summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11291: Fix implementation of LookupNames4.Andrew Bartlett1-1/+9
Andrew Bartlett (This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
2007-10-10r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-sideAndrew Bartlett1-17/+32
implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2007-10-10r11122: Fix some talloc hierarchy errorsVolker Lendecke1-3/+3
(This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell1-1/+1
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-2/+1
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-28/+12
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10764: To match Win2k3 SP1, we need to set an anonymous user token forAndrew Bartlett1-1/+1
schannel connections. Test for Win2k3 SP1 behaviour in RPC-SCHANNEL. Andrew Bartlett (This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
2007-10-10r10373: Fix segfault in LookupSids.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit ddc3a1c79e80e12296c398c42110fc378fb80e00)
2007-10-10r9930: Use a single samdb_base_dn() function rather than lots of sillyAndrew Bartlett1-24/+17
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2007-10-10r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.Günther Deschner1-3/+3
Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
2007-10-10r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinkingJelmer Vernooij1-1/+1
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m! (This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-15/+7
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9392: Fix ldb_dn_compose to make build farm happySimo Sorce1-4/+1
Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-39/+54
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r9011: Remove more references to "name" as a netbios name, using theAndrew Bartlett1-1/+1
cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2007-10-10r8982: "name" is not the netbios name, but the RDN. Return the correctAndrew Bartlett1-13/+4
netbios domain name of the host, as well as the sid from the cache we fetched earlier. Andrew Bartlett (This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-27/+29
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-1/+1
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-2/+4
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8429: fix compiler warningsStefan Metzmacher1-3/+3
metze (This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell1-48/+20
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7582: Better way to have a fast path searching for a specific DN.Simo Sorce1-17/+14
Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-19/+19
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5585: LDB interfaces change:Simo Sorce1-59/+59
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-34/+34
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r5034: - added a type mapping function in pidl, so the type names in our IDLAndrew Tridgell1-2/+2
files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2007-10-10r4713: Add initial support for QueryTrustedDomainInfo on LSA.Andrew Bartlett1-6/+47
(more info levels to come) Andrew Bartlett (This used to be commit 175ae7599ee06d8856ffb8912c7fe4e68ebe5feb)
2007-10-10r4703: Add support for EnumTrustDomain, and expand the testsuite.Andrew Bartlett1-5/+81
Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2007-10-10r4698: - Initial implementation of trusted domains in LSA.Andrew Bartlett1-142/+378
- Use templates for Secrets and the new trusted domains - Auto-add modifiedTime, createdTime and objectGUID to records in the samdb layer. Andrew Bartlett (This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
2007-10-10r4695: Leave less memory handing around on long-term TALLOC_CTX.Andrew Bartlett1-19/+29
Add lsa_Delete() support for secrets. Andrew Bartlett (This used to be commit be4cd59f331c1ef38831ee874376d3cd073e2186)
2007-10-10r4694: 'fix' the behaviour for setting only the old, but not the new secret.Andrew Bartlett1-3/+43
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-) Andrew Bartlett (This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
2007-10-10r4682: A LDB-based secrets implementation in Samba4.Andrew Bartlett1-17/+466
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2007-10-10r4640: first stage in the server side support for multiple context_ids on ↵Andrew Tridgell1-28/+5
one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-2/+2
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4563: fixed lsa_EnumAccounts() server side to return all accounts that have ↵Andrew Tridgell1-1/+2
privileges, as volker discovered (This used to be commit 09edc31f3b92105dab585614553ba5e94ccdf588)
2007-10-10r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()Andrew Tridgell1-42/+138
(This used to be commit e535f84504b07a912c2f5dd6eca4c9893c1843db)
2007-10-10r4433: added the boilerplate for the new w2k3 LSA functions in preparationAndrew Tridgell1-0/+220
for adding LookupSids3 (needed for ACL editing from w2k3) (This used to be commit 745bbc0e1717c1e0068be00cff36071dbdc451a6)
2007-10-10r4416: [in,out] variables do have an r->out component...Volker Lendecke1-1/+1
Volker (This used to be commit 97247c902962b7c0ac69691ae8d7300321de41d5)
2007-10-10r4340: - simplify lsa_GetUserName() server code,Stefan Metzmacher1-29/+5
we don't need to do db lookups as we already known who the user is metze (This used to be commit cef0d1eb29c6c5d41591a5c0beaed1dc26961211)
2007-10-10r4323: - implement the lsa_GetUserName() server callStefan Metzmacher1-18/+106
- give lsa_lookup_sid() a chance with foreign SIDS returning NT_STATUS_NO_MEMORY makes no sense here as the ldb_msg_find_string() doesn't allocate the string metze (This used to be commit b43f34e87354c82a3392a0ba99b38b4c7185e47c)
2007-10-10r4283: adding a privilege that an account already has is not an errorAndrew Tridgell1-60/+90
(This used to be commit 2a4c562896aabe391d6f675433db2e519f0ce4b0)
2007-10-10r4280: added server side support for lsa_AddPrivilegesToAccount() and ↵Andrew Tridgell1-119/+203
lsa_RemovePrivilegesFromAccount() these are the last of the server side privileges functions. We should now have a complete privileges implementation. (This used to be commit 76db300232f5557377dca059d17ea3c28a0a425c)
2007-10-10r4278: - added server support for lsa_EnumPrivsAccount()Andrew Tridgell1-6/+52
(This used to be commit a80c82d2635fce42482982d904f265199a000e10)
2007-10-10r4277: - added server support for lsa_EnumAccounts()Andrew Tridgell1-1/+62
- expanded the lsa test suite to better test lsa_EnumAccounts() (This used to be commit bafdb1772977d98fd57bb31a328af7cb1deee788)
2007-10-10r4276: added server side support for lsa_OpenAccount()Andrew Tridgell1-2/+73
(This used to be commit 4716334502a245bc1ffafd3a8a00662cfbdf8ba8)
2007-10-10r4206: fixed a status code check in lsa_LookupNames2 that could cause a segvAndrew Tridgell1-3/+4
(This used to be commit 31ab04f790ff4349dbc8a24c07fa35e10b831baf)
2007-10-10r4202: added smbclient commands "addprivileges" and "delprivileges" forAndrew Tridgell1-0/+3
easily adding/removing privileges from users (This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)
2007-10-10r4199: - added server side code for lsa_RemoveAccountRights (sharing codeAndrew Tridgell1-18/+42
with lsa_AddAccountRights) (This used to be commit 9bd806b7a29afe9db98048be0f8035c75bf8e1c7)
2007-10-10r4198: - added server side code for lsa_AddAccountRightsAndrew Tridgell1-5/+63
(This used to be commit ba87142586672a1082200048e7d1ae865d266d6c)