summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
1998-05-18Abstracted all the crappy password interfaces through an indirectJeremy Allison1-0/+3
function table, selectable at compile time. This should make the code that implements all the password functions much cleaner, as it's now very clear exactly what a particular password database needs to provide to Samba. Jeremy. (This used to be commit 27ca536ad974242524c12f7100e419d9e7f9647f)
1998-05-18chgpasswd.c: Changed back to getsmb... from getsam...Jeremy Allison4-52/+179
ldap.c: Stoped dummy_function being prototyped. loadparm.c: Fixed slprintf sizes. nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved stuff around a lot - stopped any lookups by rid. This needs to be indirected through a function table (soon). password.c: Changed back to getsmb... from getsam... reply.c: Changed back to getsmb... from getsam... slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems. smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam... Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)
1998-05-18resolving compilation errorsLuke Leighton1-1/+1
(This used to be commit dea0c06eec44a7c2860f97d8f23584d30e482e0a)
1998-05-14passdb.cJeremy Allison1-181/+2
server.c: Moved generate_machine_sid() into passdb.c for Jean-Francois (who might want an LDAP version). Changed locking to free exclusive lock as soon as possible to prevent contention. lib/rpc/parse/parse_samr.c lib/rpc/server/srv_samr.c: Changed last SID-as-string manipulation function to use DOM_SID structure. Jeremy. (This used to be commit 3b8f5aef57b4f37265c0403385053085f0df6f18)
1998-05-14namequery.c: Fixed SGI IRIX 5.x compiler problem.Jeremy Allison1-2/+191
server.c: Added MACHINE.SID file generation - use lp_domain_sid() be default. smbpass.c: Exposed do_file_lock() as I now use it in server.c Jeremy. (This used to be commit 5bf17840ac7d65d08dd3fdfe8b789010488f6808)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison2-4/+5
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-05-12This is a security audit change of the main source.Jeremy Allison11-193/+193
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11reply.c: Added code to not overwrite sesssetup_user when in share level securityJeremy Allison1-1/+8
and null session setup done. smbpasswd.c: Fix from Gerald Carter <cartegw@Eng.Auburn.EDU> to fix incorrect use of pointer. Jeremy. (This used to be commit 69ace0760986a6e892cd5b25ca85930b65e38c45)
1998-05-11ldap back-end database developmentLuke Leighton1-6/+6
Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell6-20/+20
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-05-10Updated OSF1_ENH_SEC mode password handling.John Terpstra1-1/+8
This now tries Enhanced passwords first and if this fails trys Basic mode (ie: Unix /etc/passwd) authentication. This only happens when OSF1_ENH_SEC is defined at compilation. (This used to be commit 29462c8d7a241eb462b1583170a0b5f16096ea3f)
1998-05-08clitar.c: #ifdef'ed out all the bits that were giving 'defined but not used'Jeremy Allison1-4/+17
messages. nttrans.c: More updates. smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke to use a new structure. web/swat.c: Fixed gcc complaints about shadowing global 'string'. Jeremy. (This used to be commit 61c1dbb9785ed1e6fe40f93c7cc65024884df6f5)
1998-05-08smb.h: Supporting defines for NT trans calls.Jeremy Allison1-4/+8
trans2.c: Paranoia bugfixes added when studying nttrans.c. Jeremy. (This used to be commit 94e70edef91c71703a7ebcdaf2b5a2bdce940a69)
1998-05-08Initial cut at the code that will do NT SMB calls. Not linked in, notJeremy Allison1-0/+225
compiled yet, just checked in for safe keeping :-). Jeremy. (This used to be commit 74565f0039be8ab02a501accad5e671e80733314)
1998-05-07This should (hopefully :-) be the final fix for the %U %G substitutionJeremy Allison4-34/+34
problem.... smbpass.c: Removed Luke's dire warning - as some of the functions in here *need* to be called externally :-). Jeremy. (This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton4-58/+58
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
1998-05-06Andrew redefines the free() function to do some memory management testing.Christopher R. Hertel1-1/+19
He also suggested that some systems may implement free() as a macro (but I think he was looking for an excuse ;). Anyway, I've added a function to mangle.c that calls free(). Chris -)----- (This used to be commit 95f7b03285c42e8f5573690939b79afc7e686908)
1998-05-06smbpass.c: Fixed machine_passwd_lock() problems.Jeremy Allison1-5/+4
