summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_samr.c
AgeCommit message (Collapse)AuthorFilesLines
2004-01-26(merge from 3.0)Andrew Bartlett1-0/+90
This adds client-side support for the unicode/SAMR password change scheme. As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 8063b8b6c2eb30cb116988e265fb289109d7c348)
2003-11-23Merge from 3.0:Andrew Bartlett1-6/+6
Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett (This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
2003-11-22(merge from 3.0)Andrew Bartlett1-2/+12
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-10-20Merge Volker's fix.Jeremy Allison1-0/+6
It's a perfectly valid condition to have zero alias members. Jeremy. (This used to be commit aa7fb71357921c9d1fa1d32e5eaff912428e4fdf)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-0/+107
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-04-25Minor cleanup of enum domain groups/aliases:Tim Potter1-12/+18
- return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a talloc fails - don't try and tallocate memory when the number of entries returned was zero - rename some cut&pasted variable names in enum domain aliases function (This used to be commit cb94b2b2d141c3df1209b2b389b0cd6752ac2b6b)
2003-04-22Always initialise this, to assist callers doing loops over this call.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 6da9fd157b4e61fe72f569e4657166ca9d9ab6dc)
2003-04-04SAMR lookupdomain rpc client patches from amber palekar <amber@nu3.net>Tim Potter1-0/+46
(This used to be commit 67bc6bccc22e22e2a6e5cae7c57a1b2b53f49dfd)
2003-02-24Merge:Tim Potter1-7/+5
> Exit path cleanup for cli_samr_enum_dom_users() (This used to be commit 655c1e03519d4fa174a85534c165bdd1ce163ae8)
2003-02-21Exit path cleanup for cli_samr_enum_dom_users()Tim Potter1-34/+18
(This used to be commit 0bc1dfc68b0d411801a4209c9681c735cd7a73cc)
2003-01-29Pass down max_size parameter to cli_samr_query_dispinfo() instead ofTim Potter1-2/+35
using a hardcoded value later on. Added a helper function that returns the observed values for max_entries and max_size for each cli_samr_query_dispinfo() call. These values were obtained from watching the NT4 user manager application with ethereal and are the only ones that can enumerate a 60k user domain reliably under Windows 2000. (This used to be commit 2eea2813d9adc414f0a7ea074826b23697f376ee)
2002-12-08make querygroup in rpcclient working, same fix as per 2.2 treeSimo Sorce1-3/+3
(This used to be commit 8877ff2482bfa880614a9f40eed448d60216419d)
2002-08-12Add client side support for samr connect4 (0x3e). Seems to have oneJim McDonough1-0/+47
additional parm compared to samr connect, but I've only seen 0x00000002 in that field... (This used to be commit ed2370b91f7f6a36efdf6b65340a5b29a26e7e7a)
2002-08-02Moved rpc client routines from libsmb back to rpc_client where they belong.Tim Potter1-576/+1140
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
2002-06-18more debug classess activatedSimo Sorce1-0/+3
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-11/+11
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-10-14the next step in the intl changeover. This should get us compiling agian,Andrew Tridgell1-4/+0
and also completes the switch to lang_tdb.c. SWAT should now work with a po file in the lib/ directory also removed useless SYSLOG defines in many files (This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-4/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-3/+25
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison1-22/+22
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2001-03-07Sync up handle creation with 2.2 branch. We can now join AS/U domains andJeremy Allison1-4/+2
authenticate against them. Big/little endian issues fixed. Jeremy. (This used to be commit 0e6a34510ed598eaec7fe71a9c91fda528a4675c)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-6/+6
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-22/+22
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-05-09the beginnings of a new scheme I've working on to allow an easierAndrew Tridgell1-0/+3
head/tng merge. It goes something like this: - headers from tng get copied over one at a time - the old headers get renamed to *_old.h - server side code that used the old headers gets a #define OLD_NTDOMAIN 1 #undef OLD_NTDOMAIN at the start and end of the code - mkproto.awk recognises these special defines and does magic stuff so that each .c file sees the right headers - we start moving the rpc client libraries from tng to head. if this goes OK then, in theory, we should be able to move the client side rpc code from tng to head without disturbing the existing head server side code. Then when that works we can consider merging the server side. it remains to be seen if this scheme will work. So far I've moved rpc_samr.h and don't seem to have broken anything. Note this this is still a very delicate operation, as at every step of the way I want to keep head fully functional. Please don't take part unless you discuss it with me first. (This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-26/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+26
