summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_samr.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r9660: real fix for group enumeration bug in 3.0.20; only affected the ↵Gerald Carter1-1/+1
ldapsam code (This used to be commit 62f9fb5e3a9bce539c9fedc5fdec1b8741a922c7)
2007-10-10r9593: fix enumerated group name (should be full name (i.e. mapped name) and ↵Gerald Carter1-1/+1
not unix name) (This used to be commit 8928575abde51f04d0596420a85381f697b66c58)
2007-10-10r8564: Sometimes we're too dumb to live... Fix samr calls where we wereJeremy Allison1-44/+44
using USER_INFO_XX structs and functions where XX was sometimes in hex and sometimes in decimal. Now it's all in decimal (should be no functionality change). Jeremy. (This used to be commit 84651aca04cbcbf50ab2e78333cc9d9e49dd92f5)
2007-10-10r6601: fixing query and set alias info calls (level 1 from theGerald Carter1-52/+35
MMC manage computer plugin. (This used to be commit c43c1ec80cb52569ccabcdf95e4004386ecb29d6)
2007-10-10r6351: This is quite a large and intrusive patch, but there are not many ↵Volker Lendecke1-135/+86
pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
2007-10-10r5580: Fix "net rpc trustdom add". Much closer to what windows does. Also stopJim McDonough1-42/+18
referencing unknown_6 from sam, because it's just fixed at 1260, the max len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb. (This used to be commit ffac752875938d510446ebbeba6fc983f65cda1e)
2007-10-10r5262: Fix server_role in the samr_query_dom_info calls. When we are a BDC weGünther Deschner1-6/+6
should not say we are a PDC. Guenther (This used to be commit 6cdf3b97de2c28ac92f972621b0ce04c1c80cea5)
2007-10-10r4868: Add "net rpc user RENAME"-command.Günther Deschner1-2/+51
Note that Samba3 does not yet support it server-side. Guenther (This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)
2007-10-10r4336: Apply some other samba4 SAMR idl that is just too obvious. Don't hardGünther Deschner1-6/+4
set the value "forcibly disconnect remote users from server when logon hours expire" to "no", instead take the value from our account-policy storage. Guenther (This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)
2007-10-10r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,Günther Deschner1-5/+42
based on samba4-idl. This saves us an enormous amount of totally unnecessary ldap-traffic when several hundreds of winbind-daemons query a Samba3 DC just to get the fake SAM-sequence-number (time(NULL)) by enumerating all users, all groups and all aliases when query-dom-info level 2 is used. Note that we apparently never get the sequence number right (we parse a uint32, although it's a uint64, at least in samba4 idl). For the time being, I would propose to stay with that behaviour. Guenther (This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
2007-10-10r4219: Fix samba3 samr "idl"... According to samba4 idl samr_DomInfo2 contains aVolker Lendecke1-17/+6
comment string and not an unknown 12 byte structure... Found after abartlet's smbtorture extended this string to "Tortured by Samba4: Fri Nov 26 15:40:18 2004 CET" ;-)) Volker (This used to be commit b41d94d8186f66136918432cf32e9dcef5a8bd12)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-86/+64
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3928: Fix duplicate call to pdb_get_acct_desc(). Bugzilla #2080.Tim Potter1-1/+1
(This used to be commit 3ebfd137b2d8f393874561046ef79f4d9a8cae52)
2007-10-10r1125: Remove bougus comments. (The real fix was to the sealed pipe padding)Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit 61768f4cb3a268ce30911b15b30f82de36716b5f)
2007-10-10r977: Implement 'net rpc group rename' -- rename domain groups.Volker Lendecke1-0/+46
Volker (This used to be commit 9ceff803278bdbc09cb5ab678a108cea24ab49a9)
2007-10-10r480: Added Andrew Bartletts pwinfo-parse-error.patch.Jeremy Allison1-3/+3
Jeremy. (This used to be commit b9e79004a4c1e4a472f0627d2c33c966af22ccd2)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-4/+0
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2004-02-28Add 'net rpc group [add|del]mem' for domain groups and aliases.Volker Lendecke1-3/+3
Volker (This used to be commit e597420421e085b17dcdc062c5900518d0d4e685)
2004-02-24Add 'net rpc group add'. For this parse_samr.c had to be changed: TheVolker Lendecke1-4/+4
group_info4 in set_dom_group_info also has the level in the record itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can still create a domain group on a samba machine. Volker (This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
2004-02-12More sync between passdb on 3.0 and HEAD.Jim McDonough1-15/+10
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes. (This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-7/+7
