summaryrefslogtreecommitdiff
path: root/source3/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett3-191/+94
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Added some extra fields to the auth_serversupplied_info structure.Tim Potter1-0/+2
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
2001-10-29This commit is number 4 of 4.Andrew Bartlett3-3/+3
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-2/+2
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-29This commit is number 1 of 4.Andrew Bartlett2-0/+10
In particular this commit focusses on: Adding the new 'pass changed now' helper function. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. (This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)
2001-10-27Raise simultaneous open pipes from 64 to 1024 for large print serverJeremy Allison1-1/+1
environments. Jeremy. (This used to be commit e5f8147d02b57198f684c6686dfa497c6732ff44)
2001-10-18Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.Jeremy Allison3-7/+8
Ensure make_conection() can only be called as root. Jeremy. (This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
2001-10-16Fix some unicode string error.Jean-François Micouleau1-31/+42
I'm wondering if I have to audit *all* the rpc code for that kind of trouble ;-) Oh well I've done it twice already, I can do it a third time ;-) J.F. (This used to be commit 6be8ea28f98d71e04de18b317f4d7a99b55209e8)
2001-10-10Back-out the share acl fix. Not needed (Gerald has been telling porkiesJeremy Allison1-16/+3
again :-) :-). Jeremy. (This used to be commit 3b56239c51da3bb24d9ac1ee1442717f597c682a)
2001-10-09Fix bug where removing root from a share SD stops further edit access.Jeremy Allison1-4/+17
Jeremy. (This used to be commit 4d57c7520fa106ef6c29c0678584e1726ded961f)
2001-10-09Fixes from John Trostel (modified somewhat by me) to ensure that all lookup_XXJeremy Allison1-2/+2
functions correctly deal with the SID_NAME_TYPE. One fix for connection user lookup in LSA. Jeremy. (This used to be commit 29730027d8118ec7d207c89d0fd7fb24ac173fde)
2001-10-03fix some possible memleaks and not tested reallocs spotted by Andreas MoroderSimo Sorce1-0/+1
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter20-36/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-29Fix up a number of intertwined issues:Andrew Bartlett4-73/+100
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
2001-09-27Fix memory leak in get_sampwd_entries(), reindent for clarity.Andrew Bartlett1-39/+46
- call pdb_reset_sam() after each getent call. Fix bug in get_group_alias_entries(), were if num_entries was zero this caused talloc() to return NULL, failing a test below with NT_STATUS_NO_MEMORY. Fix pdb_reset_sam() to correctly initalise the sam structure. Move default value code into a single place, likewise for sam freeing code. - should make things easier if we decide to malloc other strings, or get more non-zero default values. Finally, add a function in init a sam struct from a getpwnam() return. Andrew Bartlett (This used to be commit a41fb44f5e90cf8734d57217e836e14f4a80bd47)
2001-09-26Make use of the pdb_set_plaintext_passwd() update to vastly simplifyAndrew Bartlett1-17/+11
decode_pw_buffer() and the samr password changing routines. And yes, I know that we can lost some information in the Unicode->UTF->Unicode bit of this, but its worth the code cleanup. This also takes into account the possability of multibyte passwords. Andrew Bartlett (This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
2001-09-26More updates to prevent account-guessing.Andrew Bartlett1-12/+10
This moves the check that ensures that the account being looked up is the same account as the machine logged in as to the front, before we even start with passdb. Merge for 2.2.2? Andrew Bartlett (This used to be commit f7ed0ecc14aeba5ad260f24a76ced70cf52f8e48)
2001-09-26Added Elrond patch to make se_access_check use NT datastructures, not Samba.Jeremy Allison1-21/+6
Jeremy. (This used to be commit bca6419447e926e51aeecf3e484228f640cecb84)
2001-09-25Fixed enumeration of large numbers of groups from a Samba DC.Jeremy Allison1-1/+3
Tidied up debug messages in lib/messages.c Jeremy. (This used to be commit dfb58f227609d6c8a255677b85ec853efa19f602)
2001-09-21fixed character set for user name pullAndrew Tridgell1-4/+3
(This used to be commit 374f76fa2d5dcd036943c3f968a94f097a971ac7)
2001-09-19fix debugAndrew Bartlett1-1/+1
(This used to be commit d103371e8028efb6eec3c4b917b68734832f5844)
2001-09-19Reverse some of the breakage I commited a day or two ago, as we need toAndrew Bartlett1-5/+21
