237 Commits

Author	SHA1	Message	Date
Volker Lendecke	df0731d6e9	Fix a 32/64bit stack corruption bug	2009-07-25 13:23:44 -04:00
Günther Deschner	3e661d4c8e	s3-lsa: let _lsa_Delete return NT_STATUS_NOT_SUPPORTED as w2k3 does. ... Guenther	2009-07-17 13:55:29 +02:00
Günther Deschner	2a26b2ac87	s3-lsa: Fix access_mask calculation for new handle in _lsa_CreateAccount(). ... Guenther	2009-07-17 13:50:34 +02:00
Günther Deschner	3eea254e5b	s3-lsa: add (not yet activate) level specific access checks for _lsa_QueryInfoPolicy. ... Guenther	2009-07-17 13:50:34 +02:00
Günther Deschner	864e809752	s3-lsa: also implement level 13 in lsa_QueryInfoPolicy. ... Guenther	2009-07-17 13:50:34 +02:00
Günther Deschner	d1903cb7f2	s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject(). ... Guenther	2009-07-17 13:50:34 +02:00
Günther Deschner	4faef0da76	s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity(). ... Guenther	2009-07-17 00:13:29 +02:00
Günther Deschner	35e45fb841	s3-lsa: implement _lsa_LookupPrivName(). ... Guenther	2009-07-17 00:12:56 +02:00
Günther Deschner	3b899af422	s3-lsa: implement _lsa_EnumAccountsWithUserRight(). ... Guenther	2009-07-17 00:11:14 +02:00
Günther Deschner	f7ff6bd142	s3-rpc_server: pass down full unix token to map_max_allowed_access(). ... Also use unix_token->uid instead of geteuid() when checking for mapping of the SEC_FLAG_MAXIMUM_ALLOWED flag. Guenther	2009-07-13 15:38:20 +02:00
Volker Lendecke	f169772d93	Handle LSA_POLICY_INFO_DNS	2009-07-04 12:54:22 +02:00
Volker Lendecke	8666e79f8f	Implement QueryInfoPolicy2 similar to s4: Make it the same as QueryInfoPolicy ... Don't reply to it for non-pdb-ads to keep up our old behaviour	2009-07-04 12:54:22 +02:00
Volker Lendecke	8414048557	_lsa_QueryInfoPolicy: Use symbolic info level names	2009-06-28 22:13:50 +02:00
Günther Deschner	a6ab195d72	s3-lsa: Fix error path in _lsa_EnumAccountRights. ... This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND again as described in MS-LSAD 3.1.4.5.10 and tested with the RPC-SAMR-USER-PRIVILEGES test. Guenther	2009-06-23 11:17:50 +02:00
Jeremy Allison	cbb55b34e2	_lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return an ... empty set of privilages if the SID doesn't have any. (From [MS-LSAD.pdf]) Jeremy.	2009-06-16 13:17:24 -07:00
Günther Deschner	c49c1b94ef	s3-lsa: remove old code that we cannot even compile anymore. ... Guenther	2009-06-08 22:58:16 +02:00
Jeremy Allison	d649a46078	Add a security model to LSA. Similar to the SAMR code - using ... the MS-LSA docs. Jeremy.	2009-05-20 11:52:11 -07:00
Jeremy Allison	459dc8f39c	Change access_check_samr_object -> access_check_object. ... Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy.	2009-05-18 15:44:03 -07:00
Günther Deschner	d06051cc51	s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2(). ... Guenther	2009-05-19 00:16:26 +02:00
Günther Deschner	6ab0c83570	s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount(). ... Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther	2009-05-18 23:08:13 +02:00
Günther Deschner	4724fef897	s3-lsa: start a very basic implementation of _lsa_DeleteObject(). ... Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther	2009-05-18 22:58:31 +02:00
Günther Deschner	a82bb4bd51	s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned a NULL sid_array since 3.2.0. ... Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Guenther	2009-05-11 18:31:46 +02:00
Günther Deschner	af5a71d528	s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount(). ... Guenther	2009-04-30 14:28:38 +02:00
Günther Deschner	14304fc5e5	s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3. ... LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED. Guenther (cherry picked from commit 1c9266c8caa59e287b993393b6050732a0b33547)	2009-04-16 01:52:56 +02:00
Günther Deschner	31ab1d6a64	s3-lsa: use LSA_ROLE definitions in _lsa_QueryInfoPolicy(). ... Guenther	2009-04-02 22:52:52 +02:00
