sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
63,427 Commits 60 Branches 1,145 Tags 452 MiB
4591fdbc18
Commit Graph

263 Commits

Author SHA1 Message Date
Günther Deschner
4591fdbc18 s3-privileges: use LUID defines from lsa IDL. 
Guenther
 2010-06-07 10:33:36 +02:00
Günther Deschner
b6a2cea74d s3-security: use shared "Standard access rights.". 
Guenther
 2010-06-03 11:00:26 +02:00
Simo Sorce
d9cffc01be s3:auth use info3 in auth_serversupplied_info 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-28 00:55:53 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid 
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:39:59 +02:00
Günther Deschner
7f6bb48bdf s3-secdesc: remove "typedef struct security_descriptor SEC_DESC". 
Guenther
 2010-05-18 12:30:12 +02:00
Günther Deschner
8951c8301a s3-secdesc: remove "typedef struct security_acl SEC_ACL". 
Guenther
 2010-05-18 12:30:12 +02:00
Günther Deschner
a8b01d1f3b s3-secdesc: remove "typedef struct security_ace SEC_ACE". 
Guenther
 2010-05-18 12:30:11 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h. 
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
 2010-05-18 00:44:26 +02:00
Günther Deschner
ce8c622ffb s3-lsa: fix _lsa_lsaRSetForestTrustInformation server stub. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-16 15:12:19 +01:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Günther Deschner
97496bb3ca s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy(). 
Add dummys (just like s4 does) and fill in some more appropriate error codes.

Guenther
 2009-11-03 22:19:26 +01:00
Günther Deschner
a98832189a s3-lsa: expand struct lsa_info to carry name and sd. 
Guenther
 2009-10-30 12:28:48 +01:00
Günther Deschner
820b2f4cfa s3-lsa: use switch in _lsa_QuerySecurity(). 
Guenther
 2009-10-30 12:28:48 +01:00
Günther Deschner
abe9417303 s3-lsa: add lsa_trusted_domain_mapping. 
Guenther
 2009-10-28 12:37:38 +01:00
Günther Deschner
7791d29c79 s3-lsa: add lsa_secret_mapping. 
Guenther
 2009-10-28 12:37:34 +01:00
Günther Deschner
880666cd94 s3-lsa: use correct function name in_lsa_RemoveAccountRights(). 
Guenther
 2009-10-28 12:24:25 +01:00
Günther Deschner
c352a73bad s3-lsa: pure cosmetic indentation fixes. 
Guenther
 2009-10-28 12:24:17 +01:00
Günther Deschner
6937e01e3e s3-lsa: use enum lsa_LookupNamesLevel in lsa_lookup_level_to_flags(). 
Guenther
 2009-10-28 12:24:08 +01:00
Günther Deschner
209a65bc6f s3-lsa: Fix _lsa_EnumTrustDom() and avoid infite windows client loop. 
Found by RPC-LSA-TRUSTED-DOMAIN torture test.

Guenther
 2009-10-21 03:13:59 +02:00
Günther Deschner
32f2cc4487 s3-lsa: make s3 pass against RPC-LSA-LOOKUPNAMES again. 
Do what W2k8 does and return the builtin domain for a NULL name.

Guenther
 2009-10-21 02:57:08 +02:00
Günther Deschner
49a1323495 s3-lsa: Fix _lsa_EnumTrustDom(). 
Windows clients were showing a lot of duplicates in their list of trusted
domains.

Found by RPC-LSA-TRUSTED-DOMAIN torture test.

Guenther
 2009-10-20 21:46:06 +02:00
Günther Deschner
a5a7b9ebc2 s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED. 
Found by RPC-LSA-PRIVILEGES torture test.

Guenther
 2009-10-20 15:57:06 +02:00
Günther Deschner
18dd626160 s3-lsa: When looking up domains in LookupNames, do not strip the sid. 
Found by RPC-LSA-LOOKUPNAMES torture test.

Guenther
 2009-10-20 15:28:31 +02:00
Günther Deschner
b6d97a00b1 s3-lsa: allow to have NULL strings in lsa LookupName queries. 
Found by RPC-LSA-LOOKUPNAMES torture test.

