summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2001-11-09Fixed a few typos and added the opnum for ADDPRINTERDRIVEREX to theGerald Carter1-2/+2
rpc_spoolss.h header file. (This used to be commit d4cafc076be99a66d0660f695995801b4f1d7bfd)
2001-11-09This change updates lp_guestaccount() to be a *global* paramater, rather thanAndrew Bartlett1-13/+5
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
2001-11-08Change to guest logon code.Andrew Bartlett2-30/+30
This changes the way we process guest logons - we now treat them as normal logons, but set the 'guest' flag. In particular this is needed becouse Win2k will do an NTLMSSP login with username "", therefore missing our previous guest connection code - this is getting a pain to do as a special case all over the shop. Tridge: We don't seem to be setting a guest bit for NTLMSSP, in either the anonymous or authenticated case, can you take a look at this? Also some cleanups in the check_password() code that should make some of the debugs clearer. Various other minor cleanups: - change the session code to just take a vuser, rather than having to do a vuid lookup on vuser.vuid - Change some of the global_client_caps linking - Better debug in authorise_login(): show the vuid. Andrew Bartlett (This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)
2001-11-07Initilising these variables before appending the domain groups to themAndrew Bartlett2-1/+5
(This used to be commit 8004cfea19e10ad942c59f2f6a6bd992791017ba)
2001-11-05Changed MAX_OPEN_PIPES to 2048.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 591d217ed49b6beca4a87f6b89a81f0c913003dc)
2001-11-05Wrote some stubs for new win2k only spoolss rpc commands:Tim Potter2-0/+101
GetPrinterDataEx() and SetPrinterDataEx(). Not sure what the command number is for the latter is - I haven't seen it on the wire yet. (This used to be commit 87614c74b3d66cf2ca706b33e6cf0a32b4166e7a)
2001-11-05Don't put a \n on the end of the arg to exit_server()Tim Potter1-1/+1
(This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e)
2001-11-04Fix up authenticated pipes in line with vuser changes. This ensures that globalAndrew Bartlett1-1/+4
groups obtained via a domain logon are respected in the attached NT_USER_TOKEN. This functionality is only available in HEAD, becosue of the way authenticaion has been abstracted. Both vuid logins and authenticated pipes need to use the same code for this in future. Can sombody with the correct facilties check this please?\ Thanks, Andrew Bartlett (This used to be commit caae69fcd096f20aa4c6879b95ec2c275afea041)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+1
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-11-01Various post AuthRewrite cleanups, fixups and tidyups.Andrew Bartlett1-5/+5
Zero out some of the plaintext passwords for paranoia Fix up some of the other passdb backends with the change to *uid_t rather than uid_t. Make some of the code in srv_netlog_nt.c clearer, is passing an array around, so pass its lenght in is definition, not as a seperate paramater. Use sizeof() rather than magic numbers, it makes things easier to read. Cope with a PAM authenticated user who is not in /etc/passwd - currently by saying NO_SUCH_USER, but this can change in future. Andrew Bartlett (This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
2001-10-31Fix up domain logons. Tested with NT4.Andrew Bartlett1-5/+4
(This used to be commit c8b2718adfe114b74a155116c5e74f014d6df887)
2001-10-31... and clean up the unused variables.Andrew Bartlett1-3/+0
(This used to be commit e0b56a31480906b39f37761eed20d3cad0d53973)
2001-10-31Small changes for guest authenticated pipes.Andrew Bartlett1-8/+7
(This used to be commit 813bf962ae6f29ddcaee4bc8b67d8017f04172b1)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett3-191/+94
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Added some extra fields to the auth_serversupplied_info structure.Tim Potter1-0/+2
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
2001-10-29This commit is number 4 of 4.Andrew Bartlett3-3/+3
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-2/+2
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-29This commit is number 1 of 4.Andrew Bartlett2-0/+10
In particular this commit focusses on: Adding the new 'pass changed now' helper function. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. (This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)
2001-10-27Raise simultaneous open pipes from 64 to 1024 for large print serverJeremy Allison1-1/+1
environments. Jeremy. (This used to be commit e5f8147d02b57198f684c6686dfa497c6732ff44)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison3-7/+8
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-16Fix some unicode string error.Jean-François Micouleau1-31/+42
I'm wondering if I have to audit *all* the rpc code for that kind of trouble ;-) Oh well I've done it twice already, I can do it a third time ;-) J.F. (This used to be commit 6be8ea28f98d71e04de18b317f4d7a99b55209e8)
2001-10-10Back-out the share acl fix. Not needed (Gerald has been telling porkiesJeremy Allison1-16/+3
again :-) :-). Jeremy. (This used to be commit 3b56239c51da3bb24d9ac1ee1442717f597c682a)
2001-10-09Fix bug where removing root from a share SD stops further edit access.Jeremy Allison1-4/+17
Jeremy. (This used to be commit 4d57c7520fa106ef6c29c0678584e1726ded961f)
2001-10-09Fixes from John Trostel (modified somewhat by me) to ensure that all lookup_XXJeremy Allison1-2/+2
