summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
1998-12-01rpc_samr.h parse_samr.c srv_samr.c :Luke Leighton1-4/+114
samr_query_aliasmembers (cool!) util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c : pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5) to obtain member and pdc sids. (This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
1998-12-01adding some samr parsing calls (group / alias adding / deleting)Luke Leighton1-7/+12
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists. (This used to be commit 51c1c31768a92d9c57ee6c09b78419bcbc544f03)
1998-11-30attempting to fix "domain user map" up, but it's a bit complicated.Luke Leighton1-19/+62
i may simply go for a response in the NetSamLogon returning the unix username, forcing the NT user to appear to be a unix user, however even that is fraught with implications. might just have to go the whole hog and do this tuple thing, "unix_name + nt_name" always associated together... issue with api_net_sam_logon, getsam21pwent() being called twice, the second time overwriting static buffer data (argh) so had to make a copy. noticed a nested "become_root()"/"unbecome_root()" which will have to be tracked down... (This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
1998-11-30- adding builtin[alias]db.Luke Leighton2-12/+18
- lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
1998-11-29"retired" two modules to preserve their cvs history.Luke Leighton1-520/+1
added their replacements, added sam password database API modules (This used to be commit b1d1c1337c69c6f6bf25ab932a1a6a757e3ea2ae)
1998-11-29weekend work. user / group database API.Luke Leighton3-394/+152
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-25yeehaah got users to be included in S-1-5-xxx-yyy-zzz's local groups.Luke Leighton1-19/+19
now need search capability on S-1-5-20, which will need argh, a "group database API" on S-1-5-20, and the ability to add BUILTIN\Admins etc to "local group map" argh. (This used to be commit a24f6eb00ba7486479cbcf7fadf5456521c56179)
1998-11-25fixing group database issuesLuke Leighton2-12/+16
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
1998-11-25Makefile.in: Added maintainer mode fixes.Jeremy Allison2-5/+3
aclocal.m4: Added AC_LIBTESTFUNC. configure.in: Fixed -lsecurity -lsec problems. client.c: dos_ fixes. groupdb/aliasunix.c: Dead code removal. include/includes.h: Added default PRINTCAP_NAME. lib/genrand.c: dos_ fixes. lib/replace.c: Added strtoul. lib/system.c: dos_ fixes. lib/util.c: dos_ fixes. lib/util_sid.c: Signed/unsigned fixes. lib/util_str.c: removed bad const. locking/locking_slow.c: dos_ fixes. printing/printing.c: dos_ fixes. rpc_server/srv_samr.c: Dead code removal. rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN ! smbd/dir.c: dos_ fixes. smbd/open.c: dos_ fixes. smbd/oplock.c: dos_ fixes. smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes. Jeremy. (This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton2-16/+22
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-25fixing domain join and domain login problemsLuke Leighton2-5/+20
(This used to be commit 90a24664318da97a6e8cfe4622a8573c0e3cbe5e)
1998-11-23uninitialised counterLuke Leighton1-1/+1
(This used to be commit 403f53d696d17f34dd1afc035a72eda792dd20ea)
1998-11-23unix instance of group database APILuke Leighton4-218/+263
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison2-6/+4
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-17lookup_alias_name() %s not %d for sid_strLuke Leighton1-1/+1
(This used to be commit 2a98135bbc759ab334d76cce98ea673871445db1)
1998-11-17somehow this file got missed in the groupdb commit.Luke Leighton1-35/+88
(This used to be commit 06da8e49f1cf5d6b954f586f6720ade1c5b8de74)
1998-11-17make_uni_hdr() reverted accidentally with a -1 on username lengthLuke Leighton1-2/+2
(This used to be commit 7da1b0bb511e6c5e44ab83759914134cf91f6f78)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton5-738/+538
