summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_samr.c
AgeCommit message (Collapse)AuthorFilesLines
1999-05-03last part of RPC api change.Jean-François Micouleau1-37/+37
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-04-23Added new define NT_STATUS_MORE_ENTRIES = 0x105.Matthew Chapman1-1/+1
(This used to be commit 52b4fd5b55c22deb691124b743ae9d3beb33b39e)
1999-03-29added SamrQueryDomainInfo call info level 0x3 for kix32.exe supportLuke Leighton1-5/+10
(This used to be commit ac070dfd39bfa9b60680855585155ce528ab7691)
1999-03-25"User Manager" - create user + change password now work.Luke Leighton1-7/+25
next problem: user group adding not supported so an "access denied" message is reported instead of "ok" when a new user is created. (This used to be commit f5f61bd477b4910cb90675c926381342c30a5b16)
1999-03-25fixed issues with "Welcome to SAMBA Domain" for when admin user/pass isLuke Leighton1-9/+23
used to add workstation to domain. unix account db not modified: only SAM password db is used. (This used to be commit 129a9a4d4b74897ed753a697a3aed9b194c25568)
1999-03-25added SAMR_USER_INFO_24 info level to samr_set_userinfo. this is usedLuke Leighton1-0/+30
by "Welcome to SAMBA Domain". (This used to be commit 4aed18b5e1e2309c0f6931fbfdd604b01cb9498a)
1999-03-25SAM database "set user info".Luke Leighton1-50/+194
---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
1999-03-24removed 2 unnecessary args from make_uni_hdr.Luke Leighton1-2/+1
(This used to be commit f84dede27e16a5f02ee6d02fe2d16f2661c65470)
1999-03-23dynamic memory allocation in samr enum dom users. works with 849 entries now.Luke Leighton1-0/+10
(This used to be commit 103557e26b071bf1e65e025ef5a52ccdbf483d02)
1999-02-24Win9x user level security.Matthew Chapman1-41/+182
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)
1999-02-15Always null-terminate strings.Matthew Chapman1-6/+6
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-6/+6
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-09groups and aliases being "manually" added which do not necessarily haveLuke Leighton1-45/+7
representation in the underlying database: removed this code. for example, with the nt->unix mapping system (don't know about the ldap one) if you want "Domain Admins" to appear you _must_ put it in the domaingroup.map file. the previous code was adding builtin aliases and well-known groups even if they weren't in the domain maps. bad idea. (This used to be commit 56469578a1af0fbcf6edddf94c498c7bbfb385c6)
1999-02-09removal of the use of unistrn2 function: replace it with unistr2_to_strLuke Leighton1-4/+3
which is more appropriate. (This used to be commit ac72fe1ab3d10f64a5945ccbd4ed3817e30f9f7b)
1999-01-29fix for enumerate domain users (bug spotted by sean matthews).Luke Leighton1-3/+7
also needed to use start index properly and generate next index. both client and server code need to recognise error code 0x105 when there's not enough room to store all the users in one call. sort this out another time. (This used to be commit ad58cdfac6b85d9431216e32e532ad4d60f9c6dd)
1999-01-28error code cleanupLuke Leighton1-27/+27
(This used to be commit 61c40982d6fde34729dc6850cf3372482392f4c9)
1999-01-15Fixed typo in srv_samr.c where samr_add_groupmem and samr_del_groupmem wereMatthew Chapman1-4/+4
the wrong way around. (This used to be commit 2b6f4818858d422399321064245a36be1dba9738)
1998-12-08adding srvsvc pipe.Luke Leighton1-2/+16
(This used to be commit d06d6369942828ec89e90f99bd0d0d3f91d61d13)
1998-12-07- lib/unix_sec_ctxt.cLuke Leighton1-131/+635
attempt at taking lib/uid.c and getting a unix security context change module that is independent of "cnums" and "snums". a security context is needed for pipes, not just IPC$ or other services. - group database API added add_group/alias_member, del_group/alias_member, del_group/alias_entry functions. del_builtin_entry() is deliberately set to NULL to cause an exception, you cannot delete builtin aliases. - parse_lsa.c srv_lsa.c fixed lookup_names code, it was a load of trash and didn't do anything. - cmd_samr.c rpcclient.c srv_samr.c added "deletegroup", "deletealias", "delaliasmem", "delgroupmem", "addgroupmem", "addaliasmem", "createalias", "creategroup", to both client and server code. server code calls into unix stubs right now, which don't actually do anything. the only instance where they are expected to do anything is in appliance mode NOT even in the ldap code or anything. client code modified to call samr_lookup_names() for group code (because we can) and lsa_lookup_names() for alias code (because we have to). - srv_lookup.c oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name instead of DOMAIN, name. (This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-04- oops, i got "add alias member" and "delete alias member" swapped.Luke Leighton1-3/+2
