Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-10-05 | s4:kdc - use "userAccountControl" always unsigned | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
It doesn't change much but it's nicer to have it consistent. | |||||
2010-09-11 | s4-privs Fix enum privileges in LSARPC server | Andrew Bartlett | 1 | -1/+1 | |
We were returning the index, not the LUID value Andrew Bartlett | |||||
2010-09-11 | s4-privs Seperate rights and privileges | Andrew Bartlett | 1 | -37/+49 | |
These are related, but slightly different concepts. The biggest difference is that rights are not enumerated as a system-wide list. This moves the rights to security.idl due to dependencies. Andrew Bartlett | |||||
2010-09-11 | s4-lsa: privilege IDs should use the enum, not an int | Andrew Tridgell | 1 | -1/+1 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-11 | libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on ↵ | Andrew Bartlett | 1 | -1/+1 | |
failure This is clearer and more consistent than using a magic -1 return Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure. | Andrew Bartlett | 1 | -5/+5 | |
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-11 | s4-privs Add a lookup by index of privilages | Andrew Bartlett | 1 | -3/+3 | |
Now that privileges are no longer given luid values sequentially, we need another way to look them up for enumeration. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-08-25 | s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support. | Günther Deschner | 1 | -42/+12 | |
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 1 | -1/+1 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 1 | -1/+1 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-17 | s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages | Andrew Tridgell | 1 | -4/+4 | |
The flags field of message elements is part of a set of flags. We had LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely being used (only 1 call used it correctly). This adds LDB_FLAG_MOD_MASK() to make it more obvious what is going on. This will allow us to use some of the other flags bits for internal markers on elements Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-07 | s4:rpc_server/lsa: better include a .h file don't include a .c file | Stefan Metzmacher | 1 | -1/+2 | |
This fixes the build with --nonshared-binary=smbtorture, as use by the source3/ make test. metze | |||||
2010-08-07 | s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objects | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
2010-07-16 | s4-loadparm: 2nd half of lp_ to lpcfg_ conversion | Andrew Tridgell | 3 | -10/+10 | |
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-06 | s4:rpc_server/lsa/dcesrv_lsa.c - fix typo | Sumit Bose | 1 | -1/+1 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-06-28 | s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject" | Matthias Dieter Wallnöfer | 1 | -3/+6 | |
- Return always "NT_STATUS_OK" on success - Remove "talloc_free"s on handles since the frees are automatically performed by the DCE/RPC server code | |||||
2010-06-26 | s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-06-26 | s4:lsa/lsa_lookup.c - use a better type for the "rtype" of the wellknown SIDs | Matthias Dieter Wallnöfer | 1 | -3/+4 | |
To suppress warnings on Solaris 10 | |||||
2010-06-20 | s4:lsa_lookup.c - fix type argument | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-18 | Finish removal of iconv_convenience in public API's. | Jelmer Vernooij | 1 | -10/+3 | |
2010-04-22 | s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level | Andrew Tridgell | 1 | -5/+5 | |
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org> | |||||
2010-04-22 | s4-drs: Use new samdb_rodc() function in s4 code | Fernando J V da Silva | 1 | -1/+3 | |
This patch fits the calling to the new samdb_rodc() function and fix a little bug in this function. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-04-22 | s4-drs: samdb_is_rodc() function and new samdb_rodc() function | Fernando J V da Silva | 1 | -1/+3 | |
