summaryrefslogtreecommitdiff
path: root/source3/rpc_client
AgeCommit message (Collapse)AuthorFilesLines
2004-02-28Add 'net rpc group [add|del]mem' for domain groups and aliases.Volker Lendecke2-0/+277
Volker (This used to be commit 6785dc84ce4d9c2d5ebe3113c7f506947b09a7f8)
2004-02-24Add 'net rpc group add'. For this parse_samr.c had to be changed: TheVolker Lendecke1-0/+93
group_info4 in set_dom_group_info also has the level in the record itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can still create a domain group on a samba machine. Volker (This used to be commit 9cadd14aa53d390a2419d7ce4fe48d58cf372279)
2004-01-26(merge from 3.0)Andrew Bartlett1-0/+90
This adds client-side support for the unicode/SAMR password change scheme. As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 8063b8b6c2eb30cb116988e265fb289109d7c348)
2004-01-15BUG 972; check pointer in cli_ds_getprimarydominfo() before trying to copy a ↵Gerald Carter1-1/+1
structure (This used to be commit a1aed0b517f7476301d8fe4dfebac3db178ba1cd)
2004-01-13sync HEAD with recent changes in 3.0Gerald Carter1-41/+48
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
2004-01-08fix segfault when sid_ptr == 0 in DsEnumDomainTrusts() replyGerald Carter1-3/+3
(This used to be commit 36d985a75faa5ebda1c8c7de1e3ab5d7a51a9c10)
2004-01-06Merge NTLMSSP fixes from 3.0 to HEAD.Andrew Bartlett1-5/+12
Andrew Bartlett (This used to be commit f7d39c787771616ddb015bd77e3e6cd33f0c7a15)
2004-01-05rpc_client/cli_lsarpc.c:Andrew Bartlett2-8/+28
rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Add ads_sid_to_dn utility function nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 627d33d1667f0d4b1070f988494885b74c4c04dd)
2003-11-26Merge from 3.0:Andrew Bartlett1-8/+4
- NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett (This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
2003-11-24strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in ↵Gerald Carter1-2/+2
check_bind_response() (This used to be commit 84f0e97e5882375b765b818e89a6d96736cd5932)
2003-11-23Merge from 3.0:Andrew Bartlett1-6/+6
Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett (This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
2003-11-22(merge from 3.0)Andrew Bartlett3-19/+38
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-17From 3_0:Volker Lendecke1-1/+2
This fixes a bug when establishing trust against a german W2k3 AD server. In the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at all, so making it a bit more liberal should hopefully not really hurt. Volker (This used to be commit dbd17dd0366d6cd20a2d5d8247dd5842563da2ca)
2003-10-30Another round of GUID->struct uuid.Jim McDonough1-2/+3
Takes care of the lsass pipe (This used to be commit 3dca3efa4b427fa3094a8cd392fe5744b5f6f6a8)
2003-10-24New files for support of initshutdown pipe. Win2k doesn't respond properlyJim McDonough1-0/+104
to all requests on the winreg pipe, so we need to handle this new pipe. First part of fix for bug #534 (This used to be commit 532fab74c12d8c55872c2bad2abead2647f919d7)
2003-10-22Merge from 3_0:Volker Lendecke1-0/+1
In cli_lsa_lookup_sids don't leave the domain field uninitialized if some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 198b01fc54ce7a5beeddc680b30da291639b4eda)
2003-10-20Merge Volker's fix.Jeremy Allison1-0/+6
It's a perfectly valid condition to have zero alias members. Jeremy. (This used to be commit aa7fb71357921c9d1fa1d32e5eaff912428e4fdf)
2003-10-18Add client side code to do endpoint map queries. Currently does oneJim McDonough1-0/+61
fixed query. Updates to come soon. (This used to be commit 3ca8240affba20bb26749354f59b83799b4f1e44)
2003-10-06split some security related functions in their own files.Simo Sorce1-3/+3
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-17/+12
clientspreviously joined to the Samba domain (This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
2003-09-29Merge from 3.0:Tim Potter1-8/+8
>Fix for #480. Change the interface for init_unistr2 to not take a length >but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. >This is not the case. Count it after conversion. >Jeremy. (This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter3-31/+25
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce5-21/+127
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-17fix the build. Ifdef out some codeGerald Carter1-0/+3
(This used to be commit e66541d0e1befec5d589890994454dd639ea0665)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter5-628/+630
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-16Merge: clarify secure channel connection comment.Tim Potter1-4/+4
(This used to be commit dd063a298f9d5244d7b79c029c563b4d966019c1)
2003-04-28Fixes from Ronan Waide <waider@waider.ie> for large RPC writes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 30512b7d3ea3470e4aca08638a5c0ea14791a6e7)
