summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2009-05-25cope with lanman auth being disabled in old password change codeAndrew Tridgell1-8/+15
When lanman auth is disabled and a user calls a password change method that requires it we should give NT_STATUS_NOT_SUPPORTED
2009-04-23s4:samr Use ldb_context * rather than void *Andrew Bartlett1-1/+1
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-8/+7
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-3/+3
consistency with Samba 3.
2008-12-10s4-samr: Fix Bug #5946. userparameters handling in samr server.Matthias Dieter Wallnöfer1-4/+6
Signed-off-by: Günther Deschner <gd@samba.org>
2008-12-05s4-samr: fix samr callers after SAMR_FIELD_PASSWORD change.Günther Deschner1-4/+4
Guenther
2008-12-05s4-samr: fix s4 samr server after idl change.Günther Deschner1-2/+1
Guenther
2008-12-02s4-samr: use samr_DomainServerState in samr server.Günther Deschner1-1/+1
Guenther
2008-11-10s4-samr: merge samr_QueryUserInfo{2} from s3 idl. (fixme: python)Günther Deschner1-5/+3
Guenther
2008-11-10s4-samr: merge samr_QueryGroupInfo from s3 idl. (fixme python)Günther Deschner1-2/+2
Guenther
2008-11-10s4-samr: merge samr_QueryAliasInfo from s3 idl. (fixme: python)Günther Deschner1-2/+2
Guenther
2008-11-10s4-samr: merge samr_EnumDomainGroups from s3 idl. (fixme: python)Günther Deschner1-10/+13
Guenther
2008-11-10s4-samr: merge samr_EnumDomainUsers from s3 idl. (fixme: python)Günther Deschner1-10/+13
Guenther
2008-11-10s4-samr: merge samr_EnumDomains from s3 idl. (fixme: python)Günther Deschner1-5/+5
Guenther
2008-11-10s4-samr: merge samr_LookupDomain from s3 idl. (fixme: python)Günther Deschner1-2/+2
Guenther
2008-11-10s4-samr: merge samr_LookupNames from s3 idl. (fixme: python)Günther Deschner1-11/+11
Guenther
2008-11-10s4-samr: merge samr_EnumDomainAliases from s3 idl. (fixme: python)Günther Deschner1-10/+13
Guenther
2008-11-10s4-samr: merge samr_QueryDisplayInfo from s3 idl. (fixme: python)Günther Deschner1-34/+30
Guenther
2008-11-10s4-samr: merge samr_QueryDisplayInfo2 from s3 idl. (fixme: python)Günther Deschner1-3/+3
Guenther
2008-11-10s4-samr: merge samr_QueryDisplayInfo3 from s3 idl. (fixme: python)Günther Deschner1-3/+3
Guenther
2008-11-10s4-samr: merge samr_GetGroupsForUser from s3 idl. (fixme: python)Günther Deschner1-1/+1
Guenther
2008-11-10s4-samr: merge samr_QueryDomainInfo from s3 idl. (fixme python)Günther Deschner1-20/+22
Guenther
2008-11-10s4-samr: merge samr_QueryGroupMember from s3 idl. (fixme: python)Günther Deschner1-1/+1
Guenther
2008-11-10s4-samr: merge samr_Connect5 from s3 idl. (fixme python)Günther Deschner1-3/+3
Guenther
2008-11-10s4-samr: merge samr_GetDomPwInfo from s3 idl. (fixme: python)Günther Deschner1-3/+3
Guenther
2008-11-10s4-samr: merge samr_GetUserPwInfo from s3 idl. (fixme: python)Günther Deschner1-7/+7
Guenther
2008-11-10s4-samr: merge samr_RidToSid from s3 idl. (fixme: python)Günther Deschner1-2/+2
Guenther
2008-11-10s4-samr: merge samr_QuerySecurity from s3 idl. (fixme: python)Günther Deschner1-2/+2
Guenther
2008-11-10s4-samr: merge samr_LookupRids from s3 idl.Günther Deschner1-6/+6
Guenther
2008-11-10s4-samr: merge samr_ChangePasswordUser3 from s3 idl.Günther Deschner1-3/+8
Guenther
2008-11-10s4-samr: prepare for Query.*Info calls: change macros.Günther Deschner1-31/+37
Guenther
2008-11-10s4-samr: merge samr_UserInfo20 from s3 idl.Günther Deschner1-6/+18
This must not be treated as a normal string (strlen truncates it). Guenther
2008-11-04Use ldb_dn_from_ldb_val() to create a DN in the SAMR serverAndrew Bartlett1-2/+7
The previous code incorrectly cast an ldb_val into a char *. Andrew Bartlett
2008-11-04Use ldb_dn_from_ldb_val to avoid possible over-run of the value.Andrew Bartlett1-3/+3
The ldb_val is length-limited, and while normally NULL terminated, this avoids the chance that this particular value might not be, as well as avoiding a cast. Andrew Bartlett
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-3/+3
make them wrappers around convert_string{,talloc}_convenience().
2008-10-17Fix errrors in new password handling code found by RPC-SAMR.Andrew Bartlett1-2/+15
I'm very glad we have such a comprehensive testsuite for the SAMR password change process, as it makes this a much easier task to get right. Andrew Bartlett
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-38/+50
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-15s4: merge from s3 samr.idl.Günther Deschner1-1/+1
Guenther
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij2-2/+2
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-6/+6
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-22Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett1-6/+4
UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
2008-07-21Rename structures to better match the names in the WSPP IDL.Andrew Bartlett1-33/+33
The 'comment' element in a number of domain structures is called oem_information. This was picked up actually because with OpenLDAP doing the schema checking, it noticed that 'comment' was not a valid attribute. The rename tries to keep this consistant in both the LDB mappings and IDL, so we don't make the same mistake in future. This has no real schema impact, as this value isn't actually used for anything, as 'comment' was not used in the provision. Andrew Bartlett (This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij2-5/+5
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-03-14Rework our SAMR test and SAMR server.Andrew Bartlett2-25/+49
Now that we don't create users/domain groups/aliases in the builtin domain, we hit some bugs in the server-side implementation of the enumeration functions. In essence, it turns out to be: don't treat 0 as a special case. Also, fix up the PDC name to always be returned. I'm sure nothing actually uses it, particularly for BUILTIN... Andrew Bartlett (This used to be commit 353bb79f568f20c8469cb9458f7b14c24612ad23)
2008-03-13Rework SAMR functions to avoid gendb_search()Andrew Bartlett1-26/+38
The gendb_*() API does not return error codes, and mixes error returns with the count of returned entries. Andrew Bartlett (This used to be commit facbc8dfa5188fdd610f400b5be6e05bc33b0820)
2008-03-13Rework to have member server 'domains' be CN=NETBIOSNAMEAndrew Bartlett1-1/+1
This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
2008-02-28Check for and reject invalid account flags.Andrew Bartlett1-0/+14
(lest we have an account set with 0 flags) Andrew Bartlett (This used to be commit 7a46e72f8dbb191ac8a811eb4cd95210fab7dc7b)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-14/+14
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-01-16Print out the reason we can't delete the user in SAMR.Andrew Bartlett1-0/+3
We need to be far more granular bout this - in particular, we need a decide LDAP -> NTSTATUS conversion. Andrew Bartlett (This used to be commit 30fc3752c7573fcf8b1a41f7b3bc8dad860077f8)