summaryrefslogtreecommitdiff
path: root/source4/rpc_server/lsa
AgeCommit message (Collapse)AuthorFilesLines
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-2/+2
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-22s4-lsa: fixed breakage of lsa serverAndrew Tridgell1-0/+1
2009-10-22s4-lsa: fixed the lsa server to cope with the new tests from gdAndrew Tridgell1-12/+33
2009-10-21s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.Günther Deschner1-0/+9
Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
2009-10-20s4: ran minimal_includes.pl on source4/rpc_serverAndrew Tridgell1-1/+0
2009-10-17s4-lsasrv: make sure only admins can alter privilegesAndrew Tridgell1-0/+6
2009-10-17s4-privileges: moved privileges to private/privilege.ldbAndrew Tridgell3-32/+45
We were storing privileges in the sam, which was OK when we were a standalone DC, but is no good when we replicate with a windows DC. This moves the privileges to a separate (local) database
2009-09-22s4-lsa: added support for QuerySecurity on LSAAndrew Tridgell1-2/+85
This follows the sd pattern from samba3
2009-09-19more include minimisationAndrew Tridgell1-2/+0
2009-09-11lsa: fill in more unknowns in lsa_LookupSid calls.Günther Deschner1-4/+4
Guenther
2009-09-07s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")Matthias Dieter Wallnöfer1-10/+0
2009-07-16lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL.Günther Deschner1-1/+1
Guenther
2009-07-13libds: merge the UF<->ACB flag mapping functions.Günther Deschner1-2/+2
Guenther
2009-05-26Don't use crossRef records to find our own domainAndrew Bartlett1-57/+12
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2009-04-23Fix Coverity ID 628, Andrew B., please check!Volker Lendecke1-1/+1
2009-02-02s4:rpc_server/lsa: s/delete/del s/open/opnStefan Metzmacher1-30/+32
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-10-28s4: lsa-server: fix crash bugs related to [out,ref] ** changesStefan Metzmacher1-4/+4
metze
2008-10-28s4-lsa-server: remove merge leftover.Günther Deschner1-1/+0
Guenther
2008-10-27s4-lsa: merge lsa_QueryInfoPolicy/{2} from s3 lsa idl.Günther Deschner1-19/+18
Guenther
2008-10-27s4-lsa: merge lsa_LookupNames/{2,3,4} from s3 lsa idl.Günther Deschner1-9/+13
Guenther
2008-10-27s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl.Günther Deschner1-5/+9
Guenther
2008-10-27s4-lsa: merge lsa_QueryDomainInformationPolicy from s3 lsa idl.Günther Deschner1-7/+10
Guenther
2008-10-27s4-lsa: merge lsa_QueryTrustedDomainInfoByName from s3 lsa idl.Günther Deschner1-2/+2
Guenther
2008-10-27s4-lsa: merge lsa_QueryTrustedDomainInfo from s3 idl.Günther Deschner1-14/+18
Guenther
2008-10-27s4-lsa: merge lsa_QueryTrustedDomainInfoBySid from s3 lsa idl.Günther Deschner1-2/+2
Guenther
2008-10-27s4-lsa: merge lsa_LookupPrivName from s3 lsa idl.Günther Deschner1-3/+7
Guenther
2008-10-27s4-lsa: merge lsa_EnumPrivsAccount from s3 lsa idl.Günther Deschner1-13/+29
Guenther
2008-10-27s4-lsa: merge lsa_LookupPrivDisplayName from s3 lsa idl.Günther Deschner1-5/+9
Guenther
2008-10-27s4-lsa: merge lsa_GetUserName from s3 lsa idl.Günther Deschner1-11/+15
Guenther
2008-10-20Make the updated RPC-LSA pass against Win2008, and Samba4 to matchAndrew Bartlett1-0/+1
2008-10-20LSA Patch for User ManagerMatthias Dieter Wallnöfer1-4/+37
New (major) patch ================= - Enhances the "lsa.idl" file in the sense that it adds more values to "PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls. - Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy* calls) to enable the "Audit" option in the "User Manager for Domains" (at least readable). - Adds to the "lsa.idl" file the system access mode flags needed for the calls "lsa_*SystemAccessAccount". - Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights" option in the "User Manager for Domains" (at least readable). - Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in one using "if"'s for a few separations. - Add a torture test for "lsa_GetSystemAccessAccount". - Some cosmetic-only changes (unifications) in output strings in the "LSA" torture test. The work has been done using the Microsoft WSPP docs. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-13/+8
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij2-2/+2
2008-10-06Store trusted domain passwords in the LSA serverAndrew Bartlett1-4/+64
2008-10-03updated the LSA and NETLOGON servers with fixes resulting from the ADAndrew Tridgell2-14/+75
plugfest in Redmond
2008-09-30fixed a number of places in our LSA server where we should return theAndrew Tridgell1-11/+13
sid/name array even when all are unmapped. If we don't fill in the array then the windows client runtime crashes
2008-09-30Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell1-9/+9
2008-09-30check call status not rpc fault code when calling to different levelsAndrew Tridgell1-4/+4
of calls
2008-09-30cope with NULL attrAndrew Tridgell1-1/+3
2008-09-29Rework to match new trustDomainPasswords IDLAndrew Bartlett1-5/+5
2008-09-29Fix parsing of the trust passwords in LSA CreateTrustedDomainEx*Andrew Bartlett1-4/+4
2008-09-29WSPP docs say we need to check that root_dir is NULLAndrew Tridgell1-0/+6
2008-09-29we need to return NT_STATUS_INVALID_PARAMETER for bad levels inAndrew Tridgell1-0/+5
lsalookupnames2
2008-09-29unmapped SIDs should be rid 0 not rid -1Andrew Tridgell1-1/+4
2008-09-29added some more well known SIDs - thanks to the WSPP LSAT test suiteAndrew Tridgell1-1/+42
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-5/+4
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-08Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.Andrew Bartlett1-51/+64
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
2008-09-08More work towards trusted domains support in Samba4's LSAAndrew Bartlett1-50/+323
Make 'lsar_CreateTrustedDomain' consistant with lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle Implement LSA server logic to create the cn=users trust account for incoming trusts. Andrew Bartlett (This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)