summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij1-138/+138
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r20354: Trusted domains don't have a surname, I think we want 'cn' here.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit 05debeaced7296762b293cc804a71abcfb096066)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-9/+10
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r20034: Start using ldb_search_exp_fmt()Simo Sorce1-10/+8
(This used to be commit 4f07542143ddf5066f0360d965f26a8470504047)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-10/+10
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-14/+12
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19682: Fix comments.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 4c349f44f8a018e1ad6ed8e92c5083abc4979324)
2007-10-10r19573: Move secrets.o into param/ (subsystems haven't been integrated yet).Jelmer Vernooij1-1/+1
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-1/+1
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r18364: Get us closer to schema compliance. The corrent names for "secret"Andrew Bartlett1-10/+10
and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2007-10-10r18362: Make LookupSids map onto LookupSids2, as they both take a policyAndrew Bartlett1-16/+17
handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2007-10-10r18361: Invert the way we handle LookupSids2/LookupSids3 and ↵Andrew Bartlett1-36/+85
LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2007-10-10r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries,Andrew Bartlett1-2/+2
which has been recently fixed to cope with NULL pointers (fix segfault on Solaris). Andrew Bartlett (This used to be commit ce36069765e8dff3bbdabed5d50af1c7a8fa8e45)
2007-10-10r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUPAndrew Bartlett1-0/+236
is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2007-10-10r17956: LSA Cleanup!Andrew Bartlett1-70/+325
This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-2/+4
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-5/+5
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett1-3/+4
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-5/+5
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-48/+149
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16236: Add a proper baseDN to a large number of queries. Searching the NULLAndrew Bartlett1-1/+2
baseDN won't work once the partitions module is loaded. Andrew Bartlett (This used to be commit c4ab9e8a754ca4a23a47f38a2344df305b4a351d)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15319: remove unneeded macrosStefan Metzmacher1-4/+4
metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2007-10-10r14964: - move sidmap code from ntvfs_common to SAMDBStefan Metzmacher1-2/+0
- make ntvfs_common a library - create sys_notify library metze (This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14838: fix the build. Looks like I still haven't quite got the hang of theAndrew Tridgell1-0/+1
new dependency/proto system :-) (This used to be commit 63ae3f21e3471895ba83df1c2fdc4147090f7fdb)
2007-10-10r14736: - the ntvfs subsystem should not know about smb_server.hStefan Metzmacher1-2/+0
- the process module subsystem should not know about smb_server.h - the smb_server module should not know about process models metze (This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-1/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14206: fix warnings, the better fix for that will be to make the sidmap codeStefan Metzmacher1-0/+1
independend of ntvfs...(later...) metze (This used to be commit 2a34ed7a07c9e5f32408a0edb714239714eb1d26)
2007-10-10r13938: Around round of splitupsJelmer Vernooij1-0/+1
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+3
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13658: More moving around of files:Jelmer Vernooij1-0/+1
- Collect the generic utility functions into a lib/util/ (a la GLib is for the GNOME folks) - Remove even more files from include/ (This used to be commit ba62880f5b05c2a505dc7f54676b231197a7e707)
2007-10-10r12793: fix bugsStefan Metzmacher1-5/+5
metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-5/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+2
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12361: Add a new function: ldb_binary_encode_string()Andrew Bartlett1-7/+9
This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2007-10-10r11291: Fix implementation of LookupNames4.Andrew Bartlett1-1/+9
Andrew Bartlett (This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
2007-10-10r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-sideAndrew Bartlett1-17/+32
implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2007-10-10r11122: Fix some talloc hierarchy errorsVolker Lendecke1-3/+3
(This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell1-1/+1
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-2/+1
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-28/+12
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10764: To match Win2k3 SP1, we need to set an anonymous user token forAndrew Bartlett1-1/+1
schannel connections. Test for Win2k3 SP1 behaviour in RPC-SCHANNEL. Andrew Bartlett (This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
2007-10-10r10373: Fix segfault in LookupSids.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit ddc3a1c79e80e12296c398c42110fc378fb80e00)
2007-10-10r9930: Use a single samdb_base_dn() function rather than lots of sillyAndrew Bartlett1-24/+17
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2007-10-10r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.Günther Deschner1-3/+3
Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
2007-10-10r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinkingJelmer Vernooij1-1/+1
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m! (This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-15/+7
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)