diff options
author | Luke Leighton <lkcl@samba.org> | 1997-11-06 23:03:58 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1997-11-06 23:03:58 +0000 |
commit | bd529d7a83c35be233baca09bc79aa911ad443ce (patch) | |
tree | f6187ae5506640e8658998bb5b8cde68f6ec5530 /source3/smbd | |
parent | ec35f1c1cc363b84867fea49f6b2b5e3c0b9b889 (diff) | |
download | samba-bd529d7a83c35be233baca09bc79aa911ad443ce.tar.gz samba-bd529d7a83c35be233baca09bc79aa911ad443ce.tar.bz2 samba-bd529d7a83c35be233baca09bc79aa911ad443ce.zip |
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/ipc.c | 4 | ||||
-rw-r--r-- | source3/smbd/password.c | 3 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 4 | ||||
-rw-r--r-- | source3/smbd/reply.c | 14 | ||||
-rw-r--r-- | source3/smbd/server.c | 6 |
5 files changed, 24 insertions, 7 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 1943129ba6..ce14ccd9bc 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -144,7 +144,7 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); - align = (this_lparam%4); + align = (this_lparam%4)+1; set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); if (this_lparam) @@ -2872,7 +2872,9 @@ struct { #ifdef NTDOMAIN { "TransactNmPipe", "lsarpc", "lsass", 0x26, api_ntLsarpcTNP }, + { "TransactNmPipe", "samr", "lsass", 0x26, api_samrTNP }, { "TransactNmPipe", "srvsvc", "lsass", 0x26, api_srvsvcTNP }, + { "TransactNmPipe", "wkssvc", "ntsvcs", 0x26, api_wkssvcTNP }, { "TransactNmPipe", "NETLOGON", "NETLOGON", 0x26, api_netlogrpcTNP }, { NULL, NULL, NULL, -1, (BOOL (*)())api_Unsupported } #else diff --git a/source3/smbd/password.c b/source3/smbd/password.c index b759f68430..185fc68f5a 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -887,7 +887,8 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) return(False); } - smb_pass = get_smbpwnam(user); + /* non-null username indicates search by username not smb userid */ + smb_pass = get_smbpwd_entry(user, 0); if (!smb_pass) { DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 4a2e185cb4..e2f704e6af 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -57,6 +57,8 @@ char * known_pipes [] = #if NTDOMAIN "NETLOGON", "srvsvc", + "wkssvc", + "samr", #endif NULL }; @@ -139,6 +141,8 @@ int reply_pipe_close(char *inbuf,char *outbuf) int cnum = SVAL(inbuf,smb_tid); int outsize = set_message(outbuf,0,0,True); + DEBUG(5,("reply_pipe_close: pnum:%x cnum:%x\n", pnum, cnum)); + if (!close_rpc_pipe_hnd(pnum, cnum)) return(ERROR(ERRDOS,ERRbadfid)); return(outsize); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 46425861d4..e8d79b098c 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -498,7 +498,8 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) /* If name ends in $ then I think it's asking about whether a */ /* computer with that name (minus the $) has access. For now */ /* say yes to everything ending in $. */ - if (user[strlen(user) - 1] == '$') { + if (user[strlen(user) - 1] == '$') + { #ifdef NTDOMAIN struct smb_passwd *smb_pass; /* To check if machine account exists */ /* @@ -511,15 +512,18 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) a domain. This may be the source of future bugs if we cannot be sure whether to reject this or not. */ - smb_pass = get_smbpwnam(user); - if(smb_pass) + /* non-null user name indicates search by username not by smb userid */ + smb_pass = get_smbpwd_entry(user, 0); + + if (!smb_pass) { /* PAXX: This is the NO LOGON workstation trust account stuff */ - DEBUG(4,("Rejecting workstation trust account %s",user)); + DEBUG(4,("No Workstation trust account %s",user)); SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */ CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */ - return(ERROR(NT_STATUS_ALLOTTED_SPACE_EXCEEDED, 0xc000)); /* 0x99 NT error, 0xc00 */ + return(ERROR(NT_STATUS_LOGON_FAILURE, 0xc000)); /* 0x109 NT error, 0xc000 */ } + computer_id = True; #else /* not NTDOMAIN, leave this in. PAXX: Someone get rid of this */ user[strlen(user) - 1] = '\0'; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 3c128872e6..e4e5872035 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -4732,6 +4732,7 @@ int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) chain_size = 0; chain_fnum = -1; + reset_chain_pnum(); bzero(outbuf,smb_size); @@ -4943,6 +4944,11 @@ static void init_structs(void ) /* for RPC pipes */ init_rpc_pipe_hnd(); +#ifdef NTDOMAIN + /* for LSA handles */ + init_lsa_policy_hnd(); +#endif + init_dptrs(); } |