diff options
31 files changed, 2024 insertions, 1170 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index d6b959afdc..9282685bbf 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -36,9 +36,9 @@ INSTALLPERMS = 0755 # set these to where to find various files # These can be overridden by command line switches (see smbd(8)) # or in smb.conf (see smb.conf(5)) -SMBLOGFILE = $(VARDIR)/log.smb -LSARPCLOGFILE = $(VARDIR)/log.lsarpc -NMBLOGFILE = $(VARDIR)/log.nmb +LOGFILEBASE = $(VARDIR) +SMBLOGFILE = $(LOGFILEBASE)/log.smb +NMBLOGFILE = $(LOGFILEBASE)/log.nmb CONFIGFILE = $(LIBDIR)/smb.conf LMHOSTSFILE = $(LIBDIR)/lmhosts DRIVERFILE = $(LIBDIR)/printers.def @@ -83,7 +83,7 @@ FLAGS1 = $(CFLAGS) \ -I$(srcdir)/ubiqx \ -I$(srcdir)/smbwrapper \ $(CPPFLAGS) \ - -DLSARPCLOGFILE=\"$(LSARPCLOGFILE)\" \ + -DLOGFILEBASE=\"$(LOGFILEBASE)\" \ -DSMBLOGFILE=\"$(SMBLOGFILE)\" \ -DNMBLOGFILE=\"$(NMBLOGFILE)\" FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" @@ -92,7 +92,9 @@ FLAGS4 = -DDRIVERFILE=\"$(DRIVERFILE)\" -DBINDIR=\"$(BINDIR)\" -DFORMSFILE=\"$(F FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $(FLAGS4) -DHAVE_INCLUDES_H FLAGS = $(FLAGS5) $(PASSWD_FLAGS) -SPROGS = bin/smbd bin/lsarpcd bin/nmbd bin/swat +SPROGS = bin/smbd bin/lsarpcd bin/svcctld bin/spoolssd bin/samrd \ + bin/srvsvcd bin/wkssvcd bin/browserd bin/netlogond bin/winregd \ + bin/nmbd bin/swat PROGS1 = bin/smbclient bin/testparm bin/testprns bin/smbrun bin/smbstatus PROGS2 = bin/rpcclient bin/smbpasswd bin/make_smbcodepage bin/debug2html PROGS3 = @WRAP@ @WRAP32@ @@ -139,29 +141,20 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/namequery.o libsmb/nmblib.o \ RPC_SRVUTIL_OBJ = \ rpc_server/srv_pipe_hnd.o \ - rpc_server/srv_lookup.o \ rpc_server/srv_pipe.o -RPC_SERVER_OBJ1 = \ - rpc_server/srv_lsa.o \ - rpc_server/srv_netlog.o \ - rpc_server/srv_reg.o \ - rpc_server/srv_samr.o \ - rpc_server/srv_srvsvc.o \ - rpc_server/srv_svcctl.o \ - rpc_server/srv_wkssvc.o \ - rpc_server/srv_brs.o \ - rpc_server/srv_spoolss.o - -RPC_SERVER_OBJ = $(RPC_SERVER_OBJ1) $(RPC_SRVUTIL_OBJ) +RPC_SERVER_OBJ = $(RPC_SRVUTIL_OBJ) RPC_PARSE_OBJ1 = rpc_parse/parse_lsa.o \ rpc_parse/parse_net.o \ rpc_parse/parse_reg.o \ - rpc_parse/parse_samr.o rpc_parse/parse_srv.o \ + rpc_parse/parse_samr.o \ + rpc_parse/parse_srv.o \ rpc_parse/parse_wks.o \ - rpc_parse/parse_svc.o rpc_parse/parse_at.o \ - rpc_parse/parse_spoolss.o rpc_parse/parse_eventlog.o \ + rpc_parse/parse_svc.o \ + rpc_parse/parse_at.o \ + rpc_parse/parse_spoolss.o \ + rpc_parse/parse_eventlog.o \ rpc_parse/parse_brs.o RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \ @@ -178,7 +171,6 @@ RPC_PARSE_OBJ = $(RPC_PARSE_OBJ1) $(RPC_PARSE_OBJ2) RPC_CLIENT_OBJ = \ rpc_client/cli_login.o \ rpc_client/cli_netlogon.o \ - rpc_client/cli_netlogon_sync.o \ rpc_client/cli_reg.o \ rpc_client/cli_pipe.o \ rpc_client/cli_connect.o \ @@ -191,6 +183,7 @@ RPC_CLIENT_OBJ = \ rpc_client/cli_svcctl.o \ rpc_client/cli_samr.o \ rpc_client/msrpc_samr.o \ + rpc_client/msrpc_netlogon.o \ rpc_client/msrpc_lsarpc.o \ rpc_client/cli_atsvc.o \ rpc_client/cli_eventlog.o \ @@ -222,28 +215,135 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/ssl.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o smbd/vfs.o \ - smbd/vfs-wrap.o printing/nt_printing.o smbd/dfs.o \ + smbd/vfs-wrap.o smbd/dfs.o \ + rpc_server/srv_lookup.o \ smbd/challenge.o PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o -LSARPCD_OBJ1 = lsarpcd/lsarpcd.o \ - lsarpcd/lsarpcd_process.o \ - rpc_server/srv_lsa.o \ +MSRPCD_OBJ = msrpc/msrpcd.o \ + msrpc/msrpcd_process.o \ + rpc_parse/parse_net.o \ + rpc_client/cli_login.o \ + rpc_client/cli_netlogon.o \ + rpc_client/cli_pipe.o \ + rpc_client/cli_connect.o \ + rpc_client/cli_use.o \ + rpc_client/msrpc_netlogon.o \ smbd/uid.o +BROWSERD_OBJ1 = browserd/browserd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_brs.o \ + rpc_server/srv_brs.o + +WKSSVCD_OBJ1 = wkssvcd/wkssvcd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_wks.o \ + rpc_server/srv_wkssvc.o + +SRVSVCD_OBJ1 = srvsvcd/srvsvcd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_srv.o \ + rpc_server/srv_srvsvc.o + +WINREGD_OBJ1 = winregd/winregd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_reg.o \ + rpc_server/srv_reg.o + +NETLOGOND_OBJ1 = netlogond/netlogond.o \ + rpc_server/srv_netlog.o \ + rpc_server/srv_lookup.o \ + rpc_client/cli_lsarpc.o \ + rpc_parse/parse_lsa.o \ + smbd/chgpasswd.o + +SAMRD_OBJ1 = samrd/samrd.o \ + rpc_server/srv_lookup.o \ + rpc_parse/parse_samr.o \ + rpc_client/cli_lsarpc.o \ + rpc_parse/parse_lsa.o \ + rpc_server/srv_samr.o smbd/chgpasswd.o + +SVCCTLD_OBJ1 = svcctld/svcctld.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_svc.o \ + rpc_server/srv_svcctl.o + +LSARPCD_OBJ1 = lsarpcd/lsarpcd.o \ + rpc_server/srv_lookup.o \ + rpc_client/cli_lsarpc.o \ + rpc_parse/parse_lsa.o \ + rpc_server/srv_lsa.o + +SPOOLSSD_OBJ1 = spoolssd/spoolssd.o \ + rpc_server/srv_spoolss.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_spoolss.o \ + printing/nt_printing.o + SMBD_OBJ = $(SMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ $(LIBSRV_OBJ) +SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSTATUS_OBJ) $(LIBSRV_OBJ) + +WKSSVCD_OBJ = $(MSRPCD_OBJ) $(WKSSVCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +BROWSERD_OBJ = $(MSRPCD_OBJ) $(BROWSERD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +WINREGD_OBJ = $(MSRPCD_OBJ) $(WINREGD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) -LSARPCD_OBJ = $(LSARPCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ +SVCCTLD_OBJ = $(MSRPCD_OBJ) $(SVCCTLD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(UBIQX_OBJ) \ - $(RPC_SRVUTIL_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +LSARPCD_OBJ = $(MSRPCD_OBJ) $(LSARPCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSTATUS_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +SPOOLSSD_OBJ = $(MSRPCD_OBJ) $(SPOOLSSD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) $(PRINTING_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +NETLOGOND_OBJ = $(MSRPCD_OBJ) $(NETLOGOND_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(LIBSTATUS_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +SAMRD_OBJ = $(MSRPCD_OBJ) $(SAMRD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(LIBSTATUS_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ $(LIBSRV_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -287,7 +387,8 @@ TESTPARM_OBJ = utils/testparm.o \ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ +SMBPASSWD_OBJ = utils/smbpasswd.o rpc_client/cli_netlogon_sync.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(PASSDB_OBJ) \ $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) @@ -363,8 +464,12 @@ RPCTORTURE_OBJ = utils/rpctorture.o \ $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(PASSDB_OBJ) -PROTO_OBJ = $(LSARPCD_OBJ) $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \ - $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) +PROTO_OBJ = $(MSRPCD_OBJ) $(SVCCTLD_OBJ1) $(WINREGD_OBJ1) $(SAMRD_OBJ1) \ + $(SRVSVCD_OBJ1) $(WKSSVCD_OBJ1) $(BROWSERD_OBJ1) \ + $(SPOOLSSD_OBJ1) $(NETLOGOND_OBJ1) \ + $(LSARPCD_OBJ1) $(SMBD_OBJ) $(NMBD_OBJ) \ + $(SWAT_OBJ) $(CLIENT_OBJ) \ + $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) $(SMBPASSWD_OBJ) PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32) @@ -453,10 +558,42 @@ bin/smbd: $(SMBD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LIBS) +bin/svcctld: $(SVCCTLD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SVCCTLD_OBJ) $(LDFLAGS) $(LIBS) + bin/lsarpcd: $(LSARPCD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(LSARPCD_OBJ) $(LDFLAGS) $(LIBS) +bin/spoolssd: $(SPOOLSSD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SPOOLSSD_OBJ) $(LDFLAGS) $(LIBS) + +bin/srvsvcd: $(SRVSVCD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SRVSVCD_OBJ) $(LDFLAGS) $(LIBS) + +bin/wkssvcd: $(WKSSVCD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(WKSSVCD_OBJ) $(LDFLAGS) $(LIBS) + +bin/browserd: $(BROWSERD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(BROWSERD_OBJ) $(LDFLAGS) $(LIBS) + +bin/winregd: $(WINREGD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(WINREGD_OBJ) $(LDFLAGS) $(LIBS) + +bin/netlogond: $(NETLOGOND_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(NETLOGOND_OBJ) $(LDFLAGS) $(LIBS) + +bin/samrd: $(SAMRD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) + bin/nmbd: $(NMBD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS) diff --git a/source3/browserd/browserd.c b/source3/browserd/browserd.c new file mode 100644 index 0000000000..dde62721ea --- /dev/null +++ b/source3/browserd/browserd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "browser"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_brs_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/include/proto.h b/source3/include/proto.h index db5aa0b9b4..4ac79a02fd 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3,6 +3,11 @@ /* This file is automatically generated with "make proto". DO NOT EDIT */ +/*The following definitions come from browserd/browserd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from client/client.c */ void do_list(const char *mask,uint16 attribute,void (*fn)(file_info *),BOOL rec, BOOL dirs); @@ -526,6 +531,17 @@ void reg_get_subkey(char *full_keyname, char *key_name, char *subkey_name); BOOL reg_split_key(const char *full_keyname, uint32 *reg_type, char *key_name); BOOL become_user_permanently(uid_t uid, gid_t gid); char *get_trusted_serverlist(const char* domain); +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); +uint16 pwdb_decode_acct_ctrl(const char *p); +time_t pwdb_get_last_set_time(const char *p); +void pwdb_set_logon_time(char *p, int max_len, time_t t); +void pwdb_set_logoff_time(char *p, int max_len, time_t t); +void pwdb_set_kickoff_time(char *p, int max_len, time_t t); +void pwdb_set_can_change_time(char *p, int max_len, time_t t); +void pwdb_set_must_change_time(char *p, int max_len, time_t t); +void pwdb_set_last_set_time(char *p, int max_len, time_t t); +void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl); +BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl); /*The following definitions come from lib/util_array.c */ @@ -601,17 +617,6 @@ uint32 lookup_wk_user_name(const char *user_name, const char *domain, DOM_SID *sid, uint8 *type); uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, DOM_SID *sid, uint8 *type); -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); -uint16 pwdb_decode_acct_ctrl(const char *p); -time_t pwdb_get_last_set_time(const char *p); -void pwdb_set_logon_time(char *p, int max_len, time_t t); -void pwdb_set_logoff_time(char *p, int max_len, time_t t); -void pwdb_set_kickoff_time(char *p, int max_len, time_t t); -void pwdb_set_can_change_time(char *p, int max_len, time_t t); -void pwdb_set_must_change_time(char *p, int max_len, time_t t); -void pwdb_set_last_set_time(char *p, int max_len, time_t t); -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl); -BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl); BOOL pwdb_initialise(BOOL is_server); char *lookup_wk_alias_rid(uint32 rid); char *lookup_wk_user_rid(uint32 rid); @@ -1034,15 +1039,8 @@ struct shmem_ops *sysv_shm_open(int ronly); /*The following definitions come from lsarpcd/lsarpcd.c */ +void msrpc_service_init(void); BOOL reload_services(BOOL test); -void exit_server(char *reason); - -/*The following definitions come from lsarpcd/lsarpcd_process.c */ - -BOOL receive_next_smb(char *inbuf, int bufsize, int timeout); -void process_smb(char *inbuf, char *outbuf); -BOOL get_user_creds(struct user_creds *usr); -void lsarpcd_process(void); /*The following definitions come from mem_man/mem_man.c */ @@ -1061,6 +1059,22 @@ void smb_mem_write_errors(FILE *outfile); void smb_mem_set_multiplier(int multiplier); void *smb_mem_resize(void *ptr,size_t newsize); +/*The following definitions come from msrpc/msrpcd.c */ + +void exit_server(char *reason); +int msrpc_main(int argc,char *argv[]); + +/*The following definitions come from msrpc/msrpcd_process.c */ + +BOOL get_user_creds(int c, struct user_creds *usr); +BOOL msrpcd_init(int c, pipes_struct *p); +void msrpcd_process(int c, pipes_struct *p); + +/*The following definitions come from netlogond/netlogond.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from nmbd/asyncdns.c */ int asyncdns_fd(void); @@ -2008,10 +2022,6 @@ BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas); -/*The following definitions come from rpc_client/cli_netlogon_sync.c */ - -BOOL synchronise_passdb(void); - /*The following definitions come from rpc_client/cli_pipe.c */ BOOL create_rpc_bind_resp(struct pwd_info *pwd, @@ -2278,6 +2288,14 @@ BOOL msrpc_lsa_query_secret(const char* srv_name, STRING2 *secret, NTTIME *last_update); +/*The following definitions come from rpc_client/msrpc_netlogon.c */ + +BOOL check_domain_security(char *orig_user, char *domain, + uchar *challenge, + char *smb_apasswd, int smb_apasslen, + char *smb_ntpasswd, int smb_ntpasslen, + uchar user_sess_key[16]); + /*The following definitions come from rpc_client/msrpc_samr.c */ BOOL req_user_info( const POLICY_HND *pol_dom, @@ -4046,6 +4064,11 @@ void display_sam_sync(FILE *out_hnd, enum action_type action, void readline_init(void); +/*The following definitions come from samrd/samrd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from smbd/blocking.c */ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int lock_num); @@ -4274,11 +4297,6 @@ struct cli_state *server_cryptkey(void); BOOL server_validate(char *user, char *domain, char *pass, int passlen, char *ntpass, int ntpasslen); -BOOL domain_client_validate( char *user, char *domain, - char *acct_name, uint16 acct_type, - char *smb_apasswd, int smb_apasslen, - char *smb_ntpasswd, int smb_ntpasslen, - uchar user_sess_key[16]); /*The following definitions come from smbd/pipes.c */ @@ -4533,6 +4551,21 @@ int smbw_stat_printjob(struct smbw_server *srv,char *path, int smbw_fstat(int fd, struct stat *st); int smbw_stat(const char *fname, struct stat *st); +/*The following definitions come from spoolssd/spoolssd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + +/*The following definitions come from srvsvcd/srvsvcd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + +/*The following definitions come from svcctld/svcctld.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from web/cgi.c */ void cgi_load_variables(FILE *f1); @@ -4565,4 +4598,14 @@ void status_page(void); /*The following definitions come from web/swat.c */ + +/*The following definitions come from winregd/winregd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + +/*The following definitions come from wkssvcd/wkssvcd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); #endif /* _PROTO_H_ */ diff --git a/source3/include/smb.h b/source3/include/smb.h index b06cfe2b7b..43c5dc6bb1 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -255,7 +255,7 @@ typedef char fstring[FSTRING_LEN]; #define PIPE_WINREG "\\PIPE\\winreg" #define PIPE_WKSSVC "\\PIPE\\wkssvc" #define PIPE_NETLOGON "\\PIPE\\NETLOGON" -#define PIPE_SVCCTL "\\PIPE\\SVCCTL" +#define PIPE_SVCCTL "\\PIPE\\svcctl" #define PIPE_NTLSA "\\PIPE\\ntlsa" #define PIPE_NTSVCS "\\PIPE\\ntsvcs" #define PIPE_LSASS "\\PIPE\\lsass" diff --git a/source3/lib/util.c b/source3/lib/util.c index 22adee49df..7d099282f8 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -3239,18 +3239,11 @@ char *get_trusted_serverlist(const char* domain) static char *server_list = NULL; static pstring srv_list; char *trusted_list = lp_trusted_domains(); - int my_role = lp_server_role(); if (strequal(lp_workgroup(), domain)) { - if ((my_role == ROLE_DOMAIN_PDC) || (my_role == ROLE_DOMAIN_NONE)) { - pstrcpy(srv_list,global_myname); - } - /* we must be a BDC or MEMBER if we execute this branch */ - else { - pstrcpy(srv_list, lp_passwordserver()); - } - DEBUG(10,("local domain server list: %s\n", srv_list)); + DEBUG(10,("local domain server list: %s\n", server_list)); + pstrcpy(srv_list, lp_passwordserver()); return srv_list; } @@ -3275,3 +3268,238 @@ char *get_trusted_serverlist(const char* domain) return NULL; } +/********************************************************** + Encode the account control bits into a string. + length = length of string to encode into (including terminating + null). length *MUST BE MORE THAN 2* ! + **********************************************************/ + +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +{ + static fstring acct_str; + size_t i = 0; + + acct_str[i++] = '['; + + if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; + if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; + if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; + if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; + if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; + if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; + if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; + if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; + if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; + if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; + if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; + if (acct_ctrl & ACB_PWLOCK ) acct_str[i++] = 'P'; + + for ( ; i < length - 2 ; i++ ) + { + acct_str[i] = ' '; + } + + i = length - 2; + acct_str[i++] = ']'; + acct_str[i++] = '\0'; + + return acct_str; +} + +/********************************************************** + Decode the account control bits from a string. + + this function breaks coding standards minimum line width of 80 chars. + reason: vertical line-up code clarity - all case statements fit into + 15 lines, which is more important. + **********************************************************/ + +uint16 pwdb_decode_acct_ctrl(const char *p) +{ + uint16 acct_ctrl = 0; + BOOL finished = False; + + /* + * Check if the account type bits have been encoded after the + * NT password (in the form [NDHTUWSLXI]). + */ + + if (*p != '[') return 0; + + for (p++; *p && !finished; p++) + { + switch (*p) + { + case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } + case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } + case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } + case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } + case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } + case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } + case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } + case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } + case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } + case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } + case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } + case 'P': { acct_ctrl |= ACB_PWLOCK ; break; /* 'P'assword cannot be changed remotely */ } + case ' ': { break; } + case ':': + case '\n': + case '\0': + case ']': + default: { finished = True; } + } + } + + return acct_ctrl; +} + +/******************************************************************* + gets password-database-format time from a string. + ********************************************************************/ + +static time_t get_time_from_string(const char *p) +{ + int i; + + for (i = 0; i < 8; i++) + { + if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) + { + break; + } + } + if (i == 8) + { + /* + * p points at 8 characters of hex digits - + * read into a time_t as the seconds since + * 1970 that the password was last changed. + */ + return (time_t)strtol(p, NULL, 16); + } + return (time_t)-1; +} + +/******************************************************************* + gets password last set time + ********************************************************************/ + +time_t pwdb_get_last_set_time(const char *p) +{ + if (*p && !StrnCaseCmp(p, "LCT-", 4)) + { + return get_time_from_string(p + 4); + } + return (time_t)-1; +} + + +/******************************************************************* + sets password-database-format time in a