1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

117 Commits

Author SHA1 Message Date
Andrew Bartlett
d0375cfd43 r11438: Move enum samr_RejectReason into misc.idl so I can use it in a global
prototype.

Andrew Bartlett
(This used to be commit a3abffc758)
2007-10-10 13:45:37 -05:00
Jelmer Vernooij
8d036f304e r11099: Replace unistr with [string] equivalent
(This used to be commit 6a8291c80e)
2007-10-10 13:44:49 -05:00
Andrew Tridgell
3eb52c6cd6 r9574: - made the sec_info fields in lsa and samr use a IDL bitmap
- fixed winreg_GetKeySecurity() to use a sec_info field correctly

- simplied the winreg torture code, removing the separate opens for
  each hive

- added torture cleanup code in winreg test

- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd)
2007-10-10 13:34:30 -05:00
Stefan Metzmacher
0b92507760 r8232: remove samr_String and netr_String as they are the same as lsa_String
metze
(This used to be commit e601042c07)
2007-10-10 13:19:22 -05:00
Andrew Bartlett
9a7481bcfe r7993: Further work on the Krb5 PAC.
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.

This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.

In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.

Also in this commit:

The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.

To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.

Andrew Bartlett
(This used to be commit e2015671c2)
2007-10-10 13:18:57 -05:00
Andrew Tridgell
7fc49243f3 r7870: fixed the RPC-SCHANNEL test. It turned out it was my const changes, as
they slightly changed the semantics of value() in pidl, which broke
a optimisation hack in some of our IDL files.

I've changed the idl files to remove the hack for now. Sometime we
need to find a better way to handle these :-)
(This used to be commit 765f75ea63)
2007-10-10 13:18:45 -05:00
Jelmer Vernooij
c420c5a4c4 r7552: Use ParseExpr() for [value] attributes; allows
us somewhat cleaner IDL.
(This used to be commit b7b01bccd1)
2007-10-10 13:18:07 -05:00
Jelmer Vernooij
50d2bf0066 r7029: Make array support in pidl similar to that in other IDL compilers. We should
now able to use constructions like these:

[size_is(20)] int *x; -> Pointer to array of 20 ints
[size_is(20)] int x[]; -> Array of 20 ints
[size_is(20)] int *x[]; -> Array of 20 pointers to ints
[size_is(20,)] int *x[] -> Array of 20 pointers to ints
[size_is(,20)] int *x[]; -> Pointer to array of 20 ints
[size_is(,20)] int **x; -> Pointer to pointer to array of 20 ints
[size_is(20)] int x[][30]; -> 20 blocks of 30 ints
(This used to be commit ecf583da71)
2007-10-10 13:17:07 -05:00
Jelmer Vernooij
e427f58622 r6973: Merge new version of pidl into the main SAMBA_4_0 branch.
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:

IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }

This makes the ndr_parser.pm internals much more sane.

Other changes include:

- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
  most other IDL compilers). This can be overridden using the
  default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
  is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
  useful for making sure IDL files work with other IDL compilers.

oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615)
2007-10-10 13:17:01 -05:00
Andrew Bartlett
bb6e2059ee r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.
Fill out the group list for the SamLogon reply, so clients get the
supplementary groups.

Andrew Bartlett
(This used to be commit d9c31e60a7)
2007-10-10 13:16:24 -05:00
Tim Potter
6bb0231229 r6325: Rename aliasname -> alias_name in CreateDomAlias function.
(This used to be commit 63dfa9b806)
2007-10-10 13:11:32 -05:00
Andrew Bartlett
5aa2646be8 r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
Andrew Bartlett
(This used to be commit 7822101cb5)
2007-10-10 13:11:06 -05:00
Andrew Bartlett
d830fcd7d1 r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
the SAMR server.

Andrew Bartlett
(This used to be commit fd748f9d2f)
2007-10-10 13:11:03 -05:00
Jelmer Vernooij
ffae01d432 r5672: Use switch_type() and the token storage mechanism for unions:
- Makes union handling less special
 - Allows unions in arrays, etc
 - Compatible with midl
 - Pidl will warn about switch_type() and the type of the switch_is() variable being different
(This used to be commit dc6b4ffc82)
2007-10-10 13:10:58 -05:00
Jelmer Vernooij
631aa1f0ef r5661: Be a little stricter on syntax regarding arrays. A pointer to an
array can now only be :

 type *name[];

rather then :

 type *name;

which was supported in the past. Warnings will be given when the first
syntax is used. Reasons for this change in behaviour include improved
readability and the fact that the second format makes dealing with multiple
levels of pointers harder.
(This used to be commit a416de5825)
2007-10-10 13:10:57 -05:00
Tim Potter
abc28d66e9 r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'.
(This used to be commit 6749b9404d)
2007-10-10 13:09:46 -05:00
Andrew Tridgell
465e089dd3 r5080: patch from ronnie to make our samr IDL a little more consistent
(This used to be commit 7607ddda3f)
2007-10-10 13:09:20 -05:00
Andrew Tridgell
1e42cacf6a r5036: changed HYPER_T to the more standard "hyper"
(This used to be commit 1d1a9c11ee)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
3dd17f1288 r5034: - added a type mapping function in pidl, so the type names in our IDL
files don't need to match the type names in the generated headers

- with this type mapping we no longer need definitions for the
  deprecated "int32", "uint8" etc form of types. We can now force
  everyone to use the standard types int32_t, uint8_t etc.

