summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa.c
AgeCommit message (Collapse)AuthorFilesLines
2000-04-22This is a *big* checkin that may break some things, but implements theJeremy Allison1-2/+6
new open mechanism Andrew & I discussed. config.sub: configure: Included the QNX patch. include/vfs.h: smbd/vfs-wrap.c: smbd/vfs.c: Added ftruncate vfs call (needed). Note that we will also need locking calls in the vfs (to be added). lib/util_unistr.c: nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump. Also fix for sidsize DOS bug. locking/locking.c: Check value of ret before using it for memdup. printing/printing.c: Convert print_fsp_open to return an allocated fsp. rpc_server/srv_lsa.c: Fix for NT domain logons. I have removed all use of lp_share_modes() from the code (although I left the parameter in the table for backwards compatibility). It no longer makes sense for this to exist. smbd/close.c: Removed lp_share_modes(). smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code. smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail. smbd/nttrans.c: smbd/reply.c: smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/ open_file_stat to return an fsp from the call. smbd/open.c: Changed all occurrences of open_file_shared/open_directory/ open_file_stat to return an fsp from the call. In addition I have fixed a long standing race condition in the deny mode processing w.r.t. two smbd's creating a file. Andrew, please note that your original idea of using open with O_EXCL in this case would not work (I went over the races very carefully) and so we must re-check deny modes *after* the open() call returns. This is because there is a race between the open with O_EXCL and the lock of the share mode entry. Imagine the case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL, but is pre-empted before it locks the share modes and creates the deny mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY and a deny mode of DENY_NONE and the two opens would be allowed. The *only* way to fix this race is to lock the share modes after the open and then do the deny mode checks *after* this lock in the case where the file did not originally exist. This code will need extensive testing but seems to initially work. Jeremy. (This used to be commit ab0ecc39d688f16b9692fe90b991f0b89287070a)
2000-04-04Removed unused parameter vuid from rpc_server api_* calls. For the very fewTim Potter1-17/+8
functions that need to access the vuid, it can be obtained from the current_user global. Did some whitespace cleanup. (This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-24/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+24
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-255/+252
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-10/+10
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-11-24rewrote policy handle code to be generic (it's needed for client-side too)Luke Leighton1-5/+5
attempted to fix regsetsec command (This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
1999-11-19nt5rc2 falling over because the LsaQueryInfoPolicy() response _must_Luke Leighton1-1/+2
have the string max length = string length + 1. if not, then it gets its knickers in a twist over whether the string is NULL-terminated or not. four days. four days i spent on this one. (This used to be commit 9795e5948c698115e34c28993cdb82ba31377f5d)
1999-11-18added regqueryval command (experimental) to get reg_io_q_info() andLuke Leighton1-14/+38
reg_io_r_info() working properly. previously they weren't well understood (well, they were the first of the registry functions i did, back in december 97, ok??? :-) set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv. (This used to be commit 98ddeaf442cb30972cb281bf0489a6e5f7eb2883)
1999-09-09allan hourihane sent log 100 in which showed that some really old codeLuke Leighton1-15/+4
for lsa_close response was messing up. fixed by calling lsa_io_r_close() which i've been meaning to do for over eighteen months. (This used to be commit f9a0ea09486b18a130ce1a1e5381ca61e0293c75)
1999-07-26commented location where lookup_sids(), a direct call to the passwordLuke Leighton1-0/+3
database API, needs to be replaced with over-the-wire (actually, tcp/ip loopback) to smbd. in fact, this is the location where, if we want to put in an nt5 ldap lookup system or netware NDS instead, we make the calls to resolve users-to-sids and vice-versa: NOT by replacing rpc_server/srv_samr.c. (This used to be commit fd886af3317ca806c9c28f71afca5c7b063c1226)
1999-05-03last part of RPC api change.Jean-François Micouleau1-8/+8
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-03-24removed 2 unnecessary args from make_uni_hdr.Luke Leighton1-1/+1
(This used to be commit f84dede27e16a5f02ee6d02fe2d16f2661c65470)
1999-03-24Fixed LSA Lookup Names. There were a few too many NULL pointers in aMatthew Chapman1-13/+30