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-13Makefile.in configure configure.in include/config.h.in: Changes for DGUX and ↵Jeremy Allison1-2/+2
UNIXWARE. groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf. include/includes.h: Fix YP problem. include/smb.h: Fix ZERO_STRUCTP. lib/util_sock.c: Added strerror() in debugs. passdb/ldap.c: Don't use snprinf, use slprintf. rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf. script/installman.sh: DGUX changes. smbd/open.c smbd/oplock.c: Fixed gcc warnings. web/swat.c: Changes USER to SWAT_USER. (This used to be commit 4c2b5a00983501e5d4aad1456ba8b5ab0dfd9b4c)
1998-11-12jean-f. sent me some S-1-3-0,1,2,3 SIDs and names. S-1-3 doesn't exist.Luke Leighton1-3/+12
security descriptor testing. hey wow, you can get a SD then send it back! (This used to be commit 7466c3113ef8f8a89b8496efadfeb611c9f3e069)
1998-11-12cleaning up conflicts between group code not yet committed andLuke Leighton5-690/+1928
changes from yesterday by me, jeremy and andrew. jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user didn't exist (first check should be for smb_pass != NULL) (This used to be commit cbac0f165d351ba9497c222e55e453d781376e58)
1998-11-12Moved some code (NTLMSSPcalc) out of smbdes and inline for paranioaJeremy Allison1-4/+31
resons and my own piece of mind... Jeremy. (This used to be commit 45131501f23ce1eec2f23fe2c1060cd5a2736ec9)
1998-11-11rpc_server/srv_netlog.c: Fixed crash bug with ACB_PWNOTREQ.Jeremy Allison1-6/+7
script/makeyodldocs.sh: Added code to make text docs for non-man page YODL docs. web/cgi.c web/swat.c: SGI compiler warnings fixed. Jeremy. (This used to be commit 80e0f7e1071f032c5004aecb01a91d1397e6a161)
1998-11-11- renamed open_policy to open_hklm.Luke Leighton1-7/+7
- renamed open_unk_4 to open_hku - fixed createkey issue spotted by phil cox (This used to be commit 7df85b956787f02d022b34ef8cfc13fc967ae89c)
1998-11-10rpcclient registry commands.Luke Leighton1-1/+1
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
1998-11-09Makefile.in: Removed rpc_server/srv_ldap_helpers.c per J.F.'s instructions.Jeremy Allison1-14/+0
client/client.c: client/clitar.c: include/client.h: smbwrapper/smbw_dir.c: smbwrapper/smbw_stat.c: smbwrapper/smbw.c: lib/util.c: Converted all use of 'mode' to uint16. smbd/quotas.c: Fixed stupid comment bug I put in there :-(. printing/printing.c: Fix from J.F. to new code. Jeremy. (This used to be commit bacd3e9d2036a804e73644a28fc498f229c8446c)
1998-11-06grumble, grumble off-by-one unicode string fixes, gonna stuff my otherLuke Leighton1-5/+5
tree with cvs clashes when i cvs update on the group code grumble grumble (This used to be commit f8b229d187cea2e3820d71697346fc9f0cd8bf88)
1998-10-27amazing. the improvements to NT continue, evidence for which shows upLuke Leighton1-2/+2
now as "RPC fault" if the UNIHDR structure lengths do not exactly match up to the length of the data stream. so, all versions of samba prior to this one have an off-by-one bug in unicode string lengths. all versions of NT prior to NT 5 beta 2 could possibly have buffer problems when receiving badly formatted UNICODE strings. (This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
1998-10-23set netlogon negotiation flags to 0x1ff, not to what the client requests.Luke Leighton2-10/+14
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4. (This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
1998-10-22server/srv_samr.c smbd/ipc.c: Changed global_myworkgroup back to fstringJeremy Allison1-1/+1
(as it is everywhere else). smbwrapper/smbsh.c: For IRIX n32 binaries, set _RLDN32_LIST not _RLD32_LIST. Exec users preferred shell is SHELL environment variable is set. tests/fcntl_lock.c: Added sys/types.h for systems that need this. Jeremy. (This used to be commit 50413d0d819d4f13e760ca8439c5bdde0898d63e)
1998-10-22bug fix in lsa_trans_names.Luke Leighton2-4/+6
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does decimal not hexadecimal oops. (This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
