summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_samr.c
AgeCommit message (Collapse)AuthorFilesLines
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-0/+90
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-6/+6
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-2/+12
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-20It's a perfectly valid condition to have zero alias members.Volker Lendecke1-0/+6
Volker (This used to be commit ccdcd88732c99497fc563379df7837c35eba72be)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
2003-06-12Fix for bug#3. Show comments when doing 'net group -l'.Volker Lendecke1-0/+51
Volker (This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
2003-06-09Add some basic DEBUG statements at level 10 so we can see what is beingJeremy Allison1-0/+54
called. This is *essential* (and should be done on all the other cli_XX rpc calls) to help debug winbindd problems remotely. Jeremy. (This used to be commit bc215612cb7c1abc7fb78eda4016ba9e64cdc785)
2003-05-07Always initialise this - it helps callers who use this in a loop...Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 97bc047434284527f25e130a72981da704ed1212)
2003-04-25Minor cleanup of enum domain groups/aliases:Tim Potter1-12/+18
- return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a talloc fails - don't try and tallocate memory when the number of entries returned was zero - rename some cut&pasted variable names in enum domain aliases function (This used to be commit aa748e1da543f0e59df8a56996ebd9510732507e)
2003-04-24Merge from HEAD - always initailise this to zero - helps callers in loops.Andrew Bartlett1-0/+3
(This used to be commit f200a5b85832ac5ec7724d58da7270cd14c565e3)
2003-04-14Merge of samr lookup domain rpc client call from HEAD.Tim Potter1-0/+46
(This used to be commit 5b1807dddf0e4fb9fcaedcfe6f67dfd78fe117bb)
2003-02-26Merge of exit path cleanup for EnumDomainUsers.Tim Potter1-41/+23
(This used to be commit c2e9673328b2d989f13626632442f095727a03c6)
2003-01-29Merge tpot's changes to request the correct sizes for user dispinfoJeremy Allison1-2/+35
from HEAD. I had to do this for him as he was *so* tired, the poor chap, plus he has this bad leg, plus the dog ate his homework etc. etc. Jeremy. (This used to be commit 1e752b48a12cdcf2cb6343705be83f304e5ee2b6)
2002-12-08fix rpcclient querygroup command (from 2.2 and head)Simo Sorce1-3/+3
(This used to be commit ea2154b2692f76a3f0d597ddc154ecbbef72de60)
2002-08-17Sync 3.0 branch with HEADJelmer Vernooij1-575/+1186
(This used to be commit 3823a2ff5a3c6edf325e2ac31bab50175420f0b1)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-0/+3
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-11/+11
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-10-14the next step in the intl changeover. This should get us compiling agian,Andrew Tridgell1-4/+0
and also completes the switch to lang_tdb.c. SWAT should now work with a po file in the lib/ directory also removed useless SYSLOG defines in many files (This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-4/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-3/+25
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison1-22/+22
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2001-03-07Sync up handle creation with 2.2 branch. We can now join AS/U domains andJeremy Allison1-4/+2
authenticate against them. Big/little endian issues fixed. Jeremy. (This used to be commit 0e6a34510ed598eaec7fe71a9c91fda528a4675c)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-6/+6
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-22/+22
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-05-09the beginnings of a new scheme I've working on to allow an easierAndrew Tridgell1-0/+3
head/tng merge. It goes something like this: - headers from tng get copied over one at a time - the old headers get renamed to *_old.h - server side code that used the old headers gets a #define OLD_NTDOMAIN 1 #undef OLD_NTDOMAIN at the start and end of the code - mkproto.awk recognises these special defines and does magic stuff so that each .c file sees the right headers - we start moving the rpc client libraries from tng to head. if this goes OK then, in theory, we should be able to move the client side rpc code from tng to head without disturbing the existing head server side code. Then when that works we can consider merging the server side. it remains to be seen if this scheme will work. So far I've moved rpc_samr.h and don't seem to have broken anything. Note this this is still a very delicate operation, as at every step of the way I want to keep head fully functional. Please don't take part unless you discuss it with me first. (This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-26/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+26