Günther Deschner	168eb23252	s3-lsa: don't SAFE_FREE talloced structs. ... Guenther	2009-04-02 22:50:44 +02:00
Volker Lendecke	f91565544f	Fix bug 6097 ... A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel <wylda@volny.cz> for the bug report!	2009-03-24 11:59:42 +01:00
Volker Lendecke	84292022bf	Now that all policy_handle free_fn's are just TALLOC_FREE, dump free_fn	2009-01-08 22:29:54 +01:00
Volker Lendecke	825500f5da	Use TALLOC for struct lsa_info	2009-01-08 22:29:54 +01:00
Günther Deschner	e2fa47a04c	s3-lsa: avoid all init_lsa* functions. ... Guenther	2009-01-06 16:02:13 +01:00
Volker Lendecke	907f126d3e	Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS!	2008-11-24 11:39:03 +01:00
Jeremy Allison	8344e94574	Unify se_access_check with the S4 code. Will make ... calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.	2008-10-31 10:51:45 -07:00
Günther Deschner	992c03a192	s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl. ... Guenther	2008-10-27 19:33:23 +01:00
Günther Deschner	9f46669871	s3-build: fix the build. ... Guenther	2008-10-21 12:26:58 +02:00
Günther Deschner	b11f3a60fd	s3-lsa-server: fix _lsa_GetUserName. ... Guenther	2008-10-21 11:39:45 +02:00
Jeremy Allison	7c94c874c4	Unify access checks for lsa server functions. ... Jeremy.	2008-10-17 15:24:15 -07:00
Günther Deschner	df7a89adb7	s3: fix s3 lsa server. ... Guenther	2008-10-15 19:44:49 +02:00
Jeremy Allison	e5692d4cbe	Remove SEC_ACCESS. It's a uint32_t. ... Jeremy.	2008-10-09 09:49:03 -07:00
Karolin Seeger	bce33f8b82	Fix typos. ... the user have -> has Karolin (This used to be commit 1ee2ad1051e6076709ef8ed2f45bebff10b0c3cf)	2008-07-18 15:36:20 +02:00
Volker Lendecke	aa02c3fcd5	Remove p->vuid ... The users can use p->server_info. Now pipes_struct is decoupled from the SMB transport. (This used to be commit d4cf5a131919530317cd457006b4df5af2c69fa7)	2008-06-26 13:13:23 +02:00
Volker Lendecke	fdcf760d1c	Fix bug 5500 -- thanks to mathion at thorrovydeti.com for reporting ... (cherry picked from commit 996c3ce6f0dbe79b0679ae30afd873c24fe5b1eb) (This used to be commit 1f86c7a2a19e66948c9b51572d3c078b6e03ef52)	2008-06-16 13:27:47 +02:00
Volker Lendecke	bec1dfab27	Remove "userdom_struct user" from "struct user_struct" ... (This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)	2008-05-05 18:28:59 +02:00
Volker Lendecke	71ff1ba2de	Remove "guest" from "struct user_struct" ... (This used to be commit 570a6b80feb5b0dc23213ba936c721e766cd4818)	2008-05-05 18:28:59 +02:00
Günther Deschner	7c95f53b68	Fix counter mismatch in lsa_LookupNames3 server. ... Guenther (This used to be commit e052d6f2c82a644986e5d99f640310d71cd5c396)	2008-03-04 13:22:40 +01:00
Günther Deschner	253dc4d728	Fix counter mismatch in lsa_LookupNames server. ... Guenther (This used to be commit 80fd085c34befd38d33cf6e59080a2a36016a92d)	2008-03-04 13:22:40 +01:00
Günther Deschner	33322a7ced	Fix lsa_QueryInfoPolicy: make proper talloc copies of the sids. ... Guenther (This used to be commit b9441232d66d78e66464be6c9748a023681ce6ca)	2008-03-04 12:52:37 +01:00
Günther Deschner	b2729f4e2d	Zero more structs initially in LSA rpc server. ... Guenther (This used to be commit d7ce643285276790a65faff76666498595a508d7)	2008-03-04 11:06:02 +01:00
Volker Lendecke	4aa0bfc985	Zero out the out policy handler in lsa_Close ... ... after a REALLY long session staring at sniffs we can now join XP to v3-2-test again... Apparently not doing this makes XP keep an internal handle to LSA open which confuses the hell out of it. Karolin, this needs to be in v3-2-stable :-) Volker (This used to be commit 2c42fc21d8bede226e411623aecd69038477373b)	2008-03-03 18:13:38 +01:00
Günther Deschner	7269a504fd	Add my copyright. ... Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)	2008-02-27 19:38:48 +01:00
Günther Deschner	ec790d0397	Move LSA_AUDIT_NUM_CATEGORIES defines to lsa rpc_server. ... Guenther (This used to be commit 9e7d32e28ce40ff158f3705354e8673f99b462bc)	2008-02-27 17:09:02 +01:00