summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_lsarpc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter1-3/+6
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4821: finish off 'net rpc rights [list|grant|revoke]'Gerald Carter1-4/+12
one small todo item is to add a 'accounts' sub option to 'net rpc list' so enumerate all privileged SIDs and their associated rights. (This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-0/+58
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-3/+3
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4561: This looks a lot larger than it is, this is to reduce the clutter on ↵Volker Lendecke1-18/+18
future patches. Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is referenced. First step towards having multiple pipes on a cli_struct. The idea is to not have a single nt_pipe_fnum but an array for the pipes we support. Volker (This used to be commit 93eab050201d4e55096a8820226749f001597b5d)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-25/+18
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-2/+2
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-40/+48
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-05rpc_client/cli_lsarpc.c:Andrew Bartlett1-1/+1
rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Cleanup function for use nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)
2003-10-22In cli_lsa_lookup_sids don't leave the domain field uninitialized ifVolker Lendecke1-0/+1
some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 1337338522242a430b3c5655ffdff3f701fbfcce)
2003-10-06split some security related functions in their own files.Simo Sorce1-3/+3
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-02-25Merge: const fixes.Tim Potter1-2/+3
(This used to be commit a20aba09996e470425a151271237f2d48a8302af)
2003-01-29Merge tridge's client priv code from HEAD.Jeremy Allison1-4/+49
Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-28Merging tridge's privillage client changes from HEAD.Jeremy Allison1-0/+40
Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-15merging some rpcclient and net functionality from HEADGerald Carter1-0/+57
(This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-1/+1
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-08-12Add lsa 0x2e (queryinfo2) client sideJim McDonough1-0/+86
(This used to be commit c3b05b21a0340d8ff02a79401399e3d43d9e759a)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-2/+3
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-02Moved rpc client routines from libsmb back to rpc_client where they belong.Tim Potter1-0/+1169
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
2001-11-16I *love* removing code :-). Removed 4 files that weren't being used.Jeremy Allison1-693/+0
All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy. (This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-22/+23
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-1/+1
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+2
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-05-01fixed some uninitialised variablesAndrew Tridgell1-5/+5
(This used to be commit 5d899e51a4fc4e872da550b88ef603dbd2d8391f)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison1-14/+14
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2001-03-07Sync up handle creation with 2.2 branch. We can now join AS/U domains andJeremy Allison1-8/+6
authenticate against them. Big/little endian issues fixed. Jeremy. (This used to be commit 0e6a34510ed598eaec7fe71a9c91fda528a4675c)
2000-12-15Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. MergedJeremy Allison1-1/+1
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open problem. Jeremy. (This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
2000-12-13Wrong length for unistr2 in init_q_lookup_names()Tim Potter1-3/+3
Removed some more static arrays and replaced with tallocated memory blocks. (This used to be commit 1db0f31ae00bf9c91eb7d02c96bf766d04c7bdef)
2000-12-12Fixed some accidentally reversed patches.Tim Potter1-115/+411
(This used to be commit fa604bc85ea6989c794747f668be8a4e62527b79)
2000-12-12Merged in Tim's changes : Removed static limit of MAX_LOOKUP_SIDS in rpc ↵Jeremy Allison1-411/+115
server and client lsa_lookup_names() and lsa_lookup_sids(). Jeremy. (This used to be commit 9e9c71c8b3194b7cd02fea0b6a000d4f2940d905)
2000-12-08Removed a dead function.Tim Potter1-108/+0
(This used to be commit 4c8ce7af4625bd2a47006fa4b3cf9cb40d62841a)
2000-12-08Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions fromTim Potter1-7/+411
TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-8/+8
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-06-03rpc_client/cli_lsarpc.c: Removed unused variable.Jeremy Allison1-1/+1
rpc_server/srv_spoolss_nt.c: Fixed more memory leaks. smbd/nttrans.c: Fixed shadow variable problem. Jeremy. (This used to be commit f0a7540831181d3a47e7f8ce8be55a36a2f2aba1)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-0/+23
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-25/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+25
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
2000-02-01system_name not server_nameTim Potter1-1/+1
(This used to be commit e9da53012011b30cab80074fdc55e624ede97979)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-847/+211
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-08jerry spotted that get_domain_sids() was being called with the wrongLuke Leighton1-2/+1
arguments: get_any_dc_name() was being called with a server name not a domain name. oops. (This used to be commit 631814302d6992138cfe024ba7bd456cc7e0d3bf)
1999-12-08ABOUT TIME!!!!!!!!Luke Leighton1-4/+4
damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
1999-12-02cleaning up: removing those horrible references to server listLuke Leighton1-10/+8
functions (cli_net_use_addlist()). needed originally because there was no get_dc_any_name() function. (This used to be commit 3a2b920ea2e6704b2574f404e1e41c7cfc0f96b2)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-1/+1
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-27further abstraction involving client states. main client-side codeLuke Leighton1-19/+15
is pretty much independent of SMB client states, which will make it easier to add other transports. (This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
1999-11-25previous commit added an abstraction function that didn't even haveLuke Leighton1-67/+18
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req(). modified cli_lsarpc.c to use this. the rest is const issues. (This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588)
1999-11-24ok. *whew*. this is the first completed part of the restructure.Luke Leighton1-6/+13
verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
1999-11-24first stages of removing struct cli_state* and uint16 fnum from allLuke Leighton1-44/+111
msrpc client code. the intent is to hide / abstract / associate connection info behind policy handles. this makes the msrpc functions look more and more like their nt equivalents. who-hou! (This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
1999-11-23shuffling msrpc code around so that it can be used independently of rpcclientLuke Leighton1-2/+4
(This used to be commit e88e7d529b5bdf32ac3bc71fa8e18f6f2a98c695)
1999-11-20doing a code reshuffle. want to add code to establish trust relationships.Luke Leighton1-0/+179
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)