summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_samr.c
AgeCommit message (Collapse)AuthorFilesLines
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-11/+11
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-10/+10
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-17Fix from Andrew Bartlett to fix up the munged-dial problem.Jeremy Allison1-5/+11
Jeremy. (This used to be commit 703b1b76e25fc83b3b84767c0e1b64c97c21bf09)
2003-11-07Handle munged dial string. Patch from Aur?lien Degr?mont ↵Jeremy Allison1-5/+14
<adegremont@idealx.com>with memory leak fixes by me. Jeremy. (This used to be commit e591854eda8568ed1a4ad6b9de64e523c02b4392)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-246/+170
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison1-16/+20
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
2003-08-20Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAINGerald Carter1-6/+6
call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+0
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-10/+10
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-06-05Never second guess tridge.... (always talloc an internal pointer... ).Jeremy Allison1-6/+4
Jeremy. (This used to be commit 72ecdb387db60a4afab4d4fabf76f4c1d7ecbeeb)
2003-06-04Fix for previous checkin. Only use talloc on unmarshalling or we'llJeremy Allison1-3/+5
leak memory. Jeremy. (This used to be commit 07a76eb2e01833d5e2e447391cffeda712118c20)
2003-06-04fixed the arbitrary 256 limit on the size of aliases in parse_samrAndrew Tridgell1-21/+23
(This used to be commit 7f8634c35aed0d8c3fe8f7700ca1175c10b6e031)
2003-05-24Fix an insufficient alloc when querying alias members.Volker Lendecke1-1/+1
Volker (This used to be commit 47c36290db5e1f84ddf78913b3971aea04d243ab)
2003-03-13Merge from HEAD. 'fixed the unmarshalling of the queryaliasmem SAMR call'Jeremy Allison1-2/+6
Jeremy. (This used to be commit 40def80d43b14a853045a31b382226fe0381f38a)
2003-01-29Merge tpot's changes to request the correct sizes for user dispinfoJeremy Allison1-2/+2
from HEAD. I had to do this for him as he was *so* tired, the poor chap, plus he has this bad leg, plus the dog ate his homework etc. etc. Jeremy. (This used to be commit 1e752b48a12cdcf2cb6343705be83f304e5ee2b6)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-137/+137
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-31Merge tridge's fix :Jeremy Allison1-2/+8
the 'padding' field in the query domain info reply is not a padding field at all. It seems to be an optional 12 byte structure of some kind. mkaplan found a situation where the structure was not present at all (depending on ptr_0) Jeremy. (This used to be commit 3b453a596323867d4954b688dc3d83201096a447)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-2/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-3/+13
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-26syncing up with HEAD again....Gerald Carter1-1/+44
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-4/+84
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-24/+164
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-20Fix for debug typo.Jeremy Allison1-1/+1
(This used to be commit 5b43519219991fe14c8ce1993c16557bf5ceccb4)
2002-02-27Patch for Domain users not showing up from "Ivan Zhakov" <vunny@mail.ru>.Jeremy Allison1-11/+11
Jeremy. (This used to be commit 3f9063167f3fc9ae7e7fd753d76ece23c1d97800)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-21added a copyright notice.Jean-François Micouleau1-0/+1
J.F. (This used to be commit 87928c4d91940447191af4fe83a2be7ac3477361)
2001-12-21doesn't keep track of the struct's size we enumerate. W2K doesn'tJean-François Micouleau1-4/+4
calculate them and always reply a size of 32 bytes whereas NT4 did the maths. Anyway, it looks like the clients don't complain. in query_dom_info() at level 2, return the real number of users and groups. That's the fix to the W95/98 userlist bug ! as W95/98 does a query_dom_info(2) followed by a query_disp_info(4) on the SAME context handle (err we call it an lsa policy handle ! plain wrong name), I was tempted to keep the snapshoot in memory, to prevent 2 full user db enumerations in a row and just have one shared. But if some client does the 2 calls on two different handles, we would have 2 copies in memory not free'ed before the samr_close(). We still have too many fixed constant and too many magic values in that code. And btw, I really hates how the sequence number is generated ! J.F. (This used to be commit c0178e1a03f8225e5b350feb8fcbfb02f43327b4)
2001-12-21re-done all of samr_query_disp_info()Jean-François Micouleau1-125/+76
