summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2002-01-23Sync up startpageprinter with appliance.Tim Potter1-5/+5
(This used to be commit 6025ab201aa34bbf4a7e897149ef6ba370a89703)
2002-01-22Merge of fixes from 2.2.Jeremy Allison3-15/+15
Jeremy. (This used to be commit 6406a42d012184f5289d4a2b1c07a55556635fe4)
2002-01-22merge from appliance_headGerald Carter1-2/+5
(This used to be commit 38d2d26af9ef4d90dcb57fa940267f7136876191)
2002-01-20Fix the negation of the extra parinoia check on machine password changes.Andrew Bartlett1-1/+1
I *love* automated testing - this one got picked up by the build farm. Andew Bartlett (This used to be commit b19296172a75449a27eb9f674c74c462b146e717)
2002-01-20This is another *BIG* change...Andrew Bartlett2-45/+78
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20Kill off another ugly wart from the side of the passdb subsystem.Andrew Bartlett3-36/+16
This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
2002-01-20This is the current patch from Luke Leighton <lckl@samba-tng.org> to add aAndrew Bartlett3-60/+210
degree of seperation betwen reading/writing the raw NamedPipe SMB packets and the matching operations inside smbd's RPC components. This patch is designed for no change in behaviour, and my tests hold that to be true. This patch does however allow for the future loadable modules interface to specify function pointers in replacement of the fixed state. The pipes_struct has been split into two peices, with smb_np_struct taking the information that should be generic to where the data ends up. Some other minor changes are made: we get another small helper function in util_sock.c and some of the original code has better failure debugs and variable use. (As per on-list comments). Andrew Bartlett (This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett2-8/+8
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-3/+14
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-15Missing assign fix from Bernt Nilsson bkn@ida.liu.se.Jeremy Allison1-1/+1
Jeremy. (This used to be commit adf24a90e8b4d970d71fa8a6854edcf6deff9688)
2002-01-15Change the passdb interface to use allocated strings.Andrew Bartlett1-1/+1
These strings are allocated using talloc(), either using its own memory context stored on the SAM_ACCOUNT or one supplied by the caller. The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call to pdb_free_sam() will either clean up (remove hashes from memory) and destroy the TALLOC_CTX or just clean up depending on who supplied it. The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I have modified the 3 places that actually checked these returns. The only nasty thing about this patch is the small measure needed to maintin interface compatability - strings set to NULL are actually set to "". This is becouse there are too many places in Samba that do strlen() on these strings without checking if they are NULL pointers. A supp patch will follow to set all strings to "" in pdb_default_sam(). Andrew Bartlett (This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
2002-01-12Added PRINTER_INFO_4/PRINTER_INFO_5, we're seeing level 5 requested on the ↵Jeremy Allison1-0/+113
wire... so. Jeremy. (This used to be commit b63b76297835ab8227b98925fa8120ffce1a37d9)
2002-01-11Round and round we go....Jeremy Allison1-1/+2
Jeremy. (This used to be commit 2603ab3c6870f3697751b887e940910713f08985)
2002-01-09Better explanation message for dmalloc.Martin Pool2-3/+3
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-09When re-writing tdb version numbers as little endian int32, we mustJeremy Allison1-6/+7
change the version number also. Jeremy. (This used to be commit 3dec9cf99a82bd15626eb99e7d937ff00183cc05)
2002-01-09Fixed all uses of tdb_fetch/store/_int to use explicit int32 little endianJeremy Allison1-18/+29
in tdb's. All except winbindd_idmap.... Hmmmmmm. Jeremy. (This used to be commit ec71f1732b6b27bd2d65b250a6f3720a235dc38d)
2002-01-08Added get_called_name() function, which replaces global_myname in printingJeremy Allison1-19/+17