string. + ********************************************************************/ +static void set_time_in_string(char *p, int max_len, char *type, time_t t) +{ + slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); +} + +/******************************************************************* + sets logon time + ********************************************************************/ +void pwdb_set_logon_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LNT", t); +} + +/******************************************************************* + sets logoff time + ********************************************************************/ +void pwdb_set_logoff_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LOT", t); +} + +/******************************************************************* + sets kickoff time + ********************************************************************/ +void pwdb_set_kickoff_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "KOT", t); +} + +/******************************************************************* + sets password can change time + ********************************************************************/ +void pwdb_set_can_change_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "CCT", t); +} + +/******************************************************************* + sets password last set time + ********************************************************************/ +void pwdb_set_must_change_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "MCT", t); +} + +/******************************************************************* + sets password last set time + ********************************************************************/ +void pwdb_set_last_set_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LCT", t); +} + + +/************************************************************* + Routine to set 32 hex password characters from a 16 byte array. +**************************************************************/ +void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl) +{ + if (pwd != NULL) + { + int i; + for (i = 0; i < 16; i++) + { + slprintf(&p[i*2], 33, "%02X", pwd[i]); + } + } + else + { + if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ)) + { + safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); + } + else + { + safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); + } + } +} + +/************************************************************* + Routine to get the 32 hex characters and turn them + into a 16 byte array. +**************************************************************/ +BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl) +{ + if (strnequal(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32)) + { + if (acct_ctrl != NULL) + { + *acct_ctrl |= ACB_PWNOTREQ; + } + pwd[0] = 0; + return True; + } + else if (strnequal(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32)) + { + pwd[0] = 0; + return True; + } + else + { + return strhex_to_str(pwd, 32, p) == 16; + } +} diff --git a/source3/lib/util_array.c b/source3/lib/util_array.c index 5a21053cc6..c3945ff9f8 100644 --- a/source3/lib/util_array.c +++ b/source3/lib/util_array.c @@ -42,6 +42,7 @@ void free_void_array(uint32 num_entries, void **entries, void* add_copy_to_array(uint32 *len, void ***array, const void *item, void*(item_dup)(const void*), BOOL alloc_anyway) { + void* copy = NULL; if (len == NULL || array == NULL) { return NULL; @@ -49,14 +50,10 @@ void* add_copy_to_array(uint32 *len, void ***array, const void *item, if (item != NULL || alloc_anyway) { - void* copy = NULL; - if (item != NULL || alloc_anyway) - { - copy = item_dup(item); - } - add_item_to_array(len, array, copy); + copy = item_dup(item); + return add_item_to_array(len, array, copy); } - return NULL; + return copy; } void* add_item_to_array(uint32 *len, void ***array, void *item) diff --git a/source3/lib/util_pwdb.c b/source3/lib/util_pwdb.c index d4058b8099..3de1829da3 100644 --- a/source3/lib/util_pwdb.c +++ b/source3/lib/util_pwdb.c @@ -363,242 +363,6 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, return 0xC0000000 | NT_STATUS_NONE_MAPPED; } -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - if (acct_ctrl & ACB_PWLOCK ) acct_str[i++] = 'P'; - - for ( ; i < length - 2 ; i++ ) - { - acct_str[i] = ' '; - } - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - - this function breaks coding standards minimum line width of 80 chars. - reason: vertical line-up code clarity - all case statements fit into - 15 lines, which is more important. - **********************************************************/ - -uint16 pwdb_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') return 0; - - for (p++; *p && !finished; p++) - { - switch (*p) - { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case 'P': { acct_ctrl |= ACB_PWLOCK ; break; /* 'P'assword cannot be changed remotely */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/******************************************************************* - gets password-database-format time from a string. - ********************************************************************/ - -static time_t get_time_from_string(const char *p) -{ - int i; - - for (i = 0; i < 8; i++) - { - if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - { - break; - } - } - if (i == 8) - { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - return (time_t)strtol(p, NULL, 16); - } - return (time_t)-1; -} - -/******************************************************************* - gets password last set time - ********************************************************************/ - -time_t pwdb_get_last_set_time(const char *p) -{ - if (*p && !StrnCaseCmp(p, "LCT-", 4)) - { - return get_time_from_string(p + 4); - } - return (time_t)-1; -} - - -/******************************************************************* - sets password-database-format time in a string. - ********************************************************************/ -static void set_time_in_string(char *p, int max_len, char *type, time_t t) -{ - slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); -} - -/******************************************************************* - sets logon time - ********************************************************************/ -void pwdb_set_logon_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LNT", t); -} - -/******************************************************************* - sets logoff time - ********************************************************************/ -void pwdb_set_logoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LOT", t); -} - -/******************************************************************* - sets kickoff time - ********************************************************************/ -void pwdb_set_kickoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "KOT", t); -} - -/******************************************************************* - sets password can change time - ********************************************************************/ -void pwdb_set_can_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "CCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_must_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "MCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_last_set_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LCT", t); -} - - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) - { - int i; - for (i = 0; i < 16; i++) - { - slprintf(&p[i*2], 33, "%02X", pwd[i]); - } - } - else - { - if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ)) - { - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - } - else - { - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ -BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl) -{ - if (strnequal(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32)) - { - if (acct_ctrl != NULL) - { - *acct_ctrl |= ACB_PWNOTREQ; - } - pwd[0] = 0; - return True; - } - else if (strnequal(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32)) - { - pwd[0] = 0; - return True; - } - else - { - return strhex_to_str(pwd, 32, p) == 16; - } -} - /************************************************************* initialise password databases, domain names, domain sid. diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 27efc132c0..62c7429b59 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -1337,9 +1337,7 @@ int cli_nt_create(struct cli_state *cli, const char *fname) pstrcpy(p,fname); p = skip_string(p,1); - if (!cli_send_smb(cli, True)) { - return -1; - } + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return -1; } @@ -2947,7 +2945,7 @@ static BOOL cli_init_redirect(struct cli_state *cli, if (strequal(srv_name, "*SMBSERVER")) { fstrcpy(ip_name, "\\\\"); - destip->s_addr = inet_addr(&ip_name[2]); + inet_aton(&ip_name[2], destip); srv_name = ip_name; } diff --git a/source3/lsarpcd/lsarpcd.c b/source3/lsarpcd/lsarpcd.c index ed665e85c5..050a593eb0 100644 --- a/source3/lsarpcd/lsarpcd.c +++ b/source3/lsarpcd/lsarpcd.c @@ -20,201 +20,52 @@ */ #include "includes.h" -#include "trans2.h" + +fstring pipe_name; pstring servicesf = CONFIGFILE; extern pstring debugf; -extern pstring global_myname; - -int am_parent = 1; - -/* the last message the was processed */ -int last_message = -1; - -/* a useful macro to debug the last message processed */ -#define LAST_MESSAGE() smb_fn_name(last_message) - -extern pstring scope; +extern BOOL append_log; extern int DEBUGLEVEL; -extern fstring remote_machine; -extern pstring myhostname; - -extern pstring OriginalDir; - -/**************************************************************************** - when exiting, take the whole family -****************************************************************************/ -static void *dflt_sig(void) -{ - exit_server("caught signal"); - return NULL; -} - -/**************************************************************************** - Send a SIGTERM to our process group. -*****************************************************************************/ -static void killkids(void) -{ - if(am_parent) kill(0,SIGTERM); -} - - -/**************************************************************************** - open and listen to a socket -****************************************************************************/ -static int open_server_socket(void) +void msrpc_service_init(void) { - int s; - fstring dir; - fstring path; - - slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc"); - slprintf(path, sizeof(path)-1, "%s/lsarpc", dir); - - s = create_pipe_socket(dir, 0777, path, 0777); - - if (s == -1) - return -1; - /* ready to listen */ - if (listen(s, 5) == -1) { - DEBUG(0,("listen: %s\n", strerror(errno))); - close(s); - return -1; + if (!pwdb_initialise(True)) + { + exit(-1); } - return s; -} -/**************************************************************************** - open the socket communication -****************************************************************************/ -static BOOL open_sockets(BOOL is_daemon) -{ - extern int Client; - int num_interfaces = iface_count(); - int fd_listenset; - fd_set listen_set; - int s; - - memset(&fd_listenset, 0, sizeof(fd_listenset)); - -#ifdef HAVE_ATEXIT + if(!initialise_sam_password_db()) { - static int atexit_set; - if(atexit_set == 0) { - atexit_set=1; - atexit(killkids); - } + exit(-1); } -#endif - /* Stop zombies */ - CatchChild(); - - - FD_ZERO(&listen_set); - - /* Just bind to 0.0.0.0 - accept connections - from anywhere. */ - num_interfaces = 1; - - /* open an incoming socket */ - s = open_server_socket(); - if (s == -1) - return(False); - fd_listenset = s; - FD_SET(s,&listen_set); - - /* now accept incoming connections - forking a new process - for each incoming connection */ - DEBUG(2,("waiting for a connection\n")); - while (1) + if(!initialise_passgrp_db()) { - struct sockaddr_un addr; - int in_addrlen = sizeof(addr); - fd_set lfds; - int num; - - memcpy((char *)&lfds, (char *)&listen_set, - sizeof(listen_set)); - - num = sys_select(256,&lfds,NULL, NULL); - - if (num == -1 && errno == EINTR) - continue; - - /* Find the sockets that are read-ready - - accept on these. */ - - s = -1; - if(FD_ISSET(fd_listenset,&lfds)) - { - s = fd_listenset; - } - - /* Clear this so we don't look at it again. */ - FD_CLR(s,&lfds); - - Client = accept(s,(struct sockaddr*)&addr,&in_addrlen); - - if (Client == -1 && errno == EINTR) - continue; - - if (Client == -1) - { - DEBUG(0,("open_sockets: accept: %s\n", - strerror(errno))); - continue; - } - - if (Client != -1 && fork()==0) - { - /* Child code ... */ - - /* close the listening socket(s) */ - close(fd_listenset); - - /* close our standard file - descriptors */ - close_low_fds(); - am_parent = 0; - - /* Reset global variables in util.c so - that client substitutions will be - done correctly in the process. */ - reset_globals_after_fork(); - - /* - * Ensure this child has kernel oplock - * capabilities, but not it's children. - */ - set_process_capability(KERNEL_OPLOCK_CAPABILITY, True); - set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY, False); + exit(-1); + } - return True; - } - /* The parent doesn't need this socket */ - close(Client); + if(!initialise_group_db()) + { + exit(-1); + } - /* Force parent to check log size after - * spawning child. Fix from - * klausr@ITAP.Physik.Uni-Stuttgart.De. The - * parent lsarpcd will log to logserver.smb. It - * writes only two messages for each child - * started/finished. But each child writes, - * say, 50 messages also in logserver.smb, - * begining with the debug_count of the - * parent, before the child opens its own log - * file logserver.client. In a worst case - * scenario the size of logserver.smb would be - * checked after about 50*50=2500 messages - * (ca. 100kb). - * */ - force_check_log_size(); + if(!initialise_alias_db()) + { + exit(-1); + } - } /* end while 1 */ + if(!initialise_builtin_db()) + { + exit(-1); + } -/* NOTREACHED return True; */ + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(-1); + } } /**************************************************************************** @@ -242,8 +93,6 @@ BOOL reload_services(BOOL test) ret = lp_load(servicesf,False,False,True); - load_printers(); - /* perhaps the config filename is now set */ if (!test) reload_services(True); @@ -255,166 +104,11 @@ BOOL reload_services(BOOL test) return(ret); } - - -/**************************************************************************** -this prevents zombie child processes -****************************************************************************/ -BOOL reload_after_sighup = False; - -static void sig_hup(int sig) -{ - BlockSignals(True,SIGHUP); - DEBUG(0,("Got SIGHUP\n")); - - /* - * Fix from <branko.cibej@hermes.si> here. - * We used to reload in the signal handler - this - * is a *BIG* no-no. - */ - - reload_after_sighup = True; - BlockSignals(False,SIGHUP); -} - - - -#if DUMP_CORE -/******************************************************************* -prepare to dump a core file - carefully! -********************************************************************/ -static BOOL dump_core(void) -{ - char *p; - pstring dname; - pstrcpy(dname,debugf); - if ((p=strrchr(dname,'/'))) *p=0; - pstrcat(dname,"/corefiles"); - mkdir(dname,0700); - sys_chown(dname,getuid(),getgid()); - chmod(dname,0700); - if (chdir(dname)) return(False); - umask(~(0700)); - -#ifdef HAVE_GETRLIMIT -#ifdef RLIMIT_CORE - { - struct rlimit rlp; - getrlimit(RLIMIT_CORE, &rlp); - rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur); - setrlimit(RLIMIT_CORE, &rlp); - getrlimit(RLIMIT_CORE, &rlp); - DEBUG(3,("Core limits now %d %d\n", - (int)rlp.rlim_cur,(int)rlp.rlim_max)); - } -#endif -#endif - - - DEBUG(0,("Dumping core in %s\n",dname)); - abort(); - return(True); -} -#endif - - -/**************************************************************************** -exit the server -****************************************************************************/ -void exit_server(char *reason) -{ - static int firsttime=1; - extern char *last_inbuf; - - - if (!firsttime) exit(0); - firsttime = 0; - - unbecome_user(); - DEBUG(2,("Closing connections\n")); - -#ifdef WITH_DFS - if (dcelogin_atmost_once) { - dfs_unlogin(); - } -#endif - - if (!reason) { - int oldlevel = DEBUGLEVEL; - DEBUGLEVEL = 10; - if (last_inbuf) - show_msg(last_inbuf); - DEBUGLEVEL = oldlevel; - DEBUG(0,("===============================================================\n")); -#if DUMP_CORE - if (dump_core()) return; -#endif - } - - locking_end(); - - DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); -#ifdef MEM_MAN - { - extern FILE *dbf; - smb_mem_write_verbose(dbf); - dbgflush(); - } -#endif - exit(0); -} - - - -/**************************************************************************** - initialise connect, service and file structs -****************************************************************************/ -static void init_structs(void) -{ -#if 0 - conn_init(); -#endif - init_rpc_pipe_hnd(); /* for RPC pipes */ - if (!init_policy_hnd(MAX_SERVER_POLICY_HANDLES)) - { - exit_server("could not allocate policy handles\n"); - } -} - -/**************************************************************************** -usage on the program -****************************************************************************/ -static void usage(char *pname) -{ - DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n")); - - printf("Usage: %s [-D] [-p port] [-d debuglevel] ", pname); - printf("[-l log basename] [-s services file]\n" ); - printf("Version %s\n",VERSION); - printf("\t-D become a daemon\n"); - printf("\t-p port listen on the specified port\n"); - printf("\t-d debuglevel set the debuglevel\n"); - printf("\t-l log basename. Basename for log/debug files\n"); - printf("\t-s services file. Filename of services file\n"); - printf("\t-P passive only\n"); - printf("\t-a append to log file (default)\n"); - printf("\t-o overwrite log file, don't append\n"); - printf("\t-i scope NetBIOS scope to use (default none)\n"); - printf("\n"); -} - - /**************************************************************************** main program ****************************************************************************/ int main(int argc,char *argv[]) { - extern BOOL append_log; - /* shall I run as a daemon */ - BOOL is_daemon = False; - int opt; - extern char *optarg; - #ifdef HAVE_SET_AUTH_PARAMETERS set_auth_parameters(argc,argv); #endif @@ -428,229 +122,10 @@ static void usage(char *pname) TimeInit(); - pstrcpy(debugf,LSARPCLOGFILE); - - pstrcpy(remote_machine, "lsarpcd"); - + fstrcpy(pipe_name, "lsarpc"); setup_logging(argv[0],False); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_ntlsa_rpc ); - charset_initialise(); - - /* make absolutely sure we run as root - to handle cases where people - are crazy enough to have it setuid */ -#ifdef HAVE_SETRESUID - setresuid(0,0,0); -#else - setuid(0); - seteuid(0); - setuid(0); - seteuid(0); -#endif - - fault_setup((void (*)(void *))exit_server); - CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig); - - /* we are never interested in SIGPIPE */ - BlockSignals(True,SIGPIPE); - - /* we want total control over the permissions on created files, - so set our umask to 0 */ - umask(0); - - dos_GetWd(OriginalDir); - - init_uid(); - - /* this is for people who can't start the program correctly */ - while (argc > 1 && (*argv[1] != '-')) { - argv++; - argc--; - } - - while ( EOF != (opt = getopt(argc, argv, "i:l:s:d:Dh?Paof:")) ) - switch (opt) { - case 'i': - pstrcpy(scope,optarg); - break; - - case 'P': - { - extern BOOL passive; - passive = True; - } - break; - - case 's': - pstrcpy(servicesf,optarg); - break; - - case 'l': - pstrcpy(debugf,optarg); - break; - - case 'a': - append_log = True; - break; - - case 'o': - append_log = False; - break; - - case 'D': - is_daemon = True; - break; - - case 'd': - if (*optarg == 'A') - DEBUGLEVEL = 10000; - else - DEBUGLEVEL = atoi(optarg); - break; - - case 'h': - case '?': - usage(argv[0]); - exit(0); - break; - - default: - usage(argv[0]); - exit(1); - } - - reopen_logs(); - - DEBUG(1,( "lsarpcd version %s started.