summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_samr.c
AgeCommit message (Collapse)AuthorFilesLines
2000-10-04Adding Herb's compile warning fixes to HEAD.Jeremy Allison1-2/+2
Jeremy. (This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
2000-09-28Added comment on JF's new code. Removed ifdef in passdb/smbpass.c as thisJeremy Allison1-1/+11
was not correct. Jeremy. (This used to be commit 1a3f7ecde2ca031b2f93a079f75822354fe241a0)
2000-09-28fixed samr_create_user(). we now correctly parse the query and the reply.Jean-François Micouleau1-16/+55
And we create the disabled account. That means we can create user and trust accounts remotely ! ifdef out a return in passdb/smbpass.c. I think I didn't break any security. Jeremy could you check if I didn't make any mistakes ??? J.F. (This used to be commit 416be1b64f366c8b859f25856fce2467ec0446d9)
2000-09-27samr unknown 0x32 is in fact samr create user.Jean-François Micouleau1-49/+28
so renamed and tidy up of the server function. J.F. (This used to be commit 0f707ac1fb5685b800d6599b9074ec1d4e65b1c1)
2000-08-18fixed initialization errors (again!) I must have forgot toGerald Carter1-0/+6
check these in before. jerry (This used to be commit e682d6a599934e5460abe0d30cb2465fa80c7937)
2000-08-16fixed unitialized struct bug in enum_users (whatever it is called)Gerald Carter1-1/+5
jerry (This used to be commit a606131508592d72f3fd8a0dd63073e9c559062f)
2000-08-15Merge of uninitialised variable fix from APPLIANCE_HEAD.Tim Potter1-4/+1
(This used to be commit 20a7fefee8c85f02f6a0e2a02c0df04a8b22b7cb)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-2/+2
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-1/+1
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-13Don't return winbind groups or users when responding to samr_enum_dom_usersTim Potter1-0/+21
and samr_enum_dom_aliases commands. Unfortunately the algorithm for determining winbind groups from normal groups is simply to check for the presence of the lp_winbind_separator() character. )-: (This used to be commit 363a9c45bf0a7d3266ccdf4eeb0b9f5e3d38389f)
2000-06-23Removed save directory argument to become_root() calls. Probably most ofTim Potter1-16/+16
this stuff doesn't need to be done as root anyway. (This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
2000-06-16Forgot pipes_struct conversion for api_samr_enum_dom_aliases()Tim Potter1-1/+3
(This used to be commit 66372765e7c3f85240d54894547a150351426d5f)
2000-06-16Simplified server pipe implementation by changing arguments passed downTim Potter1-38/+84
through to the individual pipe api calls. Instead of passing two prs_struct pointers, we now pass the pipes_struct pointer which contains the former information as well as other useful stuff like the vuid. (This used to be commit 96addba216bad2189120d78f5531d5caa6f37880)
2000-06-01Getting back to a compilable state (not there yet but close).Jeremy Allison1-2/+4
Added patches for random -> sys_random. Added set_effective_xxx patches for AFS code. Memory allocation changes in spoolss code. Jeremy. (This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d)
2000-05-16Synced up srv_samr with HP changes. Added error checking to original codeJeremy Allison1-173/+361
- what a concept :-). All this code will be replaced with TNG stuff anyway, so not a big deal.... Jeremy. (This used to be commit b090cff4b5fcdef01fc553e6359627bb2285d68e)
2000-05-12fixed two uninitialised variablesAndrew Tridgell1-2/+1
(This used to be commit eefb36f130f79f2f2c6cfb58c1646aa6ce4303be)
2000-05-09the beginnings of a new scheme I've working on to allow an easierAndrew Tridgell1-0/+5
head/tng merge. It goes something like this: - headers from tng get copied over one at a time - the old headers get renamed to *_old.h - server side code that used the old headers gets a #define OLD_NTDOMAIN 1 #undef OLD_NTDOMAIN at the start and end of the code - mkproto.awk recognises these special defines and does magic stuff so that each .c file sees the right headers - we start moving the rpc client libraries from tng to head. if this goes OK then, in theory, we should be able to move the client side rpc code from tng to head without disturbing the existing head server side code. Then when that works we can consider merging the server side. it remains to be seen if this scheme will work. So far I've moved rpc_samr.h and don't seem to have broken anything. Note this this is still a very delicate operation, as at every step of the way I want to keep head fully functional. Please don't take part unless you discuss it with me first. (This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
2000-04-16got rid of FILE* in the unix name mapping codeAndrew Tridgell1-8/+8
(This used to be commit 92f85cef8b4c283374edb726ff0b4999a2000b2a)
2000-04-04Removed unused parameter vuid from rpc_server api_* calls. For the very fewTim Potter1-25/+22
functions that need to access the vuid, it can be obtained from the current_user global. Did some whitespace cleanup. (This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-67/+1
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22disabled the getgrent() code recently added that returns all unix groupsLuke Leighton1-0/+17
as NT aliases. no allowance is made for possible clashes with some unix groups that may be mapped to NT groups, not NT aliases. it is not the place of this code to make decisions about which unix groups should be mapped to NT aliases or NT groups, or in fact whether unix groups exist at all (e.g "appliance" mode). please could the person who wrote this code contact me and i will outline the architecture and design issues that you need to be aware of when working in this area: i need your skills and ability -- applied in the right places. thank you. (This used to be commit 67d9b3733f7f3ffab0ff6e78de7638fb469195e6)
2000-03-22disabled code from HP that replaced get_sampwd_entries() withLuke Leighton1-1/+26
