summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2000-12-12Compile fix for new arg to create_nt_token()Tim Potter1-2/+4
(This used to be commit 806185ca8cc8d28f16745a1db9427f52eb8d22e4)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-16/+17
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-10-18Merge of rpc parse buffer underflow debug code.Tim Potter1-0/+19
(This used to be commit c8d88713d9f7a646eb3b8e76bdd0250a3b89b722)
2000-10-11Don't initialise groups twice.Tim Potter1-1/+0
(This used to be commit 15d7f16bdc2ff4f2ae82871eb9f318ba45cf4d1c)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-1/+1
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-08-28Merge from appliance branch.Tim Potter1-0/+1
(This used to be commit 567b0095b1b8393b3b1e32533aa2860ab3dbfa47)
2000-08-04Fixed up the user/group contexts when using authenticated pipes.Jeremy Allison1-1/+12
Added a become_root()/unbecome_root() (push/pop security context) around the initgroups() call to ensure it would succeed. Hmmm - I wonder if this call being done as non-root might explain any "group access" bugs we've had in the past.... Jeremy. (This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-5/+5
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-7/+23
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-07-03Some more sec_ctx changes. Modified some fields in the pipe_structTim Potter1-18/+20
structure so authenticated pipe users can have their unix groups set when become_authenticated_pipe_user() is called. (This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
2000-06-23Removed save directory argument to become_root() calls. Probably most ofTim Potter1-4/+4
this stuff doesn't need to be done as root anyway. (This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
2000-06-16Simplified server pipe implementation by changing arguments passed downTim Potter1-6/+6
through to the individual pipe api calls. Instead of passing two prs_struct pointers, we now pass the pipes_struct pointer which contains the former information as well as other useful stuff like the vuid. (This used to be commit 96addba216bad2189120d78f5531d5caa6f37880)
2000-05-26Changed MS_DFS to WITH_MSDFS throughout.Shirish Kalele1-1/+1
Fixed trans2 calls on IPC$ to let dfs referral calls through. (This used to be commit e0965a80bdca5239886b11ef55dc29fed261bfc0)
2000-05-18Added the NETDFS pipe to allow remote administration of the msdfs symlinksShirish Kalele1-0/+3
on the samba server. (This used to be commit 15e7d8f6c5cddf6ce409ee2505744250d181ec34)
2000-05-17Fixed bug where mallocd size of prs_struct could be larger thanJeremy Allison1-1/+1
incoming packet. Ensure new alloced memory is zeroed before use. Jeremy. (This used to be commit 1c3193aa1c1137734dc34ef2e6d62abb0609c30e)
2000-05-15Added fix for Win2k ACL query code from Shirish. I need this back portedJeremy Allison1-3/+54
to 2.2.0. Jeremy. (This used to be commit 74851a481efedd15f59d5da15db7078dc4ce5d20)
2000-05-15passdb/secrets.c: Fix typo in comment.Jeremy Allison1-4/+4
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure internals directly. smbd/process.c: smbd/reply.c: Remove READ_PREDICTION #ifdefs. Jeremy. (This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
2000-05-15call prs_dump() on every input and output packet so we have plenty ofAndrew Tridgell1-2/+13
data to work with (This used to be commit 839ab0e33255be37d72c113c2e09baaa34d50ce4)
2000-05-15add prs_dump() at the top level rpc switchAndrew Tridgell1-0/+2
this gets us examples of all rpc messages sent to us (This used to be commit ce3dd8db6d3cf6bfdbd695f6e32f60488c9073ae)
2000-05-09the beginnings of a new scheme I've working on to allow an easierAndrew Tridgell1-0/+3
head/tng merge. It goes something like this: - headers from tng get copied over one at a time - the old headers get renamed to *_old.h - server side code that used the old headers gets a #define OLD_NTDOMAIN 1 #undef OLD_NTDOMAIN at the start and end of the code - mkproto.awk recognises these special defines and does magic stuff so that each .c file sees the right headers - we start moving the rpc client libraries from tng to head. if this goes OK then, in theory, we should be able to move the client side rpc code from tng to head without disturbing the existing head server side code. Then when that works we can consider merging the server side. it remains to be seen if this scheme will work. So far I've moved rpc_samr.h and don't seem to have broken anything. Note this this is still a very delicate operation, as at every step of the way I want to keep head fully functional. Please don't take part unless you discuss it with me first. (This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-04-18Sync up with 2.0.7 w.r.t. guest users.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 8a99d824c0e9a43c8a8c81140f8c9005c7e2621a)
2000-04-14Ensure sign&seal work. Data len must have RPC_HEADER_LEN removed, butJeremy Allison1-1/+5
offset should not (rpc header already consumed). This fix does not affect tng. Jeremy. (This used to be commit 018ec4fdd937994824f53cb956cea1ade9690f97)
2000-04-04Removed unused parameter vuid from rpc_server api_* calls. For the very fewTim Potter1-1/+1
functions that need to access the vuid, it can be obtained from the current_user global. Did some whitespace cleanup. (This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
2000-03-10Fixups for compiles with gcc flags -Wall -Wshadow -Wstrict-prototypes ↵Jeremy Allison1-27/+0
-Wpointer-arith -Wcast-qual Partially implemented rpc daemon redirect (needs more work). Jeremy. (This used to be commit a462191698fa589ceac4afd14c652adf699eccad)
2000-03-10restore the spoolss pipe as Jeremy replaced srv_pipe with the one fromJean-François Micouleau1-0/+1
SAMBA_2_0 :-) J.F. (This used to be commit 34a3781961a5c41aba9929ec49aacc3bfa14270f)
