summaryrefslogtreecommitdiffstats
path: root/source3/rpc_client
Commit message (Collapse)AuthorAgeFilesLines
* r269: Patch from Krischan Jodies <kj@sernet.de>: Implement 'net rpc group ↵Volker Lendecke2007-10-101-0/+92
| | | | | | | delete'. Volker (This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
* r196: merging struct uuid from trunkGerald Carter2007-10-101-2/+2
| | | | (This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
* r39: * importing .cvsignore filesGerald Carter2007-10-101-3/+0
| | | | | * updateing WHATSNEW with vl's change (This used to be commit a7e2730ec4389e0c249886a8bfe1ee14c5abac41)
* Implement NETLOGON GetDCName client side. You can ask a DC for the name ofVolker Lendecke2004-04-021-0/+49
| | | | | | | a DC it trusts. Volker (This used to be commit ae6840320ff47827c2817549fe3133a57e3fe77f)
* Ensure we correctly set cli->nt_pipe_fnum on failure to correctly open theAndrew Bartlett2004-03-271-0/+2
| | | | | | | NT session. Andrew Bartlett (This used to be commit 01fff20e6e0212e9f70a5a66c3e46f7079b342f1)
* remove unused variableGerald Carter2004-03-221-2/+0
| | | | (This used to be commit 170c443b19604c3ec997ae494954c473e356e59d)
* missed some of Derrel's changesGerald Carter2004-03-191-1/+1
| | | | (This used to be commit 3aac1e549eaf4693ded84be432a2c94b6331ef6d)
* asu/syntax/pc_netlink doesn't fill in the pipe name in the rpc_bind response ↵Gerald Carter2004-03-171-0/+2
| | | | | | so dont check for it (This used to be commit 4d68d3d5ddeda9589f2e3387144fdac616bb791f)
* Add 'net rpc group [add|del]mem' for domain groups and aliases.Volker Lendecke2004-02-282-0/+277
| | | | | Volker (This used to be commit e597420421e085b17dcdc062c5900518d0d4e685)
* Add 'net rpc group add'. For this parse_samr.c had to be changed: TheVolker Lendecke2004-02-241-0/+93
| | | | | | | | | group_info4 in set_dom_group_info also has the level in the record itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can still create a domain group on a samba machine. Volker (This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
* This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett2004-01-261-0/+90
| | | | | | | | | | | As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
* BUG 972; check pointer in cli_ds_getprimarydominfo() before trying to copy a ↵Gerald Carter2004-01-151-1/+1
| | | | | | structure (This used to be commit 1c15bfacb45d42873f3d7e7cb55ba2cbbbe33d26)
* fix segfault when sid_ptr == 0 in DsEnumDomainTrusts() replyGerald Carter2004-01-081-3/+3
| | | | (This used to be commit ba9dc0d9fd3e30a7ddf97b6a4df753db7ba12cc1)
* This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett2004-01-081-40/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
* Correctly handle per-pipe NTLMSSP inside a NULL session. Previously weAndrew Bartlett2004-01-051-5/+12
| | | | | | | | would attempt to supply a password to the 'inside' NTLMSSP, which the remote side naturally rejected. Andrew Bartlett (This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4)
* rpc_client/cli_lsarpc.c:Andrew Bartlett2004-01-052-8/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Cleanup function for use nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)
* Do not add NTLM2 to the NTLMSSP flags unconditionally - allow theAndrew Bartlett2003-11-251-8/+4
| | | | | | | | | | | | defaults specified by the caller to prevail. Don't use NTLM2 for RPC pipes, until we know how it works in signing or sealing. Call ntlmssp_sign_init() unconditionally in the client - we setup the session key, why not setup the rest of the data. Andrew Bartlett (This used to be commit 48123f7e42c3fde85887de23c80ceee04c2f6281)
* strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in ↵Gerald Carter2003-11-241-2/+2
| | | | | | check_bind_response() (This used to be commit 5e062f72baad6f7a70f1a3c8cf190535ccacc89e)
* Add support for variable-length session keys in our client code.Andrew Bartlett2003-11-221-6/+6
| | | | | | | | | | | | | | This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
* Changes all over the shop, but all towards:Andrew Bartlett2003-11-223-19/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
* This fixes a bug when establishing trust against a german W2k3 AD server. InVolker Lendecke2003-11-171-1/+2
| | | | | | | | | the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at all, so making it a bit more liberal should hopefully not really hurt. Volker (This used to be commit 029dcb351bcfab70ed0afa4acf4bd64316bfd757)
* This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User2003-10-241-0/+104
|\ | | | | | | used to be commit e569418861a867437cd5e2cce87ad82e752da3fb)
| * New files for support of initshutdown pipe. Win2k doesn't respond properlyJim McDonough2003-10-241-0/+104
| | | | | | | | | | | | | | to all requests on the winreg pipe, so we need to handle this new pipe. First part of fix for bug #534 (This used to be commit 532fab74c12d8c55872c2bad2abead2647f919d7)
| * Merge from 3_0:Volker Lendecke2003-10-221-0/+1
| | | | | | | | | | | | | | | | | | In cli_lsa_lookup_sids don't leave the domain field uninitialized if some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 198b01fc54ce7a5beeddc680b30da291639b4eda)
| * Merge Volker's fix.Jeremy Allison2003-10-201-0/+6
| | | | | | | | | | | | | | It's a perfectly valid condition to have zero alias members. Jeremy. (This used to be commit aa7fb71357921c9d1fa1d32e5eaff912428e4fdf)
| * Add client side code to do endpoint map queries. Currently does oneJim McDonough2003-10-181-0/+61