code (one less global, hurrah !) - to allow NetBIOS aliasing to be used with point and print. Jeremy. (This used to be commit 10d72f0b01e5950c667f3f73dff1b4da5b675ea3)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett2-31/+39
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-03Fixed nasty cast of tdb_delete in traversals.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a0cdec3acc82d1ce0292fadd4b8dac23638450f3)
2002-01-02Actually enforce the passdb API.Andrew Bartlett1-25/+21
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2002-01-02Make user enumeration work for w2k and win9x.Jeremy Allison1-71/+85
This means different return sizes depending on client bugs. This sucks :-(. Jeremy. (This used to be commit f6592628eb526c487069bb3fcd809aca930e668e)
2002-01-01Named constants are always much better than magic numbers...Andrew Bartlett1-2/+2
(I defined the constants when I put in 'net rpc shutdown') Andrew Bartlett (This used to be commit 4d90cc1d991f3894b9f39b2a75078148834701bb)
2001-12-31last_enum not used.Jeremy Allison1-4/+0
Jeremy. (This used to be commit efbec935fe727d5d5bd852c7bae9baf92df18686)
2001-12-31Fixed enumeration of a large (<1500) users from a Samba PDC to a W2kJeremy Allison1-6/+0
member server. Firstly, use the same max enumeration size (0x400) as W2K uses, otherwise W2K won't ask for any more. Secondly, if a enumeration request with a non-zero offset comes in on a handle that hasn't started an enumeration, don't bitch about it (return NT_STATUS_UNSUCCESSFUL), just load the db on that handle and return at that offset. Jeremy. (This used to be commit 0b7da4a50ea02e28ab23e71de1e5f8b9194a9af3)
2001-12-31- portablitity fixes for cc -64 on irixAndrew Tridgell3-5/+4
- fixed gid* bug in rpc_server (This used to be commit 48aa90c48c5f0e3054c4acdc49668e222e7c0d36)
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-8/+8
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-12-21Removed unused variables.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 621fa227bdf6af15daa13f62287978dc2310c04c)
2001-12-21The jf_get_sampasswd_entries() is not used anymore.Jeremy Allison1-335/+0
Jeremy. (This used to be commit bf1816099707b816c9b62ad5ab794dc49b833181)
2001-12-21added a copyright notice.Jean-François Micouleau2-1/+2
J.F. (This used to be commit 87928c4d91940447191af4fe83a2be7ac3477361)
2001-12-21doesn't keep track of the struct's size we enumerate. W2K doesn'tJean-François Micouleau1-71/+76
calculate them and always reply a size of 32 bytes whereas NT4 did the maths. Anyway, it looks like the clients don't complain. in query_dom_info() at level 2, return the real number of users and groups. That's the fix to the W95/98 userlist bug ! as W95/98 does a query_dom_info(2) followed by a query_disp_info(4) on the SAME context handle (err we call it an lsa policy handle ! plain wrong name), I was tempted to keep the snapshoot in memory, to prevent 2 full user db enumerations in a row and just have one shared. But if some client does the 2 calls on two different handles, we would have 2 copies in memory not free'ed before the samr_close(). We still have too many fixed constant and too many magic values in that code. And btw, I really hates how the sequence number is generated ! J.F. (This used to be commit c0178e1a03f8225e5b350feb8fcbfb02f43327b4)
2001-12-21Fixup some DEBUG statements (0 -> 10).Jeremy Allison1-3/+3
Jeremy. (This used to be commit bf65331cb49299189d35ad5834167ec24b3a1ecb)
2001-12-21Use pdb_free_sam() to free a SAM_ACCOUNT struct, not safe_free(). ThereJeremy Allison1-1/+1
are pointers withing the SAM_ACCOUNT struct that also need freeing. Jeremy. (This used to be commit a7d099cc75f813b4010a5f313c3fa6e6e8284b6d)
2001-12-21re-done all of samr_query_disp_info()Jean-François Micouleau1-86/+310
instead of enumerating the whole user db or group db every time, we store a in memory copy linked to the handle. that's much faster for large enumeration where the db can't fit in a single rpc packet. And as it's a copy, it's constant between enumeration. still some stuff to clean. But now I can fix the W95 userlist bug, as I've finally found it. J.F. (This used to be commit 3ab45215369e8e93d750f4687e9c1f7d47782590)
