1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

266 Commits

Author SHA1 Message Date
Andrew Bartlett
a2ce53c1f5 s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc.  This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.

The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.

Andrew Barltett
2011-02-09 01:11:06 +01:00
Andrew Bartlett
f681859eb8 s4-lsa Implement kerberos ticket life policy
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC.  We should get
this from group policy, but for now it's parametric smb.conf options.

Andrew Bartlett
2010-12-09 18:02:59 +11:00
Matthias Dieter Wallnöfer
93d85ca5fd s4:fix some shadowed declaration warnings on Solaris by renaming the symbols 2010-12-06 11:28:58 +01:00
Matthias Dieter Wallnöfer
70eaa3fd0c s3/s4:lsa.idl - QueryDomainInformationPolicy - the "unknown6" field is called "reserved"
MS-LSAD 3.1.1.1 - http://msdn.microsoft.com/en-us/library/cc234319(v=PROT.13).aspx
2010-12-03 22:56:19 +01:00
Matthias Dieter Wallnöfer
d0b3932447 s4:lsa RPC server - always initialise "info" structures
This should help to fix bug #7769
2010-12-03 22:47:21 +01:00
Matthias Dieter Wallnöfer
aebc90f974 s4:lsa RPC server - "dcesrv_lsa_CreateSecret" - a bit of rework
- Added 'out of memory' checks
- Added checks regarding return values
- Switch to "ldb_msg_add_string" where possible

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec  3 21:41:39 CET 2010 on sn-devel-104
2010-12-03 21:41:39 +01:00
Matthias Dieter Wallnöfer
ae61408e2f s4:lsa RPC server / objectclass LDB module - fix the creation of trusted domain objects
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
2010-11-25 13:05:56 +01:00
Matthias Dieter Wallnöfer
1352a9406f s4:objectclass LDB module - LSA objects - allow them if the SYSTEM control is specified
This fits better than the RELAX one.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
2010-11-24 18:23:01 +01:00
Matthias Dieter Wallnöfer
c291858199 s4:dsdb - fix unsigned integer save problems using the "%u" specifier
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.

There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).

The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.

The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).

This patch changes such problematic situations.
2010-10-16 10:54:46 +02:00
Matthias Dieter Wallnöfer
ace4378de1 s4:lsa RPC server - use LDB result constant 2010-10-15 08:45:14 +02:00
Matthias Dieter Wallnöfer
9bc57e19e6 s4:dsdb - remove "samdb_msg_add_value"
This can be substituted by "ldb_msg_add_value".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
2010-10-15 00:21:53 +00:00
Matthias Dieter Wallnöfer
a0e9814c0d s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", "samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-15 08:36:01 +11:00
Andrew Bartlett
8beaa29242 s4-libcli/security Use seperate subsystem for session related functions
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.

Andrew Bartlett
2010-10-12 02:54:16 +00:00
Andrew Bartlett
5cd9495fb3 s4-param Refactor secrets code to not require an event context.
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.

Andrew Bartlett
2010-10-11 13:02:15 +00:00
Jelmer Vernooij
93126b3315 samdb: Add flags argument to samdb_connect(). 2010-10-10 23:08:49 +02:00
Matthias Dieter Wallnöfer
0e5b77bec4 s4:kdc - use "userAccountControl" always unsigned
It doesn't change much but it's nicer to have it consistent.
2010-10-05 08:43:19 +00:00
Andrew Bartlett
e84ab1b35f s4-privs Fix enum privileges in LSARPC server
We were returning the index, not the LUID value

Andrew Bartlett
2010-09-11 22:32:43 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
2010-09-11 18:46:13 +10:00
Andrew Tridgell
45aecc2833 s4-lsa: privilege IDs should use the enum, not an int
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11 18:46:12 +10:00
Andrew Bartlett
a32cdadb7c libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
This is clearer and more consistent than using a magic -1 return

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:11 +10:00
Andrew Bartlett
6d78e11e17 libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:10 +10:00
Andrew Bartlett
9abfd8fe3b s4-privs Add a lookup by index of privilages
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Günther Deschner
e2f15d2a25 s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.
Also remove bogus trustCurrentPasswords struct which we just had because our IDL
was incorrect.

Guenther
2010-08-25 13:27:50 +02:00
Andrew Bartlett
6cf29b3e4f s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code.  (The remaining changes are that privilages still need to be merged)

Andrew Bartlett
2010-08-23 08:50:55 +10:00
Andrew Bartlett
7c6ca95bec s4:security Remove use of user_sid and group_sid from struct security_token
This makes the structure more like Samba3's NT_USER_TOKEN
2010-08-18 09:50:38 +10:00
Andrew Tridgell
6baa834ebe s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.

