summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_net.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6232: more cleanups; remove BUFFER3; rename BUFFER4 -> RPC_DATA_BLOB; ↵Gerald Carter1-14/+7
rename REG_CREATE_VALE -> REG_SET_VALUE (This used to be commit 28d433351cf813c7fb57ebac0e0f4973c85f73e8)
2007-10-10r5536: Avoid intermediate copy of NT and LM responses in NETLOGON client.Andrew Bartlett1-14/+0
This copy was length-limited, which broke when the NTLMv2 response was more than 128 bytes in length. Andrew Bartlett (This used to be commit bae18aaaff7f9eff90db566b9a254a11d281aa01)
2007-10-10r4946: Our notion the other_sids in the info3 SamLogon struct wasVolker Lendecke1-12/+33
...hmmm... completely bogus. This does not affect us as a domain controller, as we never set other_sids, but I have *no* idea how winbind got away with it. Please review thoroughly, samba4 idl looks closer to reality here. Test case: Member of w2k3 domain, authenticate as a user who is member of one or more domain local groups. Easiest review with 'client schannel = no'. Thanks, Volker (This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)
2007-10-10r4287: Vampire SAM_DELTA_DOMAIN_INFO.Günther Deschner1-12/+34
Based on samba4-idl. The decoding of account-lockout-string is somewhat experimental though. Guenther (This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
2007-10-10r4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.Günther Deschner1-6/+20
The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting acct_flags with bizarre values, breaking a lot of things. This patch is successfully running in a production environment for quite some time now and is required to finally allow Exchange 5.5 to access another Exchange Server when both are running on NT4 in a samba-controlled domain. This also allows Exchange Replication to take place, Exchange Administrator to access other Servers in the network, etc. Fixes Bugzilla #1136. Thanks abartlet for helping me with that one. Guenther (This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-32/+17
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2396: Fix bug found by Cornelio Bondad Jr <Corny.Bondad@hp.com>.Jeremy Allison1-5/+3
To correct “net rpc vampire” core dump. Jeremy. (This used to be commit cd910ffc510f2007c2619d7a4d31e5e41de7d1d1)
2007-10-10r991: Allow winbindd to use the domain trust account passwordGerald Carter1-6/+61
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett1-3/+3
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2004-04-02Implement NETLOGON GetDCName client side. You can ask a DC for the name ofVolker Lendecke1-0/+84
a DC it trusts. Volker (This used to be commit ae6840320ff47827c2817549fe3133a57e3fe77f)
2004-01-07commiting jra's fix for Exchange clear test authGerald Carter1-1/+2
(This used to be commit 344e113368cb46fc4d26107d1cd276e4c76a6a9b)
2003-12-29Add the alignment required before all 2-byte quantities in NDR. Allows usAndrew Bartlett1-0/+3
to correctly parse plaintext netlogon calls with odd-length passwords Andrew Bartlett (This used to be commit de3c3cbeeb8b674ffc0dd8fe16913f15edcf9022)
2003-12-05fixed a problem with "net rpc vampire" mis-parsing the alias memberAndrew Tridgell1-4/+4
info reply Thanks to a bug report by 'musb' (This used to be commit 310f90f3689d4acd16368a833f23ea5f9aaa0133)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-3/+8
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-68/+40
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-08Fix for bug #334. We don't unmarshall the trusted domain or secretsTim Potter1-6/+14
info delta correctly and thus crash when doing a net rpc samdump. The easiest thing at the moment it to comment out these functions as they seriously don't correspond with reality (netmon/ethereal) and the data in the containers aren't used anyway. (This used to be commit 695aa39c5d798b112f0a06281b499fcac8a5bf31)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-1/+1
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-1/+1
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-17/+2
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-07-03well this was easy...Gerald Carter1-2/+18
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user has a username of DOMAIN\user. Make sure to trim the domain part from the username when filling in the net_sam_logon reply. This fixes the browsing issues i was seen across domain trusts. (This used to be commit 62e36e6ede067ace23f5473d04917c7eeedf07e2)
2003-05-26This fixes net rpc vampire when talking to win2k (<sp3). win2k sendsTim Potter1-3/+3
back a different sized blob of encrypted password data then we were expecting. There's an extra 32 bytes of unknown stuff. (This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)
2003-04-18Survive a samdump with an alias that has no descriptionVolker Lendecke1-3/+6
Volker (This used to be commit 5af417a6ba24e6bb09979488511f482efa4894b8)
2003-03-17Merge from HEAD:Andrew Bartlett1-11/+11