instead of enumerating the whole user db or group db every time, we store a in memory copy linked to the handle. that's much faster for large enumeration where the db can't fit in a single rpc packet. And as it's a copy, it's constant between enumeration. still some stuff to clean. But now I can fix the W95 userlist bug, as I've finally found it. J.F. (This used to be commit 3ab45215369e8e93d750f4687e9c1f7d47782590)
2001-12-19added info level 1 to samr_query_alias()Jean-François Micouleau1-0/+61
(This used to be commit 589aa4fe226ee5bdae0a244631193714b0b556ac)
2001-12-10added info level 3 to samrgetgroupinfo. I don't know what the value is.Jean-François Micouleau1-6/+44
It's just to keep usermanager happy ;-) clean up a bit samr_query_aliasinfo to return the group description added: samr_del_aliasmem, samr_del_groupmem and samr_del_domuser with the correct scripts, you can now entirely manage the users from usermanager ! Closer to full PDC every day ;-) J.F. (This used to be commit 0a727afc669704cda9b44d44dbac9e989e906ae3)
2001-12-05Const religion for some of the RPC code.Andrew Bartlett1-2/+2
(This used to be commit 64bf8f81c49744fc0653db655e457981f3bcbac2)
2001-12-03added a tdb to store the account policy informations.Jean-François Micouleau1-22/+28
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
2001-11-28added samr_set_domain_info and samr_unknown_2E.Jean-François Micouleau1-12/+259
We now get the full account policy window in usermanager, and the framework to store all those values. I plan to add a TDB file to store them. oh, and found that the last value in a sam_unknown_info_12_inf struct is an uint16 and not a uint32. andrewb: you hardcoded the MAX_PASSWORD_AGE to 21 days. We can now turn it to a value setable in usermanager. J.F. (This used to be commit 99471d25693f6672d433b90a060378f6faad867f)
2001-11-21samr_querydom_info level 1: found the meaning of the unknow fields. AndJean-François Micouleau1-14/+27
discovered that our reply is short by 4 bytes since day 1 of this code. Added a decode function to rpcclient too. splitted the STRING2 fields filling while trying to understand the win9x userlist bug. (didn't fix the bug, but the reply looks closer to NT). J.F. (This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-11/+11
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-54/+54
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-40/+40
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-03Fix for smbpasswd set_userinfo24 was in the wrong place!Tim Potter1-4/+4
(This used to be commit c9cbe3237e01983a5063e5680ad71c7579009f28)
2001-08-02Allow smbpasswd to join a W2K hosted AD domain.Jeremy Allison1-1/+6
Jeremy. (This used to be commit c51cfc7f0d3ad1614ca1e0330c8707f7b263b8e6)
2001-07-25Held a shoot-out between NT_STATUS_NO_PROBLEMO and NT_STATUS_NOPROBLEMO.Tim Potter1-12/+12
According to the incorruptible judges find and grep, the latter won. Mmm - procrastination. (-: (This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
2001-07-09add query user info level 20 (for RAS)Jean-François Micouleau1-0/+84
add query dominfo level 5 some cleanup, don't free talloced memory. implement delete domain and local groups. J.F. (This used to be commit 3f14dda2a21850edfd540be2624867e5f70a382c)
2001-07-06Added JF's fix for max_entries being 0.Jeremy Allison1-0/+15
Jeremy. (This used to be commit 5059fbbb76ffa24658a878080a36e355df4894f5)
2001-07-02Fixed auto-alloc of dispinfo code when unmarshalling.Jeremy Allison1-4/+64
Jeremy. (This used to be commit d4872c94c2e6b63be0fb12e5dd2d0459fda54959)
2001-06-29From JF....Jeremy Allison1-27/+93
hi jeremy, can you commit the following patch against HEAD. I can't do it right now Thanks Tim for me. He changed the SAM_DISPINFO_1 array without checking if he didn't break the server code. And he did. So on my way I cleaned info_1, 2, .. 5 it may break winbind. I leave to tim the pleasure to fix it ;-) jf. I added some talloc changes and checks for alloc fails. Jeremy. (This used to be commit 001e9b7b540f04c80ba65c879aaa41acddc86f3e)
2001-06-29Removed another silly static array.Tim Potter1-5/+16
(This used to be commit 008628fb8ac9f92d984218f37fffdfa3cb9e3d62)
2001-06-20Fixed W2K SP2 joining a Samba PDC hosted domain.Jeremy Allison1-4/+134
Jermey. (This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
2001-06-19INFO_24 sometimes has a 2 byte length, sometimes doesn't. Safer to notJeremy Allison1-7/+2
depend on it... Jeremy. (This used to be commit 0fe11c329f7b379299be65795031e4f1b14e0bec)
2001-06-15Fixed typo spotted by "Jim McDonough" <jmcd@us.ibm.com>....Jeremy Allison1-1/+1
Jeremy. (This used to be commit a600c96e596375bf27c15026c032944a066e7290)