summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2003-07-17In the presense of RPC fragments, schannel is not strictly request/reply,Andrew Bartlett1-5/+0
so the shared sequence number will not be strictly odd/even. Andrew Bartlett (This used to be commit 77c3e69aef545d3f9b7cec9efdc366cbeb0c745e)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-14/+26
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-1/+1
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-8/+2
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-4/+22
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-22Setting the credentials for the netsec netlogon pipe connect upon eachVolker Lendecke1-0/+5
samlogon call certainly breaks the credential chain. Do it once during the bind response. Volker (This used to be commit d4262c37f13642e034d3e207bfbb563c17a8a176)
2003-04-16Fixes to make SCHANNEL work in 3.0 against a W2K DC. Still need to fixJeremy Allison1-2/+10
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC. Jeremy. (This used to be commit ff66d4097088409205b6bad5124a78ef9946010d)
2003-04-15use the new modules system for the rpc modules (backport from HEAD)Jelmer Vernooij1-99/+7
(This used to be commit aca7319e8d45eb604f28b8bd490413b08e2c98f2)
2003-04-14Merge of rpcecho pipe for testing large dcerpc requests and responses.Tim Potter1-0/+5
Only compiled in when --enable-developer argument passed to configure. (This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
2003-04-09Put the core schannel functions to parse_prs.c. They are also used byVolker Lendecke1-187/+2
schannel clients. Volker (This used to be commit 0f348a35d09ff020837119157ef7f4b9e6f07643)
2003-04-06Merge the TNG netlogon schannel from HEAD.Volker Lendecke1-28/+394
No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)
2003-03-03Fix const warning.Jeremy Allison1-1/+1
Jeremy. (This used to be commit dedc18212a5174b6abac60ede9828f9b726a6c2d)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-15/+11
Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
2003-02-14merge from HEAD - enable dynamic RPC modulesJim McDonough1-40/+198
(This used to be commit d9c485b01017594d113502f9de2248d6c120cfa3)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-3/+3
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-9/+32
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-19/+19
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-2/+5
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-25Return correct RPC fault PDU on bad handle incoming.Jeremy Allison1-0/+7
Jeremy. (This used to be commit 0db93d8752197e213f0974edae53e2dafdd77b51)
2002-01-20Kill off another ugly wart from the side of the passdb subsystem.Andrew Bartlett1-0/+2
This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
2002-01-09Better explanation message for dmalloc.Martin Pool1-1/+1
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-4/+4
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-8/+8
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-2/+6
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-09This change updates lp_guestaccount() to be a *global* paramater, rather thanAndrew Bartlett1-13/+5
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
2001-11-08Change to guest logon code.Andrew Bartlett1-29/+22
This changes the way we process guest logons - we now treat them as normal logons, but set the 'guest' flag. In particular this is needed becouse Win2k will do an NTLMSSP login with username "", therefore missing our previous guest connection code - this is getting a pain to do as a special case all over the shop. Tridge: We don't seem to be setting a guest bit for NTLMSSP, in either the anonymous or authenticated case, can you take a look at this? Also some cleanups in the check_password() code that should make some of the debugs clearer. Various other minor cleanups: - change the session code to just take a vuser, rather than having to do a vuid lookup on vuser.vuid - Change some of the global_client_caps linking - Better debug in authorise_login(): show the vuid. Andrew Bartlett (This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)
2001-11-04Fix up authenticated pipes in line with vuser changes. This ensures that globalAndrew Bartlett1-1/+4
groups obtained via a domain logon are respected in the attached NT_USER_TOKEN. This functionality is only available in HEAD, becosue of the way authenticaion has been abstracted. Both vuid logins and authenticated pipes need to use the same code for this in future. Can sombody with the correct facilties check this please?\ Thanks, Andrew Bartlett (This used to be commit caae69fcd096f20aa4c6879b95ec2c275afea041)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+1
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31... and clean up the unused variables.Andrew Bartlett1-3/+0
(This used to be commit e0b56a31480906b39f37761eed20d3cad0d53973)
2001-10-31Small changes for guest authenticated pipes.Andrew Bartlett1-8/+7
(This used to be commit 813bf962ae6f29ddcaee4bc8b67d8017f04172b1)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-41/+35
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-1/+1
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison1-5/+2
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-29Fix up a number of intertwined issues:Andrew Bartlett1-3/+3
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
2001-09-21fixed character set for user name pullAndrew Tridgell1-4/+3
(This used to be commit 374f76fa2d5dcd036943c3f968a94f097a971ac7)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett1-14/+9
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-12Some patches to authentication:Tim Potter1-1/+1
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
2001-09-12- enable MSDFS by default, there seems no reason not to have it enabledAndrew Tridgell1-2/+0
by default in Samba 3.x - got rid of some unused parameters in Makefile.in - declare DEBUGLEVEL in debug.h rather than in each file (This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-8/+9
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-09a few cleanups while mergeing the passdb code into 2.2Gerald Carter1-1/+1
(This used to be commit ef01739708479c43f529c646dd136ee5670b08f9)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-5/+13
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-08This removes unused paramaters from various authtication functions, and shouldAndrew Bartlett1-1/+1
not change behaviour. This should make my later diffs smaller, where I actualy start cleaning up this mess... Andrew Bartlett (This used to be commit 04f090c224bb7ac3b53c430a591fce1fc939a81c)
2001-07-04The big character set handling changeover!Andrew Tridgell1-3/+3
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-05-18Fix the W2KSP2 joining a Samba domain problem.Jeremy Allison1-4/+4
Jeremy. (This used to be commit 6bbcab5e48f91a80d4ebcbd2bee38f2e0a8bff78)
2001-05-07Patch from Simo:Gerald Carter1-4/+4
o sed 's/pdb_clear_sam/pdb_free_sam/g' o add pdb_reset_sam() o password changing should be ok now as well. (This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
2001-05-04Big cleanup of passdb and backends.Jean-François Micouleau1-11/+18
I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)