summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_net.c
AgeCommit message (Collapse)AuthorFilesLines
2001-11-21samr_querydom_info level 1: found the meaning of the unknow fields. AndJean-François Micouleau1-2/+2
discovered that our reply is short by 4 bytes since day 1 of this code. Added a decode function to rpcclient too. splitted the STRING2 fields filling while trying to understand the win9x userlist bug. (didn't fix the bug, but the reply looks closer to NT). J.F. (This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
2001-11-04get the string lengths right in domain logonsAndrew Tridgell1-2/+2
Andrew, this fixes domain logons in head. Please look at the change, as I think you may have misunderstood the max_str_len field (which is badly named) (This used to be commit fd3a657b440a61c0c146947bb62d2b83c1689b87)
2001-11-01Various post AuthRewrite cleanups, fixups and tidyups.Andrew Bartlett1-3/+3
Zero out some of the plaintext passwords for paranoia Fix up some of the other passdb backends with the change to *uid_t rather than uid_t. Make some of the code in srv_netlog_nt.c clearer, is passing an array around, so pass its lenght in is definition, not as a seperate paramater. Use sizeof() rather than magic numbers, it makes things easier to read. Cope with a PAM authenticated user who is not in /etc/passwd - currently by saying NO_SUCH_USER, but this can change in future. Andrew Bartlett (This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-1/+1
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31This one's a doozy. A cut&paste bug incorrectly sets the max string lengthTim Potter1-1/+1
of the lm challenge/response header in the NET_ID_INFO_2 structure included in a network logon request. It seems Windows 2000 is the only OS that cares about this. (This used to be commit 0f6207f45567a8af0a125a838a5ed68ea6c22283)
2001-10-30Removed confusing comment.Tim Potter1-1/+1
(This used to be commit b496936634a4b676aa2df973e64c91aa0da5d7d5)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-6/+6
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-02Fixed the bug with member servers in a Samba PDC hosted domain not allowingJeremy Allison1-6/+7
other access. Problem was max time was being set to 0xffffffff, instead of 0x7fffffff. Jeremy. (This used to be commit 94403d841710391ec26539e4b4157439d5778ff7)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-22These are RIDs not Unix UIDs so make this clear in the feild names.Andrew Bartlett1-5/+5
Andrew Bartlett (This used to be commit d1bc778301b31d77fdc3837ec3cff24ce37adcd7)
2001-09-14Decode 68-byte password blocks using sam replication password key (whichTim Potter1-2/+4
is actually the user session key). (This used to be commit 0f041597f8afa378fc3177264f1e52e014e6cf00)
2001-09-04it now all compiles - so try enabling it by default and see what explodes on ↵Andrew Tridgell1-3/+3
the build farm (This used to be commit 5bb7e4f0f65edf1db20245f403cbe81833134240)
2001-09-04Welcome to tpot's exploit world!Tim Potter1-253/+413
- put in checks for return values in rpc parsing routines - replace a bunch of stupid &(foo->bar) with &foo->bar - fixed bug in net_io_sam_alias_mem_info where there are zero members in the alias (This used to be commit eecdba2b015ed48d7dd88daea2af466f28cd2ff7)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-14/+14
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-31Fix up some compile issues. We can't have C99 comments and add a smatteringAndrew Bartlett1-2/+2
of const. (This used to be commit af53e774d754d72b01d9840e8b45d27bc394e33d)
2001-08-28Merge of sam sync code from TNG.Tim Potter1-0/+834
Reverse-engineered the sam replication protocol from staring at hex dumps for a while. It's pretty similar to the sam sync protocol with a couple of different delta header types. I wasn't able to figure out the format of the privilege stuff - needs more time and a whiteboard. (-: The impressive bit is that the sam sync stuff from tng basically just worked thanks mainly to Luke Leighton's efforts in this area. (This used to be commit 3a60cb44f22d5f3f8c78a56ed8f5ea4794cd7ab3)
2001-08-22merge from 2.2Gerald Carter1-9/+14
(This used to be commit fe4ffa8dda165b0d1197f022f59db0a284cbef79)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-13/+13
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-11This backs out my last change, which broke some of the finer points of RPCAndrew Bartlett1-4/+11
coding :-). I'll be more carfull in this area in future. This does not back out the cli_login change, so domain logons still work, but only for english. Andrew Bartlett (This used to be commit bd3c2a0cddc71daa4165e1a0916208d0c650d55a)
2001-07-10This fixes security=domain, which has been broke since the big charsetAndrew Bartlett1-11/+4
changeover. For my own sainity I have created a new function to fill out both the header and buffer for a string in an RPC struct. This DOES NOT take a length argument, only the actual string to be placed. The RPC code is currently littered with code that does init_uni_hdr() followed immidiatly by init_unistr2(), and often the length argument is wrong. (It was for the code I changed, even before the charset stuff). Another bug where we made strings AT LEAST MAX_UNICODE_LEN long hid this bug. This works for loopback connections to Samba, and can't be any more broke than it was before :-). (We had double and revese conversions, fun...). In particular this makes us multibyte complient. In any case, if there are no objections I will slowly convert other bits of code to the same system. (This used to be commit cf1d1cd9d6362f6e32ed9c2f6d2f6f25c47705ad)
2001-06-22sync this function with 2.2 (single check for NULL parameter)Gerald Carter1-0/+3
(This used to be commit 3ab50e648d682080308d2db6bdb71eef0e303988)
2001-06-20Fixed W2K SP2 joining a Samba PDC hosted domain.Jeremy Allison1-2/+2
Jermey. (This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
2001-05-24Added a init function for net_q_logon_ctrl2 so we can make this callTim Potter1-12/+133