negative response, which tended to crash lsass.exe. (This used to be commit 6d03f61d2536630968007958345cf44a42b03584)
1999-02-15Always null-terminate strings.Matthew Chapman1-2/+2
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-2/+2
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1998-12-20fix for potential lsass.exe crashing due to negative response fromLuke Leighton1-1/+1
LsaLookupNames being incorrect. this is a bit wierd: why would the lsass.exe on the nt _client_ crash due to an LsaLookupNames response from a samba _server_? (This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
1998-12-14added sid_name_use array argument to lsa_lookup_names and lsa_lookup_sids.Luke Leighton1-1/+1
(This used to be commit 0b2095e092d747f741e78a3349f0b81a72811629)
1998-12-07- lib/unix_sec_ctxt.cLuke Leighton1-48/+85
attempt at taking lib/uid.c and getting a unix security context change module that is independent of "cnums" and "snums". a security context is needed for pipes, not just IPC$ or other services. - group database API added add_group/alias_member, del_group/alias_member, del_group/alias_entry functions. del_builtin_entry() is deliberately set to NULL to cause an exception, you cannot delete builtin aliases. - parse_lsa.c srv_lsa.c fixed lookup_names code, it was a load of trash and didn't do anything. - cmd_samr.c rpcclient.c srv_samr.c added "deletegroup", "deletealias", "delaliasmem", "delgroupmem", "addgroupmem", "addaliasmem", "createalias", "creategroup", to both client and server code. server code calls into unix stubs right now, which don't actually do anything. the only instance where they are expected to do anything is in appliance mode NOT even in the ldap code or anything. client code modified to call samr_lookup_names() for group code (because we can) and lsa_lookup_names() for alias code (because we have to). - srv_lookup.c oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name instead of DOMAIN, name. (This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-11-30- adding builtin[alias]db.Luke Leighton1-4/+3
- lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton1-12/+12
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-23unix instance of group database APILuke Leighton1-15/+19
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-134/+137
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-10rpcclient registry commands.Luke Leighton1-1/+1
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
1998-10-23set netlogon negotiation flags to 0x1ff, not to what the client requests.Luke Leighton1-9/+10
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4. (This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
1998-10-22bug fix in lsa_trans_names.Luke Leighton1-1/+3
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does decimal not hexadecimal oops. (This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-4/+4
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-15bug-fixing against:Luke Leighton1-0/+42
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-09-30lsa_lookup_sids command added. severe debugging needed on lookup_sidsLuke Leighton1-60/+85
code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-30/+40
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-08-26use a separate ZERO_ARRAY() macro instead of ZERO_STRUCT() forAndrew Tridgell1-1/+1
arrays. This prevents (harmless) warnings from some compilers (This used to be commit c2da46d1d0820a86e7f77506563cfe7f67b08fee)
1998-08-24Changed ASSERT macros to SMB_ASSERT macros as some systems alreadyJeremy Allison1-4/+4
have an ASSERT macro defined. Jeremy. (This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
1998-08-22added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberallyAndrew Tridgell1-0/+8
in the rpc code. (This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)
1998-08-21use ZERO_STRUCT() to initialise lots of structures.Andrew Tridgell1-1/+30
Luke, you need to do something similar in the rest of the rpc code. Have fun! (This used to be commit bdd8aaa544780898e20189195d4019b9beb4445c)
1998-06-10De-coupled the mapping of a Windows to UNIX username from the Get_PwnamJeremy Allison1-1/+12
username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
1998-05-24more warnings, from Tim WindersLuke Leighton1-1/+1
(This used to be commit eb157d6da4719b415a1f5202364aa77f2596bc03)
1998-05-18- renamed some of the passdb.c functions: they have a prefix pdb_ on themLuke Leighton1-1/+1
- split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
1998-05-14Fixed dce/rpc to use global_machine_sid (auto generated in server.c ifJeremy Allison1-10/+4
not present in smb.conf). Jeremy. (This used to be commit e7c1100390b714bf2f489a9032156b0c9272e403)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison1-32/+43
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+444
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)