summaryrefslogtreecommitdiff
path: root/source3/lsarpcd
AgeCommit message (Collapse)AuthorFilesLines
1998-12-20fix for potential lsass.exe crashing due to negative response fromLuke Leighton1-1/+1
LsaLookupNames being incorrect. this is a bit wierd: why would the lsass.exe on the nt _client_ crash due to an LsaLookupNames response from a samba _server_? (This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
1998-12-14added sid_name_use array argument to lsa_lookup_names and lsa_lookup_sids.Luke Leighton1-1/+1
(This used to be commit 0b2095e092d747f741e78a3349f0b81a72811629)
1998-12-07- lib/unix_sec_ctxt.cLuke Leighton1-48/+85
attempt at taking lib/uid.c and getting a unix security context change module that is independent of "cnums" and "snums". a security context is needed for pipes, not just IPC$ or other services. - group database API added add_group/alias_member, del_group/alias_member, del_group/alias_entry functions. del_builtin_entry() is deliberately set to NULL to cause an exception, you cannot delete builtin aliases. - parse_lsa.c srv_lsa.c fixed lookup_names code, it was a load of trash and didn't do anything. - cmd_samr.c rpcclient.c srv_samr.c added "deletegroup", "deletealias", "delaliasmem", "delgroupmem", "addgroupmem", "addaliasmem", "createalias", "creategroup", to both client and server code. server code calls into unix stubs right now, which don't actually do anything. the only instance where they are expected to do anything is in appliance mode NOT even in the ldap code or anything. client code modified to call samr_lookup_names() for group code (because we can) and lsa_lookup_names() for alias code (because we have to). - srv_lookup.c oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name instead of DOMAIN, name. (This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-11-30- adding builtin[alias]db.Luke Leighton1-4/+3
- lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton1-12/+12
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-23unix instance of group database APILuke Leighton1-15/+19
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-134/+137
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-10rpcclient registry commands.Luke Leighton1-1/+1
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
1998-10-23set netlogon negotiation flags to 0x1ff, not to what the client requests.Luke Leighton1-9/+10
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4. (This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
1998-10-22bug fix in lsa_trans_names.Luke Leighton1-1/+3
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does decimal not hexadecimal oops. (This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-4/+4
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-15bug-fixing against:Luke Leighton1-0/+42
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-09-30lsa_lookup_sids command added. severe debugging needed on lookup_sidsLuke Leighton1-60/+85
code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-30/+40
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-08-26use a separate ZERO_ARRAY() macro instead of ZERO_STRUCT() forAndrew Tridgell1-1/+1
arrays. This prevents (harmless) warnings from some compilers (This used to be commit c2da46d1d0820a86e7f77506563cfe7f67b08fee)
1998-08-24Changed ASSERT macros to SMB_ASSERT macros as some systems alreadyJeremy Allison1-4/+4
have an ASSERT macro defined. Jeremy. (This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
1998-08-22added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberallyAndrew Tridgell1-0/+8
in the rpc code. (This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)
1998-08-21use ZERO_STRUCT() to initialise lots of structures.Andrew Tridgell1-1/+30
Luke, you need to do something similar in the rest of the rpc code. Have fun! (This used to be commit bdd8aaa544780898e20189195d4019b9beb4445c)
1998-06-10De-coupled the mapping of a Windows to UNIX username from the Get_PwnamJeremy Allison1-1/+12
username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
1998-05-24more warnings, from Tim WindersLuke Leighton1-1/+1
(This used to be commit eb157d6da4719b415a1f5202364aa77f2596bc03)
1998-05-18- renamed some of the passdb.c functions: they have a prefix pdb_ on themLuke Leighton1-1/+1
- split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
1998-05-14Fixed dce/rpc to use global_machine_sid (auto generated in server.c ifJeremy Allison1-10/+4
not present in smb.conf). Jeremy. (This used to be commit e7c1100390b714bf2f489a9032156b0c9272e403)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison1-32/+43
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+444
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)