summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-10/+8
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2282: Remove one more magic constant from the source, replace with sizeof().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a089bcf503bfc91eead08d10539367886b7927cd)
2007-10-10r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc ↵Andrew Tridgell1-10/+2
server (This used to be commit 3b4ed24f4ba467a77bef8d6c25695fdbdb42b2ac)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-1/+1
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2059: abartlet: is there a better way to fix this compiler warningStefan Metzmacher1-1/+1
(the same problem as in -r 2056) metze (This used to be commit 98e4b23d450892e1ff37c36e52aa56bdf5f260b9)
2007-10-10r2055: Add PRINTF_ATTRIBUTE to many more parts of the code, and a newAndrew Bartlett1-2/+2
--enable-developer warning for when they are missing. Andrew Bartlett (This used to be commit 8115e44d47bcd65edba08d10117180ae508cdbc1)
2007-10-10r2051: switched the samdb over to using the new destructor and referenceAndrew Tridgell4-157/+74
count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-4/+4
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1335: NT_STATUS_INTERNAL_DB_CORRUPTIONStefan Metzmacher1-13/+13
should cause DEBUG(0,(...)); metze (This used to be commit 80851e67783a9c3c8bdd7f2b52e0b46dd7b18d05)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-3/+8
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1270: Start to break samdb into general bits so we can share code with otherTim Potter1-39/+13
similar dbs. (This used to be commit 1162e2fcff177cbbe84506efea0f79f68ecb233c)
2007-10-10r1268: varient -> variantTim Potter1-2/+2
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
2007-10-10r1235: as the pidl code init all output data.Stefan Metzmacher1-1/+1
we should do it manualy too. metze (This used to be commit d3b80fd40a07575c18593523070986b7aed6de92)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-2/+14
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1060: check for an invalid session key in samr_set_password()Andrew Tridgell1-0/+5
(This used to be commit 5a90187c2cb7521cb7931355e5cf2f11d55a4ad0)
2007-10-10r1028: More consistancy fixes, which should also fix the build.Andrew Bartlett1-12/+12
Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2007-10-10r1025: Rename (across the samr and netlogon pipes, so far)Andrew Bartlett3-45/+50
pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2007-10-10r1016: - store the schannel session key after it is establishedAndrew Tridgell1-19/+11
- move to a centralised way of handling talloc/ldb interaction (This used to be commit 2b9b752875ba5e03e82f40e31f26bc1f245b3825)
2007-10-10r1013: WE NEED ALWAYS TO INIT THE OUTPUT VARS!Stefan Metzmacher1-0/+2
in rpc server code! add missing ZERO_STRUCT(r->out.info); in samr_GetDomPwInfo metze (This used to be commit e21f8a343022424097ff53cd8d5e16ac46fff772)
2007-10-10r1009: Make all users of NT and LM passwords use the samr_Password structure.Andrew Bartlett2-37/+48
This includes the netlogon pipe, for the machine account password change system. Andrew Bartlett (This used to be commit 49d545a82057ee8b60d50aa55e908efe59875150)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-4/+4
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r937: - added a simple QuerySecurity implementation in samr serverAndrew Tridgell2-1/+28
- moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2007-10-10r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and serverAndrew Tridgell1-0/+22
- added lsa_OpenPolicy2() to server - added guid handling in samdb - added a couple more info policy levels in lsa server - added some DNS info in the provisioning template and script With the above changes WinXP professional can join a Samba4 domain (This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
2007-10-10r917: - added the start of a LSA server to samba4.Andrew Tridgell2-2/+78
- added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2007-10-10r904: - fixed account expiry testing in auth_samAndrew Tridgell1-8/+8
- added printf style format attribute checking to samdb varargs fns - fix nt_time_to_unix() for zero and -1 times (This used to be commit 41f9b144f9fe77e92f960bd11b1df397a63fd2d5)
2007-10-10r903: used samdb_result_passwords() in samr_ChangePasswordUser2() and fix ↵Andrew Tridgell1-16/+14
the error handling on a bad change. With this change WinXP can now successfully change the password on a Samba4 server via SAMR. After the change you can't login because the handling of much_change_time seems to be broken in the auth code, but that should be easy to fix. (This used to be commit 8feeecf30377e4699df26d1c5c02d24a8ab021be)
