs and spacesSimo Sorce1-9/+9
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell1-1/+1
This allows for controls to be added easily where they are needed.
2010-02-14s4:dcesrv_lsa.c - remove a superfluous empty lineMatthias Dieter Wallnöfer1-1/+0
One empty line is enough for code part divisions.
2010-02-13s4-rpcserver: use TYPESAFE_QSORT() in rpc serversAndrew Tridgell1-4/+3
2009-11-21s4:lsa RPC - Fix type of variable "atype"Matthias Dieter Wallnöfer1-1/+2
This is an unsigned 32bit integer.
2009-11-21s4:lsa RPC - Use more LDB constantsMatthias Dieter Wallnöfer1-16/+16
And fix an obvious bug (call of "samdb_msg_add_delete")
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-2/+2
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-22s4-lsa: fixed breakage of lsa serverAndrew Tridgell1-0/+1
2009-10-22s4-lsa: fixed the lsa server to cope with the new tests from gdAndrew Tridgell1-12/+33
2009-10-21s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-20s4: ran minimal_includes.pl on source4/rpc_serverAndrew Tridgell1-1/+0
2009-10-17s4-lsasrv: make sure only admins can alter privilegesAndrew Tridgell1-0/+6
2009-10-17s4-privileges: moved privileges to private/privilege.ldbAndrew Tridgell3-32/+45
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database
2009-09-22s4-lsa: added support for QuerySecurity on LSAAndrew Tridgell1-2/+85
This follows the sd pattern from samba3
2009-09-19more include minimisationAndrew Tridgell1-2/+0