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-2081/+465
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-2/+2
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-12-01fixing joining to domain plus something weird going down with nt logins...Luke Leighton1-1/+1
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
1999-12-01improving createuser account command to be able to add workstationsLuke Leighton1-6/+10
and then set a default random password. (This used to be commit 7846818432a93295651c8c67445a2d6a0f3b21d8)
1999-11-27further abstraction involving client states. main client-side codeLuke Leighton1-30/+10
is pretty much independent of SMB client states, which will make it easier to add other transports. (This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
1999-11-26whoa. _major_ restructure of rpcclient. fixed some buuugs, created a few.Luke Leighton1-0/+1
found out that getopt() _must_ have optind set to 0 before reuse. still haven't decided what to do with the net* api yet... (This used to be commit 29c480085e786905bfd92ea3cd93658f94e96e47)
1999-11-25cool! completed a samr* API that _would_ look like an msdn samr* api...Luke Leighton1-113/+112
if microsoft bothered to publish it. actually, there are good reasons for not publishing it: people might write programs for it, and then those programs wouldn't work on nt5, for example... (This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
1999-11-20doing a code reshuffle. want to add code to establish trust relationships.Luke Leighton1-449/+0
(This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-18added samuserset2 rpcclient command to test ACB_XXX bit-setting onLuke Leighton1-4/+93
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join a samba domain. what _is_ it with this stuff, dammit? (This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
1999-11-15added rpcclient "enumdomains" command. enumerates names of domainsLuke Leighton1-0/+102
for which a PDC is responsible. typical answers are: <Name of Domain> plus <Builtin>. against a hierarchical, down-level-compatible NT5 PDC, there's likely to be more than these two entries!!!!! (This used to be commit 3146aa6b6049a0d996e9abbe7dbee8526550e7e0)
1999-11-08const feeding frenzyLuke Leighton1-15/+19
(This used to be commit e0eb390ab3e2a0cce191e78ea4ff90d088a8895c)
1999-11-04samuserset <username> -p password. YESSSSS :)Luke Leighton1-2/+2
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no). (This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
1999-11-04adding experimental set user password command to rpcclient, it returnsLuke Leighton1-0/+90
error wrong password against nt. ???? (This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
1999-11-02dynamic mem allocation in enum dom groups and enum dom aliasesLuke Leighton1-0/+21
(This used to be commit baa789fabc45e62889755802fd8ec8c9191fe767)
1999-11-01rewrote rpcclient enumaliases command.Luke Leighton1-35/+72
(This used to be commit 492fdaaf2009e7d7e840323357a333fdf9c4d2e1)
1999-10-30general, drastic improvements to rpcclient.Luke Leighton1-7/+11
added samgroup <groupname> command added samgroupmem <groupname> command added proper registry key completion added sam command user-completion (e.g samuser [tab]) added sam command group-completion (e.g samgroup [tab]) (This used to be commit bc5d021916a2f070c62011870a80b3b2707aff3b)
1999-10-29more reshuffling of enum groups code. more higher order functions.Luke Leighton1-1/+1
(This used to be commit 497d4231723576390b10f5ea8704bd0af88d76ab)
1999-10-28restructuring sam enum dom groups code to do multiple calls toLuke Leighton1-25/+28
sam_enum_dom_groups. enum dom aliases is still left to do (dom users already done). (This used to be commit 8d181924cedb7a2d34a0b40cee600494665fe923)
1999-10-25signed / unsigned and typecast issuesLuke Leighton1-13/+13
(This used to be commit 6e22bf912cb981d91834c63098d41f5f8abaa594)
1999-10-25one of those wonderful moments when running against a different MSRPCLuke Leighton1-17/+38
implementation (NT5) when you discover that your code is trash. samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups() all take a HANDLE for multiple-call enumeration purposes. (This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
1999-10-21the dynamic memory alloc blood-fest goes on...Luke Leighton1-5/+6
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)