- fixed all the code that used the deprecated types

- converted the IDL types "int64" and "uint64" to "dlong" and
  "udlong". These are the 4 byte aligned 64 bit integers that
  Microsoft internally define as two 32 bit integers in a
  structure. After discussions with Ronnie Sahlberg we decided that
  calling these "int64" was confusing, as it implied a true 8 byte
  aligned type

- fixed all the cases where we incorrectly used things like
  "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for
  those. The fact that it is hyper-aligned on the wire is not relevant
  to the API, and should remain just a IDL property
(This used to be commit f86521677d)
2007-10-10 13:09:15 -05:00
Tim Potter
9eea1eb94f r5005: Add missing size specifiers to various bitmaps.
(This used to be commit 19a907cb58)
2007-10-10 13:09:12 -05:00
Stefan Metzmacher
894b6890b4 r4705: use an enum for reject_reason
metze
(This used to be commit 57bf3d7a83)
2007-10-10 13:08:45 -05:00
Stefan Metzmacher
516dbfd5ed r4702: implment idl, torture test and server code for netr_ServerPasswordSet2()
metze
(This used to be commit 7d8ba92da2)
2007-10-10 13:08:45 -05:00
Stefan Metzmacher
fd4831f1f0 r4650: - make more use of bitmap and enum's
- move some structs out of misc.idl

metze
(This used to be commit b6543a6e30)
2007-10-10 13:08:39 -05:00
Stefan Metzmacher
1ec6416a35 r4568: make use of SidType and move it to lsa.idl
metze
(This used to be commit c2523adc0a)
2007-10-10 13:08:28 -05:00
Stefan Metzmacher
678038a0f2 r4552: use samr_AcctFlags in netlogon.idl
metze
(This used to be commit 3e224575e5)
2007-10-10 13:08:26 -05:00
Stefan Metzmacher
895bc15672 r4542: use bitmap for samr_FieldsPresent and samr_AcctFlags
metze
(This used to be commit 109c91650a)
2007-10-10 13:08:20 -05:00
Stefan Metzmacher
a4fc930235 r4532: - rename bitmap -> bits
the next commit is support for typedef bitmap {...}; in pidl

metze
(This used to be commit bd06a85cb7)
2007-10-10 13:08:19 -05:00
Andrew Tridgell
d9ab65a8b4 r4524: converted a few bits of samr.idl to use enum properly
(This used to be commit 82313fb79e)
2007-10-10 13:08:18 -05:00
Volker Lendecke
62a32a2e62 r4392: Fix samr_GetAliasMembership idl
(This used to be commit b0b9332519)
2007-10-10 13:07:42 -05:00
Volker Lendecke
2333ea56f3 r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL
for samr_SetAliasInfo.

Volker
(This used to be commit d70e237190)
2007-10-10 13:07:39 -05:00
Andrew Bartlett
5d35fe6f71 r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We now
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.

Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.

Andrew Bartlett
(This used to be commit 39ae5e1dac)
2007-10-10 13:06:01 -05:00
Stefan Metzmacher
856ee66537 r3810: create a LIB_SECURITY subsystem
- move dom_sid, security_descriptor, security_* funtions to one place
  and rename some of them

metze
(This used to be commit b620bdd672)
2007-10-10 13:05:56 -05:00
Andrew Bartlett
5ad5c6cc70 r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC.
Andrew Bartlett
(This used to be commit 90398fda41)
2007-10-10 13:05:56 -05:00
Andrew Bartlett
9aec081fd9 r3804: Add more comparison tests in RPC-SAMSYNC.
This compares values for the domain and for secrets.  We still have
some problems we need to sort out for secrets.

Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.

Andrew Bartlett
(This used to be commit 3f52fa3a42)
2007-10-10 13:05:55 -05:00
Andrew Bartlett
50916c8f2f r3724: Rename a number of structures, for better consistance between SAMR and
NETLOGON.

In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).

Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.

Andrew Bartlett
(This used to be commit 9cd666bcfb)
2007-10-10 13:05:47 -05:00
Andrew Tridgell
edbfc0f6e7 r3453: - split out the auth and popt includes
- tidied up some of the system includes

- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
  knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
2007-10-10 13:05:13 -05:00
Andrew Tridgell
90067934cd r3428: switched to using minimal includes for the auto-generated RPC code.
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.

