summaryrefslogtreecommitdiff
path: root/source3/rpc_client
AgeCommit message (Collapse)AuthorFilesLines
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-2/+3
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-02Moved rpc client routines from libsmb back to rpc_client where they belong.Tim Potter10-3467/+5931
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell7-13/+35
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-06-28Proper merge of all the working printing stuff from APPLIANCE_HEAD.Jeremy Allison1-451/+0
Now let's keep this in sync ! Jeremy. (This used to be commit 3603cd4947df2c10df604447dc542932cb9e5d5a)
2002-06-18more debug classess activatedSimo Sorce8-0/+25
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
2002-06-03Add user name to netsessenum RPC to stop 1783 messagesJim McDonough1-5/+6
(This used to be commit 18854bcd2df88ab49c263c86d111a50d83411885)
2002-06-01More cleanup work preparing for SMB signing.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
2002-05-29Cleaned up srvsvc constants a bit.Tim Potter1-8/+8
(This used to be commit ca61f68d5ca8791bea34732bd358cfb63273fc5c)
2002-05-18Remove unused files.Andrew Bartlett3-800/+0
The size of samba going down for once :-) Andrew Bartlett (This used to be commit 00ef4aad88f4ba9f2e242578c37933eac001c351)
2002-04-11WERROR merge from SAMBA_2_2Gerald Carter1-34/+18
(This used to be commit 32dc5dbbfb16cb9fd6f953dbb8148f5228b453a4)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter7-51/+51
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-15syncing up printing code with SAMBA_2_2 (already done some mergesGerald Carter1-80/+251
in the reverse). * add in new printer change notify code from SAMBA_2_2 * add in se_map_standard() from 2.2 in _spoolss_open_printer_ex() * sync up the _print_queue_struct in smb.h (why did someone change the user/file names in fs_user/fs_file (or vice-versa) ? ) * sync up some cli_spoolss_XXX functions (This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
2002-02-13merge from 2.2Gerald Carter1-2/+2
(This used to be commit 50fa21c995d33601920b3b56a3e03b09262e7fd9)
2002-01-30Removed version number from file header.Tim Potter11-22/+11
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-02Add prs_dump_before to dump everything from the start of the prsMartin Pool1-1/+1
buffer up to the current position, and use this to dump pipe buffers just before parsing. (This used to be commit 92a3ab274e6cf09a8ba39b91f8bbacba6de40b37)
2002-01-02Also capture received dataMartin Pool1-0/+5
(This used to be commit 93fadcd1118b390605d2504bee63a1e8b6373ac5)
2002-01-02struct cli_state remembers the pipe name that it's talking to, if any,Martin Pool1-3/+22
so that we can print it in later debug messages. Call prs_dump to dump out requests sent by the client at sufficiently high debug levels. (This used to be commit 9973b22b34dc2a88a20b821d4e69f39d2a6aa6a3)
2002-01-01A farily large commit:Andrew Bartlett1-152/+0
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-1/+1
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05OK. Smbpasswd -j is DEAD.Andrew Bartlett3-232/+43
This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d)
2001-11-29I think the lookup_pdc_name() should be called lookup_dc_name() and theTim Potter1-1/+1
name_status_find() call here should look up a #1c name instead of #1d. This fixes some bugs currently with BDC authentication in winbindd and in smbd as you can't query the #1d name with the ip address of a BDC. Who is Uncle Tom Cobbley anyway? (This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-4/+5
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-16I *love* removing code :-). Removed 4 files that weren't being used.Jeremy Allison5-1979/+10
All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy. (This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58)
2001-11-05Removed duplicate debug.Tim Potter1-2/+0
(This used to be commit 5c3521c937f9ba3c4c586495f54dc69a664c392a)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison3-14/+11
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-4/+4
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Don't accidentally return success when sending a broken NET_SAMLOGONTim Potter1-0/+1
