summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_lsarpc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-11-20More pstring elimination.Jeremy Allison1-2/+1
Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-10-25Fix a mismatched interface where we were usingJeremy Allison1-5/+5
uint32 instead of enum lsa_SidType. Jeremy. (This used to be commit 2df8252ff76406bfe57cd76e9927b5056e89e6ae)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-5/+5
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-26/+26
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r25254: Add my C - MichaelMichael Adam1-0/+1
(This used to be commit 3246be8cf05a867b74b4b96697c99cc62f13c2a9)
2007-10-10r25247: Rename the rpccli_lsa_lookup_sids_all() function to ↵Michael Adam1-120/+12
rpccli_lsa_lookup_sids() and remove the old rpccli_lsa_lookup_sids() function. The old function would fail due to server limits when requesting to resolve too many sids at once (20480 for W2k3). The new version passes the list of sids in hunks to the server. It has up to now been used (and tested) in the winbindd_ads lookup_groupmem() function, and I think the time has come to replace the actual function with this correct version. Michael (This used to be commit 1194d4f36ef720747e62dde31881c295e44e4a76)
2007-10-10r25226: Get rid of more red bars...Michael Adam1-96/+96
(This used to be commit aa603bcc6c848de67ea07d6028ab841a8401d9ad)
2007-10-10r25225: Add a debug message.Michael Adam1-0/+3
Michael (This used to be commit 7238884c2cb25dd9279703004ffab6618715a275)
2007-10-10r25224: Fix a potential segfault in lsa_lookupsids client code due toMichael Adam1-1/+4
uninitialized data. Michael (This used to be commit b4fff6d09d17a18eae61e8ca789f128cd094ba09)
2007-10-10r25223: Fix behaviour of rpccli_lsa_lookupsids_all() whenMichael Adam1-5/+11
rpccli_lsa_lookupsids_noalloc() returns an error for one hunk of SIDs: free all allocated arrays and return the error code returned by the hunk lookup. Michael (This used to be commit 2c68ebd6934206186dc6e635401f66c2fd1e1234)
2007-10-10r24784: Initialize uninitalized data to prevent segfaults.Michael Adam1-0/+5
Thanks to Volker for the hint! Michael (This used to be commit 3b7ed3ea881dc59b77a067d5d3738e9e03b6c538)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23627: Allow to pass down the lookup-level to rpccli_lsa_lookup_names().Günther Deschner1-1/+2
Guenther (This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae)
2007-10-10r23400: Fix lsa crash bug #4683. The "names" enum structJeremy Allison1-13/+7
in a lookup_sidX reply isn't optional - like the lookup_sidX query it needs to be defined in the struct. All this will go away with PIDL (thank goodness....). Jerry - I think this is a showstopper to be merged for 3.0.25b. I'll be watching the build farm to see if anything broke. Jeremy. (This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f)
2007-10-10r23082: Ooops - that portion of the last checkin was by accident.Michael Adam1-2/+2
Before comitting that, I have to verify that it does not break anything... Michael (This used to be commit 55ea93d47e72d13b7e6d6900eea5da1e9a49ff8d)
2007-10-10r23081: Reorder the lsa_lookup_sids functions so that the order makes more ↵Michael Adam1-113/+113
sense... (This used to be commit 374dea8c6f5192224ee46e0c3c9b63221028858e)
2007-10-10r23073: In the internal rpccli_lsa_lookup_sids_noalloc(), use a temporaryMichael Adam1-8/+16
talloc context for use with the actual rpc query and response. So the the parent context does not get flooded by the posslibly large amount of response data (when looking up a lot of sids). Note: It not possible, to simply use the names and domains arrays as talloc contexts for the talloc_strdup calls, because from rpccli_lsa_lookup_sids_all, this is called with names + offset and domains + offset where names and domains are talloced arraye for the complete response. (This used to be commit 8e60900c5c5fccbe1718b805b6b1628d32b920d0)
2007-10-10r23070: The lsa rpc lookup sids call has a maximum number of SIDS to beMichael Adam1-0/+201
looked up at one time. This limit is at 20480 for w2k3. Our rpccli_lsa_lookup_sids function ignores this limit, so when we give the server too long a list of SIDs, then we will get nothing back. Since typically rpccli_lsa_lookup_sids is given one SID (or a small number of SIDS), this did not do harm up to now. But since I want to use lsa_lookup_sids in a subsequent modification to winbindd_ads.c:lookup_groupmem to get rid of a vast number of dn_lookup calls to the server, I had to make sure we do it correctly. I have added a function rpccli_lsa_lookup_sids_all function that has the same prototype but internally splits the list of SIDs up into hunks of a (conservative, hard coded) 1000 SIDs each for a first go. If this approach is agreed upon, the new function could replace the original rpccli_lsa_lookup_sids function. Michael (This used to be commit 66ff0bc6c39f86a9830dc508cd891e33638b475d)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-42/+62
