summaryrefslogtreecommitdiff
path: root/source4/rpc_server/samr
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4096: move the samdb code to source/dsdb/Stefan Metzmacher2-1029/+0
the idea is to have a directory service db layer which will be used by the ldap server, samr server, drsuapi server authentification... I plan to make different implementations of this interface possible - current default will be the current samdb code with sam.ldb - a compat implementation for samba3 (if someone wants to write one) - a new dsdb implementation which: - understands naming contexts (directory parrtitions) - do schema and acl checking checking - maintain objectGUID, timestamps and USN number, maybe linked attributes ('member' and 'memberOf' attributes) - store metadata on a attribute=value combination... metze (This used to be commit 893a8b8bca2f020fbbe6f469aaa8dd4478249eb8)
2007-10-10r3977: fixed the lmPwdHash change in the rpc server (we were not fetching theAndrew Tridgell1-1/+1
lm hash from the samdb, and thus not checking the verifier) fixed the client side to calculate the lm verifier based on the nt hash, not the lm hash (confirmed using w2k3) (This used to be commit 27e7fb3bafe4649359e2e68169b6f10fd4d2cc70)
2007-10-10r3953: the lm verifier key in passwoed ChangePasswordUser3 is based on the ntAndrew Tridgell1-1/+1
hash, not the lm hash (This used to be commit 8d4f0dc7d0745fc86fd43205b21d846acdc1d8c7)
2007-10-10r3952: added validation of the lm and nt verifiers to our server side ↵Andrew Tridgell1-2/+41
password change code. (This used to be commit f70e8f02d6164046781a5d63fa5c0b86b8ab8df9)
2007-10-10r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We nowAndrew Bartlett1-2/+2
verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher1-1/+1
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2007-10-10r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
2007-10-10r3804: Add more comparison tests in RPC-SAMSYNC.Andrew Bartlett2-8/+8
This compares values for the domain and for secrets. We still have some problems we need to sort out for secrets. Also rename a number of structures in samr.idl and netlogon.idl, to better express their consistancy. Andrew Bartlett (This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
2007-10-10r3788: give new accounts and groups a objectGUIDStefan Metzmacher1-16/+27
metze (This used to be commit 4839ea156fea95743127753c194fbc23ccf732fd)
2007-10-10r3783: - don't use make proto for ldb anymoreStefan Metzmacher3-1/+3
- split ldh.h out of samba's includes.h - make ldb_context and ldb_module private to the subsystem - use ltdb_ prefix for all ldb_tdb functions metze (This used to be commit f5ee40d6ce8224e280070975efc9911558fe675c)
2007-10-10r3724: Rename a number of structures, for better consistance between SAMR andAndrew Bartlett2-152/+152
NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2007-10-10r3468: split out dcerpc_server.hAndrew Tridgell2-0/+2
(This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell1-0/+1
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell2-4/+5
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell2-0/+2
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell3-0/+3
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3425: got rid of a bunch of cruft from rewrite.hAndrew Tridgell1-1/+1
(This used to be commit 3f902f8d851d32fa81d89ed61bfda6edaea00984)
2007-10-10r3080: Make the Samba4 SAMR server pass the new, nasty torture test (now thatAndrew Bartlett1-0/+14
SAMR_FIELD_PASSWORD has been split up). Andrew Bartlett (This used to be commit 5f2295a5fb422ad028e67b240e55206acefb48bd)
2007-10-10r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25.Andrew Bartlett1-0/+9
Andrew Bartlett (This used to be commit 51774a9bcad97686e5259ac8d753b3df58072622)
2007-10-10r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that theAndrew Tridgell1-78/+18
caller doesn't have to worry about the constraint of only opening a database a single time in a process. These wrappers will ensure that only a single open is done, and will auto-close when the last instance is gone. When you are finished with a database pointer, use talloc_free() to close it. note that this code does not take account of the threads process model, and does not yet take account of symlinks or hard links to tdb files. (This used to be commit 04e1171996612ddb15f84134cadded68f0d173b2)
2007-10-10r2792: got rid of talloc_ldb_alloc() and instead created talloc_realloc_fn(),Andrew Tridgell1-10/+10
so talloc now doesn't contain any ldb specific functions. allow NULL to be passed to a couple more talloc() functions (This used to be commit 1246f80d806fb5f63cfbf3879de6d546384552a8)
