summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_netlog.c
AgeCommit message (Collapse)AuthorFilesLines
1999-07-21Tim Potter spotted compile error: matthew had added BDC support to smbd,Luke Leighton1-2/+3
which i didn't know about! (This used to be commit 30620b93e5c476ba7bf09c459ab4b7bea3f67642)
1999-07-06oops, set password lengths to a boolean value.Luke Leighton1-2/+2
(This used to be commit e6d43ddb1bdb249f93dca65180964a61d281935b)
1999-06-29improving authentication code (tidyup).Luke Leighton1-31/+14
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-06-02Some more BDC-related fixes, mainly to the NET_SAM_SYNC RPC with respectMatthew Chapman1-0/+2
to alignment, missing fields, etc. - it should now work correctly. There is still the problem of decoding the private data field. (This used to be commit c3c25e762fbc30d5663323f23449c913f2ce4b0e)
1999-05-03last part of RPC api change.Jean-François Micouleau1-21/+21
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-04-08Mainly BDC-related changes.Matthew Chapman1-0/+78
* Added SEC_CHAN_BDC * Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A BUFFER2 is really a "unibuf" in my terminology and we should treat it as such. * Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4). * Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication. Still experimental and incomplete, with a few too many NULL security descriptors lying around (must go look at Jeremy's SD code). Haven't worked out password encryption yet either. However, the XXX_INFO structures I've added to rpc_netlogon.h are quite nice as they give some insight into how these objects are stored in the SAM. (This used to be commit 74d6dec25d6b44e26d3895f789f1958d5f4639ee)
1999-04-06Dejan Ilic: spotted "NETLOGON" bug, failure of NT_STATUS WRONG_PASSWORD.Luke Leighton1-3/+3
(This used to be commit 2f02a083b2f766d2f3d3f410377da7f552739345)
1999-03-10Greg Dickie: spotted bug where smb_nt_passwd could be NULL.Luke Leighton1-1/+8
(This used to be commit d8946f1cc7b77b06f346344ffdb4772e6d225396)
1999-02-15Always null-terminate strings.Matthew Chapman1-3/+3
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-8/+6
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-09pwdb_smb_to_sam was not returning NULL for nt name so thatLuke Leighton1-5/+5
pwdb_sam_map_names() was using a "blank" static string instead of a NULL pointer for nt names. NULL means over-ride, so the nt name got left as "blank". this causes nt clients to terminate with extreme prejudice. (This used to be commit ddd350198202d6a1d2c715b3dce7db3a5d76a63a)
1999-02-09Fix for NT BSOD problem. There's no reason to have two "NT usernames" runningMatthew Chapman1-3/+1
around anyway. The real problem is, once again, the brokenness of pwdb_sam_map_names et al. This time it is deciding to return blank NT usernames, which NT's redirector objects to. I'm currently working on improving the pwdb/mapping code, should be ready in a couple of weeks. (This used to be commit 30a085bf80982c619cd78aee9ad410ece5f88679)
1998-11-30attempting to fix "domain user map" up, but it's a bit complicated.Luke Leighton1-19/+62
i may simply go for a response in the NetSamLogon returning the unix username, forcing the NT user to appear to be a unix user, however even that is fraught with implications. might just have to go the whole hog and do this tuple thing, "unix_name + nt_name" always associated together... issue with api_net_sam_logon, getsam21pwent() being called twice, the second time overwriting static buffer data (argh) so had to make a copy. noticed a nested "become_root()"/"unbecome_root()" which will have to be tracked down... (This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
1998-11-29weekend work. user / group database API.Luke Leighton1-81/+42
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-25fixing group database issuesLuke Leighton1-9/+13
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
1998-11-25fixing domain join and domain login problemsLuke Leighton1-5/+1
(This used to be commit 90a24664318da97a6e8cfe4622a8573c0e3cbe5e)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-212/+204
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-12cleaning up conflicts between group code not yet committed andLuke Leighton1-3/+3
changes from yesterday by me, jeremy and andrew. jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user didn't exist (first check should be for smb_pass != NULL) (This used to be commit cbac0f165d351ba9497c222e55e453d781376e58)
1998-11-11rpc_server/srv_netlog.c: Fixed crash bug with ACB_PWNOTREQ.Jeremy Allison1-6/+7
script/makeyodldocs.sh: Added code to make text docs for non-man page YODL docs. web/cgi.c web/swat.c: SGI compiler warnings fixed. Jeremy. (This used to be commit 80e0f7e1071f032c5004aecb01a91d1397e6a161)
1998-10-23set netlogon negotiation flags to 0x1ff, not to what the client requests.Luke Leighton1-1/+4