This will allow us to use some of the other flags bits for internal
markers on elements

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17 21:21:50 +10:00
Stefan Metzmacher
6598d6dc41 s4:rpc_server/lsa: better include a .h file don't include a .c file
This fixes the build with --nonshared-binary=smbtorture,
as use by the source3/ make test.

metze
2010-08-07 18:16:29 +02:00
Matthias Dieter Wallnöfer
67b1e1b8f3 s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objects 2010-08-07 14:22:42 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Sumit Bose
4efa1081aa s4:rpc_server/lsa/dcesrv_lsa.c - fix typo
Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-06 17:22:42 +02:00
Matthias Dieter Wallnöfer
4826fdf95f s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically performed by
  the DCE/RPC server code
2010-06-28 14:51:08 +02:00
Matthias Dieter Wallnöfer
3c3ecf40e5 s4:rpc_server/lsa/dcesrv_lsa.c - remove unreachable code 2010-06-26 20:08:46 +02:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Andrew Tridgell
bb1ba4ff76 s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-22 19:36:16 +10:00
Fernando J V da Silva
73513fb7e7 s4-drs: Use new samdb_rodc() function in s4 code
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Fernando J V da Silva
57bcdf008f s4-drs: samdb_is_rodc() function and new samdb_rodc() function
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-04-22 19:36:15 +10:00
Simo Sorce
4b249a616b s4:lsa implement lsaRSetForestTrustInformation 2010-03-30 17:46:52 -04:00
Simo Sorce
d9e311ddce s4:lsa Functions to set Domain Trust Information 2010-03-22 21:49:40 -04:00
Simo Sorce
668e7db9d6 s4:lsa move code to add trusted domain user into its own function 2010-03-22 21:49:40 -04:00
Simo Sorce
650a62d1cb s4:lsa Abstract crypto (un)wrapping in separate functions 2010-03-22 21:49:39 -04:00
Günther Deschner
a5ad510fc4 s4-lsa: fix dcesrv_lsa_lsaRSetForestTrustInformation server stub.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-16 15:12:19 +01:00
Matthias Dieter Wallnöfer
24049e8fc5 s4:lsa RPC - fix up "gendb_*" result codes
Make the resultcodes consistent: that means:
result < 0  -> NT_STATUS_INTERNAL_DB_CORRUPTION since our DB had a critical
               error
result >= 0 -> depends on the function usage. I tried to let the logic always as
               it was before.
2010-03-06 11:19:04 +01:00
Matthias Dieter Wallnöfer
a6cf89228f s4:lsa RPC - Change some counters to be "unsigned" where needed
The "count" size specifiers I typed "uint32_t" since they're often returned as
an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they
count till a limit of a "gendb*" call or "unsigned" if they count directly the
number of objects.
2010-03-06 11:04:35 +01:00
Simo Sorce
a7057e69c7 s4:lsa use the correct way to store a domain sid
Converting the sid to a string and then storing a string does not save the sid
in the right format. Causing following retrievals to fail to read back a sid
with samdb_result_dom_sid().
2010-02-24 18:35:48 -05:00
Simo Sorce
376fa0d66e s4:lsa avoid confusing ourselves over sam_ldb
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb
interchangeably all over the place. Just use sam_ldb everywhere and make the
code slightly more readable.
2010-02-24 18:35:48 -05:00
Simo Sorce
4930de5cd9 s4:lsa cleanup trailing spaces and tabs 2010-02-24 18:35:47 -05:00
Simo Sorce
da1970c0ff s4:lsa open trusted domain also with dns name
When searching for a trusted domain object to open, search also the DNS Name
attributes for a match. W2K8R2 uses the DNS domain if available.
2010-02-19 18:31:45 -05:00
Simo Sorce
c8a3c01585 remove trailing tabs and spaces 2010-02-19 18:31:45 -05:00
Andrew Tridgell
90203f87e7 s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags
This allows for controls to be added easily where they are needed.
2010-02-16 21:10:50 +11:00
Matthias Dieter Wallnöfer
05b6e3f4f4 s4:dcesrv_lsa.c - remove a superfluous empty line
One empty line is enough for code part divisions.
2010-02-14 10:48:13 +01:00
Andrew Tridgell
f954f522a4 s4-rpcserver: use TYPESAFE_QSORT() in rpc servers 2010-02-13 22:36:12 +11:00
Matthias Dieter Wallnöfer
e8e76eb83a s4:lsa RPC - Use more LDB constants
And fix an obvious bug (call of "samdb_msg_add_delete")
2009-11-21 19:53:29 +01:00
Andrew Tridgell
98e4393df9 s4-dsdb: create a static system_session context
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
2009-10-23 14:52:17 +11:00
Günther Deschner
4b6cfbb6d2 s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.
Found by RPC-LSA-TRUSTED-DOMAIN torture test.

