summaryrefslogtreecommitdiffstats
path: root/source3/rpc_server
Commit message (Collapse)AuthorAgeFilesLines
* remerge andrew's cracklib patch from HEAD and fix a compile warningsGerald Carter2004-02-021-3/+14
| | | | (This used to be commit b60f6ec30d05e4e5bba9934a416ddc8bc089824f)
* Fix up name canonicalization (needed for krb5 keytab support later).Jeremy Allison2004-01-303-4/+4
| | | | | | Remove source_env handler (no longer used in any codepath). Jeremy. (This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
* This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett2004-01-261-2/+2
| | | | | | | | | | | As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
* Bug 381: check builtin (not local) group SID. Patch from Jianliang Lu ↵Gerald Carter2004-01-151-1/+1
| | | | | | <j.lu@tiesse.com> (This used to be commit 2fd2c07df42df42103e81f5eb39bd1778de6ca0a)
* revert the cracklib changes until post 3.0.2Gerald Carter2004-01-141-14/+3
| | | | (This used to be commit 6202e0fa727a4307f51bf42f5ced401a7c7b8214)
* First stab at cracklib support (password quality checking) in Samba 3.0Andrew Bartlett2004-01-121-3/+14
| | | | | | | | | | This adds a configure test, that tries to find out if we have a working cracklib installation, and tries to pick up the debian hints on where the dictionary might be found. Default is per my Fedora Core 1 system - I'm not sure how much it changes. Andrew Bartlett (This used to be commit bc770edb788f0b6f719011cda683f045b76b7ba5)
* fix some warnings from the Sun compilerGerald Carter2004-01-091-1/+1
| | | | (This used to be commit ebabf72a78f0165521268b73e0fcabe1ea7834fd)
* Match Win2k, and return NT_STATUS_INVALID_PARAMETERAndrew Bartlett2004-01-021-2/+2
| | | | | | | if this parameter is not an account type Andrew Bartlett (This used to be commit faddf5d8f9821176f4367caaf61844980df9f79c)
* JHT came up with a nasty (broken) torture case in preparing examples forAndrew Bartlett2004-01-021-99/+50
| | | | | | | | | | | | | his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
* make sure we delete the group mapping before calling the delete group ↵Gerald Carter2003-12-161-2/+4
| | | | | | script; patch from Jianliang Lu <j.lu@tiesse.com> (This used to be commit 19a8dd523a4ee50ba9066efd60a29cf3ba9ae419)
* Fix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail ↵Gerald Carter2003-12-101-1/+1
| | | | | | on local files on on domain members; bug 875 (This used to be commit c6594e35573186966a4d57404f1c06b98670db06)
* more group lookup access fixes on the neverending bug 281Gerald Carter2003-12-102-11/+10
| | | | (This used to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)
* fix process_incoming_data() to return the number of bytes handled this call ↵Gerald Carter2003-12-041-1/+3
| | | | | | whether we have a complete pdu or not; fixes bug with multiple pdu request rpc's broken over SMBwriteX calls each (This used to be commit ff06f3ca8e597d093b8a76b5cfabfa6009f4b591)
* * fix RemoveSidForeignDomain() ; bug 252Gerald Carter2003-12-043-57/+92
| | | | | | | | * don't fall back to unmapped UNIX group for get_local_group_from_sid() * remove an extra become/unbecome_root() pair from group enumeration (This used to be commit da12bbdb0dd9179b1ed457fa009679e2da4a8440)
* Match Win2k and return 'invalid parameter' for creating of a new account withAndrew Bartlett2003-12-021-0/+6
| | | | | | | account flags of 0. Andrew Bartlett (This used to be commit 601120f335b69e5b8a003038dfac00f3f234a5c1)
* Patch for #263 from jpjanosi@us.ibm.com.Jeremy Allison2003-11-251-1/+2
| | | | | Jeremy. (This used to be commit 0f2a50316d8245ea9c441f0ea08e1a0fd9a92583)
* more access fixes for group enumeration in LDAP; bug 281Gerald Carter2003-11-243-8/+24
| | | | (This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
* Add server-side support for variable-length session keys (as used byAndrew Bartlett2003-11-231-9/+6
| | | | | | | DES based krb5 logins). Andrew Bartlett (This used to be commit 240b0d178e1b4a3556207bdf2e342c70155f64ee)
* Changes all over the shop, but all towards:Andrew Bartlett2003-11-224-13/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
* Correct fix for checking of '$' name termination.Jeremy Allison2003-11-191-3/+2
| | | | | Jeremy. (This used to be commit ec2339645283c9e489659a8892c317bb9f7610f0)
* * make sure we only enumerate group mapping entriesGerald Carter2003-11-171-135/+44
| | | | | | | | (not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
* * only install swat html files onceGerald Carter2003-11-071-3/+17
| | | | | | | | | | | * revert the change that prevent the guest account from being added to a passdb backend since it broke the build farm. * apply patch from Alex Deiter to fix the "smbldap_open: cannot access when not root error" messages when looking up group information (bug 281) (This used to be commit 9b8bf6a950186bd95abe952af4a7d35829b34ff8)
* Handle munged dial string. Patch from Aur?lien Degr?mont ↵Jeremy Allison2003-11-072-11/+86
| | | | | | | <adegremont@idealx.com>with memory leak fixes by me. Jeremy. (This used to be commit e591854eda8568ed1a4ad6b9de64e523c02b4392)
* Remove compleatly wrong comments. (There were correct, 2 years ago...)Andrew Bartlett2003-11-071-6/+0
| | | | | Andrew Bartlett (This used to be commit 256b85802e5820847fbad4305fcb0f5da2e51975)
* Fix typo in debug statement.Tim Potter2003-11-041-1/+1
| | | | (This used to be commit 66e5043553939be2b124bec8581f08b01fdf9c1e)
* Fix more 64-bit printf warnings.Tim Potter2003-11-032-3/+3
| | | | (This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