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4. (This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-2/+2
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-16rpcclient ntlogin testLuke Leighton1-1/+12
(This used to be commit f69cf05ff56dffb313304964d5bf5e5aee2f40a7)
1998-09-29Got very strict about the differences and uses ofJeremy Allison1-13/+17
uid_t, gid_t and vuid. Added sys_getgroups() to get around the int * return problem. Set correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
1998-06-29nmbd_elections.c: Removed force elections code to bring into line with 1.9.18.Jeremy Allison1-3/+4
nmbd_namelistdb.c: Added comment for Chris. nmbd_subnetdb.c: Went back to Chris's comparison code as with the make_nmb_name change it all works now. lib/rpc/server/srv_netlog.c: Ensure we return 'account disabled' for disabled accounts, rather than crashing. Jeremy. (This used to be commit 4ab3d1682789319965a55edb37212b7671a743bb)
1998-06-10De-coupled the mapping of a Windows to UNIX username from the Get_PwnamJeremy Allison1-0/+10
username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
1998-06-09loadparm.c: Removed 'domain other sids' parameter.Jeremy Allison1-3/+1
lib/rpc/include/rpc_lsa.h: Changed #defines for RPC calls - moved some, made LSA_LOOKUPNAMES correct. lib/rpc/include/rpc_misc.h: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Changed bitmasks for uid to rid to be 1 bit. lib/rpc/parse/parse_misc.c: Changed make_unistr2 to put length as given, max length as one more. lib/rpc/server/srv_netlog.c: Removed 'domain other sids' parameter. lib/rpc/server/srv_samr.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. lib/rpc/server/srv_util.c: Changed DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Jeremy. (This used to be commit 34c91840a3d8c252715dc2f749b7a3b171a5b74f)
1998-06-05loadparm.c: Did it ! Changed defaults for 'case preserve' and 'short case ↵Jeremy Allison1-1/+11
preserve'. Also removed 'domain allow/deny' parameters. shmem_sysv.c: Added strerror code so I can see why sysV calls are failing. lib/rpc/server/srv_netlog.c: Removed code that used 'domain allow/deny' parameters - replaced with a comment so I will remember to fix this later. Jeremy. (This used to be commit 5f46c7c4b11a75f1ffbd806cde915b4bf28232db)
1998-05-24- created pdb_sethexpwd(), to be called from all pwd apis that need toLuke Leighton1-2/+2
store passwords in ascii format - dealt with lots of signed/unsigned char thingies spotted by Tim Winders. (This used to be commit bd825f1ef15c4bf12aeba945f8bfdc7fd0e14d25)
1998-05-18chgpasswd.c: Changed back to getsmb... from getsam...Jeremy Allison1-4/+4
ldap.c: Stoped dummy_function being prototyped. loadparm.c: Fixed slprintf sizes. nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved stuff around a lot - stopped any lookups by rid. This needs to be indirected through a function table (soon). password.c: Changed back to getsmb... from getsam... reply.c: Changed back to getsmb... from getsam... slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems. smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam... Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)
1998-05-18- renamed some of the passdb.c functions: they have a prefix pdb_ on themLuke Leighton1-1/+1
- split smbpass.c "password file lock" routines into smbpassfile.c: moved trust account routines into smbpassfile.c as well (This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
1998-05-15Fix from "Gerald W. Carter" <cartegw@eng.auburn.edu>, we wereJeremy Allison1-1/+1
copying from a parameter into an unitialized variable (doh !). Jeremy. (This used to be commit a3a0dc14c2f9f703963ade67f30dd6c40bbe7144)
1998-05-14Fixed dce/rpc to use global_machine_sid (auto generated in server.c ifJeremy Allison1-3/+2
not present in smb.conf). Jeremy. (This used to be commit e7c1100390b714bf2f489a9032156b0c9272e403)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison1-194/+208
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-1/+1
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell1-6/+6
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton1-29/+31
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
1998-04-30Added patch from Bruce Tenison <btenison@dibbs.net> to allow encryptedJeremy Allison1-1/+1
passwords to be stored over time, allowing a smbpasswd file migration. Adds new parameter "update encrypted". Will also add to 1.9.18 branch. Docs update to follow. Jeremy. (This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
1998-04-29Makefile: Added files to smbpasswd.c.Jeremy Allison1-1/+1
loadparm.c: Patch from tim@quiknet.com for static string problems. server.c: Setup global_myname. smbpass.c: Fix up locking. Add machine_password_delete() call. smbpasswd.c: Added provisional code to add to a domain. lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password. lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password. Jeremy. (This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison1-11/+11
