1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

142 Commits

Author SHA1 Message Date
Ronnie Sahlberg
6fa7bed854 r24775: add 5 specific access right bits for the accessmask that refers
to Groups on the samr pipe

the five bits
  lookup info
  set info
  add member
  remove member
  get members
comes from the wireshark/ethereal sources where they were added in Aug
21 2002

http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-dcerpc-samr.c?r1=5987&r2=6054
(This used to be commit 1f00ac5dbe)
2007-10-10 15:03:09 -05:00
Ronnie Sahlberg
bf3b40dc14 r24774: add 5 specific access mask bits for policy handles created for aliases
these five access mask bits :
   add member
   remove members
   get members
   lookup info
   set info
come from wireshark/ethereal  where they were added to cvs in Aug 21  2002

http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-dcerpc-samr.c?r1=5987&r2=6054
(This used to be commit e39556ba4c)
2007-10-10 15:03:08 -05:00
Ronnie Sahlberg
c96657e751 r24772: add a bitmap that describes 6 of the specific accessmask bits for
policy handles that are create by Connect?() calls on the samr pipe.

these bits come from the wireshark/ethereal sources where they have
been documented for a long time.

the bits :
  connect to server
  initialize server
  create domain
were added to wireshark/ethereal in svn 8080   Jul 24 2003

the bits :
  open domain
  enum domain
  shutdown server
were added to wireshark/ethereal in svn 6054 Aug 21 2002
(This used to be commit 04e67bb680)
2007-10-10 15:03:08 -05:00
Andrew Bartlett
32d55960b5 r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.
- The icons in usermgr were incorrect, because the acct_flags were
   not filled in (due to missing attribute in ldb query)

 - The Full name was missing, and the description used as the full
   name (due to missing attributes in ldb query and incorrect IDL)

To prove the correctness of these fixes, I added a substantial new
test to RPC-SAMR-USERS, to ensure cross-consistancy between
QueryDisplayInfo and QueryUserInfo on each user.

This showed that for some reason, we must add ACB_NORMAL to the
acct_flags on level 2 queries (for machine trust accounts)...

Getting this right is important, because Samba3's RPC winbind methods
uses these queries.

Andrew Bartlett
(This used to be commit 9475d94a61)
2007-10-10 15:01:19 -05:00
Jim McDonough
698093b028 r23643: Fix the build farm tests. We were incorrectly passing the
RPC-SAMBA3-GETUSERNAME tests before the previous password expiration
fixes, because if you create a user and only set the password
administratrively, the "last set time" should not get updated.  Needed
to add some more of the fields_present flags to do this.
(This used to be commit ce5637de22)
2007-10-10 14:53:30 -05:00
Jelmer Vernooij
9ca1a3c186 r21662: More samr tests
(This used to be commit 2eae55819e)
2007-10-10 14:49:06 -05:00
Jelmer Vernooij
648fe6610e r21660: Add another test
(This used to be commit 0b1e793ed5)
2007-10-10 14:49:06 -05:00
Andrew Bartlett
d471e52d23 r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct
way to setup a Samba4 DC is to set 'server role = domain controller'.

We use the fSMORoleOwner attribute in the base DN to determine the PDC.

This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.

Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.

We also now use the ldb database to determine if we should run the
global catalog service.

In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.

Andrew Bartlett
(This used to be commit 67d8365e83)
2007-10-10 14:29:15 -05:00
Jelmer Vernooij
863dcbfa06 r19588: Use include and import statements rather than depends() and helper().
(This used to be commit 347ae96282)
2007-10-10 14:24:58 -05:00
Rafal Szczesniak
a33a56bb93 r18890: sort the flags out and remove unknown as there's still
quite a few of them (not sure if these are used actually).

rafal
(This used to be commit 1622d4608b)
2007-10-10 14:20:19 -05:00
Rafal Szczesniak
71f01b9fad r18887: add flags found while on the plane.
rafal
(This used to be commit ec59441977)
2007-10-10 14:20:19 -05:00
Jelmer Vernooij
cd9057a0bb r18639: Get rid of the keepref support
(This used to be commit d1364ef0cd)
2007-10-10 14:18:59 -05:00
Günther Deschner
d8df6d1a81 r18635: Make sure to display samr_GroupAttrs in samr_DispInfo for groups instead
of interpreting them as samr_AcctFlags.

Guenther
(This used to be commit ed02c1afc8)
2007-10-10 14:18:59 -05:00
Andrew Tridgell
208bc04362 r18375: Volker noticed that this is in fact an 8bit number - well spotted!
(This used to be commit 3f80b6b87b)
2007-10-10 14:18:21 -05:00
Andrew Bartlett
fcce0991c2 r16773: Fix one more RPC-SAMR test (an alias level), and make it clear that
the unknown value in the samr_GroupInfo structures are the group
attributes.

