summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2001-01-29Changes from SAMBA_2_2:David O'Neill1-1/+1
- fix typo in cast from talloc (This used to be commit f24aa0b51f06b8181b46bb1d2e73d91e5159fe1c)
2001-01-25Fixed "object picker can't determine if object in domain" bug seen from W2KJeremy Allison1-2/+134
clients. Did this by importing Samba-TNG code that correctly handles LSA lookups. *MANY* thanks to Luke, Sander, Elrond and the rest of the TNG gang ! Jeremy (This used to be commit f76dc952f70862a6a390e9f35edd651867842a01)
2001-01-15Changes from APPLIANCE_HEAD:David O'Neill1-1/+1
source/rpc_parse/parse_lsa.c - off by one unistr length bug in init_lsa_trans_name() source/lib/util_sid.c - resolve more BUILTIN sid values to names. source/nsswitch/wb_client.c - fix typo in debug message - set errno on error so we don't get bogus value from last failure. source/rpc_server/srv_spoolss_nt.c - add debug to track number of open printer handles for ease of tracking handle leaks in the future. source/rpc_server/srv_lsa.c - fix off-by-one string bug. This was preventing NT from displaying names for well-know SIDs in printer permissions dialog. (This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
2001-01-11RPC server fixes for RPC client changes merged from TNG.Tim Potter1-2/+42
(This used to be commit 793153ebde08db217a18882c5eec945b7b14de69)
2001-01-11General clean up. Merged routines for parsing enum_trust_dom rpc call.Tim Potter1-136/+111
(This used to be commit 54b34517ce5e51ac697eff4befdd313222b4fecd)
2000-12-15Never free anything in the rpc_parse/prs_XXX functions. Do it in the enclosingJeremy Allison1-10/+0
function. lib/util_unistr.c: Check lengths *before* reading source - prevent uninitialised memory reads. Jeremy. (This used to be commit ce4f461965c872fbfc9fe5f6b98aed58bb3dd67a)
2000-12-15Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. MergedJeremy Allison1-13/+30
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open problem. Jeremy. (This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
2000-12-13Wrong length for unistr2 in init_q_lookup_names()Tim Potter1-24/+33
Removed some more static arrays and replaced with tallocated memory blocks. (This used to be commit 1db0f31ae00bf9c91eb7d02c96bf766d04c7bdef)
2000-12-12Merged in Tim's changes : Removed static limit of MAX_LOOKUP_SIDS in rpc ↵Jeremy Allison1-41/+101
server and client lsa_lookup_names() and lsa_lookup_sids(). Jeremy. (This used to be commit 9e9c71c8b3194b7cd02fea0b6a000d4f2940d905)
2000-12-08Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions fromTim Potter1-33/+31
TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-10-13last part of W2K support.Jean-François Micouleau1-4/+4
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-09-20Some code moved back from TNG - updates to LSA stuff. Not yet used butJeremy Allison1-8/+80
will be needed soon. Jeremy. (This used to be commit f0aa8f9314c837fe39b6d1b0c41d5cfae2e4098f)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-26/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+26
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-591/+456
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-11-23shuffling msrpc code around so that it can be used independently of rpcclientLuke Leighton1-2/+2
(This used to be commit e88e7d529b5bdf32ac3bc71fa8e18f6f2a98c695)
1999-11-19nt5rc2 falling over because the LsaQueryInfoPolicy() response _must_Luke Leighton1-0/+1
have the string max length = string length + 1. if not, then it gets its knickers in a twist over whether the string is NULL-terminated or not. four days. four days i spent on this one. (This used to be commit 9795e5948c698115e34c28993cdb82ba31377f5d)
1999-11-01added lsaenumdomains command.Luke Leighton1-12/+42
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H querysecret to work, it keeps returning access denied. (This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac)
1999-10-30NetServerTransportEnum parsing, client-side and rpcclient "srvtransports" added.Luke Leighton1-2/+2
(This used to be commit 37f4aac06fec3fbb34ed40d1010829b2e1f28558)
1999-10-25- typecast malloc / Realloc issues.Luke Leighton1-9/+9
- signed / unsigned issues. (This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf)
1999-10-21turning some of the rpcclient functions dynamic. this is likely toLuke Leighton1-1/+1
break a few things... (This used to be commit 4b06f303235d36903b6e9f55ee45b987d98256b0)
1999-10-15return results on prs_xxxxx() and all xxx_io_xxx() routines.Luke Leighton1-81/+161
the whole task is not complete, yet. xxx_io_xxx() routines that _call_ xxx_io_xxx() routines not done. prs_xxxx() covered by macros. considering doing xxx_io_xxxx in the same way. (This used to be commit 3b583f7be51434af98bc52b48dfa42c4602a3094)
1999-09-12- initialising mach_passwd_file locks to zero (prev. uninit.)Luke Leighton1-1/+1
- cleanup - #defined report to sprintf as it's #defined to another function in other uses of cmd_lsarpc.c (This used to be commit 8fb2ff247a2fe0ec5ce0c232d8a3da9774f7e6ae)
1999-03-24matt, you had removed a "pointer" from DOM_R_REF structure which made itLuke Leighton1-1/+5
possible to fix lsa_r_lookup_names, but forgot to add that pointer in to lsa_r_lookup_sids, where DOM_R_REF was also being used. (This used to be commit 9092368af8adbf412c71af7216365e926593d54d)
1999-03-24removed 2 unnecessary args from make_uni_hdr.Luke Leighton1-4/+4
(This used to be commit f84dede27e16a5f02ee6d02fe2d16f2661c65470)
