summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2003-10-21Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problemsJeremy Allison1-1/+2
when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
2003-10-06split some security related functions in their own files.Simo Sorce2-36/+36
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-10-02Portability fix from schmitz@hp.com (Joachim Schmitz) for bug #548.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 6677eba28a1f2de11c36e3edc5b7d2854452bd04)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-11/+19
clientspreviously joined to the Samba domain (This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison5-68/+58
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-19Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison3-6/+6
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison1-8/+18
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
2003-09-15Patch from Gregory Hinton Nietsky <gregory@networksentry.co.za>,Jeremy Allison1-1/+1
ensure the desired access is read from the incoming RPC request. Jeremy. (This used to be commit fdc5dda44f0190af4e4b0782cb2c5c7de3506d12)
2003-09-05More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison1-2/+2
as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-08-28getting rid of copmpiler warningGerald Carter1-0/+2
(This used to be commit d3f5c5c22026b2e1e4f02617a823505ae88eab24)
2003-08-27renaming some functions for consistencyGerald Carter2-10/+10
(This used to be commit f4ca4aae8ad0496b76c710cf79c791724bdaa4ec)
2003-08-23it never amazes me when some new things crawls out of the windowsGerald Carter2-1/+7
spooler. :-( When installing the Adobe PS driver onto a Samba printer via cupsaddsmb, I noticed a WIN2k client sending DeletePrinterData("DependentFiles") pver and over. I also noticed that we never checked to see if the value was valid. No now we do and return WERR_BADFILE which I think is correct. Next, I noticed that we never wrote the updated printer out to disk after a succesfully DeletePrinterData[Ex](). Finally, I found a driver (Canon BJC 1000 using the Adobe PS drivers and foomatic PPD file) that was destroying the device name string in the devmode. So now get_a_printer_2() always writes out the device name in \\server\share form. I think these changes might fix bug 294. (This used to be commit deb25780874b66e68ac597db24fbc50e7f7458b5)
2003-08-20Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAINGerald Carter2-21/+80
call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
2003-08-19Fix BUG #314: api_netUserGetGRoups() was failing prematurelyGerald Carter2-2/+11
(also fixed the call to return the real groups and not a mocked up list) Fixed simple compiler warning in srv_lsa_ds.c (This used to be commit 6b0e38e01a44d87b844d973318accc456abef857)
2003-08-15possible fix for bug 288 to repcent using an uninitialized cli_state structGerald Carter1-0/+2
(This used to be commit d09dc91c024d718a8ddb6b7f08c7fe84716beda4)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis4-20/+8
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-15return actual results instead of always OKHerb Lewis1-2/+2
(This used to be commit 71469f3220e54959af13a395918c80273538b6ed)
2003-08-14jeremy fooGerald Carter1-1/+6
(This used to be commit 0b31f592df9aca952f978fd6f28c362a0bf02a53)
2003-08-14fix buildGerald Carter1-0/+2
(This used to be commit dd9cb6f820c2acf658eb081fb6ffc7e9b6b3c8d6)
2003-08-14Attempt at fixing bug #283. There however is no solution.Gerald Carter13-109/+474
There is a workaround documented in the bug report. This patch does: * add server support for the LSA_DS UUID on the lsarpc pipe * store a list of context_ids/api_structs in the pipe_struct so that we don't have to lookup the function table for a pipe. We just match the context_id. Note that a dce/rpc alter_context does not destroy the previous context so it is possible to have multiple bindings active on the same pipe. Observed from standalone win2k sp4 client. * added server code for DsROleGetPrimaryDOmainInfo() but disabled it since it causes problems enumerating users and groups from a 2ksp4 domain member in a Samba domain. (This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
2003-08-13fix bug #286.Gerald Carter1-2/+17
Fixed by storing the access requested on the anonymous samr connect. Restricted this to enum_domain|open_domain. Added become/unbecome_root() around pdb_enum_group_mapping() enum domain groups samr call. (This used to be commit 36fc199e5f573fea9b7e2c1cf01ad42744a42f08)
2003-08-08Format tidyup.Jeremy Allison1-4/+4
Jeremy. (This used to be commit 049e77d636c5abd0fdd8840c3c4c465708354ed7)
2003-08-08RPC fix from Ronan Waide <waider@waider.ie>. Tested with rpcecho.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 68590b9e2266cf76b46a68cca0acaa47733811fe)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough11-11/+11
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough10-12/+9
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-31Wrap calls to change_oem_password() in become_root()/unbecome_root() pairsJeremy Allison1-12/+12
to allow UNIX password change scripts to work correctly. This is safe as the old password has been checked as correct before invoking this. Jeremy. (This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
2003-07-25fix some error returns and strings; patch from metzeGerald Carter1-6/+14
(This used to be commit 948b1b138cf1fce18c93645fbdf948e589b19dc5)
2003-07-25More printf portability fixes. Got caught out by some gcc'isms lastTim Potter2-7/+7
