summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
AgeCommit message (Collapse)AuthorFilesLines
2000-11-21combined 2 if statments which used the same conditionGerald Carter1-3/+5
-- jerry (This used to be commit 445fd1dbd8bb93f56f20b5dd9e9d5b018147b21d)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter1-47/+57
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-10-11Remove duplicate group initialisation function.Tim Potter1-22/+0
Don't initialise groups twice. (This used to be commit 5375261152b28a65de18e817c75cab79c2f556b8)
2000-10-05Fix for null passwords being allowed bug.Jeremy Allison1-4/+8
Jeremy. (This used to be commit d4d55488397832df35b558564c263a307b0bb629)
2000-09-12With John Reilly help tracking it down - fixed a *nasty* bug whenJeremy Allison1-1/+0
authorising logins. If a user connected to a share as guest, then the snum was getting flagged as "force guest", meaning that all subsequent connections to it, even under a different vuid, would be bounced to guest. This explains several very hard to reproduce access denied bugs, and as the NT client also has bugs in that it will sometimes erroneously use guest instead of the correct vuid on an IPC$ connection lead to a *very* hard problem to find. This fix should be propagated into all branches (TNG/Applience take note) and I'll also make a separate patch availalble on the samba-technical list. Jeremy. (This used to be commit 0264fdafe909cf9e995df3ae7b64bedbe0b4e8a1)
2000-09-07Hopefully this should fix the primary group permission problem.Tim Potter1-2/+0
(This used to be commit 2f33ec41ac1d3243340455b6c3a6cea22d267f14)
2000-09-06Fix for the SID history problem when using a Win2k domain controllerJeremy Allison1-7/+4
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs. Jeremy. (This used to be commit 2b1f66eb82f05fe0b85ac5b4916e32847b8de675)
2000-08-28smbd/password.c: Fixed typo in Tim's new code that caused insure overrun error.Jeremy Allison1-1/+0
smbd/reply.c: Fixed lowercasing UNIX character set problem. Jeremy. (This used to be commit 2b6e3ed7a6447d40d9dd7e9b5c286b1aabe4730d)
2000-08-28Merge bug - still getting used to dirdiff.Tim Potter1-1/+0
(This used to be commit cb717b4a2bb55eb2ff008e59203ebfeac6c5ab9f)
2000-08-28Merge from appliance branch.Tim Potter1-0/+10
(This used to be commit 567b0095b1b8393b3b1e32533aa2860ab3dbfa47)
2000-08-08Found the sec_ctx_stack overflow - a become_root() should have been anJeremy Allison1-1/+1
unbecome_root() - typo. Jeremy. (This used to be commit ebb160663ed55e44e44f1c3d17eb077a32c2ffb9)
2000-08-04Fixed up the user/group contexts when using authenticated pipes.Jeremy Allison1-3/+6
Added a become_root()/unbecome_root() (push/pop security context) around the initgroups() call to ensure it would succeed. Hmmm - I wonder if this call being done as non-root might explain any "group access" bugs we've had in the past.... Jeremy. (This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
2000-08-03Added an NT_USER_TOKEN structure that is copied/passed around associatedJeremy Allison1-15/+12
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-67/+46
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-2/+2
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-10Spelling fixes.Tim Potter1-3/+3
(This used to be commit c1d242f1dd5b6addbe5d2df22e4759f6682fd9ef)
2000-06-23Delete OriginalDir stuff.Tim Potter1-3/+3
(This used to be commit 3d0f1845c8cefccfabcfd35694264c1e5f52c3af)
2000-06-14ZERO_STRUCT() of info3 structure before using it.Tim Potter1-0/+2
(This used to be commit efe7f818c927a925f2dee1ef4f6040c137e0c84e)
2000-06-09Luke, I am moving the code back into passdb/passdb.c, this the correctJeremy Allison1-52/+14
place to do this, not in smbd/passwd.c Please don't change this without asking first, I have run this past Andrew so talk to him (I'm on vacation next week). I also removed the g_newXXX macros. There are essentially a private C extension, not used anywhere else in the code, and add no functionality over malloc(XX) and make the code harder to understand (everyone knows what malloc does). Jeremy. (This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
2000-06-09free NET_USER_INFO_3 gids when vuser invalidated.Luke Leighton1-0/+4
(This used to be commit 2f056c2aadd2e16d89b66aabd1c166ab8d5abd76)
2000-06-09dynamic allocation of NET_USER_INFO_3 gids.Luke Leighton1-23/+37
jeremy, the intent is to call se_access_check() with usr-sid, grp-sid, array-of-group-rids (but array-of-group-sids would do). please do look at smbd/lanman.c's api_NetWkstaGetInfo, it will show you that we really do need to store the entire NET_USER_INFO_3 structure. then again, api_NetWkstaGetInfo is only used by win9x so who cares :) (This used to be commit bd34f652390adc32c4959d164c628687f526d977)
