summaryrefslogtreecommitdiff
path: root/source3/rpc_client
AgeCommit message (Collapse)AuthorFilesLines
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-4/+5
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-16I *love* removing code :-). Removed 4 files that weren't being used.Jeremy Allison5-1979/+10
All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy. (This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58)
2001-11-05Removed duplicate debug.Tim Potter1-2/+0
(This used to be commit 5c3521c937f9ba3c4c586495f54dc69a664c392a)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison3-14/+11
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-4/+4
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Don't accidentally return success when sending a broken NET_SAMLOGONTim Potter1-0/+1
request. This exposes a domain authentication bug with win2k where a rpc fault is returned but not propagated up as an error. (This used to be commit 27cd7ac85779bbc1e9488ee06e87b0c743c5b29c)
2001-10-30Fixed typo in debug message.Tim Potter1-1/+1
(This used to be commit 26fa0374bb5894ece460899ca37cf512c4424b2f)
2001-10-14the next step in the intl changeover. This should get us compiling agian,Andrew Tridgell6-24/+0
and also completes the switch to lang_tdb.c. SWAT should now work with a po file in the lib/ directory also removed useless SYSLOG defines in many files (This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter15-41/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-18Converted cli_net_auth2() and cli_nt_setup_creds() to return NTSTATUS.Tim Potter3-15/+23
(This used to be commit e0bdcbc5994345fdc76f7590dba7bce5f0127d58)
2001-09-17move to SAFE_FREE()Simo Sorce5-32/+13
(This used to be commit 549fe42bd48b3418e63ba4872bc5992dae46d514)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett1-1/+5
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell4-51/+54
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell5-37/+37
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-24More status32 conversions.Tim Potter2-15/+14
(This used to be commit 031a19639ce862bd01c1a72d8b5ff21b0eae99d2)
2001-08-24Fixed typo in debug message.Tim Potter1-1/+1
(This used to be commit ea8c0a75affe56f8fbcb987cd6f8cdcd24e8a537)
2001-08-24Set secure channel type depending on server role.Tim Potter1-1/+2
(This used to be commit 7d5440a7ae4ef46103192000a19f2e69ecf02f21)
2001-08-12This patch does a number of things, mostly smaller than they look :-)Andrew Bartlett1-10/+8
In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e)
2001-08-10Use new client error api.Tim Potter1-12/+13
(This used to be commit b196a52483a6e4ac1e4c311ff43d3c07fca031df)
2001-08-10Use the new client error api.Tim Potter1-2/+4
(This used to be commit 688da3c41dd944f7f69083518d25e9edbc55406f)
2001-08-10Removed nt_error field from cli_state as it was not used anywhere.Tim Potter1-7/+1
(This used to be commit 589aaa5fb1ac55d8b0d5ae95921f071eb6ddacf6)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-5/+7
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-25Held a shoot-out between NT_STATUS_NO_PROBLEMO and NT_STATUS_NOPROBLEMO.Tim Potter2-21/+21
According to the incorruptible judges find and grep, the latter won. Mmm - procrastination. (-: (This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
2001-07-10This fixes security=domain, which has been broke since the big charsetAndrew Bartlett1-9/+2
changeover. For my own sainity I have created a new function to fill out both the header and buffer for a string in an RPC struct. This DOES NOT take a length argument, only the actual string to be placed. The RPC code is currently littered with code that does init_uni_hdr() followed immidiatly by init_unistr2(), and often the length argument is wrong. (It was for the code I changed, even before the charset stuff). Another bug where we made strings AT LEAST MAX_UNICODE_LEN long hid this bug. This works for loopback connections to Samba, and can't be any more broke than it was before :-). (We had double and revese conversions, fun...). In particular this makes us multibyte complient. In any case, if there are no objections I will slowly convert other bits of code to the same system. (This used to be commit cf1d1cd9d6362f6e32ed9c2f6d2f6f25c47705ad)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-1/+1
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-07-04The big character set handling changeover!Andrew Tridgell4-22/+16
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-29Use a logical cli_read(), removed the cli_read_one() hack.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 2999eab5abe86bf08e693800c01ad544f04e4d6c)
2001-06-22Use cli_read_one() for reading DCE/RPC reply fragments. We need to checkTim Potter1-29/+36
for and ignore ERRmoredata errors as the client library doesn't support 32-bit error messages. Added some annotations for the RPC pipe code to make it a bit clearer maybe. (This used to be commit f179e0ff61794073aedcf77544865ad2f18c6e6d)
2001-06-14Fixed some return code checks for cli_initialise() from False to NULL.Tim Potter2-2/+2
Spotted by Joe Doran <joed@interlude.eu.org> (This used to be commit 3e3b9bc5380652d882c02e7286258f0aabcaf395)
2001-06-02Removed irritating and unecessary debug message.Tim Potter1-3/+0
