sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-15 23:24:37 +03:00
Code
53,703 Commits 60 Branches 1,145 Tags
Commit Graph

2761 Commits

Author SHA1 Message Date
Günther Deschner
fca7dce1a9 s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases. 
This is now also verified with the RPC-SAMR-LARGE-DC test.

Guenther
 2009-05-25 14:05:18 +02:00
Volker Lendecke
a8e02b591b Add "err_on_readability" to writev_send 
A socket where the other side has closed only becomes readable. To catch
errors early when sitting in a pure writev, we need to also test for
readability.
 2009-05-24 13:47:29 +02:00
Jeremy Allison
d649a46078 Add a security model to LSA. Similar to the SAMR code - using 
the MS-LSA docs.
Jeremy.
 2009-05-20 11:52:11 -07:00
Jeremy Allison
459dc8f39c Change access_check_samr_object -> access_check_object. 
Make map_max_allowed_access global. Change lsa_get_generic_sd
to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just
LSA_POLICY_EXECUTE.
Jeremy.
 2009-05-18 15:44:03 -07:00
Günther Deschner
d06051cc51 s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2(). 
Guenther
 2009-05-19 00:16:26 +02:00
Jeremy Allison
ada1af41ea Fix SAMR server for winbindd access. Ensure we allow 
MAX_ACCESS to be mapped to what we're giving Everyone.
Jeremy.
 2009-05-18 14:26:37 -07:00
Günther Deschner
6ab0c83570 s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount(). 
Inspired by lsa server from Samba 4.

Just removing a user in SAMR does not remove a user in LSA. If you use
usermanager from windows, the "User Rights" management gui gets unaccessable as
soon as you delete a user that had privileges granted. With this fix, that
no longer existing user would properly appear as an unknown account in the GUI
(as it does while using usermanager with windows domains).

This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test.

Guenther
 2009-05-18 23:08:13 +02:00
Günther Deschner
4724fef897 s3-lsa: start a very basic implementation of _lsa_DeleteObject(). 
Certainly not the full story but this gets us closer to pass the
RPC-SAMR-USERS-PRIVILEGES test.

Guenther
 2009-05-18 22:58:31 +02:00
Jeremy Allison
8b4e491ab0 Ensure users with SeAddUser privs get full access to 
groups/aliases when opening.
Jeremy.
 2009-05-15 14:20:00 -07:00
Jeremy Allison
5adb3b8841 Add extra abilities for a user with SeAddUsers, so they 
can manipulate groups and aliases.
Jeremy.
 2009-05-15 13:36:43 -07:00
Jeremy Allison
2b784738d7 DeleteUser doesn't need the priv checks, this is done at OpenUser time. 
Jeremy.
 2009-05-15 13:13:01 -07:00
Günther Deschner
4027fde97c s3-samr: Fix samr access checks in _samr_RemoveMemberFromForeignDomain(). 
Guenther
 2009-05-15 21:18:23 +02:00
Günther Deschner
cd421ff2fc s3-samr: Fix samr access checks in _samr_SetUserInfo(). 
Guenther
 2009-05-15 15:38:22 +02:00
Günther Deschner
7dcf5d4bcf s3-samr: Fix samr access checks in _samr_QueryUserInfo(). 
Guenther
 2009-05-15 15:38:13 +02:00
Günther Deschner
59192bf03f s3-samr: in _samr_QueryUserInfo() make sure to not return any info in error case. 
Guenther
 2009-05-15 15:37:50 +02:00
Günther Deschner
0e9f03c727 s3-samr: Fix samr access checks in _samr_SetDomainInfo(). 
Guenther
 2009-05-15 13:55:39 +02:00
Günther Deschner
140d4cabca s3-samr: Fix samr access checks in _samr_QueryDomainInfo(). 
Guenther
 2009-05-15 13:55:32 +02:00
Günther Deschner
7d653ae277 s3-samr: use normal integer in r->in.level switch statements. 
Guenther
 2009-05-15 13:55:15 +02:00
Jeremy Allison
57e03b6a1d Fix the core of the SAMR access functions. This passes make test, but 
usrmgr fails against it. The core of this patch is to move all the
access mask setup into the _samr_OpenXXX functions, and then have
each specific function check the attached access_mask against the
required bits. We can then go through the MS-SAMR doc and match
things up. Signed off by Guenther, and writespace cleanup removal
by Volker.
Jeremy.
 2009-05-14 15:11:50 -07:00
Günther Deschner
652251701d s3-printing: no need to define struct table_node 4 times. 
Guenther
 2009-05-13 15:27:06 +02:00
Jeremy Allison
b4c9cfb2af Fix a bunch of compiler warnings about wrong format types. 
Should make Solaris 10 builds look cleaner.
Jeremy.
 2009-05-11 21:56:57 -07:00
Günther Deschner
0dc1b239eb s3-samr: implement _samr_RidToSid(). 
Guenther
 2009-05-12 00:27:24 +02:00
Günther Deschner
4beb4395eb s3-samr: Let _samr_TestPrivateFunctionsDomain() return NT_STATUS_NOT_SUPPORTED to make RPC-SAMR happy. 
Guenther
 2009-05-12 00:27:24 +02:00
Günther Deschner
6d1e21bd1b s3-samr: Fix Bug #5859, renaming of samr objects failed due to samr setuserinfo access checks. 
Torture test to follow...