\n", VERSION)); - DEBUGADD(1,( "Copyright Andrew Tridgell 1992-1999\n")); - - DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n", - (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid())); - - if (sizeof(uint16) < 2 || sizeof(uint32) < 4) { - DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n")); - exit(1); - } - - get_myname(myhostname,NULL); - - if (!reload_services(False)) - return(-1); - - init_structs(); - -#ifdef WITH_PROFILE - if (!profile_setup(False)) { - DEBUG(0,("ERROR: failed to setup profiling\n")); - return -1; - } -#endif - - /* - * Set the machine NETBIOS name if not already - * set from the config file. - */ - if (!*global_myname) - { - fstrcpy(global_myname, dns_to_netbios_name(myhostname)); - } - strupper(global_myname); - - add_msrpc_command_processor( "lsarpc", argv[0], api_ntlsa_rpc ); - - codepage_initialise(lp_client_code_page()); - - if (!pwdb_initialise(True)) - { - exit(1); - } - - if(!initialise_sam_password_db()) - { - exit(1); - } - - if(!initialise_passgrp_db()) - { - exit(1); - } - - if(!initialise_group_db()) - { - exit(1); - } - - if(!initialise_alias_db()) - { - exit(1); - } - - if(!initialise_builtin_db()) - { - exit(1); - } - - if (!get_member_domain_sid()) - { - DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", - lp_passwordserver())); - exit(1); - } - - CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); - - /* Setup the signals that allow the debug log level - to by dynamically changed. */ - - /* If we are using the malloc debug code we can't use - SIGUSR1 and SIGUSR2 to do debug level changes. */ - -#ifndef MEM_MAN -#if defined(SIGUSR1) - CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); -#endif /* SIGUSR1 */ - -#if defined(SIGUSR2) - CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); -#endif /* SIGUSR2 */ -#endif /* MEM_MAN */ - - DEBUG(3,( "loaded services\n")); - - if (!is_daemon && !is_a_socket(0)) { - DEBUG(0,("standard input is not a socket, assuming -D option\n")); - is_daemon = True; - } - - if (is_daemon) { - DEBUG( 3, ( "Becoming a daemon.\n" ) ); - become_daemon(); - } - - if (!directory_exist(lp_lockdir(), NULL)) { - mkdir(lp_lockdir(), 0755); - } - - if (is_daemon) { - pidfile_create("lsarpcd"); - } - - if (!open_sockets(is_daemon)) - exit(1); - - if (!locking_init(0)) - exit(1); - - /* possibly reload the services file. */ - reload_services(True); - - if (*lp_rootdir()) { - if (sys_chroot(lp_rootdir()) == 0) - DEBUG(2,("Changed root to %s\n", lp_rootdir())); - } - - lsarpcd_process(); - close_sockets(); - - exit_server("normal exit"); - return(0); + return msrpc_main(argc, argv); } diff --git a/source3/msrpc/msrpcd.c b/source3/msrpc/msrpcd.c new file mode 100644 index 0000000000..942d6f1258 --- /dev/null +++ b/source3/msrpc/msrpcd.c @@ -0,0 +1,571 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "trans2.h" + +extern pstring servicesf; +extern pstring debugf; +extern pstring global_myname; + +int am_parent = 1; + +/* the last message the was processed */ +int last_message = -1; + +/* a useful macro to debug the last message processed */ +#define LAST_MESSAGE() smb_fn_name(last_message) + +extern pstring scope; +extern int DEBUGLEVEL; + +extern fstring remote_machine; +extern pstring myhostname; +extern pstring pipe_name; + +extern pstring OriginalDir; + +/**************************************************************************** + when exiting, take the whole family +****************************************************************************/ +static void *dflt_sig(void) +{ + exit_server("caught signal"); + return NULL; +} + +/**************************************************************************** + Send a SIGTERM to our process group. +*****************************************************************************/ +static void killkids(void) +{ + if(am_parent) kill(0,SIGTERM); +} + + +/**************************************************************************** + open and listen to a socket +****************************************************************************/ +static int open_server_socket(void) +{ + int s; + fstring dir; + fstring path; + + slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc"); + slprintf(path, sizeof(path)-1, "%s/%s", dir, pipe_name); + + s = create_pipe_socket(dir, 0777, path, 0777); + + if (s == -1) + return -1; + /* ready to listen */ + if (listen(s, 5) == -1) { + DEBUG(0,("listen: %s\n", strerror(errno))); + close(s); + return -1; + } + return s; +} + +/**************************************************************************** + open the socket communication +****************************************************************************/ +static int open_sockets(BOOL is_daemon) +{ + int ClientMSRPC; + int num_interfaces = iface_count(); + int fd_listenset; + fd_set listen_set; + int s; + + memset(&fd_listenset, 0, sizeof(fd_listenset)); + +#ifdef HAVE_ATEXIT + { + static int atexit_set; + if(atexit_set == 0) { + atexit_set=1; + atexit(killkids); + } + } +#endif + + /* Stop zombies */ + CatchChild(); + + + FD_ZERO(&listen_set); + + /* Just bind to 0.0.0.0 - accept connections + from anywhere. */ + num_interfaces = 1; + + /* open an incoming socket */ + s = open_server_socket(); + if (s == -1) + return -1; + fd_listenset = s; + FD_SET(s,&listen_set); + + /* now accept incoming connections - forking a new process + for each incoming connection */ + DEBUG(2,("waiting for a connection\n")); + while (1) + { + struct sockaddr_un addr; + int in_addrlen = sizeof(addr); + fd_set lfds; + int num; + + memcpy((char *)&lfds, (char *)&listen_set, + sizeof(listen_set)); + + num = sys_select(256,&lfds,NULL, NULL); + + if (num == -1 && errno == EINTR) + continue; + + /* Find the sockets that are read-ready - + accept on these. */ + + s = -1; + if(FD_ISSET(fd_listenset,&lfds)) + { + s = fd_listenset; + } + + /* Clear this so we don't look at it again. */ + FD_CLR(s,&lfds); + + ClientMSRPC = accept(s,(struct sockaddr*)&addr,&in_addrlen); + + if (ClientMSRPC == -1 && errno == EINTR) + continue; + + if (ClientMSRPC == -1) + { + DEBUG(0,("open_sockets: accept: %s\n", + strerror(errno))); + continue; + } + + if (ClientMSRPC != -1 && fork()==0) + { + /* Child code ... */ + + /* close the listening socket(s) */ + close(fd_listenset); + + /* close our standard file + descriptors */ + close_low_fds(); + am_parent = 0; + + /* Reset global variables in util.c so + that client substitutions will be + done correctly in the process. */ + reset_globals_after_fork(); + + return ClientMSRPC; + } + /* The parent doesn't need this socket */ + close(ClientMSRPC); + + /* Force parent to check log size after + * spawning child. Fix from + * klausr@ITAP.Physik.Uni-Stuttgart.De. The + * parent daemon will log to logserver.smb. It + * writes only two messages for each child + * started/finished. But each child writes, + * say, 50 messages also in logserver.smb, + * begining with the debug_count of the + * parent, before the child opens its own log + * file logserver.client. In a worst case + * scenario the size of logserver.smb would be + * checked after about 50*50=2500 messages + * (ca. 100kb). + * */ + force_check_log_size(); + + } /* end while 1 */ + +/* NOTREACHED */ +} + + +/**************************************************************************** +this prevents zombie child processes +****************************************************************************/ +BOOL reload_after_sighup = False; + +static void sig_hup(int sig) +{ + BlockSignals(True,SIGHUP); + DEBUG(0,("Got SIGHUP\n")); + + /* + * Fix from <branko.cibej@hermes.si> here. + * We used to reload in the signal handler - this + * is a *BIG* no-no. + */ + + reload_after_sighup = True; + BlockSignals(False,SIGHUP); +} + + + +#if DUMP_CORE +/******************************************************************* +prepare to dump a core file - carefully! +********************************************************************/ +static BOOL dump_core(void) +{ + char *p; + pstring dname; + pstrcpy(dname,debugf); + if ((p=strrchr(dname,'/'))) *p=0; + pstrcat(dname,"/corefiles"); + mkdir(dname,0700); + sys_chown(dname,getuid(),getgid()); + chmod(dname,0700); + if (chdir(dname)) return(False); + umask(~(0700)); + +#ifdef HAVE_GETRLIMIT +#ifdef RLIMIT_CORE + { + struct rlimit rlp; + getrlimit(RLIMIT_CORE, &rlp); + rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur); + setrlimit(RLIMIT_CORE, &rlp); + getrlimit(RLIMIT_CORE, &rlp); + DEBUG(3,("Core limits now %d %d\n", + (int)rlp.rlim_cur,(int)rlp.rlim_max)); + } +#endif +#endif + + + DEBUG(0,("Dumping core in %s\n",dname)); + abort(); + return(True); +} +#endif + + +/**************************************************************************** +exit the server +****************************************************************************/ +void exit_server(char *reason) +{ + static int firsttime=1; + extern char *last_inbuf; + + + if (!firsttime) exit(0); + firsttime = 0; + + unbecome_vuser(); + DEBUG(2,("Closing connections\n")); + +#ifdef WITH_DFS + if (dcelogin_atmost_once) { + dfs_unlogin(); + } +#endif + + if (!reason) { + int oldlevel = DEBUGLEVEL; + DEBUGLEVEL = 10; + if (last_inbuf) + show_msg(last_inbuf); + DEBUGLEVEL = oldlevel; + DEBUG(0,("===============================================================\n")); +#if DUMP_CORE + if (dump_core()) return; +#endif + } + + locking_end(); + + DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); +#ifdef MEM_MAN + { + extern FILE *dbf; + smb_mem_write_verbose(dbf); + dbgflush(); + } +#endif + exit(0); +} + + + +/**************************************************************************** + initialise connect, service and file structs +****************************************************************************/ +static void init_structs(void) +{ +#if 0 + conn_init(); +#endif + init_rpc_pipe_hnd(); /* for RPC pipes */ + if (!init_policy_hnd(MAX_SERVER_POLICY_HANDLES)) + { + exit_server("could not allocate policy handles\n"); + } +} + +/**************************************************************************** +usage