signed/unsigned (mostly i counters) a little bit of const. Andrew Bartlett (This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727)
2003-02-18Check return code of string_to_sid. (Merge from HEAD)Martin Pool1-22/+26
(This used to be commit 5d09aea6f78aa247dbd77617c93c2a1dd2e2702f)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-14/+14
Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
2003-02-02Merge from HEAD: Send the session key to the client, allowing it to perform SMBAndrew Bartlett1-2/+2
signing. Andrew Bartlett (This used to be commit 9bcdb869e53ee8048dd69053b804bdaf55db7b91)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-46/+46
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-14/+17
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-117/+167
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-1/+1
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-5/+9
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-02And a little more const.Andrew Bartlett1-3/+3
(This used to be commit 044391b5973f6070abf6ac185c74ffd713e933c5)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Try to move towards slightly sane linking for Samba by removing some pdb_...()Andrew Bartlett1-17/+32
calls from rpc_parse/parse_net.c - instead these values are passed as a paramater. Unfortunetly some there is still some samr work to be done before this is actually useful. Andrew Bartlett (This used to be commit 4fc9e16ad7a77cf2e37b27640c0dec2052e9cda0)
2001-12-31more irix -64 portability fixesAndrew Tridgell1-1/+1
(This used to be commit 65e857b36e170e3ecd78bf6695ae73342e9c04cd)
2001-12-18fixing bug I introduced.Jean-François Micouleau1-1/+1
J.F. (This used to be commit 49764852c516a22fba84d6289c93bed0e5da1c7e)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-5/+8
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-12decoded SAM_DELTA 0x0e and 0x12.Jean-François Micouleau1-0/+144
One is an entry for the trusted domains The other is an entry for the trusting domains They are pretty basic, I'll improve them. J.F. (This used to be commit 8d359e62138aa327cb00875dc446234ce4be6f02)
2001-12-12a ugly decoder for SAM_DELTA_DOM_INFO (0x0d)Jean-François Micouleau1-39/+203
a correct decoder for SAM_PRIVS_INFO (0x10) this code is totally useless right now, it's just fun to decode those and will save tpot some time. J.F. (This used to be commit 314b675ed9ebacba9db25938c43cfa304462ebe2)
2001-12-06again an intrusive patch:Jean-François Micouleau1-26/+20
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-12-05OK. Smbpasswd -j is DEAD.Andrew Bartlett1-2/+7
This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d)
2001-11-21samr_querydom_info level 1: found the meaning of the unknow fields. AndJean-François Micouleau1-2/+2
discovered that our reply is short by 4 bytes since day 1 of this code. Added a decode function to rpcclient too. splitted the STRING2 fields filling while trying to understand the win9x userlist bug. (didn't fix the bug, but the reply looks closer to NT). J.F. (This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
2001-11-04get the string lengths right in domain logonsAndrew Tridgell1-2/+2
Andrew, this fixes domain logons in head. Please look at the change, as I think you may have misunderstood the max_str_len field (which is badly named) (This used to be commit fd3a657b440a61c0c146947bb62d2b83c1689b87)
2001-11-01Various post AuthRewrite cleanups, fixups and tidyups.Andrew Bartlett1-3/+3
Zero out some of the plaintext passwords for paranoia Fix up some of the other passdb backends with the change to *uid_t rather than uid_t. Make some of the code in srv_netlog_nt.c clearer, is passing an array around, so pass its lenght in is definition, not as a seperate paramater. Use sizeof() rather than magic numbers, it makes things easier to read. Cope with a PAM authenticated user who is not in /etc/passwd - currently by saying NO_SUCH_USER, but this can change in future. Andrew Bartlett (This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-1/+1
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31This one's a doozy. A cut&paste bug incorrectly sets the max string lengthTim Potter1-1/+1
of the lm challenge/response header in the NET_ID_INFO_2 structure included in a network logon request. It seems Windows 2000 is the only OS that cares about this. (This used to be commit 0f6207f45567a8af0a125a838a5ed68ea6c22283)
2001-10-30Removed confusing comment.Tim Potter1-1/+1
(This used to be commit b496936634a4b676aa2df973e64c91aa0da5d7d5)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-6/+6
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-02Fixed the bug with member servers in a Samba PDC hosted domain not allowingJeremy Allison1-6/+7
other access. Problem was max time was being set to 0xffffffff, instead of 0x7fffffff. Jeremy. (This used to be commit 94403d841710391ec26539e4b4157439d5778ff7)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)