(This used to be commit b49c4cd441717b0edf4ad3da0edddca474a08748)
2001-05-17Broke out change trust account password routines into separate fileTim Potter2-218/+245
since they're only used in one place anyway (timeout_processing() in process.c) (This used to be commit d1e5d5d62fcb5da30e3f2619721c5146db753f3c)
2001-05-04Added a SMB_ASSERT() so that two cli_state structures aren't openedTim Potter1-0/+3
on different pipes. This seriously confuses NT. Unfortunately HEAD branch is limited to one rpc pipe per connection as the fnum is stored inside the cli_state structure. It should really be broken out into it's own structure so multiple pipes can be opened on one TCP/IP socket. What a good idea! But look over here! I've already done it in another workarea but it will require a day or two to refactor some of the internal samba rpc client stuff (i.e netlogon requests) so it will remain uncommitted for another while. (This used to be commit 657804f3be2b621c8ee15bdb905879e208f9ca2f)
2001-05-01fixed some uninitialised variablesAndrew Tridgell1-5/+5
(This used to be commit 5d899e51a4fc4e872da550b88ef603dbd2d8391f)
2001-04-28few cleanups to bring in line with 2.2Gerald Carter6-6/+0
(This used to be commit 0feaac00a1847af41464d4ce35821ff851cded9c)
2001-03-15added getdriver and enumdrivers commands. Also fixedGerald Carter1-1/+1
enumprinters so that it works as well. Couple of other misc fixes while we're working on rpcclient. (This used to be commit 83d6bc4454f0cda581d26de32a4fcaad42431b34)
2001-03-11Removed JRATEST line.Jeremy Allison1-4/+0
Jeremy. (This used to be commit be9933ce353d0ad607c55e6e02aae09627bf9dd9)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-3/+25
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison10-135/+159
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2001-03-07Sync up handle creation with 2.2 branch. We can now join AS/U domains andJeremy Allison3-20/+14
authenticate against them. Big/little endian issues fixed. Jeremy. (This used to be commit 0e6a34510ed598eaec7fe71a9c91fda528a4675c)
2001-02-28Ooops - forgot to check the rpcclient and smbcacls compile with the newJeremy Allison1-2/+2
code :-(. Jeremy. (This used to be commit 70beabf73bdaad7b6a60e24b7a11798a411bed02)
2001-02-28Move to talloc control of SPOOL_XXX structs. Move to talloc control ofJeremy Allison2-9/+2
security descriptors and pointers. Syncup with 2.2 tree. Jeremy. (This used to be commit 14d5997dc841e78a619e865288486d50c245896d)
2001-02-25rpc_client/cli_netlogon.c: Fixed incorrect printf.Jeremy Allison1-1/+2
Added Solaris ACL support. Jeremy. (This used to be commit f0d11b6997cc46a0210adef8cf572cf8b7e2467a)
2001-02-24This patch (donated by Marc Jacobsen of HP) should make Sun and HP very ↵Jeremy Allison1-58/+112
happy :-). Probably Veritas too... :-). It allows Samba as a domain member to authenticate against an AS/U server such as the older HP PDC product or PD Netlink. It does this by trying a netlogon with info level 3 and then falling back to info level 2 if the PDC returns invalid info level. Jeremy. (This used to be commit bda1d6d4a4b3d2cfc260549280a2ce3e57fd0f86)
2001-02-20pipe opening now works with unicodeAndrew Tridgell1-2/+2
(This used to be commit ba3ce3404e1cd2e9da3ba1708f6fc8a12c085ef2)
2001-02-16configure configure.in smbd/posix_acls.c smbd/dosmode.c: Fix for zero ↵Jeremy Allison1-2/+12
permission W2K profiles. libsmb/cliconnect.c rpc_client/cli_login.c smbd/reply.c: codepage fixes from Tim. Jeremy. (This used to be commit 3ded1e6bd5f79948e437ce5b1799705945f36ad2)
2001-02-14Merge of i18n fixes from appliance branch. Samba can now talk to a networkTim Potter2-17/+21
with a PDC that has international netbios name and domain name. There's still quite a bit of i18n stuff to fix though... (This used to be commit 79045bd72ace9144e7dd73785b1d10a71b0d15aa)
2000-12-19Fixed bug found by Gerald. If a Samba server joins a domain and is setJeremy Allison1-1/+2
to search for a DC to authenticate to using the "*" syntax than ensure that for the first hour after the password change is searches for the PDC using the 1B name not the 1C name as domain replication may not have occured. Jeremy. (This used to be commit c25533de9918ed9b0c79fd039e11d1b79f513db0)
2000-12-15Added lock backouts on fail.Jeremy Allison1-2/+0
When chaining together long lines of bloody "if" statements, which should logically be separated, and one of them allocates memory, remember to *free* it *WHETHER OR NOT THE IF STATEMENTS SUCCEEDED* !!!! Yes I do consider this a bug in the coding style of Tridge, Rusty, Tim et al. :-). I'm just pissed 'cos this took 4 hours to track down even with an insure error report stating me in the face and also Ben Woodward looking over the code with me :-). Jeremy. (This used to be commit 506b5e34c3ba16768dbc82ba21044787de160c45)
2000-12-15Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. MergedJeremy Allison1-1/+1
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open problem. Jeremy. (This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
2000-12-13Wrong length for unistr2 in init_q_lookup_names()Tim Potter1-3/+3
Removed some more static arrays and replaced with tallocated memory blocks. (This used to be commit 1db0f31ae00bf9c91eb7d02c96bf766d04c7bdef)