summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2010-08-17s4:samr RPC server - samr_password.c - make real user password changes workMatthias Dieter Wallnöfer1-50/+74
Now it's finally possible that the user can change his password with a DSDB connection using his credentials.
2010-08-17s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵Matthias Dieter Wallnöfer1-3/+3
password sets
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2-12/+12
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-06s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flagMatthias Dieter Wallnöfer1-3/+22
It has to consider the "password_expires" flag to known if the "pwdLastSet" has to be updated or to be resetted.
2010-07-06s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag ↵Matthias Dieter Wallnöfer1-1/+6
on level 21 Taken from the s3 server code
2010-07-05s4:samr RPC server - "SetUserInfo" - allow some more informations to be setMatthias Dieter Wallnöfer1-0/+25
Taken from the s3 implementation.
2010-06-28s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviourMatthias Dieter Wallnöfer1-1/+72
Behaviour as the torture SAMR passwords tests show.
2010-06-28s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0Matthias Dieter Wallnöfer1-0/+9
Taken from s3
2010-06-28s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check ↵Matthias Dieter Wallnöfer1-0/+8
from s3 to s4
2010-06-28s4:dcesrv_samr_SetUserInfo - implement password set level 21Matthias Dieter Wallnöfer1-0/+33
2010-06-28s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the ↵Matthias Dieter Wallnöfer1-0/+10
user password
2010-06-28s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we ↵Matthias Dieter Wallnöfer1-1/+1
haven't activated the the lanman auth This is what s3 does.
2010-06-28s4:samr_password.c - add a function which sets the password through ↵Matthias Dieter Wallnöfer1-0/+48
encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21.
2010-06-22s4:samr RPC server - make use of LDB constants in macrosMatthias Dieter Wallnöfer1-7/+7
2010-06-20s4:samr RPC server - fix Solaris build warningMatthias Dieter Wallnöfer1-3/+3
2010-06-14s4:SAMR server - cosmetic fixMatthias Dieter Wallnöfer1-1/+2
2010-06-14s4:SAMR server - on alias search operations do never use the domain DN as ↵Matthias Dieter Wallnöfer1-10/+7
base dn Aliases (especially in the "builtin" domain) are often domain-independant.
2010-06-12s4:dcesrv_samr_GetGroupsForUser - return error code if a SID wasn't foundMatthias Dieter Wallnöfer1-2/+1
This shouldn't happen since SIDs are mandatory for security objects
2010-06-12s4:dcesrv_samr_QueryGroupMember/GetMembersInAlias - unify the structureMatthias Dieter Wallnöfer1-30/+32
Mostly cosmetic fixes
2010-06-12s4:dcesrv_samr_GetAliasMembership - provide a correct implementationMatthias Dieter Wallnöfer1-31/+31
We could also have no valid SID specified at all and also then we have to return an empty array with "NT_STATUS_OK". This shows the torture testsuite.
2010-06-12s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the ↵Matthias Dieter Wallnöfer1-4/+6
database is corrupted Group/User/Alias entries do always have a SID (it's a mandatory attribute in the SAM directory)!
2010-06-12s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it ↵Matthias Dieter Wallnöfer1-1/+4
wasn't found
2010-06-12s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo"Matthias Dieter Wallnöfer1-14/+7
2010-06-12s4:dcesrv_samr_QueryUserInfo - minor fixesMatthias Dieter Wallnöfer1-1/+4
Return "NT_STATUS_NO_SUCH_USER" when user account doesn't exist.
2010-06-12s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when ↵Matthias Dieter Wallnöfer1-7/+9
really needed That means the allocation should move after the lookup (as it is on "QueryUserInfo"). Return "NT_STATUS_NO_SUCH_DOMAIN" on an invalid domain.
2010-06-12s4:dcesrv_samr_EnumDomainGroups - mostly small fixesMatthias Dieter Wallnöfer1-3/+7
2010-06-12s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry ↵Matthias Dieter Wallnöfer1-3/+0
was returned
2010-06-12s4:dcesrv_samr_EnumDomainAliases - mostly small fixesMatthias Dieter Wallnöfer1-7/+10
The biggest change consists in the implementation of the Windows Server return size formula MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER).