request. This exposes a domain authentication bug with win2k where a rpc fault is returned but not propagated up as an error. (This used to be commit 27cd7ac85779bbc1e9488ee06e87b0c743c5b29c)
2001-10-30Fixed typo in debug message.Tim Potter1-1/+1
(This used to be commit 26fa0374bb5894ece460899ca37cf512c4424b2f)
2001-10-14the next step in the intl changeover. This should get us compiling agian,Andrew Tridgell6-24/+0
and also completes the switch to lang_tdb.c. SWAT should now work with a po file in the lib/ directory also removed useless SYSLOG defines in many files (This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter15-41/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-18Converted cli_net_auth2() and cli_nt_setup_creds() to return NTSTATUS.Tim Potter3-15/+23
(This used to be commit e0bdcbc5994345fdc76f7590dba7bce5f0127d58)
2001-09-17move to SAFE_FREE()Simo Sorce5-32/+13
(This used to be commit 549fe42bd48b3418e63ba4872bc5992dae46d514)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett1-1/+5
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell4-51/+54
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell5-37/+37
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-24More status32 conversions.Tim Potter2-15/+14
(This used to be commit 031a19639ce862bd01c1a72d8b5ff21b0eae99d2)
2001-08-24Fixed typo in debug message.Tim Potter1-1/+1
(This used to be commit ea8c0a75affe56f8fbcb987cd6f8cdcd24e8a537)
2001-08-24Set secure channel type depending on server role.Tim Potter1-1/+2
(This used to be commit 7d5440a7ae4ef46103192000a19f2e69ecf02f21)
2001-08-12This patch does a number of things, mostly smaller than they look :-)Andrew Bartlett1-10/+8
In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e)
2001-08-10Use new client error api.Tim Potter1-12/+13
(This used to be commit b196a52483a6e4ac1e4c311ff43d3c07fca031df)
2001-08-10Use the new client error api.Tim Potter1-2/+4
(This used to be commit 688da3c41dd944f7f69083518d25e9edbc55406f)
2001-08-10Removed nt_error field from cli_state as it was not used anywhere.Tim Potter1-7/+1
(This used to be commit 589aaa5fb1ac55d8b0d5ae95921f071eb6ddacf6)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-5/+7
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-25Held a shoot-out between NT_STATUS_NO_PROBLEMO and NT_STATUS_NOPROBLEMO.Tim Potter2-21/+21
According to the incorruptible judges find and grep, the latter won. Mmm - procrastination. (-: (This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
2001-07-10This fixes security=domain, which has been broke since the big charsetAndrew Bartlett1-9/+2
changeover. For my own sainity I have created a new function to fill out both the header and buffer for a string in an RPC struct. This DOES NOT take a length argument, only the actual string to be placed. The RPC code is currently littered with code that does init_uni_hdr() followed immidiatly by init_unistr2(), and often the length argument is wrong. (It was for the code I changed, even before the charset stuff). Another bug where we made strings AT LEAST MAX_UNICODE_LEN long hid this bug. This works for loopback connections to Samba, and can't be any more broke than it was before :-). (We had double and revese conversions, fun...). In particular this makes us multibyte complient. In any case, if there are no objections I will slowly convert other bits of code to the same system. (This used to be commit cf1d1cd9d6362f6e32ed9c2f6d2f6f25c47705ad)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-1/+1
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-07-04The big character set handling changeover!Andrew Tridgell4-22/+16
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-29Use a logical cli_read(), removed the cli_read_one() hack.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 2999eab5abe86bf08e693800c01ad544f04e4d6c)
2001-06-22Use cli_read_one() for reading DCE/RPC reply fragments. We need to checkTim Potter1-29/+36
for and ignore ERRmoredata errors as the client library doesn't support 32-bit error messages. Added some annotations for the RPC pipe code to make it a bit clearer maybe. (This used to be commit f179e0ff61794073aedcf77544865ad2f18c6e6d)
2001-06-14Fixed some return code checks for cli_initialise() from False to NULL.Tim Potter2-2/+2
Spotted by Joe Doran <joed@interlude.eu.org> (This used to be commit 3e3b9bc5380652d882c02e7286258f0aabcaf395)