Guenther
2009-10-21 03:14:00 +02:00
Andrew Tridgell
9526487010 s4-lsasrv: make sure only admins can alter privileges 2009-10-17 13:01:02 +11:00
Andrew Tridgell
30be3fd143 s4-privileges: moved privileges to private/privilege.ldb
We were storing privileges in the sam, which was OK when we were a
standalone DC, but is no good when we replicate with a windows DC.

This moves the privileges to a separate (local) database
2009-10-17 13:01:02 +11:00
Andrew Tridgell
a971b87a9e s4-lsa: added support for QuerySecurity on LSA
This follows the sd pattern from samba3
2009-09-22 17:10:05 -07:00
Andrew Tridgell
1261d694f0 more include minimisation 2009-09-19 14:12:01 -07:00
Matthias Dieter Wallnöfer
076ca26cfe s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret") 2009-09-07 14:36:39 +02:00
Günther Deschner
05bec77e00 lsa: fix typo in lsa_TrustDomInfoEnum enum in IDL.
Guenther
2009-07-16 03:05:45 +02:00
Volker Lendecke
951de68721 Fix Coverity ID 628, Andrew B., please check! 2009-04-23 10:50:54 +02:00
Stefan Metzmacher
21571e64a9 s4:rpc_server/lsa: s/delete/del s/open/opn
metze
2009-02-02 13:09:17 +01:00
Stefan Metzmacher
7a4d937fd9 s4: lsa-server: fix crash bugs related to [out,ref] ** changes
metze
2008-10-28 12:21:44 +01:00
Günther Deschner
0e389dc56c s4-lsa-server: remove merge leftover.
Guenther
2008-10-28 00:13:50 +01:00
Günther Deschner
95231eae39 s4-lsa: merge lsa_QueryInfoPolicy/{2} from s3 lsa idl.
Guenther
2008-10-27 19:33:23 +01:00
Günther Deschner
8e622f57e7 s4-lsa: merge lsa_QueryDomainInformationPolicy from s3 lsa idl.
Guenther
2008-10-27 19:33:23 +01:00
Günther Deschner
ea88686419 s4-lsa: merge lsa_QueryTrustedDomainInfoByName from s3 lsa idl.
Guenther
2008-10-27 19:33:22 +01:00
Günther Deschner
36725ec0b4 s4-lsa: merge lsa_QueryTrustedDomainInfo from s3 idl.
Guenther
2008-10-27 19:33:22 +01:00
Günther Deschner
7c3d1dd8a9 s4-lsa: merge lsa_QueryTrustedDomainInfoBySid from s3 lsa idl.
Guenther
2008-10-27 19:33:22 +01:00
Günther Deschner
8bcc939a8c s4-lsa: merge lsa_LookupPrivName from s3 lsa idl.
Guenther
2008-10-27 19:33:22 +01:00
Günther Deschner
ea6b4865ea s4-lsa: merge lsa_EnumPrivsAccount from s3 lsa idl.
Guenther
2008-10-27 19:33:22 +01:00
Günther Deschner
95c69caef6 s4-lsa: merge lsa_LookupPrivDisplayName from s3 lsa idl.
Guenther
2008-10-27 19:33:22 +01:00
Günther Deschner
6a2dabe1a7 s4-lsa: merge lsa_GetUserName from s3 lsa idl.
Guenther
2008-10-27 19:33:22 +01:00
Andrew Bartlett
85acd7eccc Make the updated RPC-LSA pass against Win2008, and Samba4 to match 2008-10-20 20:07:09 +11:00
Matthias Dieter Wallnöfer
b789ff950f LSA Patch for User Manager
New (major) patch
=================
- Enhances the "lsa.idl" file in the sense that it adds more values to
"PolicyInformation" to improve the "lsa_QueryInfoPolicy*" calls.
- Adds a minimal implementation for "AuditEvents" (also lsa_QueryInfoPolicy*
calls) to enable the "Audit" option in the "User Manager for Domains" (at least
readable).
- Adds to the "lsa.idl" file the system access mode flags needed for the calls
"lsa_*SystemAccessAccount".
- Fill in the "lsa_GetSystemAccessAccount" for enabling the "User Rights"
option in the "User Manager for Domains" (at least readable).
- Merge the two similar torture tests of the "lsa_QueryInfoPolicy*" calls in
one using "if"'s for a few separations.
- Add a torture test for "lsa_GetSystemAccessAccount".
- Some cosmetic-only changes (unifications) in output strings in the "LSA"
torture test.

