summaryrefslogtreecommitdiff
path: root/source3/libsmb/cli_lsarpc.c
AgeCommit message (Collapse)AuthorFilesLines
2002-07-27Rafal 'Mimir' Szczesniak <mimir@diament.ists.pwr.wroc.pl> has been busyAndrew Bartlett1-3/+4
again, and has added 'net rpc trustdom list' support. This lists the trusted and trusting domains of a remote PDC. I've applied these almost directly, just fixing some special case code for when there are *no* trusting domains. We still have some parse errors in this case however. Andrew Bartlett. From mimir's e-mail: Here are another patches adding trust relationship features. More details: Better error reporting in cli_lsa_enum_trust_dom(). Implementation of cli_samr_enum_dom_users() which cli_samr.c lacked. More "consts" -- one of arguments in net_find_dc(). Modified implementation of run_rpc_command() -- now it allows to reuse already opened connection (if it is passed) to remote server's IPC$ (e.g. as part of longer exchange of rpc calls). I'm sure Andrew will argue ;-) More neat version of rpc_trustdom_list() function. (This used to be commit f0890026820ee3e432147130b46de4610e583381)
2002-06-01More cleanup work preparing for SMB signing.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
2002-05-23Given Jeremy's positive response, and a lack of one from tpot, I'll commitAndrew Bartlett1-13/+0
this: More code cleanup - this lot a bit more dodgy than the last: The aim is to trim pwd_cache down to size. Its overly complex, and a pain to deal with. With a header comment like this: 'obfusticaion is planned' I think it deserved to die (at least partly). This was being done to allow 'cli_establish_connection' to die - its functionality has been replaced by cli_full_connection(), which does not duplicate code everywhere for creating names etc. This also removes the little 'init' fucntions for the various pipes, becouse they were only used in one place, and even then it was dodgy. (I've reworked smbcacls not to use anonymous connections any more, as this will (should) fail with a 'restrict anonymous' PDC). This allowed me to remove cli_pipe_util.c, which was calling cli_establish_connection. tpot: I'm not sure what direction you were going with the client stuff, and you may well have been wanting the init functions. If thats the case, give me a yell and I'll reimplement them against cli_full_connection. Andrew Bartlett (This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
2002-05-17A few more trusted domains updates from mimir.Andrew Bartlett1-9/+22
I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
2002-04-14The cli_lsa_lookup_{names,sids} functions were returning uselessTim Potter1-20/+21
information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. (This used to be commit 245468dbabb7c849ce423cc3cb586fa913d0adfe)
2002-04-04If compiling with Insure, mallocate a byte of memory and attach it to theTim Potter1-1/+15
POLICY_HND structure when passing new handles back from the appropriate cli_* functions. When closing the policy handle free the memory. Insure (and indeed other memory checkers) should detect handles that have not been closed properly as memory leaks. Unfortunately this can only be done when the program terminates (set insure++.summarize leaks in your .psrc file) rather than when the policy handle falls out of scope. Looks like Jeremy has squished all the policy handle leaks at the moment but more are bound to crop up later. (This used to be commit 6dc80d625752f0a3ce6fd7b2278095529c6ec29f)
2002-04-04oopsTim Potter1-1/+1
(This used to be commit 6b20a809020821276b0330810317a4d10c9fdb5a)
2002-04-04Fixed memory leak in cli_lsa_enum_trust_dom(). Use talloc_strdup() insteadTim Potter1-1/+1
of strdup(). (This used to be commit fb32f7199b8a487757b509555e5a69ec5cae8fbd)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-2/+2
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-02-20This fixes a bug (spotted by Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>)Andrew Bartlett1-4/+9
where we pass the client's name. We should pass the servers name. Andrew Bartlett (This used to be commit aeecb7a06b006e69879f00699f4b8b6497553d19)
2002-02-13merge from 2.2Gerald Carter1-2/+2
(This used to be commit 50fa21c995d33601920b3b56a3e03b09262e7fd9)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Back out some of the less well thought out ideas from last weeks work onAndrew Bartlett1-2/+2
winbind default domains, particulary now I understand whats going on a lot better. This ensures that the RPC client code does as little 'magic' as possible - this is up to the application/user. (Where - for to name->sid code - it was all along). This leaves the change that allows the sid->name code to return domains and usernames in seperate paramaters. Andrew Bartlett (This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-10/+18
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-06Minor doc cleanups.Tim Potter1-2/+2
(This used to be commit 5c8f6be290e78c4e72c821abdc9f06b7150e68e7)
2001-12-17there is no unknown field in LSA_SEC_QOSJean-François Micouleau1-2/+2
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the length fields are not correct but that's what NT send. We don't anymore underflow or overflow the decoding. added the domain admins group to the default SD. we are now checking the desired access flag in the lsa_open_policy_X() calls and in most functions also. J.F. (This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
