summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2003-07-01Adding jcmd's share ACL on XP patch. Thanks Jim !Jeremy Allison1-2/+18
Jeremy. (This used to be commit 7ed1118ae61a13de2c781a94fc2394090efd1f9b)
2003-06-30* cleanup more DC name resolution issues in check_*domain_security()Gerald Carter1-14/+13
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
2003-06-29Here's the code to make winbindd work on a Samba DCGerald Carter1-0/+2
to handle domain trusts. Jeremy and I talked about this and it's going in as working code. It keeps winbind clean and solves the trust problem with minimal changes. To summarize, there are 2 basic cases where the deadlock would occur. (1) lookuping up secondary groups for a user, and (2) get[gr|pw]nam() calls that fall through the NSS layer because they don't exist anywhere. o To handle case #1, we bypass winbindd in sys_getgrouplist() unless the username includes the 'winbind separator'. o Case #2 is handled by adding checks in winbindd to return failure if we are a DC and the domain matches our own. This code has been tested using basic share connections, domain logons, and with pam_winbind (both with and without 'winbind use default domain'). The 'trustdomain' auth module should work as well if an admin wants to manually create UNIX users for acounts in the trusted domains. Other misc fixes: * we need to fix check_ntlm_password() to be able to determine if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD, etc...). I worked around my specific situation, but this needs to be fixed. the winbindd auth module was causing delays. * fix named server mutex deadlock between trust domain auth module and winbindd looking up a uid * make sure SAM_ACCOUNT gets stored in the server_info struct for the _net_sam_logon() reply. Configuration details: The recommended method for supporting trusts is to use winbind. The gets us around some of the server mutex issues as well. * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf * create domain trusts like normal * join winbind on the pdc to the Samba domain using 'net rpc join' * add normal parameters to smb.conf for winbind * set 'auth method = guest sam winbind' * start smbd, nmbd, & winbindd Problems that remain: * join a Windows 2k/XP box to a Samba domain. * create a 2-way trust between the Samba domain and an NT domain * logon to the windows client as a user from theh trusted domain * try to browse server in the trusted domain (or other workstations). an NT client seems to work ok, but 2k and XP either prompt for passwords or fail with errors. apparanently this never got tested since no one has ever been able to logon as a trusted user to a Samba domain from a Windows client. (This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-23wrap group enuemration in brcome/unbecome_root() (bug #110)Gerald Carter1-0/+14
(This used to be commit 3918fffc7f07202f4c0b940f877184eea7561135)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce2-3/+3
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce3-59/+64
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-13Rename some uuid functions so as not to conflict with systemTim Potter1-1/+1
versions. Fixes bug #154. (This used to be commit 986eae40f7669d15dc75aed340e628aa7efafddc)
2003-06-11Set the user's primary unix group from usrmgr.exe.Volker Lendecke1-0/+41
This part of a fix to bug#45. Volker (This used to be commit 43d306011fe0497dabdf6f43a0d120900fd96e6d)
2003-06-03Merge DEBUG message on usleep on open.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 063a210448d57e08db6d47a584c591f20645c80a)
2003-05-29Change get_nt_acl() to include security_info wanted. Only return this.Jeremy Allison1-1/+1
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly broken make_sec_desc() that screwed up the size when given a SD with no owner or group (how did it get this bad... ?). Jeremy. (This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a)
2003-05-22fixes bugs 85 & 99 (XP domain logons); don't enable the lsa_query_info2 ↵Gerald Carter1-1/+13
unless we are trying to be an ADS DC (This used to be commit bf20976e5a993f4cfa05c1e0a9ecab2c7da99263)
2003-05-16Patch from "Esh, Andrew" <Andrew_Esh@adaptec.com> to fix core dump bugJeremy Allison1-1/+14
in add groupmem code. Jeremy. (This used to be commit f41eb9ce9af2075f62abaecd8792d30617d05818)
2003-05-16another bugfix from Alex Deiter <tiamat@komi.mts.ru>Simo Sorce1-1/+1
thanks (This used to be commit 29dc40639fad7652f7f99995be7552f5143ff052)
2003-05-15Ensure sys_adminlog code won't coredump with incorrect client params.Jeremy Allison1-4/+11
