summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18364: Get us closer to schema compliance. The corrent names for "secret"Andrew Bartlett1-10/+10
and "priorSecret" are "currentValue" and "priorValue". With this, we pass RPC-LSA against OpenLDAP. Andrew Bartlett (This used to be commit 4380bcaaee74a0aa1a83540bf39793c4aeab4068)
2007-10-10r18362: Make LookupSids map onto LookupSids2, as they both take a policyAndrew Bartlett1-16/+17
handle. Avoids a lookup for the basic domain information for every request. Andrew Bartlett (This used to be commit 35b69bc5f4bda7f4f2480997cc32188154a175ce)
2007-10-10r18361: Invert the way we handle LookupSids2/LookupSids3 and ↵Andrew Bartlett1-36/+85
LookupNames3/LookupNames4 The latter calls don't supply a policy handle The latter calls now acquire a policy handle, then call the earlier calls. This means we still share the codepaths, but don't need to fetch policy state when it is already provided. Andrew Bartlett (This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
2007-10-10r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries,Andrew Bartlett1-2/+2
which has been recently fixed to cope with NULL pointers (fix segfault on Solaris). Andrew Bartlett (This used to be commit ce36069765e8dff3bbdabed5d50af1c7a8fa8e45)
2007-10-10r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUPAndrew Bartlett1-0/+236
is just one call. This simplifies the one remaining DSSETUP call, and removes another user of the dnsDomain attribute. Andrew Bartlett (This used to be commit 6a54711564b67891c368c09ead3f7389ad40111f)
2007-10-10r17956: LSA Cleanup!Andrew Bartlett1-70/+325
This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-2/+4
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-5/+5
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17788: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 00fcc4f16a01a0c6a70f86c8bd9d1f9801dfd9df)
2007-10-10r17529: Simo doesn't like the use of the internal ldb_errstring in functionsAndrew Bartlett1-3/+4
not used purely as ldb module helper functions. This now passes these strings back as explicit parameters. Andrew Bartlett (This used to be commit 9c1cd9c2c6bcd9d056a7c9caafacdd573562ebbc)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-5/+5
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16827: Factor out some code into common samdb functions:Andrew Bartlett1-48/+149
- creation of ForeignSecurityPrincipals - template duplication code Rework much of the LSA server to pass the RPC-LSA test. Much of the server code was untested. In implementing the LSA Accounts feature, I have opted to have it only create entires when privilages are applied, and not to delete entries, but to delete the privilages. We skip some parts of the test, but it is much better than not testing it at all. Andrew Bartlett (This used to be commit 10eeea6da465564ed9f785d06e2d2ed06cfe29a4)
2007-10-10r16236: Add a proper baseDN to a large number of queries. Searching the NULLAndrew Bartlett1-1/+2
baseDN won't work once the partitions module is loaded. Andrew Bartlett (This used to be commit c4ab9e8a754ca4a23a47f38a2344df305b4a351d)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15319: remove unneeded macrosStefan Metzmacher1-4/+4
metze (This used to be commit 9611c8aa9ce0eba1703d5eecc52e67a9e5fba15f)
2007-10-10r14964: - move sidmap code from ntvfs_common to SAMDBStefan Metzmacher1-2/+0
- make ntvfs_common a library - create sys_notify library metze (This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14838: fix the build. Looks like I still haven't quite got the hang of theAndrew Tridgell1-0/+1
new dependency/proto system :-) (This used to be commit 63ae3f21e3471895ba83df1c2fdc4147090f7fdb)
2007-10-10r14736: - the ntvfs subsystem should not know about smb_server.hStefan Metzmacher1-2/+0
- the process module subsystem should not know about smb_server.h - the smb_server module should not know about process models metze (This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-1/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14206: fix warnings, the better fix for that will be to make the sidmap codeStefan Metzmacher1-0/+1
independend of ntvfs...(later...) metze (This used to be commit 2a34ed7a07c9e5f32408a0edb714239714eb1d26)
2007-10-10r13938: Around round of splitupsJelmer Vernooij1-0/+1
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+3
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13658: More moving around of files:Jelmer Vernooij1-0/+1
- Collect the generic utility functions into a lib/util/ (a la GLib is for the GNOME folks) - Remove even more files from include/ (This used to be commit ba62880f5b05c2a505dc7f54676b231197a7e707)
2007-10-10r12793: fix bugsStefan Metzmacher1-5/+5
metze (This used to be commit 65be02a9801444c01230903d130b2d71b6c15617)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-5/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+2
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12361: Add a new function: ldb_binary_encode_string()Andrew Bartlett1-7/+9
This is for use on user-supplied arguments to printf style format strings which will become ldb filters. I have used it on LSA, SAMR and the auth/ code so far. Also add comments to cracknames code. Andrew Bartlett (This used to be commit 8308cf6e0472790c1c9d521d19322557907f4418)
2007-10-10r11291: Fix implementation of LookupNames4.Andrew Bartlett1-1/+9
Andrew Bartlett (This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
2007-10-10r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-sideAndrew Bartlett1-17/+32
implementation. Andrew Bartlett (This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
2007-10-10r11122: Fix some talloc hierarchy errorsVolker Lendecke1-3/+3
(This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell1-1/+1
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10894: make the handling of dn/distinguishedName much closer to realAndrew Tridgell1-2/+1
ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to (This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-28/+12
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10764: To match Win2k3 SP1, we need to set an anonymous user token forAndrew Bartlett1-1/+1
schannel connections. Test for Win2k3 SP1 behaviour in RPC-SCHANNEL. Andrew Bartlett (This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
2007-10-10r10373: Fix segfault in LookupSids.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit ddc3a1c79e80e12296c398c42110fc378fb80e00)
2007-10-10r9930: Use a single samdb_base_dn() function rather than lots of sillyAndrew Bartlett1-24/+17
searches all over the place. This can be extended to cover an NT4 (no ADS) mode in future as well. Andrew Bartlett (This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
2007-10-10r9888: add IDL for lsa_QueryDomainInformationPolicy to query Kerberos Settings.Günther Deschner1-3/+3
Guenther (This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
2007-10-10r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinkingJelmer Vernooij1-1/+1
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m! (This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
2007-10-10r9654: introduce the samdb_search_dn callSimo Sorce1-15/+7
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
2007-10-10r9392: Fix ldb_dn_compose to make build farm happySimo Sorce1-4/+1
Add ldb_dn_string_compose so that you can build a dn starting from a struct ldb_dn base and a set of parameters to be composed in a format string with the same syntax of printf (This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-39/+54
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r9011: Remove more references to "name" as a netbios name, using theAndrew Bartlett1-1/+1
cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2007-10-10r8982: "name" is not the netbios name, but the RDN. Return the correctAndrew Bartlett1-13/+4
netbios domain name of the host, as well as the sid from the cache we fetched earlier. Andrew Bartlett (This used to be commit c847ca2cc8244a7ce4180d17397723a486bbecc8)
2007-10-10r8790: Finish the migration of aliases and privilages with SamSync, by addingAndrew Bartlett1-27/+29
templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-1/+1
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-2/+4
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8429: fix compiler warningsStefan Metzmacher1-3/+3
metze (This used to be commit b9ee5818808f2e0cd38c0c5d2ef15cba22d4edbe)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell1-48/+20
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)