This patch creates the samdb_is_rodc() function, which looks for the NTDSDSA object for a DC that has a specific invocationId and if msDS-isRODC is present on such object and it is TRUE, then consider the DC as a RODC. The new samdb_rodc() function uses the samdb_is_rodc() function for the local server. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-04-13 | Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions" | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library. | |||||
2010-04-12 | s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Purely cosmetic change. | |||||
2010-03-30 | s4:lsa implement lsaRSetForestTrustInformation | Simo Sorce | 1 | -5/+549 | |
2010-03-22 | s4:lsa Functions to set Domain Trust Information | Simo Sorce | 1 | -7/+592 | |
2010-03-22 | s4:lsa move code to add trusted domain user into its own function | Simo Sorce | 1 | -72/+101 | |
2010-03-22 | s4:lsa Abstract crypto (un)wrapping in separate functions | Simo Sorce | 1 | -81/+89 | |
2010-03-16 | s4-lsa: fix dcesrv_lsa_lsaRSetForestTrustInformation server stub. | Günther Deschner | 1 | -3/+3 | |
Guenther Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-06 | s4:lsa RPC - fix up "gendb_*" result codes | Matthias Dieter Wallnöfer | 2 | -33/+34 | |
Make the resultcodes consistent: that means: result < 0 -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical error result >= 0 -> depends on the function usage. I tried to let the logic always as it was before. | |||||
2010-03-06 | s4:lsa RPC - Change some counters to be "unsigned" where needed | Matthias Dieter Wallnöfer | 2 | -21/+24 | |
The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects. | |||||
2010-02-24 | s4:lsa use the correct way to store a domain sid | Simo Sorce | 1 | -7/+5 | |
Converting the sid to a string and then storing a string does not save the sid in the right format. Causing following retrievals to fail to read back a sid with samdb_result_dom_sid(). | |||||
2010-02-24 | s4:lsa avoid confusing ourselves over sam_ldb | Simo Sorce | 1 | -39/+41 | |
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb interchangeably all over the place. Just use sam_ldb everywhere and make the code slightly more readable. | |||||
2010-02-24 | s4:lsa cleanup trailing spaces and tabs | Simo Sorce | 1 | -35/+35 | |
2010-02-19 | s4:lsa open trusted domain also with dns name | Simo Sorce | 1 | -3/+7 | |
When searching for a trusted domain object to open, search also the DNS Name attributes for a match. W2K8R2 uses the DNS domain if available. | |||||
2010-02-19 | remove trailing tabs and spaces | Simo Sorce | 1 | -9/+9 | |
2010-02-16 | s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags | Andrew Tridgell | 1 | -1/+1 | |
This allows for controls to be added easily where they are needed. | |||||
2010-02-14 | s4:dcesrv_lsa.c - remove a superfluous empty line | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
One empty line is enough for code part divisions. | |||||
2010-02-13 | s4-rpcserver: use TYPESAFE_QSORT() in rpc servers | Andrew Tridgell | 1 | -4/+3 | |
2009-11-21 | s4:lsa RPC - Fix type of variable "atype" | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
This is an unsigned 32bit integer. | |||||
2009-11-21 | s4:lsa RPC - Use more LDB constants | Matthias Dieter Wallnöfer | 1 | -16/+16 | |
And fix an obvious bug (call of "samdb_msg_add_delete") | |||||
2009-10-23 | s4-dsdb: create a static system_session context | Andrew Tridgell | 1 | -2/+2 | |
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap | |||||
2009-10-22 | s4-lsa: fixed breakage of lsa server | Andrew Tridgell | 1 | -0/+1 | |
2009-10-22 | s4-lsa: fixed the lsa server to cope with the new tests from gd | Andrew Tridgell | 1 | -12/+33 | |
2009-10-21 | s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop. | Günther Deschner | 1 | -0/+9 | |
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther | |||||
2009-10-20 | s4: ran minimal_includes.pl on source4/rpc_server | Andrew Tridgell | 1 | -1/+0 | |
2009-10-17 | s4-lsasrv: make sure only admins can alter privileges | Andrew Tridgell | 1 | -0/+6 | |
2009-10-17 | s4-privileges: moved privileges to private/privilege.ldb | Andrew Tridgell | 3 | -32/+45 | |
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database | |||||
2009-09-22 | s4-lsa: added support for QuerySecurity on LSA | Andrew Tridgell | 1 | -2/+85 | |
This follows the sd pattern from samba3 |