Jeremy. (This used to be commit b754089a2660975c593a6651e5e72b7360a0aba1)
2003-05-14Prefix VFS API macros with SMB_ for consistency and to avoid problems with ↵Alexander Bokovoy1-2/+2
VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out (This used to be commit c2689ed118b490e49497a76ed6a2251262018769)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce3-32/+17
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-11Fix VFS layer:Alexander Bokovoy1-2/+2
1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978)
2003-05-07Set our 'global sam name' in one place. For domain controllers, this isAndrew Bartlett2-27/+5
lp_workgroup(), for all other server this is global_myname(). This is the name of the domain for accounts on *this* system, and getting this wrong caused interesting bugs with 'take ownership' on member servers and standalone servers at Snap. (They lookup the username that they got, then convert that to a SID - but becouse the domain out of the smbpasswd entry was wrong, we would fail the lookup). Andrew Bartlett (This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)
2003-04-29Use a common function to create the SAM_ACCOUNT being used to add accountsAndrew Bartlett1-24/+5
to the system. This means that we always run Get_Pwnam(), and can never add FOO when foo exists on the system (the idea is to instead add foo into the passdb, using it's full name, RID etc). Andrew Bartlett (This used to be commit bb79b127e02cefae13c822fd0fd165f1f214b740)
2003-04-29only call the add_script if the getpwnam_alloc() failsGerald Carter1-19/+28
(This used to be commit c0807e21999ec718d722fc0be6b3353c9369db04)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij10-22/+40
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-26back port from HEADSimo Sorce1-5/+12
(This used to be commit f7cfdf20b7b3b7743c0c3af4ff62fdde00e45fdc)
2003-04-23Patch by Metze to ensure that we always at least initialize our output stringAndrew Bartlett1-2/+4
for rpc_pull_string. If we had a NULL or zero-length string, we would use uninitialised data in the result string. Andrew Bartlett (This used to be commit df10aee451b431a8a056a949a98393da256185da)
2003-04-23Merge the 'safe' parts of my StrnCpy patch - many of the users really wantedAndrew Bartlett1-12/+12
a pstrcpy/fstrcpy or at most a safe_strcpy(). These have the advantage of being compiler-verifiable. Get these out of the way, along with a rewrite of 'get_short_archi' in the spoolss client and server. (This pushes around const string pointers, rather than copied strings). Andrew Bartlett (This used to be commit 32fb801ddc035e8971e9911ed4b6e51892e9d1cc)
2003-04-23Now that Volker fixed the real issues with ldapsam and adding null attributesAndrew Bartlett1-40/+8
etc, move the SAMR create_user code back to using the 'pdb_init_sam_pw' method to fill out the attributes. This is basicly the same code, but we really didn't need the duplication. Also, take advantage of the fact that RIDs will always be returned back into the SAM_ACCOUNT on ADD, so we don't need to duplicate the 'get'. This should also help in sites with replicated LDAP - the second fetch might occour before the first is replicated back. Andrew Bartlett (This used to be commit 39714c24fd9da4701d4fe69ddd3d61a25254409f)
2003-04-22Setting the credentials for the netsec netlogon pipe connect upon eachVolker Lendecke2-8/+5
samlogon call certainly breaks the credential chain. Do it once during the bind response. Volker (This used to be commit d4262c37f13642e034d3e207bfbb563c17a8a176)
2003-04-22Oops...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 898ff89632a394ff32fd38f1c4e94412388fa8bd)
2003-04-22Make our 'get DNS domain name' code try a bit harder - if gethostname() doesn'tAndrew Bartlett1-3/+11
include a domain portion, do a gethostbyname() lookup on that name. Use this name in our PolicyPrimaryDomainInformation reply (_lsa_query_info2) that Win2k uses when trying to trust us as a trusted domain. (We need to do a better mapping between our Netbios and Win2k domain names, but this will do for now - particularly annoying is the way this possibly needs to map with our kerberos realm). Andrew Bartlett (This used to be commit 3be03271030208a69da29c6e2a7b92cdbaa8c6aa)
2003-04-22wrap pdb_enum_group_mapping() in [un]become_root() so LDAP queries can get ↵Gerald Carter1-0/+5
the credentials from secrets.tdb (This used to be commit bb8b63b865b941abecc0d821e710702dd12866fe)
2003-04-16Fixes to make SCHANNEL work in 3.0 against a W2K DC. Still need to fixJeremy Allison1-2/+10