1999-03-24Fixed LSA Lookup Names. There were a few too many NULL pointers in aMatthew Chapman1-7/+20
negative response, which tended to crash lsass.exe. (This used to be commit 6d03f61d2536630968007958345cf44a42b03584)
1999-03-19value->enc_secret not value->secretLuke Leighton1-6/+4
(This used to be commit d6cee14f8049471b14337681cbeac115958fbac0)
1999-03-18Adding LSA_OPENSECRET (-> LsarOpenSecret) and LSA_QUERYSECRETMatthew Chapman1-0/+165
(-> LsarQuerySecret) on client side, including rpcclient command "querysecret" for others to play with. The major obstacle is working out the encryption algorithm used for the secret value. It definitely uses the NT hash as part of the key, and it seems the block size is 64 bits - probably DES based - but I can't work out what's done in between. Help required. (This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa)
1999-02-09removal of the use of unistrn2 function: replace it with unistr2_to_strLuke Leighton1-2/+3
which is more appropriate. (This used to be commit ac72fe1ab3d10f64a5945ccbd4ed3817e30f9f7b)
1998-12-20fix for potential lsass.exe crashing due to negative response fromLuke Leighton1-23/+27
LsaLookupNames being incorrect. this is a bit wierd: why would the lsass.exe on the nt _client_ crash due to an LsaLookupNames response from a samba _server_? (This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
1998-12-07- lib/unix_sec_ctxt.cLuke Leighton1-2/+2
attempt at taking lib/uid.c and getting a unix security context change module that is independent of "cnums" and "snums". a security context is needed for pipes, not just IPC$ or other services. - group database API added add_group/alias_member, del_group/alias_member, del_group/alias_entry functions. del_builtin_entry() is deliberately set to NULL to cause an exception, you cannot delete builtin aliases. - parse_lsa.c srv_lsa.c fixed lookup_names code, it was a load of trash and didn't do anything. - cmd_samr.c rpcclient.c srv_samr.c added "deletegroup", "deletealias", "delaliasmem", "delgroupmem", "addgroupmem", "addaliasmem", "createalias", "creategroup", to both client and server code. server code calls into unix stubs right now, which don't actually do anything. the only instance where they are expected to do anything is in appliance mode NOT even in the ldap code or anything. client code modified to call samr_lookup_names() for group code (because we can) and lsa_lookup_names() for alias code (because we have to). - srv_lookup.c oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name instead of DOMAIN, name. (This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-04- oops, i got "add alias member" and "delete alias member" swapped.Luke Leighton1-2/+2
- samr_enum_dom_users, the first 4 bytes is some sort of garbage, nt5-beta2 clears them out to zeros whereas nt4 does not. fixed bug where we were assuming that the first 4 bytes of a response _had_ to be non-zero. - cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names() client call. - added in "addaliasmem" and "addgroupmem" commands. the addaliasmem command actually turned out to be a "delaliasmem" :-) :-) - parse_lsa.c: moved assert array check to after the size of useable array space is set... (This used to be commit 165b15a8cacc4bc7cf8cc0b9aaabb6b92cef7fdb)
1998-12-01query_aliasmem code. it works (hurrah).Luke Leighton1-46/+43
(This used to be commit f7f2516df46dde1671235f788f7689c93d9395ae)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton1-15/+51
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-2/+2
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-10rpcclient registry commands.Luke Leighton1-1/+1
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
1998-10-22bug fix in lsa_trans_names.Luke Leighton1-1/+3
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does decimal not hexadecimal oops. (This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
1998-10-15bug-fixing against:Luke Leighton1-3/+64
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-09-30lsa_lookup_sids command added. severe debugging needed on lookup_sidsLuke Leighton1-53/+192
code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-25added rpcclient programLuke Leighton1-0/+91
(This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-05tridge the destroyer returns!Andrew Tridgell1-107/+6
prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
1998-08-24Changed ASSERT macros to SMB_ASSERT macros as some systems alreadyJeremy Allison1-7/+7
have an ASSERT macro defined. Jeremy. (This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
1998-08-22added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberallyAndrew Tridgell1-0/+14
in the rpc code. (This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)
1998-08-14this is the bug change to using connection_struct* instead of cnum.Andrew Tridgell1-1/+1
Connections[] is now a local array in server.c I might have broken something with this change. In particular the oplock code is suspect and some .dll files aren't being oplocked when I expected them to be. I'll look at it after I've got some sleep. (This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison1-2/+2
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-4/+4
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-05patches from jean francois: couple of minor bugsLuke Leighton1-1/+1
(This used to be commit 532b3956c66eda1b7e787b1c6906bcf574f66216)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+567
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)