summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server/lsa
Commit message (Collapse)AuthorAgeFilesLines
* Fix the developer O3 buildVolker Lendecke2015-02-251-4/+4
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
* s4:rpc_server/lsa: add dcesrv_lsa_OpenTrustedDomain_common()Stefan Metzmacher2015-01-261-75/+101
| | | | | | | | | | | | | dcesrv_lsa_OpenTrustedDomain() and dcesrv_lsa_OpenTrustedDomainByName() need to use the same logic and make sure trusted_domain_user_dn is valid. Otherwise dcesrv_lsa_OpenTrustedDomainByName() followed by dcesrv_lsa_DeleteObject() will leave the trust domain account in the database. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵Andrew Bartlett2015-01-151-1/+14
| | | | | | | | | | | | | | | | changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
* s4:rpc_server/lsa: remove msDS-TrustForestTrustInfo if FOREST_TRANSITIVE is ↵Stefan Metzmacher2015-01-061-1/+24
| | | | | | | | | | cleared Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 6 22:50:23 CET 2015 on sn-devel-104
* s4:rpc_server/lsa: allow LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE to be changed.Stefan Metzmacher2015-01-061-5/+15
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* s4:rpc_server/lsa: fix segfault in check_ft_info()Stefan Metzmacher2014-12-191-0/+2
| | | | | | | | | | | This is triggered by lsa_lsaRSetForestTrustInformation() with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME. The nb_name variable was uninitialized and dereferenced without checking. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the ↵Stefan Metzmacher2014-12-191-12/+20
| | | | | | | | | | | related flag is removed. When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared we should also remove the related credentials. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: pass the correct variable to setInfoTrustedDomain_base()Stefan Metzmacher2014-12-191-4/+3
| | | | | | | | | | | | This requires 'struct lsa_policy_state', we now pass this directly instead of a instead of an opaque 'struct dcesrv_handle'. dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle' with 'struct lsa_trusted_domain_state' before, which results in segfaults. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idlAndrew Bartlett2014-09-271-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* kerberos: Remove un-used event context argument from smb_krb5_init_context()Andrew Bartlett2014-04-281-1/+0
| | | | | | | | | | | | | | | | | The event context here was only specified in the server or admin-tool context, which does not do network communication, so this only caused a talloc_reference() and never any useful result. The actual network communication code sets an event context directly before making the network call. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
* Remove all uses of the NT_STATUS_NOT_OK_RETURN_AND_FREE macro from the codebase.Garming Sam2014-03-051-1/+4
| | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.Garming Sam2014-03-051-7/+28
| | | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:rpc_server: make use of dcerpc_binding_get_transport()Stefan Metzmacher2014-02-133-11/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:rpc_server/lsa_lookup fix a compile warningChristian Ambach2013-12-131-1/+1
| | | | | | | | | | about a set, but unused variable Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Dec 13 01:49:50 CET 2013 on sn-devel-104
* s4:rpc-server: fix lsa_lookupsids return value for the domain sidMichael Adam2013-11-131-0/+10
| | | | | | | | | | | We currently return type UNKNOWN and copy the domain sid to the name. Instead we should return type DOMAIN and return NULL as name. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Nov 13 13:34:16 CET 2013 on sn-devel-104
* s4:rpc-server: fix use after free in dcesrv_lsa_lookup_sid()Michael Adam2013-11-131-1/+4
| | | | | | | | Authority name may be accessed after state has gone away and take domain_name with it. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4-lsa: Make sure we also duplicate the domain_name.Andreas Schneider2013-11-071-4/+20
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Nov 7 18:58:44 CET 2013 on sn-devel-104
* s4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().Andreas Schneider2013-11-071-0/+12
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().Andreas Schneider2013-11-071-3/+9
| | | | | | Pair-Programmed-With: Volker Lendecke <vl@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lsa4: Fix an set but unused variable warningVolker Lendecke2013-08-121-4/+4
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lsa4: Remove an unused variableVolker Lendecke2013-08-121-3/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lsa4: Fix a set but unused variable warningSimo Sorce2013-06-241-2/+12
| | | | | | | | | | Also insure that we exit immediately on any error. Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jun 24 12:17:52 CEST 2013 on sn-devel-104
