sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
67,659 Commits 60 Branches 1,144 Tags 452 MiB
93126b3315
Commit Graph

354 Commits

Author SHA1 Message Date
Jelmer Vernooij
93126b3315 samdb: Add flags argument to samdb_connect(). 2010-10-10 23:08:49 +02:00
Günther Deschner
b7683a2c9d samr: for correctness, rename samr_RidTypeArray to samr_RidAttrArray. 
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Oct  7 12:04:32 UTC 2010 on sn-devel-104
 2010-10-07 12:04:32 +00:00
Günther Deschner
e0b340247a s4-samr: Fix dcesrv_samr_QueryGroupMember. 
Guenther
 2010-10-07 13:24:22 +02:00
Matthias Dieter Wallnöfer
83cd3f7630 s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are returned here 
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
 2010-09-11 14:34:37 +02:00
Matthias Dieter Wallnöfer
cd711da6ca s4:samr RPC server - samr_password.c - make real user password changes work 
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
 2010-08-17 18:45:34 +02:00
Matthias Dieter Wallnöfer
2a423e0547 s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform password sets 2010-08-17 18:45:34 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion 
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-16 18:24:27 +10:00
Matthias Dieter Wallnöfer
b03040c5a9 s4:SAMR rpc server - "SetUserInfo" - fix the implementation of the expire flag 
It has to consider the "password_expires" flag to known if the "pwdLastSet" has
to be updated or to be resetted.
 2010-07-06 21:54:21 +02:00
Matthias Dieter Wallnöfer
7f15ca4427 s4:SAMR rpc server - "QueryUserInfo" - send back the password expired flag on level 21 
Taken from the s3 server code
 2010-07-06 21:54:21 +02:00
Matthias Dieter Wallnöfer
afcf18f3c9 s4:samr RPC server - "SetUserInfo" - allow some more informations to be set 
Taken from the s3 implementation.
 2010-07-05 15:36:12 +02:00
Matthias Dieter Wallnöfer
d6098de507 s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour 
Behaviour as the torture SAMR passwords tests show.
 2010-06-28 14:51:05 +02:00
Matthias Dieter Wallnöfer
3c1a9fb87f s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0 
Taken from s3
 2010-06-28 14:51:05 +02:00
Matthias Dieter Wallnöfer
ea83d21341 s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
4c63bb312f s4:dcesrv_samr_SetUserInfo - implement password set level 21 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
b705026771 s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the user password 2010-06-28 14:51:04 +02:00
Matthias Dieter Wallnöfer
8feda76d4f s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth 
This is what s3 does.
 2010-06-28 14:51:03 +02:00
Matthias Dieter Wallnöfer
8f20a5512a s4:samr_password.c - add a function which sets the password through encrypted password hashes 
Used for password sets on "samr_SetUserInfo" level 18 and 21.
 2010-06-28 14:51:03 +02:00
Matthias Dieter Wallnöfer
eff7d2db31 s4:samr RPC server - make use of LDB constants in macros 2010-06-22 22:21:12 +02:00
Matthias Dieter Wallnöfer
2f49c8f58e s4:samr RPC server - fix Solaris build warning 2010-06-20 22:33:01 +02:00
Matthias Dieter Wallnöfer
1137e8e95e s4:SAMR server - cosmetic fix 2010-06-14 11:41:32 +02:00
Matthias Dieter Wallnöfer
f0ab520f6e s4:SAMR server - on alias search operations do never use the domain DN as base dn 
Aliases (especially in the "builtin" domain) are often domain-independant.
 2010-06-14 11:37:11 +02:00
Matthias Dieter Wallnöfer
731b4469cb s4:dcesrv_samr_GetGroupsForUser - return error code if a SID wasn't found 
This shouldn't happen since SIDs are mandatory for security objects
 2010-06-12 17:50:52 +02:00
Matthias Dieter Wallnöfer
a67fa2db3b s4:dcesrv_samr_QueryGroupMember/GetMembersInAlias - unify the structure 
Mostly cosmetic fixes
 2010-06-12 17:45:14 +02:00
Matthias Dieter Wallnöfer
d2c25e1b11 s4:dcesrv_samr_GetAliasMembership - provide a correct implementation 
We could also have no valid SID specified at all and also then we have to
return an empty array with "NT_STATUS_OK". This shows the torture testsuite.
 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
4a8ee9a333 s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the database is corrupted 
Group/User/Alias entries do always have a SID (it's a mandatory attribute in the
SAM directory)!
 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
4659b3c4fd s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it wasn't found 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
d2099a1def s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo" 2010-06-12 16:45:48 +02:00
Matthias Dieter Wallnöfer
776eb25ef7 s4:dcesrv_samr_QueryUserInfo - minor fixes 
Return  "NT_STATUS_NO_SUCH_USER" when user account doesn't exist.
 2010-06-12 16:45:47 +02:00
Matthias Dieter Wallnöfer
cdecae6c03 s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when really needed 
That means the allocation should move after the lookup (as it is on
"QueryUserInfo"). Return "NT_STATUS_NO_SUCH_DOMAIN" on an invalid domain.
 2010-06-12 16:45:47 +02:00
Matthias Dieter Wallnöfer
0171f714b4 s4:dcesrv_samr_EnumDomainGroups - mostly small fixes 2010-06-12 16:45:47 +02:00
Matthias Dieter Wallnöfer
f2c3d39e72 s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry was returned 2010-06-12 16:45:46 +02:00
Matthias Dieter Wallnöfer
5a1cb7029c s4:dcesrv_samr_EnumDomainAliases - mostly small fixes 
The biggest change consists in the implementation of the Windows Server
return size formula MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER).
 2010-06-12 16:45:46 +02:00
Matthias Dieter Wallnöfer
84bda98066 s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases" 
That means that the lookup is now also done by "samdb_search_domain" to be more
consistent.
 2010-06-12 16:45:46 +02:00
Matthias Dieter Wallnöfer
9f95298864 s4:dcesrv_samr_Add/DeleteAliasMember - provide better NTSTATUS return codes when something didn't work 2010-06-10 16:22:08 +02:00
Matthias Dieter Wallnöfer
7374cd0358 s4:dcesrv_samr_GetAliasMembership - fix type of counter variables 2010-06-10 16:22:07 +02:00
Matthias Dieter Wallnöfer
34b43a8642 s4:dcesrv_samr_DeleteAliasMember - add more braces to fit better the coding styles 2010-06-10 16:22:07 +02:00
Matthias Dieter Wallnöfer
305f2c7043 s4:dcesrv_samr_AddAliasMembership - Merge the two error blocks into one 2010-06-10 16:22:07 +02:00
Matthias Dieter Wallnöfer
13b1f7a2b3 s4:dcesrv_samr_Add/DelGroupMember - remove the account type check 
MS-SAMR 3.1.5.8 speaks from accounts which are not necessarely only users.
 2010-06-10 16:22:06 +02:00
Matthias Dieter Wallnöfer
f95634dbe0 s4:dcesrv_samr_AddGroupMember - also the error code "LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS" is allowed 
This is returned when the group is the primary group of the specified entry.
 2010-06-10 16:22:06 +02:00
Matthias Dieter Wallnöfer
189950ce06 s4:dsdb_enum_group_mem - use "unsigned" counters 
"size_t" counters aren't really needed here (we don't check data lengths).
And we save the result in a certain "num_sids" variable which is of type
"unsigned".
 2010-05-24 22:01:36 +02:00
Andrew Bartlett
f6aa090202 s4:samr Push most of samr_LookupRids into a helper function 
This is a rewrite of the lookup_rids code, using a query based on the
extended DN for a clearer interface.