password.c: Fixed machine_passwd_lock() problems. lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now. Jeremy. (This used to be commit d28427f21fff49da6b38c24625e3e2dae49a9713)
1998-05-06loadparm.c: Added #ifdef USE_LDAP around ldap code.Jeremy Allison1-7/+16
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet. util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code. lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code. Jeremy. (This used to be commit 446b98ca071170fc950bad86ad96b58308a5b75c)
1998-05-06Fixes for the %U and %G problems people have reported.Jeremy Allison6-18/+30
Essentially, multiple session_setup_and_X's may be done to an smbd. As there is only one global variable containing the requested connection name (sessionsetup_user), then any subsequent sessionsetups overwrite this name (causing %U and %G to get the wrong name). This is particularly common when an NT client does a null session setup to get a browse list after the user has connected, but before a share has been mounted. These changes store the requested_name in the vuid structure (so this only really works for user level and above security) and copies this name back into the global variable before the standard_sub call. Jeremy. (This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
1998-05-05genrand.c: SGI compile warning fix.Jeremy Allison4-17/+18
ipc.c: Fix for duplicate printer names being long. loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c protects us. nmbd_logonnames.c: nmbd_namequery.c: nmbd_namerelease.c: Debug messages fix. password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call. reply.c: SGI compile warning fix. server.c Debug messages fix. smbpass.c: Fix for incorrect pointer. Jeremy. (This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71)
1998-04-30Added patch from Bruce Tenison <btenison@dibbs.net> to allow encryptedJeremy Allison3-4/+38
passwords to be stored over time, allowing a smbpasswd file migration. Adds new parameter "update encrypted". Will also add to 1.9.18 branch. Docs update to follow. Jeremy. (This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
1998-04-29Makefile: Added files to smbpasswd.c.Jeremy Allison1-0/+16
loadparm.c: Patch from tim@quiknet.com for static string problems. server.c: Setup global_myname. smbpass.c: Fix up locking. Add machine_password_delete() call. smbpasswd.c: Added provisional code to add to a domain. lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password. lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password. Jeremy. (This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
1998-04-29clientgen.c: Fixed null session setup bug.Jeremy Allison1-5/+13
password.c: Stopped cli_nt_logout call (we don't have it correct yet). Added Luke object-orientation fix :-). smb.h: Added clnt_name_slash to cli_state. lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed. lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error. lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix. lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1. Jeremy. (This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
1998-04-29password.c:Luke Leighton1-0/+4
added become_root / unbecome_root around the get machine account password. smbpass.c: cleaning up code. - turning if (BOOL_expr == False) into if (BOOL_expr) what if you test if (BOOL_expr == True) and someone defines True to be -1 on one system and 1 on another? or if you get inconsistent return results between developers - removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) - cannot assume that NULL is zero integer. plus there are typecast issues to deal with - removed return (ret == 0) ? True : False and made this return ret == 0 rely on the compiler to return correct BOOL value: not all developers will return True or False #defines: stick with BOOL test (non-zero). - removed if (ret == False) replaced with if (!ret) - bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a boolean test if (pstring-len-len-6). - removed "." after debugging of filenames: the "." - a fullstop - looked like it was part of the filename, making things difficult to sort out. still to be resolved: the global_myname isn't set up, such that the machine account password file is named "TEST3..mac". (This used to be commit 315e26c23abf7137684bf084c825ad241076132e)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison3-29/+78
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-04-25This looks like a big change but really isn't.Jeremy Allison5-28/+26