2001-12-21Add an output parameter to message_send_all that says how manyMartin Pool3-5/+8
messages were sent, so you know how many replies to expect. Const and doc religion. (This used to be commit 22e510ea0d69356be4fd2fa5ad9e9f4e84f62337)
2001-12-19added info level 1 to samr_query_alias()Jean-François Micouleau1-0/+5
(This used to be commit 589aa4fe226ee5bdae0a244631193714b0b556ac)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-1/+2
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-18Fixed bad args to debug statements.Tim Potter1-3/+3
(This used to be commit 5e0f0716ca9826de110fd9eeaf231970e7c19b42)
2001-12-18I'm pretty sure we need to return our netbios name for LSA_QUERY_INFOJeremy Allison1-1/+1
level 5 when we're a standalone server. This makes the security dialogs return correct info. JF - please check ! Jeremy. (This used to be commit dd13daf52bc96637ef3d40920cbd3bcadb7e08f5)
2001-12-18in lsa_query_info at level 5 in member mode, we must reply our machineJean-François Micouleau1-1/+1
name and not our domain name. I thought it has been already fixed ! J.F. (This used to be commit 1fbb01868b489c896ad1c65ded223999b0ee6013)
2001-12-17there is no unknown field in LSA_SEC_QOSJean-François Micouleau1-67/+208
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the length fields are not correct but that's what NT send. We don't anymore underflow or overflow the decoding. added the domain admins group to the default SD. we are now checking the desired access flag in the lsa_open_policy_X() calls and in most functions also. J.F. (This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
2001-12-14ChangeID fixe from APPLIANCE_HEADGerald Carter1-0/+5
(This used to be commit 096d06a961e3a3e6f6952754875b83558448f449)
2001-12-14add lsa_query_secobj server code. level 4 is the ACL, level 1 is theJean-François Micouleau2-0/+101
owner. that's basic stuff. got the POLICY_ define from TNG but they are also in an include file in the NT SDK. J.F. (This used to be commit 84289a9bf42847981926e198ad36c050904fa9ed)
2001-12-14FALSE -> FalseTim Potter1-1/+1
(This used to be commit dbdbf7cd077a8a20610ee2c62240170b420ebe6c)
2001-12-13merge from appliance_headGerald Carter1-0/+4
(This used to be commit 423554fd71b3c9718fc3a21006da9ce6371fc845)
2001-12-10added info level 3 to samrgetgroupinfo. I don't know what the value is.Jean-François Micouleau1-12/+164
It's just to keep usermanager happy ;-) clean up a bit samr_query_aliasinfo to return the group description added: samr_del_aliasmem, samr_del_groupmem and samr_del_domuser with the correct scripts, you can now entirely manage the users from usermanager ! Closer to full PDC every day ;-) J.F. (This used to be commit 0a727afc669704cda9b44d44dbac9e989e906ae3)
2001-12-10Added client and server code for the GetPrintProcessorDirectory SPOOLSSTim Potter2-1/+125
rpc. This was supposed to fix a printer driver download bug but it didn't but it seemed a shame to trash all this code so I'm commiting it #ifdef'ed out in case someone needs it one day. (This used to be commit bef43656471741c6c10b12e7516c15de9ae76394)
2001-12-08small comment I don't want to loose.Jean-François Micouleau1-0/+5
J.F. (This used to be commit a0b5ae58228d01ff5099180f16ffba4353bd28a7)
2001-12-08Fix domain logon that I broke 3 days ago.Jean-François Micouleau1-1/+4
And it's in sync with the docs, %U is really replaced by the name the user asked. Whereas in 2.2 that's false, %U is replaced by the name the user was mapped to. J.F. (This used to be commit 39f2b23347011acabe9dd3ab15025022da352b74)
2001-12-06again an intrusive patch:Jean-François Micouleau3-170/+67
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-12-05added samr_queryuseralias(). instead of returning BUILTIN_ALIAS_RID_USERS,Jean-François Micouleau2-16/+228
now return the alias correctly. time to look at the netlogon case. J.F. (This used to be commit 72ee1791084d09e73d8057e37ced4a79cecffb35)