2000-06-09reverted jeremy's changes that removed NET_USER_INFO_3. will you pleaseLuke Leighton1-28/+53
not just undercut work in progress, thank you. (This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
2000-06-08include/smb.h: Removed NET_USER_3 struct from user struct. It doesn't belong ↵Jeremy Allison1-53/+28
there (yet) as there is no infrastructure for it. Replaced it with a dynamic array of group SIDs plus a user. passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done, eventually calling winbind. smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements. smbd/reply.c: Removed extra parameter to register_vuid(). Jeremy. (This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
2000-06-08added a NET_USER_INFO_3 struct to user_struct.Luke Leighton1-1/+34
register_vuid fills it with constructed info. (This used to be commit b1889e4334012b1b2caa604b859da4271509fc87)
2000-06-03moved secrets fns into secrets.cAndrew Tridgell1-1/+1
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
2000-05-24got rid of lp_revalidate()Andrew Tridgell1-1/+1
(This used to be commit 8dea95e62c7f4723cd4b71c1b03c613386392c49)
2000-05-12use "winbind separator" option for domain/user separator characterAndrew Tridgell1-1/+1
(This used to be commit 6cbb826b154e61085fd651116caf472d4d438c1d)
2000-05-12use our primary domain trust account for trusted domain authenticationAndrew Tridgell1-2/+2
(This used to be commit db90a4b9609a980fa2f4328d38a0d2c60a1384a0)
2000-05-10- changed smb_getpwnam() to use winbind style usernamesAndrew Tridgell1-1/+1
- finished ntdom -> winbind rename in head (This used to be commit ada483cb56453afc6df4ec4be18bfe5e943c7150)
2000-05-10treat a blank "password server =" line as a "*" if in domain securityAndrew Tridgell1-3/+2
(This used to be commit 5a617c013cce65434d315dc33279a4bc28dc63de)
2000-05-10more merging voodooAndrew Tridgell1-0/+4
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-09- use smb_gwtpwnam() in another couple of placesAndrew Tridgell1-1/+1
- don't call add/del user if the scripts are empty (This used to be commit 43860215d4d16cb1bacdc77f1c46c54e4c54abd7)
2000-05-08added secrets.tdb and changed storage of trust account password to useAndrew Tridgell1-1/+1
it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-04a minimal change to get appliance mode to work with winbinddAndrew Tridgell1-8/+22
we needed to accept usernames of the form DOMAIN/user, which means we needed to pass the domain to a getpwnam() like routine in certain critical spots. What I'd rather do is get rid of "char *user" everywhere and use the new userdom_struct, but that will have to wait a few days. (This used to be commit 8b7a10febead8be182e7d5b1d68259e31530b69c)
2000-05-04 - use full_name instead of real_nameAndrew Tridgell1-2/+2
- got rid of guest map code in lpq parser (This used to be commit 8e53f781d3cf6a7007764916a0d8e8f1abea1f66)
2000-05-03Insure uninitialized memory read fixes.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 577ddbfbec857dec3ade811f735ec6b183566435)
2000-05-02split the username in the vuser structure into a separateAndrew Tridgell1-12/+12
userdom_struct. As the name implies this also contains a domain (unused at the moment). This will be important shortly, as operation in appliance mode needs the domain to be always carried with the username. (This used to be commit ee8546342d5be90e730372b985710d764564b124)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison1-2/+2
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-04-16converted a couple more functions to use a fd instead of a FILE*Andrew Tridgell1-8/+9
added a new utility fn file_lines_slashcont() which is used to handle files that treat a \ followed by a newline as a blank (This used to be commit 384ecd9d66ccd31ee85000c0ca55d413d8f2cc53)
2000-04-11finally got sick of the "extern int Client" code and the stupidAndrew Tridgell1-4/+2
assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
2000-03-10you know, when you do a cvs commit, you _really_ expect it to actually work.Luke Leighton1-9/+0
this explains why j-f wasn't happy. (This used to be commit c51e38214a5323d0aa9b6dcd948a76ddc29f5305)
2000-02-15Added replacement functions sys_popen and sys_pclose. These are basedJeremy Allison1-5/+1