Andrew Bartlett
(This used to be commit c50095efab)
2007-10-10 14:09:45 -05:00
Jelmer Vernooij
9727b061f3 r15776: Don't generate ref pointers in Samba4-generated code. There is no point
in having pointers for outgoing data when you can already modify the top-level
element.

This can be overridden (temporarily) by specifying the new "keepref"
attribute. Once we've removed keepref from all IDL files, I'll remove this
attribute as well.
(This used to be commit bdc6dd3750)
2007-10-10 14:08:18 -05:00
Jelmer Vernooij
d86da81304 r15653: Remove idl_types.h include where possible. Remove
types from .h file that are now in pidls' aliases list.
(This used to be commit fadb9529ec)
2007-10-10 14:08:03 -05:00
Günther Deschner
2fe65142c2 r14055: merge from samba3. add ACB_NO_AUTH_DATA_REQD, this has been verified
although not automatically tested in smbtorture right now.

Guenther
(This used to be commit 46e191cfa5)
2007-10-10 13:52:38 -05:00
Stefan Metzmacher
0350f6f060 r13925: fix dependencies
metze
(This used to be commit 9dad1fb7bb)
2007-10-10 13:52:26 -05:00
Andrew Bartlett
4d024e6e64 r13908: Improve the RPC-SAMSYNC test to cross-check some attributes I wasn't
sure about.

This finds a new ACB_PW_EXPIRED attribute.

Andrew Bartlett
(This used to be commit 54caf94942)
2007-10-10 13:52:22 -05:00
Günther Deschner
fd2f09d6ba r13634: Fix typo.
Guenther
(This used to be commit cd569446a1)
2007-10-10 13:52:03 -05:00
Günther Deschner
ecdfe60bca r13633: Adding more SE_GROUP bits and make it a bitmask as well.
Guenther
(This used to be commit 8e93989682)
2007-10-10 13:52:03 -05:00
Günther Deschner
d8d2a3c86f r13632: The "password_properties" is a bitmask as well.
Guenther
(This used to be commit 0d918764b1)
2007-10-10 13:52:03 -05:00
Günther Deschner
fb96456fde r13631: Add DOMAIN_PASSWORD_LOCKOUT_ADMINS (this bit only allows to lockout
Administrator, not Domain Admins in general).

Guenther
(This used to be commit abad44a57d)
2007-10-10 13:52:03 -05:00
Günther Deschner
9c8bbc3f7a r13630: Add new ACB-bits as seen in acct_flags in the PAC info3
(merge from Samba 3).

Guenther
(This used to be commit fa1127c545)
2007-10-10 13:52:02 -05:00
Andrew Bartlett
d0375cfd43 r11438: Move enum samr_RejectReason into misc.idl so I can use it in a global
prototype.

Andrew Bartlett
(This used to be commit a3abffc758)
2007-10-10 13:45:37 -05:00
Jelmer Vernooij
8d036f304e r11099: Replace unistr with [string] equivalent
(This used to be commit 6a8291c80e)
2007-10-10 13:44:49 -05:00
Andrew Tridgell
3eb52c6cd6 r9574: - made the sec_info fields in lsa and samr use a IDL bitmap
- fixed winreg_GetKeySecurity() to use a sec_info field correctly

- simplied the winreg torture code, removing the separate opens for
  each hive

- added torture cleanup code in winreg test

- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd)
2007-10-10 13:34:30 -05:00
Stefan Metzmacher
0b92507760 r8232: remove samr_String and netr_String as they are the same as lsa_String
metze
(This used to be commit e601042c07)
2007-10-10 13:19:22 -05:00
Andrew Bartlett
9a7481bcfe r7993: Further work on the Krb5 PAC.
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.

This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.

In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.

Also in this commit:

The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.

To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.

Andrew Bartlett
(This used to be commit e2015671c2)
2007-10-10 13:18:57 -05:00
Andrew Tridgell
7fc49243f3 r7870: fixed the RPC-SCHANNEL test. It turned out it was my const changes, as
they slightly changed the semantics of value() in pidl, which broke
a optimisation hack in some of our IDL files.

I've changed the idl files to remove the hack for now. Sometime we
need to find a better way to handle these :-)
(This used to be commit 765f75ea63)
2007-10-10 13:18:45 -05:00
Jelmer Vernooij
c420c5a4c4 r7552: Use ParseExpr() for [value] attributes; allows
us somewhat cleaner IDL.
(This used to be commit b7b01bccd1)
2007-10-10 13:18:07 -05:00
Jelmer Vernooij
50d2bf0066 r7029: Make array support in pidl similar to that in other IDL compilers. We should
now able to use constructions like these:

[size_is(20)] int *x; -> Pointer to array of 20 ints
[size_is(20)] int x[]; -> Array of 20 ints
[size_is(20)] int *x[]; -> Array of 20 pointers to ints
[size_is(20,)] int *x[] -> Array of 20 pointers to ints
[size_is(,20)] int *x[]; -> Pointer to array of 20 ints
[size_is(,20)] int **x; -> Pointer to pointer to array of 20 ints
[size_is(20)] int x[][30]; -> 20 blocks of 30 ints
(This used to be commit ecf583da71)
2007-10-10 13:17:07 -05:00
Jelmer Vernooij
e427f58622 r6973: Merge new version of pidl into the main SAMBA_4_0 branch.
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:

IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }

This makes the ndr_parser.pm internals much more sane.