* lsa4: Fix a set but unused variable warningVolker Lendecke2013-06-211-2/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lsa4: Remove an unused variableVolker Lendecke2013-06-211-3/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lsa4: Remove an unused variableVolker Lendecke2013-06-211-3/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lsa4: Remove an unused variableVolker Lendecke2013-06-211-3/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Fix some blank line endingsVolker Lendecke2013-06-211-292/+287
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
* s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcpAndreas Schneider2012-07-061-0/+10
| | | | | Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
* s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for npAndreas Schneider2012-07-063-0/+45
|
* s4-lsarpc: Restrict LookupSids3 to crypto connections only.Andreas Schneider2012-07-061-0/+10
|
* s4-lsarpc: Restrict LookupNames4 to crypto connections only.Andreas Schneider2012-07-061-0/+10
|
* s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.Andreas Schneider2012-07-061-46/+48
|
* s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.Andreas Schneider2012-07-061-49/+53
|
* lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2012-06-151-2/+2
| | | | | | | | | | | | | | | controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
* auth and s4-rpc_server: Do not use features we currently can't implement ↵Simo Sorce2012-05-231-0/+6
| | | | with MIT Kerbros build
* Move kdc_get_policy helper in the lsa server where it belongs.Simo Sorce2012-04-201-1/+25
| | | | | | | | | | | | | | | | This was used in only 2 places, db-glue.c and the lsa server. In db-glue.c it is awkward though, as it forces to use an unconvenient lsa structure and conversions from time_t to nt_time only to have nt_times converted back to time_t for actual use. This is silly. Also the kdc-policy file was a single funciton library, that's just ridiculous. The loadparm helper is all we need to keep the values consistent, and if we ever end up doing something with group policies we will care about it when it's the time. the code would have to change quite a lot anyway. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
* s4-rpc_server: Fix search for existing trust to actually look for the dns nameAndrew Bartlett2012-01-261-1/+1
| | | | | | | | | Found by a eagle-eyed user. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
* s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett2011-12-121-3/+19
| | | | | | | This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
* s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest testAndrew Bartlett2011-12-121-14/+17
| | | | This allows us to move this test to knownfail from skip
* s4-lsa: fixed set of trust password with old passwordAndrew Tridgell2011-10-041-14/+13
| | | | | | | the calculation of add_incoming and add_outgoing was not correct when a trust was already in place Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-lsa Use the supplied handle in LsaLookupNames2Andrew Bartlett2011-07-291-5/+5
| | | | | | | | | | | | In my rework of this function in 2006 with 459a2301a5d63f5a1a6b27996c8a0358b20f2ab2 I ignored the incoming handle, instead feching the LSA state again (dispite the commit message indicating otherwise). This means that data->access_mask is uninitialised, which doesn't matter right now, but will once we start checking that. Andrew Bartlett
* s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with ↵Günther Deschner2011-07-151-15/+16
| | | | | | | | | unencrypted auth info. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
* lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, notGünther Deschner2011-07-151-1/+6
| | | | | | lsa_TrustDomainInfoAuthInfoInternal. Guenther
* lsa: rename auth info argument in lsa_CreateTrustedDomainEx2Günther Deschner2011-07-151-3/+3
| | | | Guenther
* s4-lsa: Fix typoSumit Bose2011-06-241-1/+1
| | | | | | | Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jun 24 16:19:36 CEST 2011 on sn-devel-104
* s4:lsa RPC server - handle LDB flags as "unsigned"Matthias Dieter Wallnöfer2011-05-211-1/+1
| | | | Signed-off-by: Metze
* s4-rpc: improved error mapping for several RPC server callsAndrew Tridgell2011-04-041-2/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:remove many invocations of "samdb_msg_add_string"Matthias Dieter Wallnöfer2011-03-011-6/+5
| | | | | | | This call can be substituted by "ldb_msg_add_string". We only need to be careful on local objects or talloc'ed ones which live shorter than the message. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* build: moved libds/common/flag_mapping.c into a common subsystemAndrew Tridgell2011-02-241-0/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-101-1/+1
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-03 10:35:03 +0000