2000-03-09Big update moving the multi-pdu support from 2.0.x into HEAD for JFJeremy Allison1-43/+1056
and the printer functions. Also tidied up some header includes and got the order right so you can now do a : make proto make clean make Jeremy. (This used to be commit 833cd9fba92e4ad5297b235d108dd2be8c17079b)
2000-01-04using read_with_timeout(), min data size 16 bytes (DCE/RPC header), maxLuke Leighton1-1/+5
size of SMBtrans response, timeout of 10 seconds. read_data() _certainly_ doesn't work, as you don't know what size of the data is going to come back that needs to be fed back in the SMBtrans response. yes, oops :-) (This used to be commit 70d6f7635776bba98c9c09405eff6c2087dac590)
2000-01-04oops, must use read_data() not read(), as read() may only provideLuke Leighton1-2/+2
part of the data stream. read_data() is a wrapper to guarantee receiving exactly the requested number of bytes. (This used to be commit 90c27b7bffa9b2121eaed0e07931830c3ba308d7)
2000-01-03simple mods to add msrpc pipe redirection. default behaviour: fall backLuke Leighton1-997/+40
to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-760/+750
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12final part of "first" phase converting over to msrpc daemon architecture.Luke Leighton1-26/+4
done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-281/+422
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-12-08ABOUT TIME!!!!!!!!Luke Leighton1-1/+5
damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
1999-12-06the first independent msrpc daemon - lsarpcd.Luke Leighton1-13/+107
one horrible cut / paste job from smbd, plus a code split of shared components between the two. the job is not _yet_ complete, as i need to be able to do a become_user() call for security reasons. i picked lsarpcd first because you don't _need_ security on it (microsoft botched so badly on this one, it's not real. at least they fixed this in nt5 with restrictanonymous=0x2). fixing this involves sending the current smb and unix credentials down the unix pipe so that the daemon it eventually goes to can pick them up at the other end. i can't believe this all worked!!! (This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26)
1999-11-21adding user session key into network netlogon response.Luke Leighton1-2/+2
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
1999-11-19- bug in nmbd registering DOMAIN_NAME<1c> to WINS server; recursionLuke Leighton1-0/+1
desired flag MUST be set in any NBT UDP packets sent to a WINS server, else they will go to the WINS client side of the NT NetBIOS kernel instead, and will get trashed. - added \PIPE\browser server-side code. (This used to be commit 8e406c1fa296c3f97b1cd7ddde7b5aeb9232b26e)
1999-11-16Shirish Kalele <kalele@veritas.com> noticed that NT workstations areLuke Leighton1-18/+51
sending anonymous NTLMSSP user credentials to set up \PIPE\samr. added anonymous NTLMSSP sessions. (This used to be commit df5ee2bd427ccd5fcf27fd3c366e06e037bc4f1e)
1999-11-15- added DCE/RPC "fault" PDU support.Luke Leighton1-1/+42
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be re-enabled but to be replaced with a better mechanism. - added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is sending DCE/RPC over SMBwrite not SMBwriteX. (This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
1999-07-26renaming AUTH VERIFIER to AUTH NTLMSSP VERIFIER. ready for addingLuke Leighton1-5/+5
another RPC authentication system. (This used to be commit 1a211bafebad8c63d98b5ef275a6272013527c65)
1999-06-29improving authentication code (tidyup).Luke Leighton1-13/+25
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-05-03last part of RPC api change.Jean-François Micouleau1-1/+1
and of rpcclient eventlog funtion Jean Francois (This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
1999-04-27rpc_parse/parse_misc.c : defined a new BUFFER5 structJean-François Micouleau1-5/+46
include/ntdomain.h : added rpc_spoolss.h include statement include/proto.h include/rpc_dce.h : added definition of RPC_ALTER_CONTEXT request & reply param/loadparm.c : 2 new options for NT printing support and some changes to initial values in the LPRNG case. rpc_parse/parse_prs.c : added prs_uint16s() rpc_parse/parse_rpc.c : added SYNT_SPOOLSS_V1 and code for the alter-context support. rpc_server/srv_pipe.c : alter-context support smbd/nttrans.c smbd/server.c include/rpc_misc.h Makefile.in include/smb.h Jean Francois (This used to be commit 4c515804b70254248e378a3f90f47e4c32639d29)
1999-03-25SAM database "set user info".Luke Leighton1-1/+9
---------------------------- - removed DOM_RID4 - removed SAMR_UNKNOWN_32 - added SAMR_SET_USERINFO (opcode 0x32) - added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user) - fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - added mod_sam21pwd_entry() - preparing to call mod_sam21pwd_entry() - added "user session key" to user_struct.dc. this is md4(nt#) and is needed to decode user's clear-text passwords in SAMR_SET_USERINFO. - split code out in chgpasswd.c to decode 516 byte password buffers. (This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
1999-03-17Stefan Walters: purify spotted rverf should be alloc'd to 16 bytes not 8.Luke Leighton1-1/+1
(This used to be commit 4bb74fcc714fccac791ce86c8882d19d704b17a1)
1999-02-15Always null-terminate strings.Matthew Chapman1-3/+3
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-3/+9
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-11UNICODE issues.Luke Leighton1-3/+3
(This used to be commit 6a437cfb33f24913e0c1f8484c0b08ef317e513b)
1999-02-10use jeremy's versions of the UNICODE routines.Luke Leighton1-3/+3
(This used to be commit c5109ff782be8774db47a92b48ca6335ec8d6065)
1999-02-08UNICODE byte ordering issue: typecast to uint16* replaced with SSVAL()Luke Leighton1-3/+3
(This used to be commit 9084b7e33dfe717bd8d5604ee71d137e3baef0f5)