It is changing the global variables "myname" and "myworkgroup" to "global_myname" and "global_myworkgroup" respectively. This is to make it very explicit when we are messing with a global (don't ask - it makes the domain client code much clearer :-). Jeremy. (This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
1998-04-23Makefile: Added nterr.c into the mix.Jeremy Allison1-0/+13
clientgen.c: Added nt_error as an entry in the struct client_state. password.c: Open the netlogon pipe. smb.h: Added nt_error as an entry in the struct client_state. lib/rpc/parse/parse_net.c: Added comments on net logon. lib/rpc/server/srv_netlog.c: Added comments on net logon. Jeremy. (This used to be commit 899a9f0dce50c73e03c8da2ebe920957491c8ad7)
1998-04-23clientgen.c: Added rap error codes to cli_error, moved from smbpasswd.cJeremy Allison1-54/+161
password.c: Changed global cli -> pw_cli, removed strtok (bad strtok, bad :-) use in security=server, started to extend security=domain code. smbpasswd.c: Removed rap error code functions. Jeremy. (This used to be commit 0f00b8fce1a5cad7f8c212568fa33f09986e5bd6)
1998-04-23genrand.c: Changed SMB_PASSWD_FILE to lp_smb_passwd_file().Jeremy Allison2-54/+128
password.c: Started the initial code for domain_client_validate(). All bracketed with #ifdef DOMAIN_CLIENT for now. reply.c: Call to domain_client_validate(). All bracketed with #ifdef DOMAIN_CLIENT for now. smbpass.c: New code to get/set machine passwords. Tidied up nesting of lock calls. Jeremy. (This used to be commit 89fe059a6816f32d2cc5c4c04c4089b60590e7e6)
1998-04-22genrand.c: Improved generation of random values, more secure.Jeremy Allison3-4/+51
loadparm.c: Started add of 'security=domain' code. password.c: Fix for security=server NT bugs. reply.c: Started add of 'security=domain' code. server.c: Started add of 'security=domain' code. smb.h: Started add of 'security=domain' code. Jeremy. (This used to be commit e6bda112ebe0d41f54c4249b5c2e1f24011347e1)
1998-04-21put server-side long dce/rpc code in main branch.Luke Leighton1-6/+6
(This used to be commit 2e1a08b28c1c0c9ea988a09067cd149926f25c69)
1998-04-21Added cli_ulogoff() calls to all the exit code paths in security=server.Jeremy Allison1-0/+5
Jeremy. (This used to be commit 78d87a5bfdfc6d3f4428591d30294fe7d05d0f91)
1998-04-21clientgen.c: Added cli_ulogoff() call.Jeremy Allison1-0/+1
password.c: Added call to cli_ulogoff on successfull sessionsetup. Jeremy. (This used to be commit 77882f002b2a8203aad419e485fc885303d999a0)
1998-04-20Added 'passwd chat debug' parameter to allow admins to debug theirJeremy Allison1-6/+4
Samba passwd chat scripts. Jeremy. (This used to be commit 5a995f4f75ffb0d55d6ceaa63a1209d230001991)
1998-04-20Makefile: Added genrand.oJeremy Allison2-0/+12
clientgen.c: Changed to fill change password buffer with random stuff. password.c: Changed to get challenge from genrand.c server.c: Added #ifdef around O_SYNC. version.h: Changed to 1.9.19prealpha. genrand.c: New code to generate (hopefully) good random numbers for use in crypto challenges/session keys etc. PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!! Jeremy. (This used to be commit 608e98546392fd0aac9b33f4feac43615dbb4405)
1998-04-16reply.c: Fix bugs where debug statements were accessing the fd_ptr structJeremy Allison1-6/+6
internals after Andrews' code had memset it to zero (this was causing core dumps). charcnv.c: Fixes for ISO8859-2 from Petr Hubeny <psh@capitol.cz>. Jeremy. (This used to be commit df8783ca76d543d200c743f515a185cfea2880df)
1998-04-15ipc.c: Fix for printer queue spinning with Win95.Jeremy Allison1-1/+2
nmbd.c: Fix for always overwriting log despite append setting. smb.h: Addition of last time password changed entry to account info. smbpass.c: Changes to support last time changed field in smbpasswd file. smbpasswd.c: Changes to support last time changed field in smbpasswd file. util.c: Fix for always overwriting log despite append setting. Jeremy. (This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93)
1998-04-14Modified interfaces to getting smb password entries fromJeremy Allison3-8/+8
get_smbpwd_entry (now an internal function to smbpass.c) to a more UNIX-like : getsmbpwnam() - get entry by name. getsmbpwuid() - get entry by uid. Changed the type returned by the smbpasswd enumeration functions to be a void * so that people don't come to depend on it being a FILE *. These abstractions should make it much easier to replace the smbpasswd file with a better backend in future. Other files changed are to match the above changes. Jeremy. (This used to be commit 1161cfb7f2b0d5a6d3e2b524a14a6f325ce70efb)