on the program +****************************************************************************/ +static void usage(char *pname) +{ + DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n")); + + printf("Usage: %s [-D] [-p port] [-d debuglevel] ", pname); + printf("[-l log basename] [-s services file]\n" ); + printf("Version %s\n",VERSION); + printf("\t-D become a daemon\n"); + printf("\t-p port listen on the specified port\n"); + printf("\t-d debuglevel set the debuglevel\n"); + printf("\t-l log basename. Basename for log/debug files\n"); + printf("\t-s services file. Filename of services file\n"); + printf("\t-P passive only\n"); + printf("\t-a append to log file (default)\n"); + printf("\t-o overwrite log file, don't append\n"); + printf("\t-i scope NetBIOS scope to use (default none)\n"); + printf("\n"); +} + + +/**************************************************************************** + main program +****************************************************************************/ +int msrpc_main(int argc,char *argv[]) +{ + extern BOOL append_log; + /* shall I run as a daemon */ + BOOL is_daemon = False; + int opt; + extern char *optarg; + int ClientMSRPC = -1; + pipes_struct static_pipe; + + pstrcpy(remote_machine, pipe_name); + + charset_initialise(); + + /* make absolutely sure we run as root - to handle cases where people + are crazy enough to have it setuid */ +#ifdef HAVE_SETRESUID + setresuid(0,0,0); +#else + setuid(0); + seteuid(0); + setuid(0); + seteuid(0); +#endif + + fault_setup((void (*)(void *))exit_server); + CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig); + + /* we are never interested in SIGPIPE */ + BlockSignals(True,SIGPIPE); + + /* we want total control over the permissions on created files, + so set our umask to 0 */ + umask(0); + + dos_GetWd(OriginalDir); + + init_uid(); + + /* this is for people who can't start the program correctly */ + while (argc > 1 && (*argv[1] != '-')) { + argv++; + argc--; + } + + while ( EOF != (opt = getopt(argc, argv, "i:l:s:d:Dh?Paof:")) ) + switch (opt) { + case 'i': + pstrcpy(scope,optarg); + break; + + case 'P': + { + extern BOOL passive; + passive = True; + } + break; + + case 's': + pstrcpy(servicesf,optarg); + break; + + case 'l': + pstrcpy(debugf,optarg); + break; + + case 'a': + append_log = True; + break; + + case 'o': + append_log = False; + break; + + case 'D': + is_daemon = True; + break; + + case 'd': + if (*optarg == 'A') + DEBUGLEVEL = 10000; + else + DEBUGLEVEL = atoi(optarg); + break; + + case 'h': + case '?': + usage(argv[0]); + exit(0); + break; + + default: + usage(argv[0]); + exit(1); + } + + reopen_logs(); + + DEBUG(1,( "%s version %s started.\n", argv[0], VERSION)); + DEBUGADD(1,( "Copyright Andrew Tridgell 1992-1999\n")); + + DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n", + (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid())); + + if (sizeof(uint16) < 2 || sizeof(uint32) < 4) { + DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n")); + exit(1); + } + + get_myname(myhostname,NULL); + + if (!reload_services(False)) + return(-1); + + init_structs(); + +#ifdef WITH_PROFILE + if (!profile_setup(False)) { + DEBUG(0,("ERROR: failed to setup profiling\n")); + return -1; + } +#endif + + /* + * Set the machine NETBIOS name if not already + * set from the config file. + */ + if (!*global_myname) + { + fstrcpy(global_myname, dns_to_netbios_name(myhostname)); + } + strupper(global_myname); + + codepage_initialise(lp_client_code_page()); + + CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); + + /* Setup the signals that allow the debug log level + to by dynamically changed. */ + + /* If we are using the malloc debug code we can't use + SIGUSR1 and SIGUSR2 to do debug level changes. */ + +#ifndef MEM_MAN +#if defined(SIGUSR1) + CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); +#endif /* SIGUSR1 */ + +#if defined(SIGUSR2) + CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); +#endif /* SIGUSR2 */ +#endif /* MEM_MAN */ + + DEBUG(3,( "loaded services\n")); + + if (!is_daemon && !is_a_socket(0)) { + DEBUG(0,("standard input is not a socket, assuming -D option\n")); + is_daemon = True; + } + + if (is_daemon) { + DEBUG( 3, ( "Becoming a daemon.\n" ) ); + become_daemon(); + } + + if (!directory_exist(lp_lockdir(), NULL)) { + mkdir(lp_lockdir(), 0755); + } + + if (is_daemon) { + pidfile_create(pipe_name); + } + + ClientMSRPC = open_sockets(is_daemon); + if (ClientMSRPC == -1) + { + exit_server("open socket failed"); + } + + if (!locking_init(0)) + exit(1); + + /* possibly reload the services file. */ + reload_services(True); + + if (*lp_rootdir()) { + if (sys_chroot(lp_rootdir()) == 0) + DEBUG(2,("Changed root to %s\n", lp_rootdir())); + } + + msrpc_service_init(); + + ZERO_STRUCT(static_pipe); + fstrcpy(static_pipe.name, pipe_name); + if (msrpcd_init(ClientMSRPC, &static_pipe)) + { + reload_services(False); + msrpcd_process(ClientMSRPC, &static_pipe); + } + if (ClientMSRPC != -1) + { + close(ClientMSRPC); + } + + exit_server("normal exit"); + return(0); +} diff --git a/source3/lsarpcd/lsarpcd_process.c b/source3/msrpc/msrpcd_process.c index e33de5ce57..240087be14 100644 --- a/source3/lsarpcd/lsarpcd_process.c +++ b/source3/msrpc/msrpcd_process.c @@ -24,7 +24,6 @@ extern int DEBUGLEVEL; time_t smb_last_time=(time_t)0; -static struct pipes_struct static_pipe; char *InBuffer = NULL; char *OutBuffer = NULL; @@ -73,10 +72,9 @@ extern int max_send; The timeout is in milli seconds ****************************************************************************/ -static BOOL receive_message_or_smb(char *buffer, int buffer_len, +static BOOL receive_message_or_msrpc(int c, char *buffer, int buffer_len, int timeout, BOOL *got_smb) { - extern int Client; fd_set fds; int selrtn; struct timeval to; @@ -96,13 +94,13 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, */ FD_ZERO(&fds); - FD_SET(Client,&fds); + FD_SET(c,&fds); maxfd = 0; to.tv_sec = timeout / 1000; to.tv_usec = (timeout % 1000) * 1000; - selrtn = sys_select(MAX(maxfd,Client)+1,&fds,NULL, timeout>0?&to:NULL); + selrtn = sys_select(MAX(maxfd,c)+1,&fds,NULL, timeout>0?&to:NULL); /* Check if error */ if(selrtn == -1) { @@ -117,44 +115,14 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, return False; } - if (FD_ISSET(Client,&fds)) + if (FD_ISSET(c,&fds)) { *got_smb = True; - return receive_smb(Client, buffer, 0); + return receive_smb(c, buffer, 0); } return False; } -/**************************************************************************** -Get the next SMB packet, doing the local message processing automatically. -****************************************************************************/ - -BOOL receive_next_smb(char *inbuf, int bufsize, int timeout) -{ - BOOL got_smb = False; - BOOL ret; - - do - { - ret = receive_message_or_smb(inbuf,bufsize,timeout,&got_smb); - - if(ret && !got_smb) - { - continue; - } - - if(ret && (CVAL(inbuf,0) == 0x85)) - { - /* Keepalive packet. */ - got_smb = False; - } - - } - while(ret && !got_smb); - - return ret; -} - /* These flags determine some of the permissions required to do an operation @@ -179,11 +147,11 @@ force write permissions on print services. /**************************************************************************** do a switch on the message type, and return the response size ****************************************************************************/ -static int do_message(char *inbuf,char *outbuf,int size,int bufsize) +static int do_message(pipes_struct *p, + char *inbuf,char *outbuf,int size,int bufsize) { static int pid= -1; - pipes_struct *p = &static_pipe; prs_struct pd; int outsize = -1; @@ -213,12 +181,13 @@ static int do_message(char *inbuf,char *outbuf,int size,int bufsize) /**************************************************************************** construct a reply to the incoming packet ****************************************************************************/ -static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) +static int construct_reply(pipes_struct *p, + char *inbuf,char *outbuf,int size,int bufsize) { int outsize = 0; smb_last_time = time(NULL); - outsize = do_message(inbuf,outbuf,size,bufsize) + 4; + outsize = do_message(p, inbuf,outbuf,size,bufsize) + 4; if(outsize > 4) _smb_setlen(outbuf,outsize - 4); @@ -230,9 +199,8 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) process an smb from the client - split out from the process() code so it can be used by the oplock break code. ****************************************************************************/ -void process_smb(char *inbuf, char *outbuf) +static void process_msrpc(pipes_struct *p, int c, char *inbuf, char *outbuf) { - extern int Client; static int trans_num; int32 len = smb_len(inbuf); int nread = len + 4; @@ -242,11 +210,11 @@ void process_smb(char *inbuf, char *outbuf) deny parameters before doing any parsing of the packet passed to us by the client. This prevents attacks on our parsing code from hosts not in the hosts allow list */ - if (!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1))) { + if (!check_access(c, lp_hostsallow(-1), lp_hostsdeny(-1))) { /* send a negative session response "not listining on calling name" */ DEBUG( 1, ( "Connection denied from %s\n", - client_addr(Client) ) ); + client_addr(c) ) ); exit_server("connection denied"); } } @@ -264,7 +232,7 @@ void process_smb(char *inbuf, char *outbuf) } #endif - nread = construct_reply(inbuf,outbuf,nread,max_send); + nread = construct_reply(p, inbuf,outbuf,nread,max_send); if(nread > 0) { @@ -276,19 +244,20 @@ void process_smb(char *inbuf, char *outbuf) nread, smb_len(outbuf))); } else - send_smb(Client,outbuf); + send_smb(c,outbuf); } trans_num++; } - -BOOL get_user_creds(struct user_creds *usr) +/**************************************************************************** + reads user credentials from the socket +****************************************************************************/ +BOOL get_user_creds(int c, struct user_creds *usr) { pstring buf; int rl; uint32 len; BOOL new_con = False; - extern int Client; uint32 status; CREDS_CMD cmd; @@ -300,7 +269,7 @@ BOOL get_user_creds(struct user_creds *usr) DEBUG(10,("get_user_creds: first request\n")); - rl = read(Client, &buf, sizeof(len)); + rl = read(c, &buf, sizeof(len)); if (rl != sizeof(len)) { @@ -317,7 +286,7 @@ BOOL get_user_creds(struct user_creds *usr) return False; } - rl = read(Client, buf, len); + rl = read(c, buf, len); if (rl < 0) { @@ -370,7 +339,7 @@ BOOL get_user_creds(struct user_creds *usr) status = new_con ? 