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2003-12-04* fix RemoveSidForeignDomain() ; bug 252Gerald Carter1-6/+6
* don't fall back to unmapped UNIX group for get_local_group_from_sid() * remove an extra become/unbecome_root() pair from group enumeration (This used to be commit da12bbdb0dd9179b1ed457fa009679e2da4a8440)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-11/+11
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-10/+10
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-17Fix from Andrew Bartlett to fix up the munged-dial problem.Jeremy Allison1-5/+11
Jeremy. (This used to be commit 703b1b76e25fc83b3b84767c0e1b64c97c21bf09)
2003-11-07Handle munged dial string. Patch from Aur?lien Degr?mont ↵Jeremy Allison1-5/+14
<adegremont@idealx.com>with memory leak fixes by me. Jeremy. (This used to be commit e591854eda8568ed1a4ad6b9de64e523c02b4392)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-246/+170
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison1-16/+20
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
2003-08-20Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAINGerald Carter1-6/+6
call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+0
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-10/+10
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-06-05Never second guess tridge.... (always talloc an internal pointer... ).Jeremy Allison1-6/+4
Jeremy. (This used to be commit 72ecdb387db60a4afab4d4fabf76f4c1d7ecbeeb)
2003-06-04Fix for previous checkin. Only use talloc on unmarshalling or we'llJeremy Allison1-3/+5
leak memory. Jeremy. (This used to be commit 07a76eb2e01833d5e2e447391cffeda712118c20)
2003-06-04fixed the arbitrary 256 limit on the size of aliases in parse_samrAndrew Tridgell1-21/+23
(This used to be commit 7f8634c35aed0d8c3fe8f7700ca1175c10b6e031)
2003-05-24Fix an insufficient alloc when querying alias members.Volker Lendecke1-1/+1
Volker (This used to be commit 47c36290db5e1f84ddf78913b3971aea04d243ab)
2003-03-13Merge from HEAD. 'fixed the unmarshalling of the queryaliasmem SAMR call'Jeremy Allison1-2/+6
Jeremy. (This used to be commit 40def80d43b14a853045a31b382226fe0381f38a)
2003-01-29Merge tpot's changes to request the correct sizes for user dispinfoJeremy Allison1-2/+2
from HEAD. I had to do this for him as he was *so* tired, the poor chap, plus he has this bad leg, plus the dog ate his homework etc. etc. Jeremy. (This used to be commit 1e752b48a12cdcf2cb6343705be83f304e5ee2b6)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-137/+137
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-31Merge tridge's fix :Jeremy Allison1-2/+8
the 'padding' field in the query domain info reply is not a padding field at all. It seems to be an optional 12 byte structure of some kind. mkaplan found a situation where the structure was not present at all (depending on ptr_0) Jeremy. (This used to be commit 3b453a596323867d4954b688dc3d83201096a447)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-2/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-3/+13
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-26syncing up with HEAD again....Gerald Carter1-1/+44
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-4/+84
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-24/+164
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-20Fix for debug typo.Jeremy Allison1-1/+1
(This used to be commit 5b43519219991fe14c8ce1993c16557bf5ceccb4)
2002-02-27Patch for Domain users not showing up from "Ivan Zhakov" <vunny@mail.ru>.Jeremy Allison1-11/+11
Jeremy. (This used to be commit 3f9063167f3fc9ae7e7fd753d76ece23c1d97800)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-21added a copyright notice.Jean-François Micouleau1-0/+1
J.F. (This used to be commit 87928c4d91940447191af4fe83a2be7ac3477361)
2001-12-21doesn't keep track of the struct's size we enumerate. W2K doesn'tJean-François Micouleau1-4/+4
calculate them and always reply a size of 32 bytes whereas NT4 did the maths. Anyway, it looks like the clients don't complain. in query_dom_info() at level 2, return the real number of users and groups. That's the fix to the W95/98 userlist bug ! as W95/98 does a query_dom_info(2) followed by a query_disp_info(4) on the SAME context handle (err we call it an lsa policy handle ! plain wrong name), I was tempted to keep the snapshoot in memory, to prevent 2 full user db enumerations in a row and just have one shared. But if some client does the 2 calls on two different handles, we would have 2 copies in memory not free'ed before the samr_close(). We still have too many fixed constant and too many magic values in that code. And btw, I really hates how the sequence number is generated ! J.F. (This used to be commit c0178e1a03f8225e5b350feb8fcbfb02f43327b4)