functions correctly deal with the SID_NAME_TYPE. One fix for connection user lookup in LSA. Jeremy. (This used to be commit 29730027d8118ec7d207c89d0fd7fb24ac173fde)
2001-10-03fix some possible memleaks and not tested reallocs spotted by Andreas MoroderSimo Sorce1-0/+1
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter20-36/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-29Fix up a number of intertwined issues:Andrew Bartlett4-73/+100
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
2001-09-27Fix memory leak in get_sampwd_entries(), reindent for clarity.Andrew Bartlett1-39/+46
- call pdb_reset_sam() after each getent call. Fix bug in get_group_alias_entries(), were if num_entries was zero this caused talloc() to return NULL, failing a test below with NT_STATUS_NO_MEMORY. Fix pdb_reset_sam() to correctly initalise the sam structure. Move default value code into a single place, likewise for sam freeing code. - should make things easier if we decide to malloc other strings, or get more non-zero default values. Finally, add a function in init a sam struct from a getpwnam() return. Andrew Bartlett (This used to be commit a41fb44f5e90cf8734d57217e836e14f4a80bd47)
2001-09-26Make use of the pdb_set_plaintext_passwd() update to vastly simplifyAndrew Bartlett1-17/+11
decode_pw_buffer() and the samr password changing routines. And yes, I know that we can lost some information in the Unicode->UTF->Unicode bit of this, but its worth the code cleanup. This also takes into account the possability of multibyte passwords. Andrew Bartlett (This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
2001-09-26More updates to prevent account-guessing.Andrew Bartlett1-12/+10
This moves the check that ensures that the account being looked up is the same account as the machine logged in as to the front, before we even start with passdb. Merge for 2.2.2? Andrew Bartlett (This used to be commit f7ed0ecc14aeba5ad260f24a76ced70cf52f8e48)
2001-09-26Added Elrond patch to make se_access_check use NT datastructures, not Samba.Jeremy Allison1-21/+6
Jeremy. (This used to be commit bca6419447e926e51aeecf3e484228f640cecb84)
2001-09-25Fixed enumeration of large numbers of groups from a Samba DC.Jeremy Allison1-1/+3
Tidied up debug messages in lib/messages.c Jeremy. (This used to be commit dfb58f227609d6c8a255677b85ec853efa19f602)
2001-09-21fixed character set for user name pullAndrew Tridgell1-4/+3
(This used to be commit 374f76fa2d5dcd036943c3f968a94f097a971ac7)
2001-09-19fix debugAndrew Bartlett1-1/+1
(This used to be commit d103371e8028efb6eec3c4b917b68734832f5844)
2001-09-19Reverse some of the breakage I commited a day or two ago, as we need toAndrew Bartlett1-5/+21
fill out the user_info struct (otherwise we don't have a vuid for make_connection()). Also add a become_user() call, becouse it really looks like it was missing (we must pass it anyway to finish make_connection()). Is there any reason not to be the user when reading an ACL? Finally, fix up some formatting to show that the two functions are almost identical. Andrew Bartlett (This used to be commit 00c667c0ad922a1bf388b8a2b8c6137fc7f0acaa)
2001-09-17move to SAFE_FREE()Simo Sorce9-139/+126
(This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961)
2001-09-16Minor tidy-up.Andrew Bartlett1-1/+1
(This used to be commit dbb21aedbf10ebc4ef0d549c4f919cf91459eef7)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett2-49/+14
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-15Looks like it missed these. make_connection now no longer takes a 'username'Andrew Bartlett1-2/+0
argument. (This used to be commit 0e1322227b0a91226b4b85c8e0ff838ebfd9e962)
2001-09-15Kill off the //server/share%user hack in share level security.Andrew Bartlett1-12/+6
This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
2001-09-14merge from appliance_headGerald Carter1-6/+6
(This used to be commit f70b1707e42b3f7aaa38cc5637fcc5cbcdd5a26a)
2001-09-14Finally commit my fix to this little mess...Andrew Bartlett1-10/+25
The same function that adds machines to the system also adds users, and the new 'add user script'/'add machine script' distinction needs to be made correctly. Also introduces a sainity check for correct $ termination. Andrew Bartlett (This used to be commit ef377ea0cc55cb6647ecd7a634cf5983e11cfe99)
2001-09-12Some patches to authentication:Tim Potter2-2/+2
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
2001-09-12- enable MSDFS by default, there seems no reason not to have it enabledAndrew Tridgell4-17/+0
by default in Samba 3.x - got rid of some unused parameters in Makefile.in - declare DEBUGLEVEL in debug.h rather than in each file (This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
2001-09-12Converted DFS error returns to WERROR instead of uint32.Tim Potter1-27/+33
(This used to be commit 97286570ef6f9151b5fe0be32aa4b294e7db9ab8)
2001-09-10cut-n-paste errorGerald Carter1-1/+1
(This used to be commit b2ed211df0cad2013fd8ff67f48bf73962cc1d39)
2001-09-10merge from APPLIANCE_HEADGerald Carter1-12/+21
(This used to be commit 55bd514c4576a273dac1ac5c37207a96b41f6572)
2001-09-06got rid of USE_TDB_MMAP_FLAG as its not needed any moreAndrew Tridgell2-2/+2
(This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47)
2001-09-06Logon workstation checks from Toomas Soome <tsoome@ut.ee>Tim Potter1-9/+42
Fixed compile warning. (This used to be commit 3eee66516596835c70c8d652ca633d2e1158fbb7)
2001-09-04a fix for fussy compilersAndrew Tridgell1-1/+1
(This used to be commit 78f437b5073207606b23be42960e2b10f785a148)