summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_netlog.c
AgeCommit message (Collapse)AuthorFilesLines
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-756/+79
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-94/+83
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-09-06Fix for the SID history problem when using a Win2k domain controllerJeremy Allison1-8/+9
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs. Jeremy. (This used to be commit 2b1f66eb82f05fe0b85ac5b4916e32847b8de675)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-14/+14
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-06-23Removed save directory argument to become_root() calls. Probably most ofTim Potter1-8/+8
this stuff doesn't need to be done as root anyway. (This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
2000-06-16Simplified server pipe implementation by changing arguments passed downTim Potter1-18/+29
through to the individual pipe api calls. Instead of passing two prs_struct pointers, we now pass the pipes_struct pointer which contains the former information as well as other useful stuff like the vuid. Removed dependency on extern current_user and fetch the vuid from the pipes_struct. (This used to be commit 1b06451fff11f54be7def4a427a1528bbb52f3d7)
2000-06-09do some standard_sub_advanced() in api_net_sam_logon on lp_logon_xxx().Jean-François Micouleau1-4/+16
and if you have unix realname=yes, you get the gecos name when locking the station. J.F. (This used to be commit b5ad24ae0b15643df5832e2369fb4e43c98a1359)
2000-05-10more merging voodooAndrew Tridgell1-0/+2
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-04 - use full_name instead of real_nameAndrew Tridgell1-1/+1
- got rid of guest map code in lpq parser (This used to be commit 8e53f781d3cf6a7007764916a0d8e8f1abea1f66)
2000-05-02split the username in the vuser structure into a separateAndrew Tridgell1-1/+1
userdom_struct. As the name implies this also contains a domain (unused at the moment). This will be important shortly, as operation in appliance mode needs the domain to be always carried with the username. (This used to be commit ee8546342d5be90e730372b985710d764564b124)
2000-04-11finally got sick of the "extern int Client" code and the stupidAndrew Tridgell1-1/+1
assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
2000-04-04Change to vfs API. POSIX states fsync should return an int, not a void.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 6c442d68afae4140e28b770343a900b5ce510b4a)
2000-04-04Removed unused parameter vuid from rpc_server api_* calls. For the very fewTim Potter1-214/+220
functions that need to access the vuid, it can be obtained from the current_user global. Did some whitespace cleanup. (This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
2000-03-22acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code.Jeremy Allison1-25/+0
include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
2000-03-22added the following message to all dce/rpc client/server code, exceptLuke Leighton1-0/+25
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-514/+420
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12final part of "first" phase converting over to msrpc daemon architecture.Luke Leighton1-0/+7
done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-85/+51
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-11-21adding user session key into network netlogon response.Luke Leighton1-9/+35
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
1999-11-16attempting to get nt5 wksta to join domain.Luke Leighton1-1/+1
1) had to fix samr "create user" and "set user info" (level 23). 2) had to fix netlogon enum trust domains 3) registry key needed \\ in it not \. (This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
1999-11-16added two new params: "trusted domains" and "trusting domains".Luke Leighton1-3/+7
these _may_ not actually ever get used, as trust relationships really need to be established with shared secrets, and you need to get the SID of the trusted and trusting domains, so this may have to go in a private/xxx.mac file. (This used to be commit 71f12138679251a9ebcada35969d9baea286a3e9)
1999-11-16Changes to implement NET_AUTH based on NET_AUTH2, to get Win2000Richard Sharpe1-2/+74
happier in joining a Samba domain. (This used to be commit 70274b5253182f3541584ecd844f07376a3d3df9)
1999-10-27rewrote api_net_sam_logon() to be a little clearer.Luke Leighton1-140/+136
(This used to be commit 3adc31083b5308e983e057c7b942242209d74f59)
1999-07-21Tim Potter spotted compile error: matthew had added BDC support to smbd,Luke Leighton1-2/+3
which i didn't know about! (This used to be commit 30620b93e5c476ba7bf09c459ab4b7bea3f67642)
1999-07-06oops, set password lengths to a boolean value.Luke Leighton1-2/+2
(This used to be commit e6d43ddb1bdb249f93dca65180964a61d281935b)
1999-06-29improving authentication code (tidyup).Luke Leighton1-31/+14
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-06-02Some more BDC-related fixes, mainly to the NET_SAM_SYNC RPC with respectMatthew Chapman1-0/+2
to alignment, missing fields, etc. - it should now work correctly. There is still the problem of decoding the private data field. (This used to be commit c3c25e762fbc30d5663323f23449c913f2ce4b0e)
1999-05-03last part of RPC api change.Jean-François Micouleau1-21/+21
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-04-08Mainly BDC-related changes.Matthew Chapman1-0/+78