2007-10-10r901: w2k3 completely ignores the domain name argument to GetDomPwInfo,Andrew Tridgell1-5/+4
always returning the info for the primary domain. I noticed this because WinXP sends the wrong information in this field (it sends \\server_name) and gets away with it (This used to be commit e128bcca562960afe75bf14dd775113e1dd7b213)
2007-10-10r897: - user/group creation needs to create unique names across both theAndrew Tridgell2-2/+126
Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2007-10-10r896: - use andrews samdb_result_passwords() for the remaining password ↵Andrew Tridgell1-33/+39
change mechanisms - added samr_ChangePasswordUser2() (just a subset of samr_ChangePasswordUser3) (This used to be commit b5324a4b802e793a49a40a7d57f77f7410397bb3)
2007-10-10r890: convert samba4 to use [u]int8_t instead of [u]int8Stefan Metzmacher1-1/+1
metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher2-5/+5
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher5-29/+29
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r879: fixed a typo in the password fetch wrapperAndrew Tridgell1-1/+1
(This used to be commit c75b763f41cb6d9dde9497c4b7443fe89ab5d256)
2007-10-10r873: converted samba4 to use real 64 bit integers instead ofAndrew Tridgell3-48/+285
structures. This was suggested by metze recently. I checked on the build farm and all the machines we have support 64 bit ints, and support the LL suffix for 64 bit constants. I suspect some won't support strtoll() and related functions, so we will probably need replacements for those. (This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
2007-10-10r871: add a comment about how samdb_set_password() worksAndrew Tridgell1-0/+6
(This used to be commit 2fdf33c6e5f5666629adaf849b97fa4d4fd5968e)
2007-10-10r839: password set/change in the samr server is complex enough that itAndrew Tridgell4-529/+585
deserves its own C module (This used to be commit 2ba7ff824c32b3db037263ddcff9c876293ea284)
2007-10-10r812: added a new samdb_replace() call that simplifies the code in the main ↵Andrew Tridgell2-31/+27
samr server a bit. (This used to be commit 255d6e77e705bb7a94e6738c9f48f9d8c625883c)
2007-10-10r796: fixed samr_OemChangePasswordUser2() to replace attributes, not addAndrew Tridgell1-1/+6
(This used to be commit 24bbf9f1bcfddb5131769439bd139faef2c022e2)
2007-10-10r793: - don't make templates members of any class that would make them showAndrew Tridgell2-32/+255
up in searches like "objectclass=user" - auto-add the computer objectclass for computer accounts on create - added two types of password change call in samr server - reset last_fault_code before each dcerpc call (This used to be commit c1a65f83f6a4c51e60efd204dab89c20cda65d2b)
2007-10-10r789: we return wrong number of entriesSimo Sorce1-1/+1
(This used to be commit c0c1596dbdb1769c3f10c8299f61807497b1d38a)
2007-10-10r754: Implement the SetPassword operation on the netlogon pipe.Andrew Bartlett2-39/+67
This involves allowing the password set code in samdb to take an already hashed password, and some fixes to our torture code. Andrew Bartlett (This used to be commit f9f581b5804a20785df06cde157b23c952edc2ce)
2007-10-10r743: Start on a NETLOGON server in Samba4.Andrew Bartlett3-105/+308
Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2007-10-10r626: make the code a bit more readableStefan Metzmacher1-151/+151
metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2007-10-10r625: - handle passwords longer than length 14 (thanks to abartlet for ↵Andrew Tridgell2-44/+82
pointing out the bug) - delete unicodePwd if not storing a plaintext password (This used to be commit 6c3f22a685c55f183f4e0e4303e3d9990f4b39b5)
2007-10-10r623: setUserInfo level 24 (password set) now works in the SAMR server. This ↵Andrew Tridgell2-11/+332
includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2007-10-10r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo,Volker Lendecke1-50/+238
samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2007-10-10r608: - a couple of very minor fixes to the CreateGroup codeAndrew Tridgell2-11/+49
- added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2007-10-10r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2.Volker Lendecke2-12/+136
Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2007-10-10r601: added the server code for all the samr_SetUserInfo and ↵Andrew Tridgell2-17/+342
samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2007-10-10r596: log all ldb searches at level 4 in samdbAndrew Tridgell1-0/+2
(This used to be commit defaf0d817a7c207da59692245aa65bc30c9bd19)