on the glibc source code and are safer than the traditional popen as they don't use a shell to exec the requested command. Now we have these functions they can be tightened up (environment etc.) as required to make a safe popen. It should now be safe to add the environement variable loading code to loadparm.c Jeremy. (This used to be commit b52e92b09d4ca3b66e534f520468dee27065d048)
2000-01-07this looks like a big commit, but it isn't really :)Andrew Tridgell1-1/+0
This fixes our netbios scope handling. We now have a 'netbios scope' option in smb.conf and the scope option is removed from make_nmb_name() this was prompted by a bug in our PDC finding code where it didn't append the scope to the query of the '*' name. (This used to be commit b563be824b8c3141c49558eced7829b48d4ab26f)
2000-01-04Fixed getgrent() recurse problem.Jeremy Allison1-8/+45
Jeremy. (This used to be commit b5420f6152d5df415231cb3fdf614542dbbd7db3)
2000-01-03added suppport for unexpected udp/138 packetsAndrew Tridgell1-75/+88
I also fixed up the lookup_pdc_name() code so that it now works, even with a NT server that insists on replying to udp/138. The method I used to match packets was to use the mailslot string as a datagram ID. The true dgm_id doesn't work as NT doesn't set it correctly. uggh. PS: Jeremy, I had to change your code quite a bit, are you sure this worked with a Samba PDC?? The code looked broken, it got the offsets wrong in the SMB portion of the packet and filled in the IP incorrectly. (This used to be commit 32f66f4ea63038cb4b3785bdf1762abdde076f5d)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-88/+954
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12changed function name of get_home_dir() to get_unixhome_dir(), to stopLuke Leighton1-1/+1
clash with gnu readline library. fixed issue with [homes] service not being there - call lp_add_home() just before starting the msrpc processing. (This used to be commit 054195df9b6187c663ede5cf4489499abbdc29fc)
1999-12-12final part of "first" phase converting over to msrpc daemon architecture.Luke Leighton1-129/+0
done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
1999-12-12delineation between smb and msrpc more marked. smbd now constructsLuke Leighton1-5/+5
pdus, and then feeds them over either a "local" function call or a "remote" function call to an msrpc service. the "remote" msrpc daemon, on the other side of a unix socket, then calls the same "local" function that smbd would, if the msrpc service were being run from inside smbd. this allows a transition from local msrpc services (inside the same smbd process) to remote (over a unix socket). removed reference to pipes_struct in msrpc services. all msrpc processing functions take rpcsrv_struct which is a structure containing state info for the msrpc functions to decode and create pdus. created become_vuser() which does everything not related to connection_struct that become_user() does. removed, as best i could, connection_struct dependencies from the nt spoolss printing code. todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific info on a per-connection basis, and if the connection dies then so does the info, and that's a fairly serious problem. had to put pretty much everything that is in user_struct into parse_creds.c to feed unix user info over to the msrpc daemons. why? because it's expensive to do unix password/group database lookups, and it's definitely expensive to do nt user profile lookups, not to mention pretty difficult and if you did either of these it would introduce a complication / unnecessary interdependency. so, send uid/gid/num_groups/gid_t* + SID+num_rids+domain_group_rids* + unix username + nt username + nt domain + user session key etc. this is the MINIMUM info identified so far that's actually implemented. missing bits include the called and calling netbios names etc. (basically, anything that can be loaded into standard_sub() and standard_sub_basic()...) (This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
1999-12-06the first independent msrpc daemon - lsarpcd.Luke Leighton1-501/+0
one horrible cut / paste job from smbd, plus a code split of shared components between the two. the job is not _yet_ complete, as i need to be able to do a become_user() call for security reasons. i picked lsarpcd first because you don't _need_ security on it (microsoft botched so badly on this one, it's not real. at least they fixed this in nt5 with restrictanonymous=0x2). fixing this involves sending the current smb and unix credentials down the unix pipe so that the daemon it eventually goes to can pick them up at the other end. i can't believe this all worked!!! (This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26)