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC. Jeremy. (This used to be commit ff66d4097088409205b6bad5124a78ef9946010d)
2003-04-15use the new modules system for the rpc modules (backport from HEAD)Jelmer Vernooij9-131/+7
(This used to be commit aca7319e8d45eb604f28b8bd490413b08e2c98f2)
2003-04-15Merge of comment typo.Tim Potter1-3/+3
Whitespace syncup. (This used to be commit c69237edf2bfdb426447d808fbd1dc6eb5cffabe)
2003-04-14Fix typosJelmer Vernooij1-2/+2
(This used to be commit 21166e87bfeeaa5079dfbcac3df9232d73986532)
2003-04-14Merge of rpcecho pipe for testing large dcerpc requests and responses.Tim Potter1-0/+5
Only compiled in when --enable-developer argument passed to configure. (This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
2003-04-13This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User2-0/+215
used to be commit 381649916ecbaddefbb6ee0e6137b7cc73eb54b1)
2003-04-11* We must return 0x2 as the majorversion for nt4 to upload driversGerald Carter1-1/+11
* fix bug found by clobber_region() (This used to be commit ad2765bb5e0c1c4d8f12583e49df5b1bc7ffc389)
2003-04-11* We must return 0x2 as the majorversion for nt4 to upload driversGerald Carter1-1/+11
* fix bug found by clobber_region() (This used to be commit b2e29c7bd45f8f33d9ed58fe75bbf5ffc78350f5)
2003-04-11simple fix to hopefully speed up srv_spoolss_replyopenprinter().Gerald Carter1-22/+36
Use the client address from the pipe->conn->client_address instead of trying to resolve the name in the _spoolss_rffpcn() request. Should make us more robust as well when the clients are not registered in DNS or WINS. (This used to be commit 78b2c1be7d9923716841627044c4e1578a5b9546)
2003-04-11simple fix to hopefully speed up srv_spoolss_replyopenprinter().Gerald Carter1-22/+36
Use the client address from the pipe->conn->client_address instead of trying to resolve the name in the _spoolss_rffpcn() request. Should make us more robust as well when the clients are not registered in DNS or WINS. (This used to be commit 23f0fcf6421b1e8dd6ed6ab14af14ea7eb380c1c)
2003-04-11A new RPC pipe! The \pipe\echo named pipe is for testing large RPCTim Potter2-0/+215
requests and responses and is only compiled in when --enable-developer is passed to configure. It includes server and client side code for generating and responding to functions on this pipe. The functions are: - AddOne: add one to the uint32 argument and return ig - EchoData: echo back a variable sized char array to the caller - SourceData: request a variable sized char array - SinkData: send a variable sized char array and throw it away There's a win32 implementation of the client and server in the junkcode CVS repository in the rpcecho-win32 subdirectory. (This used to be commit 4ccd34ef836eba05f81dc2da73fd7cfaac201798)
2003-04-10Ensure we're not filtering our essential delete messages.Jeremy Allison1-2/+2
Added jobid debug when unpacking message. Jeremy. (This used to be commit 8a6f3313e69c6d47e20838f42ebc9f8a2ce9ddc4)
2003-04-10Ensure we're not filtering our essential delete messages.Jeremy Allison1-2/+2
Added jobid debug when unpacking message. Jeremy. (This used to be commit 8bab6e32069e1636a52efa31ca55b49f1b3fa768)
2003-04-09Put the core schannel functions to parse_prs.c. They are also used byVolker Lendecke1-187/+2
schannel clients. Volker (This used to be commit 0f348a35d09ff020837119157ef7f4b9e6f07643)
2003-04-09Put the core schannel functions to parse_prs.c. They are also used byVolker Lendecke1-187/+2
schannel clients. Volker (This used to be commit 41e92409e1c6912db05acc80b6c0d5dccd51859b)
2003-04-09another forgotten merge sitting on my laptop from app_head; only stall ↵Gerald Carter1-3/+6
open_printer when 2k client opens with admin privs & fix reply for ChangeId printer data reply (This used to be commit c7c3d42cd5954b040ee7027886ea8d9d0f2da9a5)
2003-04-09another forgotten merge sitting on my laptop from app_head; only stall ↵Gerald Carter1-3/+6
open_printer when 2k client opens with admin privs & fix reply for ChangeId printer data reply (This used to be commit 12eb3e993788eb8bc0e9eb62e60a8b55079df5ad)
2003-04-09forgotten merge left on disk; remove extra SAFE_FREE()Gerald Carter1-2/+0
(This used to be commit 4d42067cb89220a1b275bc8408c9c1ba2ef7766a)
2003-04-08fixup extra SAFE_FREE()'s noticed by abartletGerald Carter1-2/+0
(This used to be commit 51d330dcf3bd74367fc18f4229a9cfa0392f0b36)
2003-04-06Merge the TNG netlogon schannel from HEAD.Volker Lendecke3-33/+438
No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)