2001-12-11Doing some research into ACLs on the LSA and SAM policy objects.Tim Potter1-0/+52
- added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-05Added fetch_domain_sid. Not used in current code, but a nice exampleJeremy Allison1-0/+96
of how to use this interface. Jeremy. (This used to be commit 291985123515f99bb3fd86605d5b8a08301070a2)
2001-12-03const religionAndrew Tridgell1-1/+1
(This used to be commit 359ca8f246c46b1700418fe0226458023f808d67)
2001-11-24added lsaenumprivsaccount and lsalookupprivvalue to rpcclientJean-François Micouleau1-0/+174
and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-23Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau1-0/+2
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
2001-11-23Finally worked out why a enumerate trusted domains was returning aTim Potter1-9/+12
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined as 0x8000001a instead of 0xc000001a. The former is actually a NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status code. Removed the & 0xffffff from the loop in get_nt_error_msg() as all the error constants now have the correct high bits set. (This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
2001-11-22added lsa_enum_sids to rpcclientJean-François Micouleau1-0/+69
fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22Removed unused variable.Tim Potter1-1/+0
(This used to be commit d1dee2d0323fe6fc498e50201535b1718a88abaf)
2001-11-22Oops - opening wrong pipe name in cli_lsa_initialise() helper function.Tim Potter1-1/+1
(This used to be commit d2034bc5f7dc9b5b9d5e4f17ee8e468307dcb2d5)
2001-11-22add another command to rpcclient: getdispname. Show the full descriptionJean-François Micouleau1-0/+53
of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22add a command to rpcclient: enumprivsJean-François Micouleau1-0/+82
J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22Got positive and negative name caching working correctly with ↵Jeremy Allison1-22/+24
lookupname/lookupsid. There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped was being returned. The correct field is mapped_count, *NOT* num_entries. Jeremy. (This used to be commit 9f8c644abc455510c06dbd5dbac49c6270746560)
2001-11-15Doxygen demo for Tim.Martin Pool1-9/+24
(This used to be commit 5c892badbcad43b8a2e002d1a42483c402f2d3e9)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-10/+11
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27Convert to NTSTATUS.Tim Potter1-26/+26
(This used to be commit 9e69f59d6c4ec4e0474c594ada3a05ecc2bc806b)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-10/+10
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-21Added cli_lsa_open_policy2()Tim Potter1-0/+58
(This used to be commit afaafc3e5a2adef4736196aa5f4e6ca25a0571d2)
2001-08-08Factored out common rpc pipe initialisation and shutdown code.Tim Potter1-50/+1
(This used to be commit 04d978258ba2fea702232c815e140ab12364e8e7)
2001-07-20In cli_lsa_lookup_sids() don't append a separator character between domainTim Potter1-1/+2
and name if there is no name. (This used to be commit e0ebbc9ae3277a5a389eef021f32509a017cbd4d)
2001-07-20Changed the cli_lsa_lookup_sids() function to unpack the domain and user orTim Potter1-3/+7
group using rpcstr_pull_unistr2_fstring rather than pull_ascii_fstring (!!) (This used to be commit 2accab2589d8c3decc489fb6af8d65d437a506e7)
2001-07-04The big character set handling changeover!Andrew Tridgell1-5/+2
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-22Cleanup of cli_lsa_enum_trust_dom(). talloc() doesn't like attempts toTim Potter1-20/+34
allocate 0 bytes. (This used to be commit 465994cfbca72649474345bc057d436961cccf97)
2001-05-11Memory leak fixes plus general cleanup.Tim Potter1-1/+4
(This used to be commit 48688c4592d03d6404631a7d57701f0af38cfb2d)
2001-05-07Some reformatting (sorry Gerald).Tim Potter1-50/+18
Cleanup of exit paths. Added query domain info and query display info. (This used to be commit ff9e222e2ff3f50f4966d3c5859738a831c7adc9)
2001-04-28rpcclient merge from 2.2 (including Jeremy's non-void return fix)Gerald Carter1-35/+69
(This used to be commit 0a6ceed279cc8111008b21f75c6791efbd993f4b)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison1-12/+12
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2001-01-10Fixed authenticated pipe access.Tim Potter1-25/+102
Added cli_lsa_enum_trust_dom(). Misc other cosmetic changes. (This used to be commit 751483a155723581f987d46605b59cdeba34ad72)
2000-12-18Added query info policy call.Tim Potter1-0/+86
(This used to be commit dcea2a4bc0503822667b73d19c4f0a59b15715a5)
2000-12-18Streamlined exit path.Tim Potter1-24/+27
Allow NULL to be passed to cli_lsa_initialise() which creates an anonymous connection to the server. (This used to be commit 8ccd06ee9635e81bdefa8ae58a88c39f132b371c)
2000-12-15Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. MergedJeremy Allison1-1/+27
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open problem. Jeremy. (This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
2000-12-13Lightweight rpc client library. Uses only routines in libsmb andTim Potter1-0/+370
rpc_client/cli_pipe.c Only cli_lsa_open_policy(), cli_lsa_close(), cli_lsa_lookup_names() and cli_lsa_lookup_sids() implemented so far. (This used to be commit 129d5a155a73d926868d74f8447c1e93b429388d)