summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2008-10-20Make the updated RPC-LSA pass against Win2008, and Samba4 to matchAndrew Bartlett1-0/+1
2008-10-20LSA Patch for User ManagerMatthias Dieter Wallnöfer1-4/+37
New (major) patch ================= - Enhances the "lsa.idl" file in the sense that it adds more values to "PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls. - Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy* calls) to enable the "Audit" option in the "User Manager for Domains" (at least readable). - Adds to the "lsa.idl" file the system access mode flags needed for the calls "lsa_*SystemAccessAccount". - Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights" option in the "User Manager for Domains" (at least readable). - Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in one using "if"'s for a few separations. - Add a torture test for "lsa_GetSystemAccessAccount". - Some cosmetic-only changes (unifications) in output strings in the "LSA" torture test. The work has been done using the Microsoft WSPP docs. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-13/+8
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij2-2/+2
2008-10-06Store trusted domain passwords in the LSA serverAndrew Bartlett1-4/+64
2008-10-03updated the LSA and NETLOGON servers with fixes resulting from the ADAndrew Tridgell2-14/+75
plugfest in Redmond
2008-09-30fixed a number of places in our LSA server where we should return theAndrew Tridgell1-11/+13
sid/name array even when all are unmapped. If we don't fill in the array then the windows client runtime crashes
2008-09-30Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell1-9/+9
2008-09-30check call status not rpc fault code when calling to different levelsAndrew Tridgell1-4/+4
of calls
2008-09-30cope with NULL attrAndrew Tridgell1-1/+3
2008-09-29Rework to match new trustDomainPasswords IDLAndrew Bartlett1-5/+5
2008-09-29Fix parsing of the trust passwords in LSA CreateTrustedDomainEx*Andrew Bartlett1-4/+4
2008-09-29WSPP docs say we need to check that root_dir is NULLAndrew Tridgell1-0/+6
2008-09-29we need to return NT_STATUS_INVALID_PARAMETER for bad levels inAndrew Tridgell1-0/+5
lsalookupnames2
2008-09-29unmapped SIDs should be rid 0 not rid -1Andrew Tridgell1-1/+4
2008-09-29added some more well known SIDs - thanks to the WSPP LSAT test suiteAndrew Tridgell1-1/+42
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-5/+4
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-08Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.Andrew Bartlett1-51/+64
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
2008-09-08More work towards trusted domains support in Samba4's LSAAndrew Bartlett1-50/+323
Make 'lsar_CreateTrustedDomain' consistant with lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle Implement LSA server logic to create the cn=users trust account for incoming trusts. Andrew Bartlett (This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
2008-09-01Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.Andrew Bartlett1-0/+6
Also check we get the defaults correct with a query in the torture suite. Andrew Bartlett (This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
2008-08-26More LSA server and testuite work.Andrew Bartlett1-1/+38
- Implement QueryDomainInformationPolicy in Samba4 - Allow RPC-LSA to pass against Windows 2008 (which does not allow the Audit privilage to be removed) Andrew Bartlett (This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
2008-08-26Implement matching logic to Windows 2008 on handling of secrets.Andrew Bartlett1-16/+8
This is enforced by the new RPC-LSA test. Andrew Bartlett (This used to be commit da200ac64485fd9531b1aa048570c682b680b012)
2008-08-26Fix LSA server to pass more of RPC-LSA and match Windows 2008Andrew Bartlett1-17/+32
This fixes some info levels in the QueryTrustedDomainInfo call, and changes from implementing lsa_Delete to lsa_DeleteObject (which has an explicit close and reutrns a NULL handle). Andrew Bartlett (This used to be commit 1f12c368b2566b378a6c521c389b8b1bafbcf916)
2008-07-21Remove bogus test in 'enum trusted domains' LSA server.Andrew Bartlett1-6/+0
The change to the RPC-LSA test proves that when the remote server has 0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not NT_STATUS_OK. Andrew Bartlett (This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b)
2008-06-14Make up the right dependencies now that ldb depends on libeventsSimo Sorce1-2/+2
(This used to be commit 3b8eec7ca334528cad3cdcd5e3fc5ee555d8d0e0)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij2-8/+9
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-02rpc_server: Remove references to sidmap from the lsa pipe code.Kai Blin3-9/+2
(This used to be commit 25cbb1b76720a271984ad5c023e45476094562f1)
2008-03-20More kludge ACLs!Andrew Bartlett1-1/+47
Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2008-03-13Show why a LookupName fails (help debugging)Andrew Bartlett2-3/+21
Andrew Bartlett (This used to be commit 9bfc4757887ceabb4c621d62c140515794679250)
2007-12-21r26319: Split encoding functions out of libcli_ldap.Jelmer Vernooij2-1/+2
(This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-7/+10
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26296: Store loadparm context in DCE/RPC server context.Jelmer Vernooij2-9/+9
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21r26234: More global_loadparm fixes.Jelmer Vernooij1-1/+1
(This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
2007-12-21r26228: Store loadparm context in auth context, move more loadparm_contexts ↵Jelmer Vernooij1-1/+1
up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-1/+1
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26205: Pass loadparm_context to secrets_db_connect() rather than using ↵Jelmer Vernooij1-2/+4
global context. (This used to be commit 5718b6cfee86ddfc9cf405c98c68ba848df4d9d7)
2007-12-21r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were justAndrew Bartlett1-5/+6
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on all entries as 'replace'. Andrew Bartlett (This used to be commit 09c0faa5b7e1a560bf13b99a2584012a47377bb6)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij2-1/+2
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-5/+5
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-4/+4
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25196: Thanks to id10ts on IRC for finding some typos in my well-known namesAndrew Bartlett1-2/+2
patch. Andrew Bartlett (This used to be commit 99e013207e4a10a97fe3b37eb901bc33805731a9)
2007-10-10r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, withAndrew Bartlett4-844/+1251
a new torture suite to match. This should fix bug #4954 by Matthias Wallnöfer <mwallnoefer@yahoo.de> Previously we had no knowlege of BUILTIN or well-known names. This code needs expansion to check with winbind for trusted domains. Andrew Bartlett (This used to be commit e6fc0e1f54ad64bdddc88e9ebd0d8d181b6ce26a)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24987: Clarify error conditions in secrets handling, before I add ACLs toAndrew Bartlett1-3/+3
secrets.ldb Andrew Bartlett (This used to be commit 17a61bd5690f60d762b9c7171f1269fe1a311bab)
2007-10-10r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit)Andrew Bartlett1-1/+1
and improve error strings returned from samdb.c Andrew Bartlett (This used to be commit a42d0eb531e663304bea840d614b2f91f95dd818)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23382: Fill in lsa_lsaRQueryForestTrustInformation.Günther Deschner1-3/+3
Guenther (This used to be commit 54fa6d453c628039e5ec9053b0693229efdbe011)
2007-10-10r21518: fix panic, sorry...Stefan Metzmacher1-1/+1
metze (This used to be commit 3c786eb6bdb3289a237d231e75092a8b3ca56197)
2007-10-10r21499: fill in the correct forest dns nameStefan Metzmacher1-2/+35
metze (This used to be commit c736543b15571a7c0080ba09e51b9bcf76ecda52)