Other changes include:

- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
  most other IDL compilers). This can be overridden using the
  default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
  is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
  useful for making sure IDL files work with other IDL compilers.

oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615)
2007-10-10 13:17:01 -05:00
Andrew Bartlett
bb6e2059ee r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.
Fill out the group list for the SamLogon reply, so clients get the
supplementary groups.

Andrew Bartlett
(This used to be commit d9c31e60a7)
2007-10-10 13:16:24 -05:00
Tim Potter
6bb0231229 r6325: Rename aliasname -> alias_name in CreateDomAlias function.
(This used to be commit 63dfa9b806)
2007-10-10 13:11:32 -05:00
Andrew Bartlett
5aa2646be8 r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
Andrew Bartlett
(This used to be commit 7822101cb5)
2007-10-10 13:11:06 -05:00
Andrew Bartlett
d830fcd7d1 r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
the SAMR server.

Andrew Bartlett
(This used to be commit fd748f9d2f)
2007-10-10 13:11:03 -05:00
Jelmer Vernooij
ffae01d432 r5672: Use switch_type() and the token storage mechanism for unions:
- Makes union handling less special
 - Allows unions in arrays, etc
 - Compatible with midl
 - Pidl will warn about switch_type() and the type of the switch_is() variable being different
(This used to be commit dc6b4ffc82)
2007-10-10 13:10:58 -05:00
Jelmer Vernooij
631aa1f0ef r5661: Be a little stricter on syntax regarding arrays. A pointer to an
array can now only be :

 type *name[];

rather then :

 type *name;

which was supported in the past. Warnings will be given when the first
syntax is used. Reasons for this change in behaviour include improved
readability and the fact that the second format makes dealing with multiple
levels of pointers harder.
(This used to be commit a416de5825)
2007-10-10 13:10:57 -05:00
Tim Potter
abc28d66e9 r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'.
(This used to be commit 6749b9404d)
2007-10-10 13:09:46 -05:00
Andrew Tridgell
465e089dd3 r5080: patch from ronnie to make our samr IDL a little more consistent
(This used to be commit 7607ddda3f)
2007-10-10 13:09:20 -05:00
Andrew Tridgell
1e42cacf6a r5036: changed HYPER_T to the more standard "hyper"
(This used to be commit 1d1a9c11ee)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
3dd17f1288 r5034: - added a type mapping function in pidl, so the type names in our IDL
files don't need to match the type names in the generated headers

- with this type mapping we no longer need definitions for the
  deprecated "int32", "uint8" etc form of types. We can now force
  everyone to use the standard types int32_t, uint8_t etc.

- fixed all the code that used the deprecated types

- converted the IDL types "int64" and "uint64" to "dlong" and
  "udlong". These are the 4 byte aligned 64 bit integers that
  Microsoft internally define as two 32 bit integers in a
  structure. After discussions with Ronnie Sahlberg we decided that
  calling these "int64" was confusing, as it implied a true 8 byte
  aligned type

- fixed all the cases where we incorrectly used things like
  "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
  those. The fact that it is hyper-aligned on the wire is not relevant
  to the API, and should remain just a IDL property
(This used to be commit f86521677d)
2007-10-10 13:09:15 -05:00
Tim Potter
9eea1eb94f r5005: Add missing size specifiers to various bitmaps.
(This used to be commit 19a907cb58)
2007-10-10 13:09:12 -05:00
Stefan Metzmacher
894b6890b4 r4705: use an enum for reject_reason
metze
(This used to be commit 57bf3d7a83)
2007-10-10 13:08:45 -05:00
Stefan Metzmacher
516dbfd5ed r4702: implment idl, torture test and server code for netr_ServerPasswordSet2()
metze
(This used to be commit 7d8ba92da2)
2007-10-10 13:08:45 -05:00
Stefan Metzmacher
fd4831f1f0 r4650: - make more use of bitmap and enum's
- move some structs out of misc.idl

metze
(This used to be commit b6543a6e30)
2007-10-10 13:08:39 -05:00
Stefan Metzmacher
1ec6416a35 r4568: make use of SidType and move it to lsa.idl
metze
(This used to be commit c2523adc0a)
2007-10-10 13:08:28 -05:00
Stefan Metzmacher
678038a0f2 r4552: use samr_AcctFlags in netlogon.idl
metze
(This used to be commit 3e224575e5)
2007-10-10 13:08:26 -05:00