2007-10-10r2734: the samdb_destructor can be staticAndrew Tridgell1-1/+1
(This used to be commit feb63e74f923f2a50c6836e18a6c2bda39644e71)
2007-10-10r2680: switched the libcli/raw/ code over to use talloc_reference(), which ↵Andrew Tridgell1-2/+1
simplifies things quite a bit (This used to be commit c82a9cf750829c4f6982ca3133295c8599023c4e)
2007-10-10r2675: added a convenience functionAndrew Tridgell1-47/+11
void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2007-10-10r2670: use a destructor to auto-close the samr ldb when the last userAndrew Tridgell1-15/+18
disconnects. Previously the ldb was always kept open. (This used to be commit d78eea9eb8540f137d30aef5fbb397295312eb1b)
2007-10-10r2628: got rid of some warnings and converted a few more places to use ↵Andrew Tridgell1-2/+2
hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2007-10-10r2592: this fixes one of the security memory leaks in the serverAndrew Tridgell1-1/+1
(This used to be commit efb2b88edddef94ecbaa9a871d457d0d7c177546)
2007-10-10r2537: Add static and use strlen_m instead of str_charnum().Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit f3bf57ca6be3b71ebd8f8312c3d9e54387bdc402)
2007-10-10r2458: Rename policy handle parameters for the SAMR pipe. Parameters nowTim Potter2-38/+38
have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-10/+8
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2282: Remove one more magic constant from the source, replace with sizeof().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a089bcf503bfc91eead08d10539367886b7927cd)
2007-10-10r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc ↵Andrew Tridgell1-10/+2
server (This used to be commit 3b4ed24f4ba467a77bef8d6c25695fdbdb42b2ac)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter1-1/+1
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2059: abartlet: is there a better way to fix this compiler warningStefan Metzmacher1-1/+1
(the same problem as in -r 2056) metze (This used to be commit 98e4b23d450892e1ff37c36e52aa56bdf5f260b9)
2007-10-10r2055: Add PRINTF_ATTRIBUTE to many more parts of the code, and a newAndrew Bartlett1-2/+2
--enable-developer warning for when they are missing. Andrew Bartlett (This used to be commit 8115e44d47bcd65edba08d10117180ae508cdbc1)
2007-10-10r2051: switched the samdb over to using the new destructor and referenceAndrew Tridgell4-157/+74
count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-4/+4
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1335: NT_STATUS_INTERNAL_DB_CORRUPTIONStefan Metzmacher1-13/+13
should cause DEBUG(0,(...)); metze (This used to be commit 80851e67783a9c3c8bdd7f2b52e0b46dd7b18d05)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-3/+8
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1270: Start to break samdb into general bits so we can share code with otherTim Potter1-39/+13
similar dbs. (This used to be commit 1162e2fcff177cbbe84506efea0f79f68ecb233c)
2007-10-10r1268: varient -> variantTim Potter1-2/+2
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
2007-10-10r1235: as the pidl code init all output data.Stefan Metzmacher1-1/+1
we should do it manualy too. metze (This used to be commit d3b80fd40a07575c18593523070986b7aed6de92)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-2/+14
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1060: check for an invalid session key in samr_set_password()Andrew Tridgell1-0/+5
(This used to be commit 5a90187c2cb7521cb7931355e5cf2f11d55a4ad0)
2007-10-10r1028: More consistancy fixes, which should also fix the build.Andrew Bartlett1-12/+12
Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2007-10-10r1025: Rename (across the samr and netlogon pipes, so far)Andrew Bartlett3-45/+50
pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2007-10-10r1016: - store the schannel session key after it is establishedAndrew Tridgell1-19/+11
- move to a centralised way of handling talloc/ldb interaction (This used to be commit 2b9b752875ba5e03e82f40e31f26bc1f245b3825)
2007-10-10r1013: WE NEED ALWAYS TO INIT THE OUTPUT VARS!Stefan Metzmacher1-0/+2
in rpc server code! add missing ZERO_STRUCT(r->out.info); in samr_GetDomPwInfo metze (This used to be commit e21f8a343022424097ff53cd8d5e16ac46fff772)
2007-10-10r1009: Make all users of NT and LM passwords use the samr_Password structure.Andrew Bartlett2-37/+48
This includes the netlogon pipe, for the machine account password change system. Andrew Bartlett (This used to be commit 49d545a82057ee8b60d50aa55e908efe59875150)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-4/+4
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)