1998-10-22libsmb/smbdes.c: #ifdef'ed out code prior to removal.Jeremy Allison2-3/+32
rpc_client/cli_pipe.c: Inlined code removed from smbdes.c rpc_server/srv_samr.c: Fixed unused variable warning. rpc_server/srv_util.c: Inlined code removed from smbdes.c Luke - the above changes are the first part of the changes you and I discussed as being neccessary at the CIFS conference. *PLEASE REVIEW THESE CHANGES* - make sure I haven't broken any of the authenticated DCE/RPC code. smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares with NT SMB support. smbd/open.c: Fixed mkdir when called from nttrans calls. smbd/server.c: Set correct size for strcpy of global_myworkgroup. Jeremy. (This used to be commit d891421d16ff80998dee429227bd391455f9d1a1)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton5-34/+70
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-21the next dialog: user-groups. it's not very sensible what appears, but hey:Luke Leighton2-15/+173
it appears! (This used to be commit 399035098f212e976cc0000a215e0705ebe78c05)
1998-10-21added "start index" skipping into querydispinfo.Luke Leighton1-5/+15
(This used to be commit 3e6519da22628ea41025711718ec23b082ef02d0)
1998-10-21Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode.Jeremy Allison1-1/+1
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh ! smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles. Jeremy. (This used to be commit 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80)
1998-10-21fixing smbd encrypted rpcs (data lens, alloc hints, sequence nums argh).Luke Leighton1-6/+6
put unicode strings after SAMLOGON query regardless of whether it's an NT mailslot or a non-NT mailslot, after having observed this behaviour out of NT machines. (This used to be commit c101113ec20ed0ba633e78e4ee45596cdccaf1b5)
1998-10-20signed / unsigned warnings (found by herb).Luke Leighton1-7/+7
how do i switch on these warnings in gcc????? (This used to be commit 39db385a0c47c11adb6bf3bac89c4bb76f675049)
1998-10-20dce/rpc. bug-fix in ipc.c (introduced today :)Luke Leighton1-27/+87
(This used to be commit 48ff3e2429964404c8bf33ef625791147913a3c0)
1998-10-20some quite important bug-fixes i missed because i transferred the wrongLuke Leighton2-18/+23
smb.tgz file from my portable. particularly the call to mem_data followed by a realloc of that data in cli_pipe.c's rpc_read() function. smbd responses now use p->rdata_i which is a faked-up pointer into p->rdata's response data. rdata can be very long; rdata_i is limited to point to no more than max_tsize - 0x18 in length. this will make it an almost trivial task to add the encrypted rpc headers after rdata_i, and mem_buf_copy will cope admirably with rhdr chained to rdata_i chained to auth_verifier etc etc... (This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
1998-10-19- dce/rpc codeLuke Leighton3-31/+105
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
1998-10-17Small tidyups for gcc in 'preen' mode....Jeremy Allison1-2/+2
Jeremy. (This used to be commit 60dc1a4a00a22088d33369588b0d5eb292cf084a)
1998-10-16oops.Luke Leighton1-1/+1
(This used to be commit fc1b7b9e75b029ffa93263766fe297d043c6d1df)
1998-10-16dce/rpcLuke Leighton3-5/+101
(This used to be commit 29434f496c18e816d864060d68f357aea6ef5de8)
1998-10-16made pass_check_smb() available for dce/rpc use.Luke Leighton1-1/+1
(This used to be commit 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09)
1998-10-16rpc client mods (ntlmssp flags)Luke Leighton2-2/+52
(This used to be commit 16256f86bf451535c7955b8f51a9b88fc33a8e4d)
1998-10-16rpcclient ntlogin testLuke Leighton1-1/+12
(This used to be commit f69cf05ff56dffb313304964d5bf5e5aee2f40a7)
1998-10-15bug-fixing against:Luke Leighton3-27/+154
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-10-14more warnings...Luke Leighton1-2/+1
(This used to be commit 8b9c0bad889d4f26987d87c54b4d8bf102af1744)
1998-10-08dce/rpcLuke Leighton1-9/+17
(This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a)