* Fix for bug #667. DFS filenames can now have arbitrary case.Jeremy Allison2003-10-281-19/+39
| | | | | Jeremy. (This used to be commit 74148111e16a863d5a33511e5b15632a736d7e99)
* Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problemsJeremy Allison2003-10-211-1/+2
| | | | | | when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
* split some security related functions in their own files.Simo Sorce2003-10-062-36/+36
| | | | | | | | | (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
* Portability fix from schmitz@hp.com (Joachim Schmitz) for bug #548.Jeremy Allison2003-10-021-1/+1
| | | | | Jeremy. (This used to be commit 6677eba28a1f2de11c36e3edc5b7d2854452bd04)
* commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter2003-10-011-11/+19
| | | | | | clientspreviously joined to the Samba domain (This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
* Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison2003-09-255-68/+58
| | | | | | | but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
* Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison2003-09-193-6/+6
| | | | | | | | me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
* The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison2003-09-181-8/+18
| | | | | | | | | | | | fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
* Patch from Gregory Hinton Nietsky <gregory@networksentry.co.za>,Jeremy Allison2003-09-151-1/+1
| | | | | | ensure the desired access is read from the incoming RPC request. Jeremy. (This used to be commit fdc5dda44f0190af4e4b0782cb2c5c7de3506d12)
* More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison2003-09-051-2/+2
| | | | | | as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
* getting rid of copmpiler warningGerald Carter2003-08-281-0/+2
| | | | (This used to be commit d3f5c5c22026b2e1e4f02617a823505ae88eab24)
* renaming some functions for consistencyGerald Carter2003-08-272-10/+10
| | | | (This used to be commit f4ca4aae8ad0496b76c710cf79c791724bdaa4ec)
* it never amazes me when some new things crawls out of the windowsGerald Carter2003-08-232-1/+7
| | | | | | | | | | | | | | | | | | | | | spooler. :-( When installing the Adobe PS driver onto a Samba printer via cupsaddsmb, I noticed a WIN2k client sending DeletePrinterData("DependentFiles") pver and over. I also noticed that we never checked to see if the value was valid. No now we do and return WERR_BADFILE which I think is correct. Next, I noticed that we never wrote the updated printer out to disk after a succesfully DeletePrinterData[Ex](). Finally, I found a driver (Canon BJC 1000 using the Adobe PS drivers and foomatic PPD file) that was destroying the device name string in the devmode. So now get_a_printer_2() always writes out the device name in \\server\share form. I think these changes might fix bug 294. (This used to be commit deb25780874b66e68ac597db24fbc50e7f7458b5)
* Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAINGerald Carter2003-08-202-21/+80
| | | | | call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
* Fix BUG #314: api_netUserGetGRoups() was failing prematurelyGerald Carter2003-08-192-2/+11
| | | | | | | | (also fixed the call to return the real groups and not a mocked up list) Fixed simple compiler warning in srv_lsa_ds.c (This used to be commit 6b0e38e01a44d87b844d973318accc456abef857)
* possible fix for bug 288 to repcent using an uninitialized cli_state structGerald Carter2003-08-151-0/+2
| | | | (This used to be commit d09dc91c024d718a8ddb6b7f08c7fe84716beda4)
* get rid of some sompiler warnings on IRIXHerb Lewis2003-08-154-20/+8
| | | | (This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
* return actual results instead of always OKHerb Lewis2003-08-151-2/+2
| | | | (This used to be commit 71469f3220e54959af13a395918c80273538b6ed)
* jeremy fooGerald Carter2003-08-141-1/+6
| | | | (This used to be commit 0b31f592df9aca952f978fd6f28c362a0bf02a53)
* fix buildGerald Carter2003-08-141-0/+2
| | | | (This used to be commit dd9cb6f820c2acf658eb081fb6ffc7e9b6b3c8d6)
* Attempt at fixing bug #283. There however is no solution.Gerald Carter2003-08-1413-109/+474
| | | | | | | | | | | | | | | | | | There is a workaround documented in the bug report. This patch does: * add server support for the LSA_DS UUID on the lsarpc pipe * store a list of context_ids/api_structs in the pipe_struct so that we don't have to lookup the function table for a pipe. We just match the context_id. Note that a dce/rpc alter_context does not destroy the previous context so it is possible to have multiple bindings active on the same pipe. Observed from standalone win2k sp4 client. * added server code for DsROleGetPrimaryDOmainInfo() but disabled it since it causes problems enumerating users and groups from a 2ksp4 domain member in a Samba domain. (This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
* fix bug #286.Gerald Carter2003-08-131-2/+17
| | | | | | | | | Fixed by storing the access requested on the anonymous samr connect. Restricted this to enum_domain|open_domain. Added become/unbecome_root() around pdb_enum_group_mapping() enum domain groups samr call. (This used to be commit 36fc199e5f573fea9b7e2c1cf01ad42744a42f08)
* Format tidyup.Jeremy Allison2003-08-081-4/+4
| | | | | Jeremy. (This used to be commit 049e77d636c5abd0fdd8840c3c4c465708354ed7)
* RPC fix from Ronan Waide <waider@waider.ie>. Tested with rpcecho.Jeremy Allison2003-08-081-1/+0
| | | | | Jeremy. (This used to be commit 68590b9e2266cf76b46a68cca0acaa47733811fe)
generated by cgit (git 2.34.1) at 2025-09-27 07:33:49 +0000