2003-04-25Minor cleanup of enum domain groups/aliases:Tim Potter1-12/+18
- return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a talloc fails - don't try and tallocate memory when the number of entries returned was zero - rename some cut&pasted variable names in enum domain aliases function (This used to be commit cb94b2b2d141c3df1209b2b389b0cd6752ac2b6b)
2003-04-22Always initialise this, to assist callers doing loops over this call.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 6da9fd157b4e61fe72f569e4657166ca9d9ab6dc)
2003-04-16Fixes to make SCHANNEL work against a W2K DC. Still need to fixJeremy Allison1-13/+24
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC. Jeremy. (This used to be commit ec82e8e9f4a6bf807a91ac265af39a516c7ab631)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett1-18/+0
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-04-14Removed unused variables.Tim Potter1-2/+0
(This used to be commit 27a608d6a337e772dce114d73e45f6d0bf3148b4)
2003-04-14Fixed incorrect argument to debug.Tim Potter1-1/+1
(This used to be commit a4704754d912e1f704f574b733257bbcb3976141)
2003-04-11A new RPC pipe! The \pipe\echo named pipe is for testing large RPCTim Potter1-0/+187
requests and responses and is only compiled in when --enable-developer is passed to configure. It includes server and client side code for generating and responding to functions on this pipe. The functions are: - AddOne: add one to the uint32 argument and return ig - EchoData: echo back a variable sized char array to the caller - SourceData: request a variable sized char array - SinkData: send a variable sized char array and throw it away There's a win32 implementation of the client and server in the junkcode CVS repository in the rpcecho-win32 subdirectory. (This used to be commit 4ccd34ef836eba05f81dc2da73fd7cfaac201798)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-18/+305
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing platforms different from NT4SP6. Volker (This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
2003-04-09Auth2, not also Auth3 sends us flags back, although all the callersVolker Lendecke1-4/+5
ignore it. Volker (This used to be commit 6ac6b0f4c0df9e09644d8c1f1272c8645642e842)
2003-04-04SAMR lookupdomain rpc client patches from amber palekar <amber@nu3.net>Tim Potter1-0/+46
(This used to be commit 67bc6bccc22e22e2a6e5cae7c57a1b2b53f49dfd)
2003-03-23NTLM Authentication:Andrew Bartlett1-1/+12
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-18Ignore .po and .po32 files.Martin Pool1-0/+3
(This used to be commit 8d64419625dda242fdb7a5d956644b052b43a2ea)
2003-02-25More const fixes and flow on fixes from yesterday's const-fest.Tim Potter5-19/+24
(This used to be commit 018733eedd7897e6811e8461c07e3acf418c0e09)
2003-02-24Merge:Tim Potter1-7/+5
> Exit path cleanup for cli_samr_enum_dom_users() (This used to be commit 655c1e03519d4fa174a85534c165bdd1ce163ae8)
2003-02-21Exit path cleanup for cli_samr_enum_dom_users()Tim Potter1-34/+18
(This used to be commit 0bc1dfc68b0d411801a4209c9681c735cd7a73cc)
2003-02-17Return a WERROR instead of a NTSTATUS like the rest of the srvsvcTim Potter1-11/+7
rpc calls. (This used to be commit 619af61644ecc221c45e5cf69d562451b5b9f951)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-10/+10
Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
2003-02-12initial server side privileges implementation, using a tdb. This needs to be ↵Andrew Tridgell1-1/+1
hooked into pdb, and we need some access control on changing privileges. That's next (This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
2003-02-10added the 'lsaenumacctwithright' command to rpcclient. This allows youAndrew Tridgell1-0/+52
to lookup what SIDs have a particular privilege (that is how privileges are stored). (This used to be commit 3ddb5fb0dd33992b7db54a661752551a3fefc0b4)
2003-02-01One more signed/unsigned fixAndrew Bartlett1-1/+1
(This used to be commit 013fa874733566169ecefb25458d26065190f302)
2003-01-29Pass down max_size parameter to cli_samr_query_dispinfo() instead ofTim Potter1-2/+35
using a hardcoded value later on. Added a helper function that returns the observed values for max_entries and max_size for each cli_samr_query_dispinfo() call. These values were obtained from watching the NT4 user manager application with ethereal and are the only ones that can enumerate a 60k user domain reliably under Windows 2000. (This used to be commit 2eea2813d9adc414f0a7ea074826b23697f376ee)
2003-01-28added LsaRemoveAccountRightsAndrew Tridgell1-0/+42
this now gives us complete remove privileges control in the client libs, so we are in good shape for starting on the server side. (This used to be commit bf99440398db86f46233eb2f5adddffb61280a1b)