The work has been done using the Microsoft WSPP docs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2008-10-20 20:07:09 +11:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords.
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
2008-10-16 12:48:16 +11:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Andrew Bartlett
1a29fd1cf5 Store trusted domain passwords in the LSA server 2008-10-06 14:28:26 -07:00
Andrew Tridgell
ba5ef49f83 updated the LSA and NETLOGON servers with fixes resulting from the AD
plugfest in Redmond
2008-10-03 17:52:59 -07:00
Andrew Bartlett
04edf11bee Rework to match new trustDomainPasswords IDL 2008-09-29 22:34:36 -07:00
Andrew Bartlett
64195b72be Fix parsing of the trust passwords in LSA CreateTrustedDomainEx* 2008-09-29 22:34:35 -07:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Andrew Bartlett
dadd59ba40 Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.
(This used to be commit 07cb8db799)
2008-09-08 12:46:04 +10:00
Andrew Bartlett
b3cee235f5 More work towards trusted domains support in Samba4's LSA
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle

Implement LSA server logic to create the cn=users trust account for
incoming trusts.

Andrew Bartlett
(This used to be commit d87b655e20)
2008-09-08 10:55:34 +10:00
Andrew Bartlett
35c8899949 Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.
Also check we get the defaults correct with a query in the torture
suite.

Andrew Bartlett
(This used to be commit b55a1b63cc)
2008-09-01 14:43:00 +10:00
Andrew Bartlett
4eba234a73 More LSA server and testuite work.
- Implement QueryDomainInformationPolicy in Samba4

 - Allow RPC-LSA to pass against Windows 2008 (which does not allow
   the Audit privilage to be removed)

Andrew Bartlett
(This used to be commit d94c7bbcd6)
2008-08-26 12:18:26 +10:00
Andrew Bartlett
a85ee07046 Implement matching logic to Windows 2008 on handling of secrets.
This is enforced by the new RPC-LSA test.

Andrew Bartlett
(This used to be commit da200ac644)
2008-08-26 10:33:41 +10:00
Andrew Bartlett
387cd89af4 Fix LSA server to pass more of RPC-LSA and match Windows 2008
This fixes some info levels in the QueryTrustedDomainInfo call, and
changes from implementing lsa_Delete to lsa_DeleteObject (which has an
explicit close and reutrns a NULL handle).

Andrew Bartlett
(This used to be commit 1f12c368b2)
2008-08-26 10:32:49 +10:00
Andrew Bartlett
e16b2242e5 Remove bogus test in 'enum trusted domains' LSA server.
The change to the RPC-LSA test proves that when the remote server has
0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not
NT_STATUS_OK.

Andrew Bartlett
(This used to be commit 40a55b34c2)
2008-07-21 12:05:53 +10:00
Simo Sorce
929adc9efa Make up the right dependencies now that ldb depends on libevents
(This used to be commit 3b8eec7ca3)
2008-06-14 11:59:19 -04:00
Andrew Bartlett
9a1bec0801 More kludge ACLs!
Rather than killing off the nasty 'kludge ACLs' stuff, this patch
extends it, to ensure that LSA secrets and the registry are also
protected.

Andrew Bartlett
(This used to be commit 2f2b110fb8)
2008-03-20 12:12:10 +11:00
Andrew Bartlett
8b20113517 Show why a LookupName fails (help debugging)
Andrew Bartlett
(This used to be commit 9bfc475788)
2008-03-13 16:35:11 +11:00
Jelmer Vernooij
41db2ab12c r26319: Split encoding functions out of libcli_ldap.
(This used to be commit 95a6ef7fc8)
2007-12-21 05:48:33 +01:00
Jelmer Vernooij
57f20ccd24 r26296: Store loadparm context in DCE/RPC server context.
(This used to be commit fc1f4d2d65)
2007-12-21 05:48:13 +01:00
Jelmer Vernooij
991ee1aff0 r26205: Pass loadparm_context to secrets_db_connect() rather than using global context.
(This used to be commit 5718b6cfee)
2007-12-21 05:46:51 +01:00
Andrew Bartlett
25143a2648 r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were just
wrappers to ldb_add() etc.  samdb_replace() remains, as it sets flags on
all entries as 'replace'.

Andrew Bartlett
(This used to be commit 09c0faa5b7)
2007-12-21 05:46:17 +01:00
Jelmer Vernooij
ca0b72a1fd r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.
(This used to be commit 56dfcb4f2f)
2007-12-21 05:45:40 +01:00
Jelmer Vernooij
05e7c48146 r25553: Convert to standard bool type.
(This used to be commit b7371f1a19)
2007-10-10 15:07:54 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Andrew Bartlett
08c97435d3 r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, with
a new torture suite to match.

This should fix bug #4954 by Matthias Wallnöfer <mwallnoefer@yahoo.de>

Previously we had no knowlege of BUILTIN or well-known names.

This code needs expansion to check with winbind for trusted domains.

Andrew Bartlett
(This used to be commit e6fc0e1f54)
2007-10-10 15:06:51 -05:00