| | | | | | | | | | fixed query. Updates to come soon. (This used to be commit 3ca8240affba20bb26749354f59b83799b4f1e44)
| * split some security related functions in their own files.Simo Sorce2003-10-061-3/+3
| | | | | | | | | | | | | | (no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
| * commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter2003-10-011-17/+12
| | | | | | | | | | | | clientspreviously joined to the Samba domain (This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
| * Merge from 3.0:Tim Potter2003-09-291-8/+8
| | | | | | | | | | | | | | | | >Fix for #480. Change the interface for init_unistr2 to not take a length >but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. >This is not the case. Count it after conversion. >Jeremy. (This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
| * fix some warnings found by the Sun C compilerGerald Carter2003-09-221-1/+1
| | | | | | | | (This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
| * sync 3.0 into HEAD for the last timeGerald Carter2003-09-093-31/+25
| | | | | | | | (This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
| * port latest changes from SAMBA_3_0 treeSimo Sorce2003-08-025-21/+127
| | | | | | | | (This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
| * fix the build. Ifdef out some codeGerald Carter2003-07-171-0/+3
| | | | | | | | (This used to be commit e66541d0e1befec5d589890994454dd639ea0665)
| * trying to get HEAD building again. If you want the codeGerald Carter2003-07-165-628/+630
| | | | | | | | | | prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
| * Merge: clarify secure channel connection comment.Tim Potter2003-05-161-4/+4
| | | | | | | | (This used to be commit dd063a298f9d5244d7b79c029c563b4d966019c1)
| * Fixes from Ronan Waide <waider@waider.ie> for large RPC writes.Jeremy Allison2003-04-281-2/+2
| | | | | | | | | | Jeremy. (This used to be commit 30512b7d3ea3470e4aca08638a5c0ea14791a6e7)
| * Minor cleanup of enum domain groups/aliases:Tim Potter2003-04-251-12/+18
| | | | | | | | | | | | | | | | | | | | | | - return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a talloc fails - don't try and tallocate memory when the number of entries returned was zero - rename some cut&pasted variable names in enum domain aliases function (This used to be commit cb94b2b2d141c3df1209b2b389b0cd6752ac2b6b)
| * Always initialise this, to assist callers doing loops over this call.Andrew Bartlett2003-04-221-0/+3
| | | | | | | | | | Andrew Bartlett (This used to be commit 6da9fd157b4e61fe72f569e4657166ca9d9ab6dc)
| * Fixes to make SCHANNEL work against a W2K DC. Still need to fixJeremy Allison2003-04-161-13/+24
| | | | | | | | | | | | multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC. Jeremy. (This used to be commit ec82e8e9f4a6bf807a91ac265af39a516c7ab631)
| * Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett2003-04-161-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
| * Removed unused variables.Tim Potter2003-04-141-2/+0
| | | | | | | | (This used to be commit 27a608d6a337e772dce114d73e45f6d0bf3148b4)
| * Fixed incorrect argument to debug.Tim Potter2003-04-141-1/+1
| | | | | | | | (This used to be commit a4704754d912e1f704f574b733257bbcb3976141)
* | In cli_lsa_lookup_sids don't leave the domain field uninitialized ifVolker Lendecke2003-10-221-0/+1
| | | | | | | | | | | | | | | | some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 1337338522242a430b3c5655ffdff3f701fbfcce)
* | It's a perfectly valid condition to have zero alias members.Volker Lendecke2003-10-201-0/+6
| | | | | | | | | | Volker (This used to be commit ccdcd88732c99497fc563379df7837c35eba72be)
* | split some security related functions in their own files.Simo Sorce2003-10-061-3/+3
| | | | | | | | | | | | | | | | | | (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
* | commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter2003-10-011-17/+12
| | | | | | | | | | | | clientspreviously joined to the Samba domain (This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
* | Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison2003-09-251-8/+8
| | | | | | | | | | | | | | but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
* | fix some warnings found by the Sun C compilerGerald Carter2003-09-221-1/+1
| | | | | | | | (This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
* | - Fix the kerberos downgrade problem:Andrew Bartlett2003-08-192-14/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - When connecting to the NETOGON pipe, we make a call to auth2, in order to verify our identity. This call was being made with negotiation flags of 0x1ff. This caused our account to be downgraded. If we instead make the call with flags > 1ff (such as 0x701ff), then this does not occour. - This is *not* related to the use of kerberos for the CIFS-level connection My theory is that Win2k has a test to see if we are sending *exactly* what NT4 sent - setting any other flags seems to cause us to remain intact. Also ensure that we only have 'setup schannel' code in a few places, not scattered around cmd_netlogon too. Andrew Bartlett (This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
* | working on fix for BUG #294. Not done yet, but this at least clearsGerald Carter2003-08-191-2/+2
| | | | | | | | | | | | up some of the false positives in "rpcclient -c getdriver". Also make sure that we ask for version2 and 3 drivers on x86. (This used to be commit 5be51515680da910b623f486108d91f9ea914bd2)
generated by cgit (git 2.34.1) at 2024-10-03 19:29:58 +0000