Guenther
 2009-05-11 18:48:54 +02:00
Günther Deschner
a82bb4bd51 s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned a NULL sid_array since 3.2.0. 
Found by torture test.

This makes it possible to search for users while adding them to groups via
windows usermanager.

Guenther
 2009-05-11 18:31:46 +02:00
Günther Deschner
b1a4649438 s3-net: add "net dom renamecomputer" to rename machines in a domain. 
dmarkey, please test :)

Guenther
 2009-05-11 10:55:40 +02:00
Günther Deschner
a21bfc4daf s3-samr: Fix SetUserInfo level 16 and 21 w.r.t. ACB_AUTOLOCK acct_flag. 
It is not allowed to *set* this flag remotely if it has been not set already.

Found by torture test.

Guenther
 2009-05-09 00:03:50 +02:00
Günther Deschner
705f36b804 s3-samr: Fix SetUserInfo level 7 when there has been no name change. 
Found by torture test.

Guenther
 2009-05-09 00:02:00 +02:00
Günther Deschner
b7925cb3f2 s3-samr: more accurateness in _samr_SetDomainInfo(). 
Guenther
 2009-05-08 22:15:31 +02:00
Günther Deschner
266b79e004 s3-samr: implement more info levels in _samr_QueryDomainInfo(). 
Gets us closer to pass RPC-SAMR.

Guenther
 2009-05-08 09:55:10 +02:00
Günther Deschner
d7b32b51f8 s3-samr: Fix potential memory leak in _samr_ChangePasswordUser(). 
Guenther
 2009-05-08 01:24:28 +02:00
Günther Deschner
6f4b5798c9 s3-selftest: need to enable lanman auth in order make RPC-SAMR-PASSWORDS pass. 
Guenther
 2009-05-08 00:46:54 +02:00
Günther Deschner
227b61d7ea s3-samr: Do not leak information whether a user exist or not in pwd change calls. 
Found by torture test.

Guenther
 2009-05-08 00:46:54 +02:00
Günther Deschner
5773d7d102 s3-samr: implement _samr_ChangePasswordUser(). 
This is vastly copied from samba4 samr server.

Guenther
 2009-05-08 00:46:49 +02:00
Günther Deschner
d17c6af57c s3-samr: implement _samr_OemChangePasswordUser2(). 
Guenther
 2009-05-08 00:44:46 +02:00
Günther Deschner
6aca5fca8d s3-samr: Let _samr_TestPrivateFunctionsUser() return not supported. 
This is to get us closer to pass RPC-SAMR-USERS.

Guenther
 2009-05-08 00:41:40 +02:00
Günther Deschner
b96fdae1f4 s3-samr: Do not return users in _samr_QueryDisplayInfo() for builtin domain. 
Found by torture test.

Guenther
 2009-05-08 00:41:40 +02:00
Günther Deschner
f05d888d7a s3-samr: let set_user_info_16 and 20 follow the same pattern as all other levels. 
Guenther
 2009-05-08 00:41:40 +02:00
Günther Deschner
f93f713898 s3-samr: support some more info levels in samr_SetUserInfo calls. 
Guenther
 2009-05-08 00:41:40 +02:00
Günther Deschner
b0df0e8cc7 s3-samr: support some more info levels in samr_QueryUser calls. 
Guenther
 2009-05-08 00:41:40 +02:00
Günther Deschner
599b9fe86e s3-samr: Fix _samr_Connect5(). In error case it still needs to return empty info1. 
Guenther
 2009-05-07 14:33:33 +02:00
Jeremy Allison
78fb479325 After getting confirmation from Guenther, add 3 changes we'll 
ultimately need to fix bug #6099 Samba returns incurrate capabilities list.
1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to
r->out.negotiate_flags.
2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags
return if the client requested it.
3). Clean up the error exits so we always return the same
way.
Signed off by Guenther.
Jeremy.
 2009-05-06 16:10:20 -07:00
Günther Deschner
78754ab2c9 s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 joining Samba3) and probably many, many more. 
Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.

Guenther
 2009-05-06 19:37:39 +02:00
Günther Deschner
9966541f89 s3-printing: simplify print_queue helper functions and return WERROR. 
Guenther
 2009-05-06 10:19:04 +02:00
Günther Deschner
af5a71d528 s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount(). 
Guenther
 2009-04-30 14:28:38 +02:00
Günther Deschner
d22965e2e5 s3-spoolss: avoid referring to uid 0 in spoolss server (use sec_initial_uid() instead). 
Guenther
 2009-04-30 11:22:23 +02:00
Günther Deschner
dd33abf649 s3-svcctl: Fix crash in _svcctl_EnumServicesStatusW(). 
The resume handle is a unique pointer, always check before dereference.

Guenther
 2009-04-28 10:37:34 +02:00
Michael Adam
8185d31fb0 s3:registry: replace typedef REGISTRY_VALUE by struct regval_blob 
Michael
 2009-04-27 11:21:03 +02:00
Michael Adam
221151a2a2 s3:registry: replace typedef REGVAL_CTR by struct regval_ctr. 
This paves the way for hiding the typedef and the implementation
from the surface.

Michael
 2009-04-27 11:21:02 +02:00
Günther Deschner
aa26bdd719 s3-svcctl: fix _svcctl_ControlService. 
Guenther
 2009-04-24 13:38:34 +02:00