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22537: Use a (more speaking) macro when there is one.Michael Adam1-1/+1
(This used to be commit 2eec760154a4126df616a3c078b7741c57239c86)
2007-10-10r18747: replace rpccli_lsa_close() with rpccli_lsa_Close()Gerald Carter1-8/+0
(This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74)
2007-10-10r18654: Rename "struct uuid" => "struct GUID" for consistency.Jelmer Vernooij1-3/+3
(This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19)
2007-10-10r18405: Now that POLICY_HND == struct policy_handle, we canGerald Carter1-8/+1
make rpccli_lsa_close() a real one line wrapper for rpccli_lsa_Close(). I'm still keeping the wrapper for now because I'm not sure what we will do about a usable client API. I don't think calling the autogenerated client code directly is a good idea as the IDL is still evolving. (This used to be commit 47f0c71218ade18cb94b48661f064e8956e06096)
2007-10-10r18404: * swap from POLICY_HND to the struct policy_handle from ndr/misc.hGerald Carter1-10/+0
* move OUR_HANDLE macro to include/rpc_misc.h (This used to be commit 2b37079af2f569df7a58878150a61980c6fe06ee)
2007-10-10r18397: Change rpccli_lsa_close() as a wrapper for the autogeneratedGerald Carter1-25/+8
rpccli_lsa_Close(). (This used to be commit 365c75603d9130f46dd40ab46e14f3c91c687c65)
2007-10-10r18271: Big change:Gerald Carter1-6/+6
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-19/+19
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16644: Fix bug #3887 reported by jason@ncac.gwu.eduJeremy Allison1-6/+8
by converting the lookup_XX functions to correctly return SID_NAME_TYPE enums. Jeremy. (This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
2007-10-10r16335: Fix Klocwork IDs 107 108 109 111 112 113 114 116 117 118 121Volker Lendecke1-0/+6
(This used to be commit 555984ea772730a5752905f1130e0bf6ec48207f)
2007-10-10r15041: Adding rpc client calls to manipulate auditing policies on remote CIFSGünther Deschner1-17/+122
servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2007-10-10r14784: Fix coverity bug #274. Null deref.Jeremy Allison1-12/+33
Jeremy. (This used to be commit f88f2d93686ba6bd317b7bc935888e75b7999c83)
2007-10-10r13475: Fix erroneous initialization caused by my renaming types.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e8e2fc79b4afd6625e1d50e23b31eb49f67526d9)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-10/+101
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11854: Remove unused DOM_SID.Günther Deschner1-1/+1
Guenther (This used to be commit 8609484ff65aaf075d2f768960246dad398855a4)
2007-10-10r11336: Start to get my control back :-). Volker, I thinkJeremy Allison1-20/+58
Andrew Bartlett is right - making lsa code do it the netlogon way, not vica-versa. Jeremy. (This used to be commit f313757e36215cb3dd956e4a73de6d30258a6974)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-562/+161
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-35/+122
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r7391: - Added client-support for various lsa_query_trust_dom_info-calls and aGünther Deschner1-0/+195
rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2007-10-10r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains()Gerald Carter1-55/+35
Tested client and server code. (This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce)
2007-10-10r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count )Gerald Carter1-6/+11
* add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges <name>' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13)
2007-10-10r5726: merge LsaLookupPrivValue() code from trunkGerald Carter1-6/+6
(This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2007-10-10r4849: * finish SeAddUsers support in srv_samr_nt.cGerald Carter1-3/+6
* define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708)
2007-10-10r4821: finish off 'net rpc rights [list|grant|revoke]'Gerald Carter1-4/+12
one small todo item is to add a 'accounts' sub option to 'net rpc list' so enumerate all privileged SIDs and their associated rights. (This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-0/+58
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4724: Add support for Windows privileges in Samba 3.0Gerald Carter1-3/+3
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2007-10-10r4561: This looks a lot larger than it is, this is to reduce the clutter on ↵Volker Lendecke1-18/+18
future patches. Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is referenced. First step towards having multiple pipes on a cli_struct. The idea is to not have a single nt_pipe_fnum but an array for the pipes we support. Volker (This used to be commit 93eab050201d4e55096a8820226749f001597b5d)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-25/+18
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-2/+2
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-40/+48
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)