summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-8/+8
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-12-21Removed unused variables.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 621fa227bdf6af15daa13f62287978dc2310c04c)
2001-12-21The jf_get_sampasswd_entries() is not used anymore.Jeremy Allison1-335/+0
Jeremy. (This used to be commit bf1816099707b816c9b62ad5ab794dc49b833181)
2001-12-21added a copyright notice.Jean-François Micouleau2-1/+2
J.F. (This used to be commit 87928c4d91940447191af4fe83a2be7ac3477361)
2001-12-21doesn't keep track of the struct's size we enumerate. W2K doesn'tJean-François Micouleau1-71/+76
calculate them and always reply a size of 32 bytes whereas NT4 did the maths. Anyway, it looks like the clients don't complain. in query_dom_info() at level 2, return the real number of users and groups. That's the fix to the W95/98 userlist bug ! as W95/98 does a query_dom_info(2) followed by a query_disp_info(4) on the SAME context handle (err we call it an lsa policy handle ! plain wrong name), I was tempted to keep the snapshoot in memory, to prevent 2 full user db enumerations in a row and just have one shared. But if some client does the 2 calls on two different handles, we would have 2 copies in memory not free'ed before the samr_close(). We still have too many fixed constant and too many magic values in that code. And btw, I really hates how the sequence number is generated ! J.F. (This used to be commit c0178e1a03f8225e5b350feb8fcbfb02f43327b4)
2001-12-21Fixup some DEBUG statements (0 -> 10).Jeremy Allison1-3/+3
Jeremy. (This used to be commit bf65331cb49299189d35ad5834167ec24b3a1ecb)
2001-12-21Use pdb_free_sam() to free a SAM_ACCOUNT struct, not safe_free(). ThereJeremy Allison1-1/+1
are pointers withing the SAM_ACCOUNT struct that also need freeing. Jeremy. (This used to be commit a7d099cc75f813b4010a5f313c3fa6e6e8284b6d)
2001-12-21re-done all of samr_query_disp_info()Jean-François Micouleau1-86/+310
instead of enumerating the whole user db or group db every time, we store a in memory copy linked to the handle. that's much faster for large enumeration where the db can't fit in a single rpc packet. And as it's a copy, it's constant between enumeration. still some stuff to clean. But now I can fix the W95 userlist bug, as I've finally found it. J.F. (This used to be commit 3ab45215369e8e93d750f4687e9c1f7d47782590)
2001-12-21Add an output parameter to message_send_all that says how manyMartin Pool3-5/+8
messages were sent, so you know how many replies to expect. Const and doc religion. (This used to be commit 22e510ea0d69356be4fd2fa5ad9e9f4e84f62337)
2001-12-19added info level 1 to samr_query_alias()Jean-François Micouleau1-0/+5
(This used to be commit 589aa4fe226ee5bdae0a244631193714b0b556ac)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-1/+2
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-18Fixed bad args to debug statements.Tim Potter1-3/+3
(This used to be commit 5e0f0716ca9826de110fd9eeaf231970e7c19b42)
2001-12-18I'm pretty sure we need to return our netbios name for LSA_QUERY_INFOJeremy Allison1-1/+1
level 5 when we're a standalone server. This makes the security dialogs return correct info. JF - please check ! Jeremy. (This used to be commit dd13daf52bc96637ef3d40920cbd3bcadb7e08f5)
2001-12-18in lsa_query_info at level 5 in member mode, we must reply our machineJean-François Micouleau1-1/+1
name and not our domain name. I thought it has been already fixed ! J.F. (This used to be commit 1fbb01868b489c896ad1c65ded223999b0ee6013)
2001-12-17there is no unknown field in LSA_SEC_QOSJean-François Micouleau1-67/+208
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the length fields are not correct but that's what NT send. We don't anymore underflow or overflow the decoding. added the domain admins group to the default SD. we are now checking the desired access flag in the lsa_open_policy_X() calls and in most functions also. J.F. (This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
2001-12-14ChangeID fixe from APPLIANCE_HEADGerald Carter1-0/+5
(This used to be commit 096d06a961e3a3e6f6952754875b83558448f449)
2001-12-14add lsa_query_secobj server code. level 4 is the ACL, level 1 is theJean-François Micouleau2-0/+101
owner. that's basic stuff. got the POLICY_ define from TNG but they are also in an include file in the NT SDK. J.F. (This used to be commit 84289a9bf42847981926e198ad36c050904fa9ed)
2001-12-14FALSE -> FalseTim Potter1-1/+1
(This used to be commit dbdbf7cd077a8a20610ee2c62240170b420ebe6c)
2001-12-13merge from appliance_headGerald Carter1-0/+4
(This used to be commit 423554fd71b3c9718fc3a21006da9ce6371fc845)
2001-12-10added info level 3 to samrgetgroupinfo. I don't know what the value is.Jean-François Micouleau1-12/+164
It's just to keep usermanager happy ;-) clean up a bit samr_query_aliasinfo to return the group description added: samr_del_aliasmem, samr_del_groupmem and samr_del_domuser with the correct scripts, you can now entirely manage the users from usermanager ! Closer to full PDC every day ;-) J.F. (This used to be commit 0a727afc669704cda9b44d44dbac9e989e906ae3)
2001-12-10Added client and server code for the GetPrintProcessorDirectory SPOOLSSTim Potter2-1/+125