2010-06-12s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to ↵Matthias Dieter Wallnöfer1-23/+28
"EnumDomainGroups" and "EnumDomainAliases" That means that the lookup is now also done by "samdb_search_domain" to be more consistent.
2010-06-10s4:dcesrv_samr_Add/DeleteAliasMember - provide better NTSTATUS return codes ↵Matthias Dieter Wallnöfer1-6/+19
when something didn't work
2010-06-10s4:dcesrv_samr_GetAliasMembership - fix type of counter variablesMatthias Dieter Wallnöfer1-1/+2
2010-06-10s4:dcesrv_samr_DeleteAliasMember - add more braces to fit better the coding ↵Matthias Dieter Wallnöfer1-4/+6
styles
2010-06-10s4:dcesrv_samr_AddAliasMembership - Merge the two error blocks into oneMatthias Dieter Wallnöfer1-6/+3
2010-06-10s4:dcesrv_samr_Add/DelGroupMember - remove the account type checkMatthias Dieter Wallnöfer1-11/+10
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users.
2010-06-10s4:dcesrv_samr_AddGroupMember - also the error code ↵Matthias Dieter Wallnöfer1-0/+1
"LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS" is allowed This is returned when the group is the primary group of the specified entry.
2010-05-24s4:dsdb_enum_group_mem - use "unsigned" countersMatthias Dieter Wallnöfer1-5/+3
"size_t" counters aren't really needed here (we don't check data lengths). And we save the result in a certain "num_sids" variable which is of type "unsigned".
2010-05-24s4:samr Push most of samr_LookupRids into a helper functionAndrew Bartlett1-52/+16
This is a rewrite of the lookup_rids code, using a query based on the extended DN for a clearer interface. By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Push most of samr_QueryGroupMember into a helper functionAndrew Bartlett1-80/+53
This is a rewrite of the group membership lookup code, using the stored extended DNs to avoid doing the lookup into each member to find the SID By splitting this out, the logic is able to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Move most of samr_CreateDomAlias into a helper functionAndrew Bartlett1-52/+8
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split most of samr_CreateDomainGroup into a helper functionAndrew Bartlett1-60/+9
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-24s4:samr Split the guts of samr_CreateUser2 into a helper functionAndrew Bartlett1-186/+8
This allows this logic to be shared, rather than copied, into a passdb wrapper. Andrew Bartlett
2010-05-10s4:samdb_set_password/samdb_set_password_sid - ReworkMatthias Dieter Wallnöfer2-96/+21
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
2010-03-06s4:samr RPC - Change some counters to be "unsigned" where neededMatthias Dieter Wallnöfer1-9/+14
The "count" size specifiers I typed "uint32_t" since they're often returned as an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they count till a limit of a "gendb*" call or "unsigned" if they count directly the number of objects.
2010-03-05s4:dcesrv_samr_AddAliasMember - wrap a long "DEBUG" statementMatthias Dieter Wallnöfer1-1/+2
2010-03-03s4:dcesrv_samr - Also "OpenGroup" needs to support universal groupsMatthias Dieter Wallnöfer1-2/+3
2010-03-03s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" callsMatthias Dieter Wallnöfer1-3/+6
We need to look for both global and universal group types when querying them. Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
2010-02-26s4:dcesrv_samr.c - Remove unused variableMatthias Dieter Wallnöfer1-3/+1
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell2-5/+5
This allows for controls to be added easily where they are needed.
2010-02-13s4-rpcserver: use TYPESAFE_QSORT() in rpc serversAndrew Tridgell1-6/+4
2010-01-21s4:rpc-server:samr: fix setting of lockout duration < lockout windowMichael Adam1-1/+22
This should return NT_STATUS_INVALID_PARAMETER. This makes samba pass the first part of the samr-lockout test. This constraint is documented here for the samr server: http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates and here for the ldap backend: http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx MS-ADTS 3.1.1.5.3.2 Constraints So the check should actually be moved down into the backend, i.e. under dsdb/samdb/ldb_modules - TODO.. Michael