This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8)
2007-10-10 13:05:09 -05:00
Andrew Tridgell
2bf6dff983 r3283: converted to quoted uuid() defines in all our IDL. This should help
the build on systems like solaris with the SunPRO compiler
(This used to be commit fe913ad11b)
2007-10-10 13:04:50 -05:00
Jelmer Vernooij
40c5a1d99f r3162: Add client-side support for the ncalrpc: and ncacn_unix_stream: transports.
ncalrpc uses the new config option "ncalrpc dir" for creating unix sockets.
(This used to be commit b15cfbe251)
2007-10-10 13:02:27 -05:00
Andrew Bartlett
1ee3a7419e r3074: Add in a new 'field present' flag samr.idl for the Account Flags
field.  Add torture test for setting this feild - including all the
odd cases (not all the flags 'stick', and not others cannot be
removed).

Seperate the two 'password change' flags, and test them both in the
torture code.

Check that the password did change after every password set call.

Andrew Bartlett
(This used to be commit 3759128bd3)
2007-10-10 13:01:56 -05:00
Jelmer Vernooij
31403d548e r3043: Use binding strings for specifying endpoints. The property for
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The
default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]",
where ifacename is the name of the interface.

Examples:

[
  uuid(60a15ec5-4de8-11d7-a637-005056a20182),
  endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:")
]
interface rpcecho
{
	void dummy();
}

dcerpc_binding is now converted to ep_description in the server, but I hope to
completely eliminate ep_description later on.

The eventual goal of all these changes is to make it easier to add
 transports as I'm going to add support for
 ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets).
(This used to be commit f3da7c8b44)
2007-10-10 13:01:53 -05:00
Andrew Tridgell
2475863ce7 r2950: 0x40000 is clearer than 262144
(This used to be commit c17d9254d4)
2007-10-10 12:59:51 -05:00
Andrew Tridgell
7c9e113f1d r2949: added some range checks in samr.idl
(This used to be commit 8921e34f98)
2007-10-10 12:59:50 -05:00
Andrew Tridgell
ed6a5a1e0e r2833: - added a call to SamrQueryGroupMember for every group, and fix the
IDL so this works (the previous IDL was bogus)

- changed a hyper to uint64 after looking at output on cascade on sparc
(This used to be commit db1ed5675a)
2007-10-10 12:59:37 -05:00
Tim Potter
cde8c60e88 r2489: Rename account_flags in EnumDomainAliases() to acct_flags.
(This used to be commit a0e571a9dd)
2007-10-10 12:58:57 -05:00
Tim Potter
0e71bf8148 r2458: Rename policy handle parameters for the SAMR pipe. Parameters now
have the handle type implied by the parameter name.  There are four
types of handle: connect, domain, user and group handles.  The
various samr_Connect functions return a connect handle, and the
samr_OpenFoo functions return a foo handle.

There is one exception - the samr_{Get,Set}Security function can
take any type of handle.

Fix up all C callers.
(This used to be commit 32f0f3154a)
2007-10-10 12:58:55 -05:00
Andrew Bartlett
5b04ca8080 r1025: Rename (across the samr and netlogon pipes, so far)
pwd -> password
passwd -> password

username -> account_name

Also work on consistant structure feild names between these two pipes,
and fix up some callers to use samr_Password for the netlogon
credential code.

Andrew Bartlett
(This used to be commit 4e35418c27)
2007-10-10 12:56:30 -05:00
Andrew Bartlett
9eb6afb00d r1009: Make all users of NT and LM passwords use the samr_Password structure.
This includes the netlogon pipe, for the machine account password
change system.

Andrew Bartlett
(This used to be commit 49d545a820)
2007-10-10 12:56:26 -05:00
Volker Lendecke
63990406ae r963: Tridge, according to ethereal this is an 'Acct Ctrl' field. My tests also
indicate this although I could not find any consistent pattern.

I found this as 'net rpc group list local' in Samba3 sets this to 250 and only
gets a fixed, but incomplete list of groups out of W2k3.

I tried to correlate the results I got from w2k3 with the LDAP contents of the
corresponding entries, but I could not find anything. Ethereal only decodes
the lower byte, but to get all it seems necessary to have 0xffff here.

If you have time, could you might want to spend some of it decoding the bits
for SAMR completeness....

Volker
(This used to be commit 74e59c4560)
2007-10-10 12:56:23 -05:00
Andrew Tridgell
d9538e7412 r937: - added a simple QuerySecurity implementation in samr server
- moved some sec desc defines into misc.idl

 - fixed pw_len field in UserInfo26

 - made some pipes available on TCP

 - added netr_DsrEnumerateDomainTrusts() to netlogon

 - added templates for remaining netlogon IDL calls (from ethereal)

 - added a unistr_noterm vs unistr error detector in ndr basic decoder

 - added torture test for netr_DsrEnumerateDomainTrusts()
(This used to be commit ae5a5113fb)
2007-10-10 12:56:20 -05:00