fill out the user_info struct (otherwise we don't have a vuid for make_connection()). Also add a become_user() call, becouse it really looks like it was missing (we must pass it anyway to finish make_connection()). Is there any reason not to be the user when reading an ACL? Finally, fix up some formatting to show that the two functions are almost identical. Andrew Bartlett (This used to be commit 00c667c0ad922a1bf388b8a2b8c6137fc7f0acaa)
2001-09-17move to SAFE_FREE()Simo Sorce9-139/+126
(This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961)
2001-09-16Minor tidy-up.Andrew Bartlett1-1/+1
(This used to be commit dbb21aedbf10ebc4ef0d549c4f919cf91459eef7)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett2-49/+14
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-15Looks like it missed these. make_connection now no longer takes a 'username'Andrew Bartlett1-2/+0
argument. (This used to be commit 0e1322227b0a91226b4b85c8e0ff838ebfd9e962)
2001-09-15Kill off the //server/share%user hack in share level security.Andrew Bartlett1-12/+6
This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
2001-09-14merge from appliance_headGerald Carter1-6/+6
(This used to be commit f70b1707e42b3f7aaa38cc5637fcc5cbcdd5a26a)
2001-09-14Finally commit my fix to this little mess...Andrew Bartlett1-10/+25
The same function that adds machines to the system also adds users, and the new 'add user script'/'add machine script' distinction needs to be made correctly. Also introduces a sainity check for correct $ termination. Andrew Bartlett (This used to be commit ef377ea0cc55cb6647ecd7a634cf5983e11cfe99)
2001-09-12Some patches to authentication:Tim Potter2-2/+2
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
2001-09-12- enable MSDFS by default, there seems no reason not to have it enabledAndrew Tridgell4-17/+0
by default in Samba 3.x - got rid of some unused parameters in Makefile.in - declare DEBUGLEVEL in debug.h rather than in each file (This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
2001-09-12Converted DFS error returns to WERROR instead of uint32.Tim Potter1-27/+33
(This used to be commit 97286570ef6f9151b5fe0be32aa4b294e7db9ab8)
2001-09-10cut-n-paste errorGerald Carter1-1/+1
(This used to be commit b2ed211df0cad2013fd8ff67f48bf73962cc1d39)
2001-09-10merge from APPLIANCE_HEADGerald Carter1-12/+21
(This used to be commit 55bd514c4576a273dac1ac5c37207a96b41f6572)
2001-09-06got rid of USE_TDB_MMAP_FLAG as its not needed any moreAndrew Tridgell2-2/+2
(This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47)
2001-09-06Logon workstation checks from Toomas Soome <tsoome@ut.ee>Tim Potter1-9/+42
Fixed compile warning. (This used to be commit 3eee66516596835c70c8d652ca633d2e1158fbb7)
2001-09-04a fix for fussy compilersAndrew Tridgell1-1/+1
(This used to be commit 78f437b5073207606b23be42960e2b10f785a148)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell2-97/+108
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-09-03more NTSTATUS/WERROR conversionAndrew Tridgell1-158/+156
(This used to be commit ad648c5cd8ebe4be8304379117f403d7673dcbc8)
2001-09-03the next step in our error code handling changeAndrew Tridgell1-232/+229
- added WERROR for win32 error codes - added a configure test for immediate structures still lots to do, so its not enabled by default, but the main structure is there (This used to be commit 24f9ab683dec52587ee56717e821b49c0fa3d70f)
2001-08-28Send a MSG_SMB_SAM_SYNC when a netlogon_ctrl2 message is received.Tim Potter1-6/+35
(This used to be commit 73e1b708d0ab7a6e612f8910c5815a6ab6de66cd)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell13-528/+528
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-27started converting NTSTATUS to be a structure on systems with gcc in order ↵Andrew Tridgell1-1/+1
to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs (This used to be commit 1b778bc7d22efff3f90dc450eb12baa1241cf68f)
2001-08-27As per plug-fest discussions this paramater no longer defaults to the valueAndrew Bartlett1-4/+0
of add user script. (This used to be commit 9e0c9a99f6ca01cd6a0ee3084f85e1c36b11d7c3)
2001-08-26Spaces -> Tabs.Jeremy Allison1-6/+7
Jeremy. (This used to be commit 5b665122f5a785f858f75c0a3c181ae193e2c503)
2001-08-24get rid of compiler warningsHerb Lewis2-6/+6
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-24fix missing )Herb Lewis1-1/+1
(This used to be commit f3bc6b5d68bdb01b07b9d780f5ba81c05e22f48c)
2001-08-24let admins also abort a shutdownSimo Sorce2-10/+53
(This used to be commit 3b40ec4f149a8813c1d68f184858e2ddd605d8fd)
2001-08-24Fixed malloc -> talloc problems pointed out by Simo.Jeremy Allison1-1/+1
Jeremy (This used to be commit 0f5b187387fb536a6866d9109eff82411798f79e)
2001-08-23so let admins shutdown their samba servers remotely if they want :-)Simo Sorce2-0/+72
(This used to be commit 6391fd7bdab07c83e9eed02e761db09918e60302)