from rpcclient. Added init and i/o functions for net_{q,r}_logon_ctrl functions so we can call from rpcclient and respond to this call from smbd. (This used to be commit 8ba30031a4fd900b9b87cf5d04c2f2bf6c436718)
2001-04-27Added Herb's comment fix.Jeremy Allison1-1/+0
Jeremy. (This used to be commit f4f4aae675f55d3319aca8489621afc92aaf8de1)
2001-04-23Fix "proc num out of range" error. Missing rpc call.Jeremy Allison1-0/+56
Jeremy. (This used to be commit 6248fb22926d72fddaecad5af117af1bdd08fda3)
2001-03-13We were mismarshalling a netlogon reply for bad password to W2K.Jeremy Allison1-0/+5
Jeremy. (This used to be commit 017a6a9868eb5237a715a0d7bf4784863f40a2f4)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-20/+18
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-02-24This patch (donated by Marc Jacobsen of HP) should make Sun and HP very ↵Jeremy Allison1-8/+22
happy :-). Probably Veritas too... :-). It allows Samba as a domain member to authenticate against an AS/U server such as the older HP PDC product or PD Netlink. It does this by trying a netlogon with info level 3 and then falling back to info level 2 if the PDC returns invalid info level. Jeremy. (This used to be commit bda1d6d4a4b3d2cfc260549280a2ce3e57fd0f86)
2000-11-22o fixed logon script problems (wrong len in reply to net_sam_logon forGerald Carter1-6/+6
a few strings). I was the one who broke it obviously. o changed a few more defaults in the smbpasswd backend with respect to times. Now the logon time becomes '0' and the pass_can_change_time is set ot the same as pass_last_set_time o change Get_Pwnam() call in local_lookup_name to sys_getpwnam() as it did not seem necessary to try case permutations in the username. Tim, I think this was your code, so you might want to double check me. -- jerry (This used to be commit 37a665002c5cd7908c13d306f61af272a899dbc8)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-48/+46
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-10-13last part of W2K support.Jean-François Micouleau1-2/+27
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-10-10a netlogon enum trust query doesn't have a function_code at end.Jean-François Micouleau1-6/+0
a sam_user_info_24 doesn't have a uint16 at end samr_create_user also creates the unix account now samr_set_userinfo changes the password. J.F. (This used to be commit 94f4024481fcd0cb6647af1bd4364033be020641)
2000-09-06Fix for the SID history problem when using a Win2k domain controllerJeremy Allison1-12/+56
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs. Jeremy. (This used to be commit 2b1f66eb82f05fe0b85ac5b4916e32847b8de675)
2000-07-10Fix for passing NULL pointer as an array parameter inTim Potter1-2/+2
domain_client_validate() (This used to be commit 3ee111bff78826a5ee419554d4ef2b2b2d3ae7aa)
2000-06-09Luke, I am moving the code back into passdb/passdb.c, this the correctJeremy Allison1-2/+2
place to do this, not in smbd/passwd.c Please don't change this without asking first, I have run this past Andrew so talk to him (I'm on vacation next week). I also removed the g_newXXX macros. There are essentially a private C extension, not used anywhere else in the code, and add no functionality over malloc(XX) and make the code harder to understand (everyone knows what malloc does). Jeremy. (This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
2000-06-09dynamic allocation of NET_USER_INFO_3 gids.Luke Leighton1-5/+16
jeremy, the intent is to call se_access_check() with usr-sid, grp-sid, array-of-group-rids (but array-of-group-sids would do). please do look at smbd/lanman.c's api_NetWkstaGetInfo, it will show you that we really do need to store the entire NET_USER_INFO_3 structure. then again, api_NetWkstaGetInfo is only used by win9x so who cares :) (This used to be commit bd34f652390adc32c4959d164c628687f526d977)
2000-05-03Insure uninitialized memory read fixes.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 577ddbfbec857dec3ade811f735ec6b183566435)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-26/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+26
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-1211/+647
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-4/+0
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-12-01damn, that took a while. nt login password was being stored incorrectlyLuke Leighton1-4/+3
in private .mac file (oops). ntlogin test now works. (This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-8/+36
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-16attempting to get nt5 wksta to join domain.Luke Leighton1-22/+8
1) had to fix samr "create user" and "set user info" (level 23). 2) had to fix netlogon enum trust domains 3) registry key needed \\ in it not \. (This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
1999-11-16added two new params: "trusted domains" and "trusting domains".Luke Leighton1-4/+4
these _may_ not actually ever get used, as trust relationships really need to be established with shared secrets, and you need to get the SID of the trusted and trusting domains, so this may have to go in a private/xxx.mac file. (This used to be commit 71f12138679251a9ebcada35969d9baea286a3e9)
1999-11-16Changes to implement NET_AUTH based on NET_AUTH2, to get Win2000Richard Sharpe1-0/+60
happier in joining a Samba domain. (This used to be commit 70274b5253182f3541584ecd844f07376a3d3df9)
1999-11-01const char* issuesLuke Leighton1-2/+4
(This used to be commit 11ecec8457a51588a1b55b7f35dec28fe94c0594)
1999-10-25- typecast malloc / Realloc issues.Luke Leighton1-8/+8
- signed / unsigned issues. (This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf)
1999-10-19need status codes from cli_net_req_chal() and cli_net_auth2().Luke Leighton1-1/+1
this format is what i would like _all_ these functions to be (returning status codes, not BOOL) but that's a horrendous amount of work at the moment :) (This used to be commit 02f240604241367f146b26934ad1a1b2563430de)