Guenther
 2009-10-20 15:28:30 +02:00
Günther Deschner
1d4bf02993 lsa: fill in more unknowns in lsa_LookupSid calls. 
Guenther
 2009-09-11 13:59:56 +02:00
Volker Lendecke
df0731d6e9 Fix a 32/64bit stack corruption bug 2009-07-25 13:23:44 -04:00
Günther Deschner
3e661d4c8e s3-lsa: let _lsa_Delete return NT_STATUS_NOT_SUPPORTED as w2k3 does. 
Guenther
 2009-07-17 13:55:29 +02:00
Günther Deschner
2a26b2ac87 s3-lsa: Fix access_mask calculation for new handle in _lsa_CreateAccount(). 
Guenther
 2009-07-17 13:50:34 +02:00
Günther Deschner
3eea254e5b s3-lsa: add (not yet activate) level specific access checks for _lsa_QueryInfoPolicy. 
Guenther
 2009-07-17 13:50:34 +02:00
Günther Deschner
864e809752 s3-lsa: also implement level 13 in lsa_QueryInfoPolicy. 
Guenther
 2009-07-17 13:50:34 +02:00
Günther Deschner
d1903cb7f2 s3-lsa: Fix policy handle memleak and handle type check in _lsa_DeleteObject(). 
Guenther
 2009-07-17 13:50:34 +02:00
Günther Deschner
4faef0da76 s3-lsa: Fix pointless check for sec_info flags in _lsa_QuerySecurity(). 
Guenther
 2009-07-17 00:13:29 +02:00
Günther Deschner
35e45fb841 s3-lsa: implement _lsa_LookupPrivName(). 
Guenther
 2009-07-17 00:12:56 +02:00
Günther Deschner
3b899af422 s3-lsa: implement _lsa_EnumAccountsWithUserRight(). 
Guenther
 2009-07-17 00:11:14 +02:00
Günther Deschner
f7ff6bd142 s3-rpc_server: pass down full unix token to map_max_allowed_access(). 
Also use unix_token->uid instead of geteuid() when checking for mapping of the
SEC_FLAG_MAXIMUM_ALLOWED flag.

Guenther
 2009-07-13 15:38:20 +02:00
Volker Lendecke
f169772d93 Handle LSA_POLICY_INFO_DNS 2009-07-04 12:54:22 +02:00
Volker Lendecke
8666e79f8f Implement QueryInfoPolicy2 similar to s4: Make it the same as QueryInfoPolicy 
Don't reply to it for non-pdb-ads to keep up our old behaviour
 2009-07-04 12:54:22 +02:00
Volker Lendecke
8414048557 _lsa_QueryInfoPolicy: Use symbolic info level names 2009-06-28 22:13:50 +02:00
Günther Deschner
a6ab195d72 s3-lsa: Fix error path in _lsa_EnumAccountRights. 
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND
again as described in MS-LSAD 3.1.4.5.10 and tested with the
RPC-SAMR-USER-PRIVILEGES test.

Guenther
 2009-06-23 11:17:50 +02:00
Jeremy Allison
cbb55b34e2 _lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return an 
empty set of privilages if the SID doesn't have any.
(From [MS-LSAD.pdf])
Jeremy.
 2009-06-16 13:17:24 -07:00
Günther Deschner
c49c1b94ef s3-lsa: remove old code that we cannot even compile anymore. 
Guenther
 2009-06-08 22:58:16 +02:00
Jeremy Allison
d649a46078 Add a security model to LSA. Similar to the SAMR code - using 
the MS-LSA docs.
Jeremy.
 2009-05-20 11:52:11 -07:00
Jeremy Allison
459dc8f39c Change access_check_samr_object -> access_check_object. 
Make map_max_allowed_access global. Change lsa_get_generic_sd
to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just
LSA_POLICY_EXECUTE.
Jeremy.
 2009-05-18 15:44:03 -07:00
Günther Deschner
d06051cc51 s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2(). 
Guenther
 2009-05-19 00:16:26 +02:00
Günther Deschner
6ab0c83570 s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount(). 
Inspired by lsa server from Samba 4.

Just removing a user in SAMR does not remove a user in LSA. If you use
usermanager from windows, the "User Rights" management gui gets unaccessable as
soon as you delete a user that had privileges granted. With this fix, that
no longer existing user would properly appear as an unknown account in the GUI
(as it does while using usermanager with windows domains).

This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test.

Guenther
 2009-05-18 23:08:13 +02:00
Günther Deschner
4724fef897 s3-lsa: start a very basic implementation of _lsa_DeleteObject(). 
Certainly not the full story but this gets us closer to pass the
RPC-SAMR-USERS-PRIVILEGES test.

Guenther
 2009-05-18 22:58:31 +02:00
Günther Deschner
a82bb4bd51 s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned a NULL sid_array since 3.2.0. 
Found by torture test.

This makes it possible to search for users while adding them to groups via
windows usermanager.

Guenther
 2009-05-11 18:31:46 +02:00
Günther Deschner
af5a71d528 s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount(). 
Guenther
 2009-04-30 14:28:38 +02:00
Günther Deschner
14304fc5e5 s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3. 
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED.

Guenther
(cherry picked from commit 1c9266c8ca)
 2009-04-16 01:52:56 +02:00