- samr_enum_dom_users, the first 4 bytes is some sort of garbage, nt5-beta2 clears them out to zeros whereas nt4 does not. fixed bug where we were assuming that the first 4 bytes of a response _had_ to be non-zero. - cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names() client call. - added in "addaliasmem" and "addgroupmem" commands. the addaliasmem command actually turned out to be a "delaliasmem" :-) :-) - parse_lsa.c: moved assert array check to after the size of useable array space is set... (This used to be commit 165b15a8cacc4bc7cf8cc0b9aaabb6b92cef7fdb)
1998-12-04- renamed do_samr_xxx to samr_xxxLuke Leighton1-20/+20
- renamed do_lsa_xxx to lsa_xxx - added "enumgroups [-m]" command, enumerates groups, shows members. - added cmd_sam_add_groupmem(), need to call these in rpcclient.c - added cmd_sam_add_aliasmem(), need to call these in rpcclient.c - modified "enumaliases [-m]" command - improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs. - renamed "samr_unknown_12" to "samr_lookup_rids". - added the following client-side functions: get_samr_query_groupmem() get_samr_query_aliasmem() get_samr_query_groupinfo() samr_enum_dom_groups() samr_enum_dom_aliases() samr_add_aliasmem() samr_add_groupmem() - improved display output (display.c) (This used to be commit eacc5e581af2b4de24186b9be3238b352c54effe)
1998-12-03added createalias command to rpcclientLuke Leighton1-1/+1
(This used to be commit 4771d5451b49375cc2fd4246d7d746b0d03cd5ba)
1998-12-03create domain group command (creategroup) added to rpcclient.Luke Leighton1-2/+2
renamed do_samr_xxxx to samr_xxxx. (This used to be commit 1e5d81c154740349a2cda4c1892b33a21c0683a8)
1998-12-02added rid and sid_name_use to DOMAIN_GRP_MEMBER, for use in group memberLuke Leighton1-8/+10
query. domain groups now work, hurrah! only thing is that the description is one character long, don't know why (which is wierd in itself). (This used to be commit 78a86c64960a7823b0db8b7bebfffabb4a5ba864)
1998-12-02adding group member code, made a start. found that the group members'Luke Leighton1-0/+235
rid is needed not the name (see DOMAIN_GRP_MEMBER) decided to go home. (This used to be commit 9337049dfc98becfa74522d418dae64a97c7a304)
1998-12-01query_aliasmem code. it works (hurrah).Luke Leighton1-5/+9
(This used to be commit f7f2516df46dde1671235f788f7689c93d9395ae)
1998-12-01rpc_samr.h parse_samr.c srv_samr.c :Luke Leighton1-4/+114
samr_query_aliasmembers (cool!) util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c : pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5) to obtain member and pdc sids. (This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
1998-12-01adding some samr parsing calls (group / alias adding / deleting)Luke Leighton1-7/+12
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists. (This used to be commit 51c1c31768a92d9c57ee6c09b78419bcbc544f03)
1998-11-30- adding builtin[alias]db.Luke Leighton1-8/+15
- lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
1998-11-29weekend work. user / group database API.Luke Leighton1-85/+50
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-25yeehaah got users to be included in S-1-5-xxx-yyy-zzz's local groups.Luke Leighton1-19/+19
now need search capability on S-1-5-20, which will need argh, a "group database API" on S-1-5-20, and the ability to add BUILTIN\Admins etc to "local group map" argh. (This used to be commit a24f6eb00ba7486479cbcf7fadf5456521c56179)
1998-11-25Makefile.in: Added maintainer mode fixes.Jeremy Allison1-4/+2