0x0 : 0x1; - if (write(Client, &status, sizeof(status)) != + if (write(c, &status, sizeof(status)) != sizeof(status)) { return False; @@ -380,22 +349,18 @@ BOOL get_user_creds(struct user_creds *usr) } /**************************************************************************** - process commands from the client + initialise from pipe ****************************************************************************/ -void lsarpcd_process(void) +BOOL msrpcd_init(int c, pipes_struct *p) { struct user_creds usr; gid_t *groups = NULL; - ZERO_STRUCT(static_pipe); - - fstrcpy(static_pipe.name, "lsarpc"); - - if (!get_user_creds(&usr)) + if (!get_user_creds(c, &usr)) { DEBUG(0,("authentication failed\n")); free_user_creds(&usr); - return; + return False; } if (usr.uxs.num_grps != 0) @@ -404,7 +369,7 @@ void lsarpcd_process(void) groups = malloc(usr.uxs.num_grps * sizeof(groups[0])); if (groups == NULL) { - return; + return False; } for (i = 0; i < usr.uxs.num_grps; i++) { @@ -412,7 +377,7 @@ void lsarpcd_process(void) } } - static_pipe.vuid = create_vuid(usr.uxs.uid, usr.uxs.gid, + p->vuid = create_vuid(usr.uxs.uid, usr.uxs.gid, usr.uxs.num_grps, groups, usr.uxc.user_name, usr.uxc.requested_name, @@ -420,23 +385,34 @@ void lsarpcd_process(void) usr.uxc.guest, usr.ntc.pwd.sess_key); - if (static_pipe.vuid == UID_FIELD_INVALID) + if (p->vuid == UID_FIELD_INVALID) { - return; + return False; } free_user_creds(&usr); - become_vuser(static_pipe.vuid); + if (!become_vuser(p->vuid)) + { + return False; + } - static_pipe.l = malloc(sizeof(*static_pipe.l)); - if (static_pipe.l == NULL) + p->l = malloc(sizeof(*p->l)); + if (p->l == NULL) { - return; + return False; } - ZERO_STRUCTP(static_pipe.l); + ZERO_STRUCTP(p->l); + return True; +} + +/**************************************************************************** + process commands from the client +****************************************************************************/ +void msrpcd_process(int c, pipes_struct *p) +{ InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); if ((InBuffer == NULL) || (OutBuffer == NULL)) @@ -459,7 +435,7 @@ void lsarpcd_process(void) errno = 0; for (counter=SMBD_SELECT_LOOP; - !receive_message_or_smb(InBuffer,BUFFER_SIZE, + !receive_message_or_msrpc(c, InBuffer,BUFFER_SIZE, SMBD_SELECT_LOOP*1000,&got_smb); counter += SMBD_SELECT_LOOP) { @@ -486,9 +462,6 @@ void lsarpcd_process(void) t = time(NULL); - /* become root again if waiting */ - unbecome_vuser(); - /* check for smb.conf reload */ if (counter >= service_load_counter + SMBD_RELOAD_CHECK) { @@ -523,6 +496,6 @@ void lsarpcd_process(void) } if(got_smb) - process_smb(InBuffer, OutBuffer); + process_msrpc(p, c, InBuffer, OutBuffer); } } diff --git a/source3/netlogond/netlogond.c b/source3/netlogond/netlogond.c new file mode 100644 index 0000000000..fb0ace784d --- /dev/null +++ b/source3/netlogond/netlogond.c @@ -0,0 +1,134 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; +extern int DEBUGLEVEL; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ + if (!pwdb_initialise(True)) + { + exit(-1); + } + + if(!initialise_sam_password_db()) + { + exit(-1); + } + + if(!initialise_passgrp_db()) + { + exit(-1); + } + + if(!initialise_group_db()) + { + exit(-1); + } + + if(!initialise_alias_db()) + { + exit(-1); + } + + if(!initialise_builtin_db()) + { + exit(-1); + } + + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(-1); + } +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "NETLOGON"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_netlog_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index d2a7b0bdf9..7a73bf5932 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -243,13 +243,13 @@ BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *mynam * Get the trust account password. */ if(!trust_password_lock( domain, myname, False)) { - DEBUG(0,("domain_client_validate: unable to open the trust account password file for \ + DEBUG(0,("trust_get_passwd: unable to open the trust account password file for \ trust %s in domain %s.\n", myname, domain )); return False; } if(get_trust_account_password( trust_passwd, &lct) == False) { - DEBUG(0,("domain_client_validate: unable to read the trust account password for \ + DEBUG(0,("trust_get_passwd: unable to read the trust account password for \ trust %s in domain %s.\n", myname, domain )); trust_password_unlock(); return False; diff --git a/source3/rpc_client/cli_connect.c b/source3/rpc_client/cli_connect.c index fcca3e44ff..f935b53044 100644 --- a/source3/rpc_client/cli_connect.c +++ b/source3/rpc_client/cli_connect.c @@ -96,7 +96,7 @@ static struct cli_connection *cli_con_get(const char* srv_name, con->pipe_name = strdup(pipe_name); } - con->cli = cli_net_use_add(srv_name, usr_creds, False, reuse); + con->cli = cli_net_use_add(srv_name, usr_creds, True, reuse); if (con->cli == NULL) { diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 2b620f036e..7ddbb9dbe4 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -62,7 +62,7 @@ BOOL spoolss_enum_printers(uint32 flags, const char *srv_name, DEBUG(5,("SPOOLSS Enum Printers (Server: %s level: %d)\n", srv_name, level)); - make_spoolss_q_enumprinters(&q_o, flags, srv_name, level, 0x50); + make_spoolss_q_enumprinters(&q_o, flags, srv_name, level, 0x200); /* turn parameters into data stream */ spoolss_io_q_enumprinters("", &q_o, &buf, 0); diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index b28b2dcc75..5cb6179936 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -2024,8 +2024,11 @@ BOOL spoolss_io_r_enumprinters(char *desc, PRINTER_INFO_1 *info1; PRINTER_INFO_2 *info2; + fstring tmp; - prs_debug(ps, depth, desc, "spoolss_io_r_enumprinters"); + slprintf(tmp, sizeof(tmp)-1, "spoolss_io_r_enumprinters %d", r_u->level); + + prs_debug(ps, depth, desc, tmp); depth++; prs_align(ps); prs_uint32("pointer", ps, depth, &useless_ptr); diff --git a/source3/rpc_server/srv_brs.c b/source3/rpc_server/srv_brs.c index cde5a79beb..c9abab20be 100644 --- a/source3/rpc_server/srv_brs.c +++ b/source3/rpc_server/srv_brs.c @@ -93,6 +93,6 @@ struct api_struct api_brs_cmds[] = ********************************************************************/ BOOL api_brs_rpc(rpcsrv_struct *p, prs_struct *data) { - return api_rpcTNP(p, "api_brssvc_rpc", api_brs_cmds, data); + return api_rpcTNP(p, "api_brs_rpc", api_brs_cmds, data); } diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 22788508eb..9721b3bf00 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -334,6 +334,13 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) return True; } + if (strequal(mach_name, global_myname)) + { + DEBUG(0,("get_md4pw: *** LOOPBACK DETECTED - USING NULL KEY ***\n")); + memset(md4pw, 0, 16); + return True; + } + DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); return False; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 73a06b208c..d15cc1248c 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -231,8 +231,6 @@ static BOOL api_pipe_ntlmssp_verify(rpcsrv_struct *l) size_t wks_len; BOOL anonymous = False; - struct smb_passwd *smb_pass = NULL; - memset(null_pwd, 0, sizeof(null_pwd)); DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -304,19 +302,13 @@ static BOOL api_pipe_ntlmssp_verify(rpcsrv_struct *l) else { DEBUG(5,("user: %s domain: %s wks: %s\n", l->user_name, l->domain, l->wks)); - become_root(True); - smb_pass = getsmbpwnam(l->user_name); - l->ntlmssp_validated = pass_check_smb(smb_pass, l->domain, + become_root(False); + l->ntlmssp_validated = check_domain_security(l->user_name, l->domain, (uchar*)l->ntlmssp_chal.challenge, lm_owf, lm_owf_len, nt_owf, nt_owf_len, - NULL, l->user_sess_key); - unbecome_root(True); - - if (smb_pass != NULL) - { - pwd = smb_pass->smb_passwd; - } + l->user_sess_key); + unbecome_root(False); } if (l->ntlmssp_validated && pwd != NULL) @@ -463,20 +455,6 @@ static struct api_cmd* add_api_cmd_to_array(uint32 *len, } -#if 0 -{ - { "lsarpc", "lsass", api_ntlsa_rpc }, - { "samr", "lsass", api_samr_rpc }, - { "srvsvc", "ntsvcs", api_srvsvc_rpc }, - { "wkssvc", "ntsvcs", api_wkssvc_rpc }, - { "browser", "ntsvcs", api_brs_rpc }, - { "svcctl", "ntsvcs", api_svcctl_rpc }, - { "NETLOGON", "lsass", api_netlog_rpc }, - { "winreg", "winreg", api_reg_rpc }, - { "spoolss", "spoolss", api_spoolss_rpc }, - { NULL, NULL, NULL } -}; -#endif void close_msrpc_command_processor(void) { diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8a28674d3d..f8bde1bf9b 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -135,14 +135,13 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); } - if (strequal(pipe_name, "lsarpc")) + m = msrpc_use_add(pipe_name, &usr, False); + if (m == NULL) { - m = msrpc_use_add(pipe_name, &usr, False); - if (m == NULL) - { - DEBUG(5,("open pipes: msrpc redirect failed\n")); - return NULL; - } + DEBUG(5,("open pipes: msrpc redirect failed\n")); + return NULL; + } +#if 0 } else { @@ -164,6 +163,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, memcpy(l->user_sess_key, vuser->user_sess_key, sizeof(l->user_sess_key)); } +#endif p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c index 8d8d8f0167..275db6e12b 100644 --- a/source3/rpcclient/cmd_reg.c +++ b/source3/rpcclient/cmd_reg.c @@ -326,6 +326,7 @@ void cmd_reg_query_info(struct client_info *info, int argc, char *argv[]) { BOOL res = True; BOOL res1 = True; + BOOL res2 = True; POLICY_HND key_pol; POLICY_HND pol_con; @@ -379,10 +380,10 @@ void cmd_reg_query_info(struct client_info *info, int argc, char *argv[]) } /* query it */ - res1 = res1 ? reg_query_info(&key_pol, + res2 = res1 ? reg_query_info(&key_pol, val_name, &type, &buf) : False; - if (res1) + if (res2) { reg_display_val_info(full_keyname, val_name, type, &buf); } @@ -394,7 +395,7 @@ void cmd_reg_query_info(struct client_info *info, int argc, char *argv[]) } res = res ? reg_close(&pol_con) : False; - if (res && res1) + if (res2) { DEBUG(5,("cmd_reg_query: query succeeded\n")); } diff --git a/source3/samrd/samrd.c b/source3/samrd/samrd.c new file mode 100644 index 0000000000..40ebf45b51 --- /dev/null +++ b/source3/samrd/samrd.c @@ -0,0 +1,134 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; +extern int DEBUGLEVEL; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ + if (!pwdb_initialise(True)) + { + exit(-1); + } + + if(!initialise_sam_password_db()) + { + exit(-1); + } + + if(!initialise_passgrp_db()) + { + exit(-1); + } + + if(!initialise_group_db()) + { + exit(-1); + } + + if(!initialise_alias_db()) + { + exit(-1); + } + + if(!initialise_builtin_db()) + { + exit(-1); + } + + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(-1); + } +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "samr"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_samr_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 91f727701c..fa46a74c14 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -606,132 +606,3 @@ use this machine as the password server.