get_passwd_entries(). get_sampwd_entries() calls the generic SAM pwdb API, whereas get_passwd_entries() calls the Unix database explicitly. this will result in LDAP, MYSQL, NISPLUS and any other future modules (e.g "appliance" mode SAM database) failing to operate correctly. i know what problem was attempted to be fixed, here, but this is not the right place to attempt to fix it. (This used to be commit 04fa6a02739671fa02b531ae47e5d24c54753331)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+24
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
2000-03-21Added preliminary user list code from HP. Needs to be made dynamicJeremy Allison1-20/+252
and backended with a tdb database so the list can be shared between multiple smbds. ToDO. Jermey. (This used to be commit 171222ce22595743a052e5c3d4428ce916d7c345)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-1946/+490
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-44/+42
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-11-24rewrote policy handle code to be generic (it's needed for client-side too)Luke Leighton1-70/+70
attempted to fix regsetsec command (This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
1999-11-20dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()Luke Leighton1-0/+2
some of the server-side stuff. Realloc() was being used, so it Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT() some of the server-side stuff. Realloc() was being used, so it Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT() some of the server-side stuff. Realloc() was being used, so it Realloc()d some random area of memory. oops. (This used to be commit a51f62f4cf610c23e45251cedb543144747a3e54)
1999-11-19The First Necessary UNICODE String Support.Luke Leighton1-12/+12
the random workstation trust account password is TOTAL garbage. i mean, complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore we can't just take every second character. created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)). followed through to the password setting in srv_samr.c (This used to be commit 172601b84ae94044b27ded917d4e0e21e47a5a66)
1999-11-18responses to UDP samquery go back to SERVER<00> not DOMAIN<1c>, theLuke Leighton1-3/+5
request name. modified createuser rpcclient command to examine name being added. if it ends in a $, assume that a workstation trust account is being added. (This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
1999-11-18added samuserset2 rpcclient command to test ACB_XXX bit-setting onLuke Leighton1-0/+107
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join a samba domain. what _is_ it with this stuff, dammit? (This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
1999-11-16attempting to get nt5 wksta to join domain.Luke Leighton1-2/+19
1) had to fix samr "create user" and "set user info" (level 23). 2) had to fix netlogon enum trust domains 3) registry key needed \\ in it not \. (This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
1999-11-15added server-side samr enum domains. fixed some parsing issues, server-side.Luke Leighton1-1/+71
(This used to be commit 60b0840106a6f5c283a8339428f3cfeb62398355)
1999-11-02free up memory allocated by enum dom groups / aliasesLuke Leighton1-0/+20
(This used to be commit edb49e754b66ecb59685234338a96d48a53f0161)
1999-10-29more reshuffling of enum groups code. more higher order functions.Luke Leighton1-4/+4
(This used to be commit 497d4231723576390b10f5ea8704bd0af88d76ab)
1999-10-25one of those wonderful moments when running against a different MSRPCLuke Leighton1-5/+9
implementation (NT5) when you discover that your code is trash. samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups() all take a HANDLE for multiple-call enumeration purposes. (This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
1999-10-21the dynamic memory alloc blood-fest goes on...Luke Leighton1-0/+3
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)
1999-10-21various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.Luke Leighton1-0/+1
samr_lookup_rids() moved to a dynamic memory structure not a static one limited to 32 RIDs. cli_pipe.c reading wasn't checking ERRmoredata when DOS error codes negotiated (this terminates MSRPC code with prejudice). (This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
1999-08-31matthew chapman identified 4 previously unknown samr functions.Luke Leighton1-3/+3
(This used to be commit 001b53866c819045bc52330cad5746e1a2f7a4b1)
1999-08-30debugged enumgroups -g optionLuke Leighton1-2/+5
(This used to be commit 1cde47ba6a6409e0ae178ca9f44be2123bef0f9d)
1999-05-03last part of RPC api change.Jean-François Micouleau1-37/+37
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-04-23Added new define NT_STATUS_MORE_ENTRIES = 0x105.Matthew Chapman1-1/+1
(This used to be commit 52b4fd5b55c22deb691124b743ae9d3beb33b39e)
1999-03-29added SamrQueryDomainInfo call info level 0x3 for kix32.exe supportLuke Leighton1-5/+10
(This used to be commit ac070dfd39bfa9b60680855585155ce528ab7691)
1999-03-25"User Manager" - create user + change password now work.Luke Leighton1-7/+25
next problem: user group adding not supported so an "access denied" message is reported instead of "ok" when a new user is created. (This used to be commit f5f61bd477b4910cb90675c926381342c30a5b16)
1999-03-25fixed issues with "Welcome to SAMBA Domain" for when admin user/pass isLuke Leighton1-9/+23
used to add workstation to domain. unix account db not modified: only SAM password db is used. (This used to be commit 129a9a4d4b74897ed753a697a3aed9b194c25568)
1999-03-25added SAMR_USER_INFO_24 info level to samr_set_userinfo. this is usedLuke Leighton1-0/+30
by "Welcome to SAMBA Domain". (This used to be commit 4aed18b5e1e2309c0f6931fbfdd604b01cb9498a)
1999-03-25SAM database "set user info".Luke Leighton1-50/+194
---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
1999-03-24removed 2 unnecessary args from make_uni_hdr.Luke Leighton1-2/+1
(This used to be commit f84dede27e16a5f02ee6d02fe2d16f2661c65470)
1999-03-23dynamic memory allocation in samr enum dom users. works with 849 entries now.Luke Leighton1-0/+10
(This used to be commit 103557e26b071bf1e65e025ef5a52ccdbf483d02)
1999-02-24Win9x user level security.Matthew Chapman1-41/+182
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)