summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_pipe.c
AgeCommit message (Collapse)AuthorFilesLines
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-5/+13
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-08This removes unused paramaters from various authtication functions, and shouldAndrew Bartlett1-1/+1
not change behaviour. This should make my later diffs smaller, where I actualy start cleaning up this mess... Andrew Bartlett (This used to be commit 04f090c224bb7ac3b53c430a591fce1fc939a81c)
2001-07-04The big character set handling changeover!Andrew Tridgell1-3/+3
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-05-18Fix the W2KSP2 joining a Samba domain problem.Jeremy Allison1-4/+4
Jeremy. (This used to be commit 6bbcab5e48f91a80d4ebcbd2bee38f2e0a8bff78)
2001-05-07Patch from Simo:Gerald Carter1-4/+4
o sed 's/pdb_clear_sam/pdb_free_sam/g' o add pdb_reset_sam() o password changing should be ok now as well. (This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
2001-05-04Big cleanup of passdb and backends.Jean-François Micouleau1-11/+18
I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-04-07Added 3 params to manipulate shares. "add share command/change share command/Jeremy Allison1-0/+16
delete share command". Implemented "delete" - more work to come on add and change. Jeremy. (This used to be commit 2e6b1759e14456421066ee131af70a495f862f2b)
2001-03-15AS/U on a sparc now joins and authenticates against a Samba PDC !Jeremy Allison1-3/+3
Jeremy. (This used to be commit 28a0bc5f5710aa732db662caa38f9da2138b5db2)
2001-03-13Fixed reading of strings from big-endian RPC clients.Jeremy Allison1-3/+3
Jeremy. (This used to be commit e7ecb9410ff2e4fcd33bca9f82e14c060590942a)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-45/+26
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-09Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.Jeremy Allison1-6/+6
We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
2001-03-08Fix for AS/U not liking it's own assoc_gid.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 81fe571daf62ff3f53d7137dcd30312b6874b786)
2000-12-12Compile fix for new arg to create_nt_token()Tim Potter1-2/+4
(This used to be commit 806185ca8cc8d28f16745a1db9427f52eb8d22e4)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-16/+17
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-10-18Merge of rpc parse buffer underflow debug code.Tim Potter1-0/+19
(This used to be commit c8d88713d9f7a646eb3b8e76bdd0250a3b89b722)
2000-10-11Don't initialise groups twice.Tim Potter1-1/+0
(This used to be commit 15d7f16bdc2ff4f2ae82871eb9f318ba45cf4d1c)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-1/+1
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-08-28Merge from appliance branch.Tim Potter1-0/+1
(This used to be commit 567b0095b1b8393b3b1e32533aa2860ab3dbfa47)
2000-08-04Fixed up the user/group contexts when using authenticated pipes.Jeremy Allison1-1/+12
Added a become_root()/unbecome_root() (push/pop security context) around the initgroups() call to ensure it would succeed. Hmmm - I wonder if this call being done as non-root might explain any "group access" bugs we've had in the past.... Jeremy. (This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-5/+5
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-7/+23
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-07-03Some more sec_ctx changes. Modified some fields in the pipe_structTim Potter1-18/+20
structure so authenticated pipe users can have their unix groups set when become_authenticated_pipe_user() is called. (This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
2000-06-23Removed save directory argument to become_root() calls. Probably most ofTim Potter1-4/+4
this stuff doesn't need to be done as root anyway. (This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
2000-06-16Simplified server pipe implementation by changing arguments passed downTim Potter1-6/+6
through to the individual pipe api calls. Instead of passing two prs_struct pointers, we now pass the pipes_struct pointer which contains the former information as well as other useful stuff like the vuid. (This used to be commit 96addba216bad2189120d78f5531d5caa6f37880)
2000-05-26Changed MS_DFS to WITH_MSDFS throughout.Shirish Kalele1-1/+1
Fixed trans2 calls on IPC$ to let dfs referral calls through. (This used to be commit e0965a80bdca5239886b11ef55dc29fed261bfc0)
2000-05-18Added the NETDFS pipe to allow remote administration of the msdfs symlinksShirish Kalele1-0/+3
on the samba server. (This used to be commit 15e7d8f6c5cddf6ce409ee2505744250d181ec34)
2000-05-17Fixed bug where mallocd size of prs_struct could be larger thanJeremy Allison1-1/+1
incoming packet. Ensure new alloced memory is zeroed before use. Jeremy. (This used to be commit 1c3193aa1c1137734dc34ef2e6d62abb0609c30e)
2000-05-15Added fix for Win2k ACL query code from Shirish. I need this back portedJeremy Allison1-3/+54
to 2.2.0. Jeremy. (This used to be commit 74851a481efedd15f59d5da15db7078dc4ce5d20)
2000-05-15passdb/secrets.c: Fix typo in comment.Jeremy Allison1-4/+4
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure internals directly. smbd/process.c: smbd/reply.c: Remove READ_PREDICTION #ifdefs. Jeremy. (This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
