summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_netlogon.c
AgeCommit message (Collapse)AuthorFilesLines
2000-06-03moved secrets fns into secrets.cAndrew Tridgell1-2/+2
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-1/+8
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-05-08added secrets.tdb and changed storage of trust account password to useAndrew Tridgell1-2/+2
it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-26/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+26
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
2000-01-07this looks like a big commit, but it isn't really :)Andrew Tridgell1-1/+0
This fixes our netbios scope handling. We now have a 'netbios scope' option in smb.conf and the scope option is removed from make_nmb_name() this was prompted by a bug in our PDC finding code where it didn't append the scope to the query of the '*' name. (This used to be commit b563be824b8c3141c49558eced7829b48d4ab26f)
1999-12-21converted all our existing shared memory code to use a tdb databaseAndrew Tridgell1-1/+1
instead of either sysv or mmap shared memory or lock files. this means we can now completely remove locking_shm.c locking_slow.c shmem.c shmem_sysv.c and lots of other things also got simpler locking.c got a bit larger, but is much better compartmentalised now (This used to be commit e48c2d9937eea0667b8cd3332e49c06314ef31e7)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-343/+415
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-01damn, that took a while. nt login password was being stored incorrectlyLuke Leighton1-3/+4
in private .mac file (oops). ntlogin test now works. (This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
1999-12-01fixing joining to domain plus something weird going down with nt logins...Luke Leighton1-2/+3
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-140/+166
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-24ok. *whew*. this is the first completed part of the restructure.Luke Leighton1-2/+2
verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
1999-10-26adding extra parameter back in to trust account functions (trust account name).Luke Leighton1-4/+11
restoring opening S-1-5-20 in sam enum users code. (This used to be commit 1be877114e2e958c59e6516dacf22d3fb5a4240f)
1999-10-25one of those wonderful moments when running against a different MSRPCLuke Leighton1-2/+2
implementation (NT5) when you discover that your code is trash. samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups() all take a HANDLE for multiple-call enumeration purposes. (This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
1999-10-21various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.Luke Leighton1-196/+25
samr_lookup_rids() moved to a dynamic memory structure not a static one limited to 32 RIDs. cli_pipe.c reading wasn't checking ERRmoredata when DOS error codes negotiated (this terminates MSRPC code with prejudice). (This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
1999-10-19need status codes from cli_net_req_chal() and cli_net_auth2().Luke Leighton1-80/+93
this format is what i would like _all_ these functions to be (returning status codes, not BOOL) but that's a horrendous amount of work at the moment :) (This used to be commit 02f240604241367f146b26934ad1a1b2563430de)
1999-09-21split matthew's sync command (only currently called from smbpasswd)Luke Leighton1-73/+1
into a separate module (This used to be commit d99eca020a255022dbc71f3671127343d75db59e)
1999-07-22BDC support.Matthew Chapman1-0/+72
Added synchronise_passdb function to update accounts in a BDC's smbpasswd. Improved rpc_read, which was still somewhat broken for multiple PDU's. modify_trust_password must initialise cli.pwd (pwd_set_nullpwd). (This used to be commit 4783ac3968df1c5c8aa0b6ba9144df8b01ae0b99)
1999-07-21BDC support.Luke Leighton1-39/+11
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
1999-07-06use of safe_cli_errstr() and cli_establish_connection().Luke Leighton1-124/+99
(This used to be commit b60eb8c9fc61bf207ab3600eec3ca722403c4d19)
1999-06-24safe string error reporting functions (found a potential buffer overflowLuke Leighton1-8/+24
of a pstrcpy into an fstring). (This used to be commit ac0060443de800fec9042b69b299ff2e9128a31c)
1999-06-02Some more BDC-related fixes, mainly to the NET_SAM_SYNC RPC with respectMatthew Chapman1-4/+85
to alignment, missing fields, etc. - it should now work correctly. There is still the problem of decoding the private data field. (This used to be commit c3c25e762fbc30d5663323f23449c913f2ce4b0e)
1999-04-08Mainly BDC-related changes.Matthew Chapman1-7/+63
* Added SEC_CHAN_BDC * Propagate sec_chan into the various functions which change trust account passwords, so they can be used for domain control and inter-domain trusts. * Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A BUFFER2 is really a "unibuf" in my terminology and we should treat it as such. * Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4). * Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication. Still experimental and incomplete, with a few too many NULL security descriptors lying around (must go look at Jeremy's SD code). Haven't worked out password encryption yet either. However, the XXX_INFO structures I've added to rpc_netlogon.h are quite nice as they give some insight into how these objects are stored in the SAM. (This used to be commit 7b830350eb54dc9d357c115e12ddf9a0633527ac)