\n")); return(True); } -/*********************************************************************** - Do the same as security=server, but using NT Domain calls and a session - key from the workstation trust account password. -************************************************************************/ - -BOOL domain_client_validate( char *user, char *domain, - char *acct_name, uint16 acct_type, - char *smb_apasswd, int smb_apasslen, - char *smb_ntpasswd, int smb_ntpasslen, - uchar user_sess_key[16]) -{ - unsigned char local_challenge[8]; - unsigned char local_lm_response[24]; - unsigned char local_nt_reponse[24]; - unsigned char trust_passwd[16]; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 info3; - uint32 smb_uid_low; - fstring trust_acct; - fstring srv_name; - - fstrcpy(trust_acct, acct_name); - fstrcat(trust_acct, "$"); - - /* - * Check that the requested domain is not our own machine name. - * If it is, we should never check the PDC here, we use our own local - * password file. - */ - - if(strequal( domain, global_myname)) - { - DEBUG(3,("domain_client_validate: Requested domain was for this machine.\n")); - return False; - } - - if (!get_any_dc_name(domain, srv_name)) - { - DEBUG(3,("domain_client_validate: could not find domain %s\n", - domain)); - return False; - } - - /* - * Next, check that the passwords given were encrypted. - */ - - if(((smb_apasslen != 24) && (smb_apasslen != 0)) || - ((smb_ntpasslen <= 24) && (smb_ntpasslen != 0))) - { - /* - * Not encrypted - do so. - */ - - DEBUG(3,("domain_client_validate: User passwords not in encrypted format.\n")); - generate_random_buffer( local_challenge, 8, False); - SMBencrypt( (uchar *)smb_apasswd, local_challenge, local_lm_response); - SMBNTencrypt((uchar *)smb_ntpasswd, local_challenge, local_nt_reponse); - smb_apasslen = 24; - smb_ntpasslen = 24; - smb_apasswd = (char *)local_lm_response; - smb_ntpasswd = (char *)local_nt_reponse; - } - else - { - /* - * Encrypted - get the challenge we sent for these - * responses. - */ - - if (!last_challenge(local_challenge)) - { - DEBUG(0,("domain_client_validate: no challenge done - password failed\n")); - return False; - } - } - - /* - * Get the workstation trust account password. - */ - if (!trust_get_passwd( trust_passwd, domain, acct_name)) - { - return False; - } - - /* - * At this point, smb_apasswd points to the lanman response to - * the challenge in local_challenge, and smb_ntpasswd points to - * the NT response to the challenge in local_challenge. Ship - * these over the secure channel to a domain controller and - * see if they were valid. - */ - - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - if(cli_nt_setup_creds(srv_name, global_myname, trust_acct, - trust_passwd, acct_type) != 0x0) - { - DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \ - %s.\n", srv_name)); - return False; - } - - /* We really don't care what LUID we give the user. */ - generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); - - if (!cli_nt_login_network(srv_name, global_myname, - domain, user, - smb_uid_low, (char *)local_challenge, - ((smb_apasslen != 0) ? smb_apasswd : NULL), - ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL), - &ctr, &info3)) - { - DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \ - %s to Domain controller %s.\n", user, domain, srv_name)); - return False; - } - - /* - * Here, if we really want it, we have lots of info about the user in info3. - * LKCLXXXX - really important to check things like "is this user acct - * locked out / disabled" etc!!!! - */ - - return True; -} diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 81f2a9beb9..10146c1287 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -496,41 +496,6 @@ static BOOL check_server_security(char *orig_user, char *domain, } /**************************************************************************** - Check for a valid username and password in security=domain mode. -****************************************************************************/ - -static BOOL check_domain_security(char *orig_user, char *domain, - char *smb_apasswd, int smb_apasslen, - char *smb_ntpasswd, int smb_ntpasslen, - uchar user_sess_key[16]) -{ - fstring acct_name; - uint16 acct_type = 0; - - if (lp_security() == SEC_SHARE || lp_security() == SEC_SERVER) - { - return False; - } - - if (lp_security() == SEC_DOMAIN && strequal(domain, global_myworkgroup)) - { - fstrcpy(acct_name, global_myname); - acct_type = SEC_CHAN_WKSTA; - } - else - { - fstrcpy(acct_name, global_myworkgroup); - acct_type = SEC_CHAN_DOMAIN; - } - - return domain_client_validate(orig_user, domain, - acct_name, acct_type, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen, - user_sess_key); -} - -/**************************************************************************** reply to a session setup command ****************************************************************************/ @@ -552,6 +517,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int static BOOL done_sesssetup = False; BOOL doencrypt = SMBENCRYPT(); char *domain = ""; + uchar last_chal[8]; *smb_apasswd = 0; *smb_ntpasswd = 0; @@ -736,7 +702,9 @@ user %s attempted down-level SMB connection\n", user)); !check_server_security(orig_user, domain, smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) && + !last_challenge(last_chal) && !check_domain_security(orig_user, domain, + last_chal, smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen, user_sess_key) && !check_hosts_equiv(user) diff --git a/source3/smbd/server.c b/source3/smbd/server.c index f6ea8ecb65..bdb2827483 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -480,7 +480,6 @@ static void init_structs(void) { exit_server("could not allocate policy handles\n"); } - init_printer_hnd(); /* for SPOOLSS handles */ init_dptrs(); init_dfs_table(); } @@ -678,16 +677,6 @@ static void usage(char *pname) } #endif /* WITH_SSL */ - start_msrpc_agent("lsarpc"); - add_msrpc_command_processor( "samr", "lsass", api_samr_rpc ); - add_msrpc_command_processor( "srvsvc", "ntsvcs", api_srvsvc_rpc ); - add_msrpc_command_processor( "wkssvc", "ntsvcs", api_wkssvc_rpc ); - add_msrpc_command_processor( "browser", "ntsvcs", api_brs_rpc ); - add_msrpc_command_processor( "svcctl", "ntsvcs", api_svcctl_rpc ); - add_msrpc_command_processor( "NETLOGON", "lsass", api_netlog_rpc ); - add_msrpc_command_processor( "winreg", "winreg", api_reg_rpc ); - add_msrpc_command_processor( "spoolss", "spoolss", api_spoolss_rpc ); - codepage_initialise(lp_client_code_page()); if (!pwdb_initialise(True)) diff --git a/source3/spoolssd/spoolssd.c b/source3/spoolssd/spoolssd.c new file mode 100644 index 0000000000..7ea5195009 --- /dev/null +++ b/source3/spoolssd/spoolssd.c @@ -0,0 +1,100 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ + init_printer_hnd(); /* for SPOOLSS handles */ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + load_printers(); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "spoolss"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_spoolss_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/srvsvcd/srvsvcd.c b/source3/srvsvcd/srvsvcd.c new file mode 100644 index 0000000000..78c64a200b --- /dev/null +++ b/source3/srvsvcd/srvsvcd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "srvsvc"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_srvsvc_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/svcctld/svcctld.c b/source3/svcctld/svcctld.c new file mode 100644 index 0000000000..95470ad4a4 --- /dev/null +++ b/source3/svcctld/svcctld.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "svcctl"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_svcctl_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index a1a870a674..3b87687c26 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -794,8 +794,6 @@ int main(int argc, char **argv) load_interfaces(); - init_policy_hnd(64); - if(!pwdb_initialise(False)) { fprintf(stderr, "Can't setup password database vectors.\n"); diff --git a/source3/winregd/winregd.c b/source3/winregd/winregd.c new file mode 100644 index 0000000000..c317ddd6f4 --- /dev/null +++ b/source3/winregd/winregd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "winreg"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_reg_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/wkssvcd/wkssvcd.c b/source3/wkssvcd/wkssvcd.c new file mode 100644 index 0000000000..dcb5bb98ee --- /dev/null +++ b/source3/wkssvcd/wkssvcd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "wkssvc"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_wkssvc_rpc ); + + return msrpc_main(argc, argv); +} |