* Added SEC_CHAN_BDC * Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A BUFFER2 is really a "unibuf" in my terminology and we should treat it as such. * Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4). * Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication. Still experimental and incomplete, with a few too many NULL security descriptors lying around (must go look at Jeremy's SD code). Haven't worked out password encryption yet either. However, the XXX_INFO structures I've added to rpc_netlogon.h are quite nice as they give some insight into how these objects are stored in the SAM. (This used to be commit 74d6dec25d6b44e26d3895f789f1958d5f4639ee)
1999-04-06Dejan Ilic: spotted "NETLOGON" bug, failure of NT_STATUS WRONG_PASSWORD.Luke Leighton1-3/+3
(This used to be commit 2f02a083b2f766d2f3d3f410377da7f552739345)
1999-03-10Greg Dickie: spotted bug where smb_nt_passwd could be NULL.Luke Leighton1-1/+8
(This used to be commit d8946f1cc7b77b06f346344ffdb4772e6d225396)
1999-02-15Always null-terminate strings.Matthew Chapman1-3/+3
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-8/+6
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-09pwdb_smb_to_sam was not returning NULL for nt name so thatLuke Leighton1-5/+5
pwdb_sam_map_names() was using a "blank" static string instead of a NULL pointer for nt names. NULL means over-ride, so the nt name got left as "blank". this causes nt clients to terminate with extreme prejudice. (This used to be commit ddd350198202d6a1d2c715b3dce7db3a5d76a63a)
1999-02-09Fix for NT BSOD problem. There's no reason to have two "NT usernames" runningMatthew Chapman1-3/+1
around anyway. The real problem is, once again, the brokenness of pwdb_sam_map_names et al. This time it is deciding to return blank NT usernames, which NT's redirector objects to. I'm currently working on improving the pwdb/mapping code, should be ready in a couple of weeks. (This used to be commit 30a085bf80982c619cd78aee9ad410ece5f88679)
1998-11-30attempting to fix "domain user map" up, but it's a bit complicated.Luke Leighton1-19/+62
i may simply go for a response in the NetSamLogon returning the unix username, forcing the NT user to appear to be a unix user, however even that is fraught with implications. might just have to go the whole hog and do this tuple thing, "unix_name + nt_name" always associated together... issue with api_net_sam_logon, getsam21pwent() being called twice, the second time overwriting static buffer data (argh) so had to make a copy. noticed a nested "become_root()"/"unbecome_root()" which will have to be tracked down... (This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
1998-11-29weekend work. user / group database API.Luke Leighton1-81/+42
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-25fixing group database issuesLuke Leighton1-9/+13
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
1998-11-25fixing domain join and domain login problemsLuke Leighton1-5/+1
(This used to be commit 90a24664318da97a6e8cfe4622a8573c0e3cbe5e)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-212/+204
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-12cleaning up conflicts between group code not yet committed andLuke Leighton1-3/+3
changes from yesterday by me, jeremy and andrew. jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user didn't exist (first check should be for smb_pass != NULL) (This used to be commit cbac0f165d351ba9497c222e55e453d781376e58)
1998-11-11rpc_server/srv_netlog.c: Fixed crash bug with ACB_PWNOTREQ.Jeremy Allison1-6/+7
script/makeyodldocs.sh: Added code to make text docs for non-man page YODL docs. web/cgi.c web/swat.c: SGI compiler warnings fixed. Jeremy. (This used to be commit 80e0f7e1071f032c5004aecb01a91d1397e6a161)
1998-10-23set netlogon negotiation flags to 0x1ff, not to what the client requests.Luke Leighton1-1/+4
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4. (This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-2/+2
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-16rpcclient ntlogin testLuke Leighton1-1/+12
(This used to be commit f69cf05ff56dffb313304964d5bf5e5aee2f40a7)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-13/+17
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-06-29nmbd_elections.c: Removed force elections code to bring into line with 1.9.18.Jeremy Allison1-3/+4
nmbd_namelistdb.c: Added comment for Chris. nmbd_subnetdb.c: Went back to Chris's comparison code as with the make_nmb_name change it all works now. lib/rpc/server/srv_netlog.c: Ensure we return 'account disabled' for disabled accounts, rather than crashing. Jeremy. (This used to be commit 4ab3d1682789319965a55edb37212b7671a743bb)
1998-06-10De-coupled the mapping of a Windows to UNIX username from the Get_PwnamJeremy Allison1-0/+10
username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
1998-06-09loadparm.c: Removed 'domain other sids' parameter.Jeremy Allison1-3/+1
lib/rpc/include/rpc_lsa.h: Changed #defines for RPC calls - moved some, made LSA_LOOKUPNAMES correct. lib/rpc/include/rpc_misc.h: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Changed bitmasks for uid to rid to be 1 bit. lib/rpc/parse/parse_misc.c: Changed make_unistr2 to put length as given, max length as one more. lib/rpc/server/srv_netlog.c: Removed 'domain other sids' parameter. lib/rpc/server/srv_samr.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. lib/rpc/server/srv_util.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Jeremy. (This used to be commit 34c91840a3d8c252715dc2f749b7a3b171a5b74f)
1998-06-05loadparm.c: Did it ! Changed defaults for 'case preserve' and 'short case ↵Jeremy Allison1-1/+11
preserve'. Also removed 'domain allow/deny' parameters. shmem_sysv.c: Added strerror code so I can see why sysV calls are failing. lib/rpc/server/srv_netlog.c: Removed code that used 'domain allow/deny' parameters - replaced with a comment so I will remember to fix this later. Jeremy. (This used to be commit 5f46c7c4b11a75f1ffbd806cde915b4bf28232db)