aclocal.m4: Added AC_LIBTESTFUNC. configure.in: Fixed -lsecurity -lsec problems. client.c: dos_ fixes. groupdb/aliasunix.c: Dead code removal. include/includes.h: Added default PRINTCAP_NAME. lib/genrand.c: dos_ fixes. lib/replace.c: Added strtoul. lib/system.c: dos_ fixes. lib/util.c: dos_ fixes. lib/util_sid.c: Signed/unsigned fixes. lib/util_str.c: removed bad const. locking/locking_slow.c: dos_ fixes. printing/printing.c: dos_ fixes. rpc_server/srv_samr.c: Dead code removal. rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN ! smbd/dir.c: dos_ fixes. smbd/open.c: dos_ fixes. smbd/oplock.c: dos_ fixes. smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes. Jeremy. (This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
1998-11-23uninitialised counterLuke Leighton1-1/+1
(This used to be commit 403f53d696d17f34dd1afc035a72eda792dd20ea)
1998-11-23unix instance of group database APILuke Leighton1-10/+34
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison1-4/+2
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-17make_uni_hdr() reverted accidentally with a -1 on username lengthLuke Leighton1-2/+2
(This used to be commit 7da1b0bb511e6c5e44ab83759914134cf91f6f78)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-69/+193
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-06grumble, grumble off-by-one unicode string fixes, gonna stuff my otherLuke Leighton1-5/+5
tree with cvs clashes when i cvs update on the group code grumble grumble (This used to be commit f8b229d187cea2e3820d71697346fc9f0cd8bf88)
1998-10-27amazing. the improvements to NT continue, evidence for which shows upLuke Leighton1-2/+2
now as "RPC fault" if the UNIHDR structure lengths do not exactly match up to the length of the data stream. so, all versions of samba prior to this one have an off-by-one bug in unicode string lengths. all versions of NT prior to NT 5 beta 2 could possibly have buffer problems when receiving badly formatted UNICODE strings. (This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
1998-10-22server/srv_samr.c smbd/ipc.c: Changed global_myworkgroup back to fstringJeremy Allison1-1/+1
(as it is everywhere else). smbwrapper/smbsh.c: For IRIX n32 binaries, set _RLDN32_LIST not _RLD32_LIST. Exec users preferred shell is SHELL environment variable is set. tests/fcntl_lock.c: Added sys/types.h for systems that need this. Jeremy. (This used to be commit 50413d0d819d4f13e760ca8439c5bdde0898d63e)
1998-10-22bug fix in lsa_trans_names.Luke Leighton1-3/+3
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does decimal not hexadecimal oops. (This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
1998-10-22libsmb/smbdes.c: #ifdef'ed out code prior to removal.Jeremy Allison1-2/+1
rpc_client/cli_pipe.c: Inlined code removed from smbdes.c rpc_server/srv_samr.c: Fixed unused variable warning. rpc_server/srv_util.c: Inlined code removed from smbdes.c Luke - the above changes are the first part of the changes you and I discussed as being neccessary at the CIFS conference. *PLEASE REVIEW THESE CHANGES* - make sure I haven't broken any of the authenticated DCE/RPC code. smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares with NT SMB support. smbd/open.c: Fixed mkdir when called from nttrans calls. smbd/server.c: Set correct size for strcpy of global_myworkgroup. Jeremy. (This used to be commit d891421d16ff80998dee429227bd391455f9d1a1)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-26/+42
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-21the next dialog: user-groups. it's not very sensible what appears, but hey:Luke Leighton1-14/+172
it appears! (This used to be commit 399035098f212e976cc0000a215e0705ebe78c05)
1998-10-21added "start index" skipping into querydispinfo.Luke Leighton1-5/+15
(This used to be commit 3e6519da22628ea41025711718ec23b082ef02d0)
1998-10-19- dce/rpc codeLuke Leighton1-2/+6
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
1998-10-16dce/rpcLuke Leighton1-0/+76
(This used to be commit 29434f496c18e816d864060d68f357aea6ef5de8)
1998-10-15bug-fixing against:Luke Leighton1-27/+88
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-10-02- static function "create_new_hashes" was identical to "nt_lm_owf_gen".Luke Leighton1-1/+1
create_new_hashes didn't zero the buffer for the md4hash: nt_lm_owf_gen did, because jeremy sorted this out a couple of days ago. call nt_lm_owf_gen instead. - call SMBOWFencrypt from SMBencrypt and SMBNTencrypt. - added #ifdef DEBUG_PASSWORD debug password calls. (This used to be commit a4e7cc3e46b713aa0ae55de74a1c70921bef578d)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-17/+17
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)