1999-03-12new "domtrust" test command. r&d into inter-domain trust accounts.Luke Leighton1-4/+6
(This used to be commit 65b0abe8b7594ff6c662da86dc2e35bd83a2d13d)
1998-12-07removed nt_pipe_fnum from struct cli_state. need to be able to callLuke Leighton1-19/+20
LsaLookupSids etc from within SamrQueryAliasMembers, for example. fnum is now a parameter to client functions. thanks to mike black for starting the ball rolling. (This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
1998-11-20acconfig.h configure configure.in include/config.h.in: Added -lsec and ↵Jeremy Allison1-0/+7
-lsecurity checks in a more sane way. rpc_client/cli_netlogon.c: Removed correct bits check to see if this works with an NT3.51 PDC. rpc_parse/parse_samr.c: Fixed compile warnings. Jeremy. (This used to be commit 34d8f4b1c4d59ab3c009360fc67eef9361dd859b)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-1/+0
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-10-27amazing. the improvements to NT continue, evidence for which shows upLuke Leighton1-0/+1
now as "RPC fault" if the UNIHDR structure lengths do not exactly match up to the length of the data stream. so, all versions of samba prior to this one have an off-by-one bug in unicode string lengths. all versions of NT prior to NT 5 beta 2 could possibly have buffer problems when receiving badly formatted UNICODE strings. (This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
1998-10-16rpc client mods (ntlmssp flags)Luke Leighton1-1/+1
(This used to be commit 16256f86bf451535c7955b8f51a9b88fc33a8e4d)
1998-10-15rpcclient interactive login (with trust account changing if you are root)Luke Leighton1-3/+8
cli_session_setup handles null sessions correctly (This used to be commit 60c0f22a4e84703467006dfe1971384a6294a9aa)
1998-10-04- modified resolve_name() to take a name_typeAndrew Tridgell1-1/+1
- cleaned up resolve_name() (split into separate functions for each resolver) - if can't find local master then use #1B name - support listing of foreign workgroups in /smb/ (This used to be commit a4e607c17d1119925c9d0e1d05e0fe81e9a2d1aa)
1998-09-25added rpcclient programLuke Leighton1-5/+11
(This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-05some cleanups to use ZERO_STRUCT() and friendsAndrew Tridgell1-1/+1
(This used to be commit 7b154dc4313324dfad6cf0117b8ce246bf12bf16)
1998-09-05tridge the destroyer returns!Andrew Tridgell1-2/+4
prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
1998-08-31bounds check next_token() to prevent possible buffer overflowsAndrew Tridgell1-2/+3
(This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)
1998-08-14this is the bug change to using connection_struct* instead of cnum.Andrew Tridgell1-5/+5
Connections[] is now a local array in server.c I might have broken something with this change. In particular the oplock code is suspect and some .dll files aren't being oplocked when I expected them to be. I'll look at it after I've got some sleep. (This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
1998-05-27loadparm.c: Added machine password timeout parameter - set to 7 days be default.Jeremy Allison1-0/+165
password.c: Added code to tell server.c when machine password needs changing. server.c: Change machine password in idle cycles if it needs it. smbpassfile.c: Fixed up length calculations for machine password file. smbpasswd.c: Moved domain joining code/machine password changing code. lib/rpc/client/cli_netlogon.c: And this is where it now lives. Jeremy. (This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell1-1/+1
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-04-29clientgen.c: Fixed null session setup bug.Jeremy Allison1-6/+19
password.c: Stopped cli_nt_logout call (we don't have it correct yet). Added Luke object-orientation fix :-). smb.h: Added clnt_name_slash to cli_state. lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed. lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error. lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix. lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1. Jeremy. (This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison1-56/+44
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-04-28First version that compiles. Much more to do.....Jeremy Allison1-115/+123
Jeremy. (This used to be commit 45393a19adb31820725fbdfaaf7ab64793fc9bc5)
1998-04-25This looks like a big change but really isn't.Jeremy Allison1-31/+26
It is changing the global variables "myname" and "myworkgroup" to "global_myname" and "global_myworkgroup" respectively. This is to make it very explicit when we are messing with a global (don't ask - it makes the domain client code much clearer :-). Jeremy. (This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
1998-04-23These don't compile yet - but they are the core code in whatJeremy Allison1-337/+337
will be DOMAIN_CLIENT called code. Jeremy. (This used to be commit ad81735fa1ce02937f6aae3d6518c1cd6156b090)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+461
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)