rpc. This was supposed to fix a printer driver download bug but it didn't but it seemed a shame to trash all this code so I'm commiting it #ifdef'ed out in case someone needs it one day. (This used to be commit bef43656471741c6c10b12e7516c15de9ae76394)
2001-12-08small comment I don't want to loose.Jean-François Micouleau1-0/+5
J.F. (This used to be commit a0b5ae58228d01ff5099180f16ffba4353bd28a7)
2001-12-08Fix domain logon that I broke 3 days ago.Jean-François Micouleau1-1/+4
And it's in sync with the docs, %U is really replaced by the name the user asked. Whereas in 2.2 that's false, %U is replaced by the name the user was mapped to. J.F. (This used to be commit 39f2b23347011acabe9dd3ab15025022da352b74)
2001-12-06again an intrusive patch:Jean-François Micouleau3-170/+67
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-12-05added samr_queryuseralias(). instead of returning BUILTIN_ALIAS_RID_USERS,Jean-François Micouleau2-16/+228
now return the alias correctly. time to look at the netlogon case. J.F. (This used to be commit 72ee1791084d09e73d8057e37ced4a79cecffb35)
2001-12-05fixed a return valueAndrew Tridgell1-0/+1
(This used to be commit 56bdb152d8617c0a36c0bc25c677a2d98bcb1328)
2001-12-05Use print_queue_length() by preference if we don't need a queueJeremy Allison1-21/+3
as it doesn't do a traversal. Jeremy. (This used to be commit 4bf4ee3f14a690592fa2e1b800fc0344522e6b30)
2001-12-05Improved efficiency of enumerating print queue's under a particularJeremy Allison1-9/+2
extreme condition... Jeremy. (This used to be commit 425bb0f40526b4eb17a3033892ca907b1d5293a4)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau3-90/+125
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-03added a tdb to store the account policy informations.Jean-François Micouleau1-87/+168
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
2001-12-02added queryuseraliases to rpcclientJean-François Micouleau1-0/+33
and some comments to the samr server code, to explain what we should return here. J.F. (This used to be commit 06cb20a46d9d9f8abf0d92ba4cfa4d23187ad715)
2001-12-02there was a bug in samr_lookup_names (my fault)Jean-François Micouleau1-42/+77
and added comments and some debugs. J.F. (This used to be commit 114eba496fa020a7f491eb549c91fb38ca34dabb)
2001-11-30merge from APPLIANCE_HEADGerald Carter1-16/+20
(This used to be commit f8b18b25944135c196c8134100f601e84c583382)
2001-11-30Check error returns.Jeremy Allison1-4/+12
Jeremy. (This used to be commit fc8638e89effb0ebf2e40cee8cd0d7467e49e2a8)
2001-11-30Gerald's fix.Jeremy Allison1-6/+2
Jeremy (This used to be commit b0c1fcfc8bae83788c7595931321833bf177ec4b)
2001-11-30Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter1-2/+2
definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-11-29Changed again how the privilege list is handled in the group mapping code.Jean-François Micouleau3-38/+329
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
2001-11-28merge from APPLIANCE_HEADGerald Carter1-12/+9
(This used to be commit c60aa6c06f376684b6d6d9a2c14305ca9f4657ef)
2001-11-28added samr_set_domain_info and samr_unknown_2E.Jean-François Micouleau2-0/+162
We now get the full account policy window in usermanager, and the framework to store all those values. I plan to add a TDB file to store them. oh, and found that the last value in a sam_unknown_info_12_inf struct is an uint16 and not a uint32. andrewb: you hardcoded the MAX_PASSWORD_AGE to 21 days. We can now turn it to a value setable in usermanager. J.F. (This used to be commit 99471d25693f6672d433b90a060378f6faad867f)
2001-11-27Added PRINTER_ALREADY_EXISTS error check from Gerry.Jeremy Allison1-3/+16
Jeremy (This used to be commit c7f1d3d6f776da8619f1221d38619d084ffb990b)
2001-11-26challange -> challengeTim Potter1-5/+6
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-25Unless the error is exactly NT_STATUS_OK, we might not have a server info, soAndrew Bartlett1-1/+1
we need to bail here. (This used to be commit ea0331354e5968aa0a25c0b12379a56c72d7946b)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett2-6/+28
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-24Kill off that crazy copy_sam_passwd(). You simply can't do that if theAndrew Bartlett1-24/+11
structre contains pointers (well not if you intend of free those pointers at some stage) There is no reason (given the new passdb interface) that you can't modify a SAM_ACCOUNT in any case. Andrew Bartlett (This used to be commit e8e73f7f0fcd86c8c2bfe3fc0b44ea2fd6570cc5)
2001-11-23Sorry. I broke the build, missed on open_directory call.Jeremy Allison1-2/+2
Jeremy. (This used to be commit fe288b14cc7f2bc6b8427438da672e7dd7812027)
2001-11-23return NO_MORE_ENTRIES in lsa_enum_trust_dom. UserManager is happier :-)Jean-François Micouleau1-1/+1
J.F. (This used to be commit 75ee50bbef531a1487c1f8b76b8e70627fbdbdf1)
2001-11-23Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau2-6/+8
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
2001-11-22added lsa_enum_sids to rpcclientJean-François Micouleau1-10/+20
fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22fixing enum_privs and get_dispname server code.Jean-François Micouleau1-20/+20
That works as expected now. J.F. (This used to be commit f2766932d693fc601b2c3e7853e61f751435ec3c)
2001-11-22add a command to rpcclient: enumprivsJean-François Micouleau1-1/+1
J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)