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-04-25This looks like a big change but really isn't.Jeremy Allison1-4/+2
It is changing the global variables "myname" and "myworkgroup" to "global_myname" and "global_myworkgroup" respectively. This is to make it very explicit when we are messing with a global (don't ask - it makes the domain client code much clearer :-). Jeremy. (This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
1998-04-23Makefile: Added nterr.c into the mix.Jeremy Allison1-1/+1
clientgen.c: Added nt_error as an entry in the struct client_state. password.c: Open the netlogon pipe. smb.h: Added nt_error as an entry in the struct client_state. lib/rpc/parse/parse_net.c: Added comments on net logon. lib/rpc/server/srv_netlog.c: Added comments on net logon. Jeremy. (This used to be commit 899a9f0dce50c73e03c8da2ebe920957491c8ad7)
1998-04-22Fixed bug found by Gerald Carter <cartegw@Eng.Auburn.EDU> whereJeremy Allison1-2/+0
global myname was being overwritten incorrectly. Jeremy. (This used to be commit a3e7cf1b8a2fc950d41f5f2d5318cf88874165cd)
1998-04-20genrand.c: Improved filename based random seed generation.Jeremy Allison1-4/+3
lib/rpc/server/srv_netlog.c: Changed to use generate_random_buffer(). Jeremy. (This used to be commit 093d060a06d75c6ee5b1329d524334f4db97cba6)
1998-04-18includes.h: Added John's redhat fix for QSORT_CAST.Jeremy Allison1-3/+3
smbpass.c: Added lock depth code so calls to pw_file_lock() can be nested. Fixed codedump problems in add_smbpwd_entry(). smbpasswd.c: Removed all the code that manipulated the password file directly. Now *all* smbpasswd file changes are done through the interfaces defined in smbpass.c This should make the life of people adding alternate backend databases *much* easier. lib/rpc/server/srv_netlog.c: Removed debug messages used to debug machine password changing. Jeremy. (This used to be commit c9f61be08f3691a6421734d8b026a295d9cbd6ba)
1998-04-17Changing of machine passwords now works !!!!!!Jeremy Allison1-32/+26
smbdes.c: Added cred_hash3. smbpasswd.c: Fixes for adding a machine account (needs more work). lib/rpc/server/srv_netlog.c: Turn on the machine password changing code by default (calls cred_hash3). Jeremy. (This used to be commit 50aa513b969c6e41911aeee8207b065f93af0beb)
1998-04-14Modified interfaces to getting smb password entries fromJeremy Allison1-2/+2
get_smbpwd_entry (now an internal function to smbpass.c) to a more UNIX-like : getsmbpwnam() - get entry by name. getsmbpwuid() - get entry by uid. Changed the type returned by the smbpasswd enumeration functions to be a void * so that people don't come to depend on it being a FILE *. These abstractions should make it much easier to replace the smbpasswd file with a better backend in future. Other files changed are to match the above changes. Jeremy. (This used to be commit 1161cfb7f2b0d5a6d3e2b524a14a6f325ce70efb)
1998-04-02Changed code to check NT password *first* - if it exists.Jeremy Allison1-11/+14
The NT password is a higher quality password, and should always be looked at before the LM password, if available (sorry, Luke, just a minor change, the other changes you made were fine :-). Jeremy. (This used to be commit c1367bf5336485ceafd7125f608dc923ecebd32d)
1998-04-01cli_login.c :Luke Leighton1-18/+41
start to create the calls needed for client-side of "network" logins, which will be used for domain version of pass-through authentication. unfortunately, none of this code is called in the main branch, because smbclient BRANCH_NTDOM code isn't in use, yet! srv_netlog.c : fixed a problem with static net_login_network() which was being stubborn: the if() statement looked horrendous, so i split it into two if() statements, one to deal with the lm password; the other to deal with the nt password. the smb_password_check() functions should _not_ be called here, in case we decide to disable lm hashes for security reasons, just like nt does. so, we now get a response to the SAM_LOGON "network" call, but the connection is still dropped. a trace is needed from an nt server, which is why i started on the client-side code. see above, which is why i'm calling it a day :-) (This used to be commit 2c29a7d9cf2d8b35e4b6e37e5d24caa91af3a9be)
1998-04-01Rolling back machine password change code - this doesn't work (yet).Jeremy Allison1-13/+24
Jeremy. (This used to be commit 66affb3dc301d71565d789c06f105da3bb1d65b3)
1998-03-31includes.h: Added semaphore fix for HPUX10.xJeremy Allison1-24/+13
server.c trans2.c: Added oplock deadlock bug fix. lib/rpc/server/srv_netlog.c: Made code that changes machine account password the default. Jeremy. (This used to be commit 3b56fbc11e9d1cb7d4930d9782238c2610cac30d)