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett
 2010-05-24 23:08:56 +10:00
Andrew Bartlett
c6ffd884d9 s4:samr Push most of samr_QueryGroupMember into a helper function 
This is a rewrite of the group membership lookup code, using the
stored extended DNs to avoid doing the lookup into each member to find
the SID

By splitting this out, the logic is able to be shared, rather than
copied, into a passdb wrapper.

Andrew Bartlett
 2010-05-24 23:08:49 +10:00
Andrew Bartlett
20d2847492 s4:samr Move most of samr_CreateDomAlias into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
fc04e565b0 s4:samr Split most of samr_CreateDomainGroup into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Andrew Bartlett
43c931b2d4 s4:samr Split the guts of samr_CreateUser2 into a helper function 
This allows this logic to be shared, rather than copied, into a passdb
wrapper.

Andrew Bartlett
 2010-05-24 23:08:11 +10:00
Matthias Dieter Wallnöfer
6e8098b261 s4:samdb_set_password/samdb_set_password_sid - Rework 
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.

An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
 2010-05-10 19:07:46 +02:00
Matthias Dieter Wallnöfer
9442a5593d s4:samr RPC - Change some counters to be "unsigned" where needed 
The "count" size specifiers I typed "uint32_t" since they're often returned as
an "uint32_t" (consider the IDL file). LDB counters need to be "signed" if they
count till a limit of a "gendb*" call or "unsigned" if they count directly the
number of objects.
 2010-03-06 10:44:33 +01:00
Matthias Dieter Wallnöfer
ce296d2a53 s4:dcesrv_samr_AddAliasMember - wrap a long "DEBUG" statement 2010-03-05 15:01:07 +01:00
Matthias Dieter Wallnöfer
8d0fbfe987 s4:dcesrv_samr - Also "OpenGroup" needs to support universal groups 2010-03-03 17:15:31 +01:00
Matthias Dieter Wallnöfer
f92c28bf4e s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" calls 
We need to look for both global and universal group types when querying them.
Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
 2010-03-03 17:15:31 +01:00