summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_samr_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2004-03-04There's a specific error message NT_STATUS_ALIAS_EXISTS.Volker Lendecke1-1/+1
(This used to be commit f0d99f318c67852ac5bf9b606faa115ad36a5f80)
2004-03-03more usrmgr fixes: display lockout timers in minutes, not seconds, for samr 2eJim McDonough1-2/+2
(This used to be commit 832674c099a3ff9bb747dba6235e47d40a930abd)
2004-02-29net_rpc.c: Don't complain if [add|del]mem was successful.Volker Lendecke1-1/+1
srv_samr_nt.c: Correctly report that a user is not member of an alias. Volker (This used to be commit 540f625036871e7facd094fce49d7317f65f4ffd)
2004-02-25Do the query part of the previous fix...reset time and duration are set in ↵Jim McDonough1-2/+2
minutes, not seconds. Works from usrmgr. (This used to be commit 98833a82facb0bc25d9ba6f4d4c1200627e98d6d)
2004-02-25reset time and duration are set in minutes, not seconds. Works from usrmgr.Jim McDonough1-2/+2
(This used to be commit 700049d9efefc7f8952cc60bc46ba8aa790a28ba)
2004-02-17Be able to set alias info for builtin as well.Volker Lendecke1-1/+2
Volker (This used to be commit 7a947ecdf56f2dd02811262372708f8a74bfedad)
2004-02-17In samr_lookup_names Windows does not return WKN_GRP(5) but ALIAS(4) whenVolker Lendecke1-1/+6
you search in BUILTIN. Match that. Volker (This used to be commit 2863b21d8a5933c309c51edb09fbda4e669e4890)
2004-02-16Cosmetic fix: Use sid_is_in_our_domain instead of doing it per hand.Volker Lendecke1-7/+3
Volker (This used to be commit 04639e8862c360e89faac8b80c63197d514b7455)
2004-02-02remerge andrew's cracklib patch from HEAD and fix a compile warningsGerald Carter1-3/+14
(This used to be commit b60f6ec30d05e4e5bba9934a416ddc8bc089824f)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-2/+2
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2004-01-15Bug 381: check builtin (not local) group SID. Patch from Jianliang Lu ↵Gerald Carter1-1/+1
<j.lu@tiesse.com> (This used to be commit 2fd2c07df42df42103e81f5eb39bd1778de6ca0a)
2004-01-14revert the cracklib changes until post 3.0.2Gerald Carter1-14/+3
(This used to be commit 6202e0fa727a4307f51bf42f5ced401a7c7b8214)
2004-01-12First stab at cracklib support (password quality checking) in Samba 3.0Andrew Bartlett1-3/+14
This adds a configure test, that tries to find out if we have a working cracklib installation, and tries to pick up the debian hints on where the dictionary might be found. Default is per my Fedora Core 1 system - I'm not sure how much it changes. Andrew Bartlett (This used to be commit bc770edb788f0b6f719011cda683f045b76b7ba5)
2004-01-09fix some warnings from the Sun compilerGerald Carter1-1/+1
(This used to be commit ebabf72a78f0165521268b73e0fcabe1ea7834fd)
2004-01-02Match Win2k, and return NT_STATUS_INVALID_PARAMETERAndrew Bartlett1-2/+2
if this parameter is not an account type Andrew Bartlett (This used to be commit faddf5d8f9821176f4367caaf61844980df9f79c)
2004-01-02JHT came up with a nasty (broken) torture case in preparing examples forAndrew Bartlett1-99/+50
his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
2003-12-16make sure we delete the group mapping before calling the delete group ↵Gerald Carter1-2/+4
script; patch from Jianliang Lu <j.lu@tiesse.com> (This used to be commit 19a8dd523a4ee50ba9066efd60a29cf3ba9ae419)
2003-12-10more group lookup access fixes on the neverending bug 281Gerald Carter1-1/+6
(This used to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)
2003-12-04* fix RemoveSidForeignDomain() ; bug 252Gerald Carter1-46/+81
* don't fall back to unmapped UNIX group for get_local_group_from_sid() * remove an extra become/unbecome_root() pair from group enumeration (This used to be commit da12bbdb0dd9179b1ed457fa009679e2da4a8440)
2003-12-02Match Win2k and return 'invalid parameter' for creating of a new account withAndrew Bartlett1-0/+6
account flags of 0. Andrew Bartlett (This used to be commit 601120f335b69e5b8a003038dfac00f3f234a5c1)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter1-3/+5
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
2003-11-23Add server-side support for variable-length session keys (as used byAndrew Bartlett1-9/+6
DES based krb5 logins). Andrew Bartlett (This used to be commit 240b0d178e1b4a3556207bdf2e342c70155f64ee)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-3/+15
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-17* make sure we only enumerate group mapping entriesGerald Carter1-135/+44
(not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
2003-11-07* only install swat html files onceGerald Carter1-3/+17
* revert the change that prevent the guest account from being added to a passdb backend since it broke the build farm. * apply patch from Alex Deiter to fix the "smbldap_open: cannot access when not root error" messages when looking up group information (bug 281) (This used to be commit 9b8bf6a950186bd95abe952af4a7d35829b34ff8)
2003-11-07Handle munged dial string. Patch from Aur?lien Degr?mont ↵Jeremy Allison1-1/+36
<adegremont@idealx.com>with memory leak fixes by me. Jeremy. (This used to be commit e591854eda8568ed1a4ad6b9de64e523c02b4392)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-14/+9
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-19Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison1-4/+4
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
2003-09-15Patch from Gregory Hinton Nietsky <gregory@networksentry.co.za>,Jeremy Allison1-1/+1
ensure the desired access is read from the incoming RPC request. Jeremy. (This used to be commit fdc5dda44f0190af4e4b0782cb2c5c7de3506d12)
2003-08-27renaming some functions for consistencyGerald Carter1-7/+7
(This used to be commit f4ca4aae8ad0496b76c710cf79c791724bdaa4ec)
2003-08-20Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAINGerald Carter1-5/+69
call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-3/+2
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-13fix bug #286.Gerald Carter1-2/+17
Fixed by storing the access requested on the anonymous samr connect. Restricted this to enum_domain|open_domain. Added become/unbecome_root() around pdb_enum_group_mapping() enum domain groups samr call. (This used to be commit 36fc199e5f573fea9b7e2c1cf01ad42744a42f08)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+0
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-31Wrap calls to change_oem_password() in become_root()/unbecome_root() pairsJeremy Allison1-12/+12
to allow UNIX password change scripts to work correctly. This is safe as the old password has been checked as correct before invoking this. Jeremy. (This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
2003-07-25More printf portability fixes. Got caught out by some gcc'isms lastTim Potter1-1/+1
time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-24More printf fixes - size_t is long on some architectures.Tim Potter1-1/+1
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-22Another round of uid/gid/pid format string changes I missed theTim Potter1-2/+3
first time. (This used to be commit 6616485dbad74dab7506609c6bfd183fc9c1f93c)
2003-07-11moving more code around.Gerald Carter1-4/+31
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-13/+15
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-20/+17
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-3/+3
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-2/+2
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-35/+21
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-11Set the user's primary unix group from usrmgr.exe.Volker Lendecke1-0/+41
This part of a fix to bug#45. Volker (This used to be commit 43d306011fe0497dabdf6f43a0d120900fd96e6d)
2003-05-16Patch from "Esh, Andrew" <Andrew_Esh@adaptec.com> to fix core dump bugJeremy Allison1-1/+14
in add groupmem code. Jeremy. (This used to be commit f41eb9ce9af2075f62abaecd8792d30617d05818)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-22/+8
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)