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-2081/+465
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-2/+2
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-12-01fixing joining to domain plus something weird going down with nt logins...Luke Leighton1-1/+1
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
1999-12-01improving createuser account command to be able to add workstationsLuke Leighton1-6/+10
and then set a default random password. (This used to be commit 7846818432a93295651c8c67445a2d6a0f3b21d8)
1999-11-27further abstraction involving client states. main client-side codeLuke Leighton1-30/+10
is pretty much independent of SMB client states, which will make it easier to add other transports. (This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
1999-11-26whoa. _major_ restructure of rpcclient. fixed some buuugs, created a few.Luke Leighton1-0/+1
found out that getopt() _must_ have optind set to 0 before reuse. still haven't decided what to do with the net* api yet... (This used to be commit 29c480085e786905bfd92ea3cd93658f94e96e47)
1999-11-25cool! completed a samr* API that _would_ look like an msdn samr* api...Luke Leighton1-113/+112
if microsoft bothered to publish it. actually, there are good reasons for not publishing it: people might write programs for it, and then those programs wouldn't work on nt5, for example... (This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
1999-11-20doing a code reshuffle. want to add code to establish trust relationships.Luke Leighton1-449/+0
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-18added samuserset2 rpcclient command to test ACB_XXX bit-setting onLuke Leighton1-4/+93
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join a samba domain. what _is_ it with this stuff, dammit? (This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
1999-11-15added rpcclient "enumdomains" command. enumerates names of domainsLuke Leighton1-0/+102
for which a PDC is responsible. typical answers are: <Name of Domain> plus <Builtin>. against a hierarchical, down-level-compatible NT5 PDC, there's likely to be more than these two entries!!!!! (This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
1999-11-08const feeding frenzyLuke Leighton1-15/+19
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
1999-11-04samuserset <username> -p password. YESSSSS :)Luke Leighton1-2/+2
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no). (This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
1999-11-04adding experimental set user password command to rpcclient, it returnsLuke Leighton1-0/+90
error wrong password against nt. ???? (This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
1999-11-02dynamic mem allocation in enum dom groups and enum dom aliasesLuke Leighton1-0/+21
(This used to be commit baa789fabc45e62889755802fd8ec8c9191fe767)
1999-11-01rewrote rpcclient enumaliases command.Luke Leighton1-35/+72
(This used to be commit 492fdaaf2009e7d7e840323357a333fdf9c4d2e1)
1999-10-30general, drastic improvements to rpcclient.Luke Leighton1-7/+11
added samgroup <groupname> command added samgroupmem <groupname> command added proper registry key completion added sam command user-completion (e.g samuser [tab]) added sam command group-completion (e.g samgroup [tab]) (This used to be commit bc5d021916a2f070c62011870a80b3b2707aff3b)
1999-10-29more reshuffling of enum groups code. more higher order functions.Luke Leighton1-1/+1
(This used to be commit 497d4231723576390b10f5ea8704bd0af88d76ab)
1999-10-28restructuring sam enum dom groups code to do multiple calls toLuke Leighton1-25/+28
sam_enum_dom_groups. enum dom aliases is still left to do (dom users already done). (This used to be commit 8d181924cedb7a2d34a0b40cee600494665fe923)
1999-10-25signed / unsigned and typecast issuesLuke Leighton1-13/+13
(This used to be commit 6e22bf912cb981d91834c63098d41f5f8abaa594)
1999-10-25one of those wonderful moments when running against a different MSRPCLuke Leighton1-17/+38
implementation (NT5) when you discover that your code is trash. samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups() all take a HANDLE for multiple-call enumeration purposes. (This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
1999-10-21the dynamic memory alloc blood-fest goes on...Luke Leighton1-5/+6
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)