time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-24More printf fixes - size_t is long on some architectures.Tim Potter2-6/+6
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter1-3/+3
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-23Typo in comment.Tim Potter1-1/+1
(This used to be commit 6a9bfcd3b8996a0322f733689fd5e8bf24f224c8)
2003-07-22Another round of uid/gid/pid format string changes I missed theTim Potter1-2/+3
first time. (This used to be commit 6616485dbad74dab7506609c6bfd183fc9c1f93c)
2003-07-22Use %p for a pointer type in a printf-style format string. Also castingTim Potter1-1/+1
a pointer to a uint32 value is incorrect on a 64-bit architecture. (This used to be commit afed2cbbcc07de9e453156972250f5f9d22e8e83)
2003-07-17In the presense of RPC fragments, schannel is not strictly request/reply,Andrew Bartlett1-5/+0
so the shared sequence number will not be strictly odd/even. Andrew Bartlett (This used to be commit 77c3e69aef545d3f9b7cec9efdc366cbeb0c745e)
2003-07-14fix cache coherency bug in print handle print_info_2 cache.Gerald Carter1-1/+28
Needs to be rewritten to use a reference counter, but this will work for now. also the memory allocation in the printing code needs to be cleaned up to use talloc exclusively. (This used to be commit 3d293027563b36411b7f84ed9d8f47f926271c6f)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-14/+26
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-07-11moving more code around.Gerald Carter1-4/+31
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-13/+15
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-20/+17
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-3/+3
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison5-8/+8
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03Fix for bug #199 (xp driver uploads). Needed to supportGerald Carter1-6/+14
the "OSVersion" print server data value. (This used to be commit 02bc7be1ac6b75bf6559ea684bbc89ab3e19402e)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett2-3/+1
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-07-03well this was easy...Gerald Carter1-2/+1
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user has a username of DOMAIN\user. Make sure to trim the domain part from the username when filling in the net_sam_logon reply. This fixes the browsing issues i was seen across domain trusts. (This used to be commit 62e36e6ede067ace23f5473d04917c7eeedf07e2)
2003-07-01Adding jcmd's share ACL on XP patch. Thanks Jim !Jeremy Allison1-2/+18
Jeremy. (This used to be commit 7ed1118ae61a13de2c781a94fc2394090efd1f9b)
2003-06-30* cleanup more DC name resolution issues in check_*domain_security()Gerald Carter1-14/+13
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
2003-06-29Here's the code to make winbindd work on a Samba DCGerald Carter1-0/+2
to handle domain trusts. Jeremy and I talked about this and it's going in as working code. It keeps winbind clean and solves the trust problem with minimal changes. To summarize, there are 2 basic cases where the deadlock would occur. (1) lookuping up secondary groups for a user, and (2) get[gr|pw]nam() calls that fall through the NSS layer because they don't exist anywhere. o To handle case #1, we bypass winbindd in sys_getgrouplist() unless the username includes the 'winbind separator'. o Case #2 is handled by adding checks in winbindd to return failure if we are a DC and the domain matches our own. This code has been tested using basic share connections, domain logons, and with pam_winbind (both with and without 'winbind use default domain'). The 'trustdomain' auth module should work as well if an admin wants to manually create UNIX users for acounts in the trusted domains. Other misc fixes: * we need to fix check_ntlm_password() to be able to determine if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD, etc...). I worked around my specific situation, but this needs to be fixed. the winbindd auth module was causing delays. * fix named server mutex deadlock between trust domain auth module and winbindd looking up a uid * make sure SAM_ACCOUNT gets stored in the server_info struct for the _net_sam_logon() reply. Configuration details: The recommended method for supporting trusts is to use winbind. The gets us around some of the server mutex issues as well. * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf * create domain trusts like normal * join winbind on the pdc to the Samba domain using 'net rpc join' * add normal parameters to smb.conf for winbind * set 'auth method = guest sam winbind' * start smbd, nmbd, & winbindd Problems that remain: * join a Windows 2k/XP box to a Samba domain. * create a 2-way trust between the Samba domain and an NT domain * logon to the windows client as a user from theh trusted domain * try to browse server in the trusted domain (or other workstations). an NT client seems to work ok, but 2k and XP either prompt for passwords or fail with errors. apparanently this never got tested since no one has ever been able to logon as a trusted user to a Samba domain from a Windows client. (This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-23wrap group enuemration in brcome/unbecome_root() (bug #110)Gerald Carter1-0/+14
(This used to be commit 3918fffc7f07202f4c0b940f877184eea7561135)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce2-3/+3
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce3-59/+64
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)