2000-05-15call prs_dump() on every input and output packet so we have plenty ofAndrew Tridgell1-2/+13
data to work with (This used to be commit 839ab0e33255be37d72c113c2e09baaa34d50ce4)
2000-05-15add prs_dump() at the top level rpc switchAndrew Tridgell1-0/+2
this gets us examples of all rpc messages sent to us (This used to be commit ce3dd8db6d3cf6bfdbd695f6e32f60488c9073ae)
2000-05-09the beginnings of a new scheme I've working on to allow an easierAndrew Tridgell1-0/+3
head/tng merge. It goes something like this: - headers from tng get copied over one at a time - the old headers get renamed to *_old.h - server side code that used the old headers gets a #define OLD_NTDOMAIN 1 #undef OLD_NTDOMAIN at the start and end of the code - mkproto.awk recognises these special defines and does magic stuff so that each .c file sees the right headers - we start moving the rpc client libraries from tng to head. if this goes OK then, in theory, we should be able to move the client side rpc code from tng to head without disturbing the existing head server side code. Then when that works we can consider merging the server side. it remains to be seen if this scheme will work. So far I've moved rpc_samr.h and don't seem to have broken anything. Note this this is still a very delicate operation, as at every step of the way I want to keep head fully functional. Please don't take part unless you discuss it with me first. (This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-04-18Sync up with 2.0.7 w.r.t. guest users.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 8a99d824c0e9a43c8a8c81140f8c9005c7e2621a)
2000-04-14Ensure sign&seal work. Data len must have RPC_HEADER_LEN removed, butJeremy Allison1-1/+5
offset should not (rpc header already consumed). This fix does not affect tng. Jeremy. (This used to be commit 018ec4fdd937994824f53cb956cea1ade9690f97)
2000-04-04Removed unused parameter vuid from rpc_server api_* calls. For the very fewTim Potter1-1/+1
functions that need to access the vuid, it can be obtained from the current_user global. Did some whitespace cleanup. (This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
2000-03-10Fixups for compiles with gcc flags -Wall -Wshadow -Wstrict-prototypes ↵Jeremy Allison1-27/+0
-Wpointer-arith -Wcast-qual Partially implemented rpc daemon redirect (needs more work). Jeremy. (This used to be commit a462191698fa589ceac4afd14c652adf699eccad)
2000-03-10restore the spoolss pipe as Jeremy replaced srv_pipe with the one fromJean-François Micouleau1-0/+1
SAMBA_2_0 :-) J.F. (This used to be commit 34a3781961a5c41aba9929ec49aacc3bfa14270f)
2000-03-09Big update moving the multi-pdu support from 2.0.x into HEAD for JFJeremy Allison1-43/+1056
and the printer functions. Also tidied up some header includes and got the order right so you can now do a : make proto make clean make Jeremy. (This used to be commit 833cd9fba92e4ad5297b235d108dd2be8c17079b)
2000-01-04using read_with_timeout(), min data size 16 bytes (DCE/RPC header), maxLuke Leighton1-1/+5
size of SMBtrans response, timeout of 10 seconds. read_data() _certainly_ doesn't work, as you don't know what size of the data is going to come back that needs to be fed back in the SMBtrans response. yes, oops :-) (This used to be commit 70d6f7635776bba98c9c09405eff6c2087dac590)
2000-01-04oops, must use read_data() not read(), as read() may only provideLuke Leighton1-2/+2
part of the data stream. read_data() is a wrapper to guarantee receiving exactly the requested number of bytes. (This used to be commit 90c27b7bffa9b2121eaed0e07931830c3ba308d7)
2000-01-03simple mods to add msrpc pipe redirection. default behaviour: fall backLuke Leighton1-997/+40
to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-760/+750
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12final part of "first" phase converting over to msrpc daemon architecture.Luke Leighton1-26/+4
done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-281/+422
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-12-08ABOUT TIME!!!!!!!!Luke Leighton1-1/+5
damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
1999-12-06the first independent msrpc daemon - lsarpcd.Luke Leighton1-13/+107
one horrible cut / paste job from smbd, plus a code split of shared components between the two. the job is not _yet_ complete, as i need to be able to do a become_user() call for security reasons. i picked lsarpcd first because you don't _need_ security on it (microsoft botched so badly on this one, it's not real. at least they fixed this in nt5 with restrictanonymous=0x2). fixing this involves sending the current smb and unix credentials down the unix pipe so that the daemon it eventually goes to can pick them up at the other end. i can't believe this all worked!!! (This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26)
1999-11-21adding user session key into network netlogon response.Luke Leighton1-2/+2
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
1999-11-19- bug in nmbd registering DOMAIN_NAME<1c> to WINS server; recursionLuke Leighton1-0/+1
desired flag MUST be set in any NBT UDP packets sent to a WINS server, else they will go to the WINS client side of the NT NetBIOS kernel instead, and will get trashed. - added \PIPE\browser server-side code. (This used to be commit 8e406c1fa296c3f97b1cd7ddde7b5aeb9232b26e)