1998-04-13Fixed aggregate initializer problem for gcc.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e74428e4287cbc1557cc79d4930371cfaf3256d4)
1998-04-13Changes include:Christopher R. Hertel3-415/+700
proto.h: The unusual. ;) reply.c: I changes some function names, and updated reply.c to match. See mangle.c below for more. server.c: Changed function names and parameters in file mangle.c, so changed server.c calls to match. See mangle.c below for more. mangle.c: I replaced the caching mechanism used for caching reverse mangled name maps. The old method was a large array of 256-byte strings. Movement in the stack (including push and pop) was done by memcpy()ing whole chunks of memory around. The new system uses the ubi_Cache module which, in turn, uses a splay tree. Entries are dynamically allocated using a minimum amount of memory. Searches are non-linear, which should speed things up a bit, too. Overall, this should save memory and be faster. Other changes: I streamlined the is_mangled() test and made other speed enhancements including replacing some static functions with macros. Added comments, etc. Note: Per an E'mail conversation with Andrew, the 'mangled stack' parameter in smb.conf doesn't do anything anymore. The cache is now set for 16K bytes maximum memory usage. The mangle stack parameter is silently ignored. This can easily be changed, but I'd rather introduce a 'mangled cache memory' parameter and remove 'mangled stack'. Remaining problems: While testing the module, I noticed that something is calling name_map_mangle() twice. The result is that names which contain illegal characters are getting mangled twice. Also, the entire module works by overwriting the input string. This has a variety of nasty side effects. Summary: There's a lot still to be done, but the changes I have in place *should* work in exactly the same way (except for the mangle stack parameter). The rest of the bugs and other issues are separate. Chris -)----- (This used to be commit 8759bec11ba483b2292b0e513b85c98ed5e3e2d4)
1998-04-13Changes to allow Samba to be compiled with -Wstrict-prototypesJeremy Allison6-87/+84
with gcc. (Not a big change although it looks like it :-). Jeremy. (This used to be commit cd2613c57261456485fe4eeecfda209ada70de8e)
1998-04-13fixed a memory leak in close_file(). Each time a file was openedAndrew Tridgell1-1/+7
we leaked memory equal to the length of the filename. (This used to be commit 30a347de74f7f8e2646b1853a9e5914320cee58d)
1998-04-12support O_SYNC at open time in files (previously we only supported itAndrew Tridgell1-0/+4
on individual writes) (This used to be commit ce017a233ba5c68e340e0d31634f9bd93118b20a)
1998-04-10includes.h: Moved HPUX undefine of SEMMSL to where it actually does something.Jeremy Allison1-0/+3
ipc.c: Added Luke's debug statement. locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that need it (not sure what these are yet). membuffer.c ntdomain.h proto.h lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c: Re-merge of Luke's NTDOM changes 'cos he's a lazy git with carpel tunnel syndrome :-). Jeremy. (This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217)
1998-04-10Fix for [homes] problem with security=share. We were still relyingJeremy Allison1-5/+19
on a valid vuid to get the connecting username - this is *never* true (anymore) with security=share. Jeremy. (This used to be commit 5d6f63a7e665ee19bd4508b2b40d497e9851b248)
1998-04-09Makefile, loadparm.c, server.c, smb.h, util.c: Patch fromJeremy Allison1-7/+7
stn@techfak.uni-kiel.de (Stefan Nehlsen) to get homes from the NIS+ map. smbpasswd.c: Tidy up of cli_state structure. Jeremy. (This used to be commit fc2295e0f5729585fdb3ee47edb290851d4071c5)
1998-04-09Added const cast to struct args to get rid of compile time warning.John Terpstra1-1/+1
(This used to be commit 5d956abb4f4ed22671dfb1c7cb51489ab280463f)
1998-04-08Fix to stop Windows 95 spinning on print queue requests when itJeremy Allison1-1/+1
gets an error message it doesn't understand. Jeremy. (This used to be commit 838e2fe2f76b20f34309c2322e3bd60817fef1fd)
1998-04-06loadparm.c: Cause IPC$ comment to be evaluated at runtime, rather thanJeremy Allison1-2/+10
load time (patch from "Marty Leisner" <leisner@sdsp.mc.xerox.com>. server.c: Patch from Josef Hinteregger <joehtg@joehtg.co.at> - string could be overwritten when find_service() called recursively. Jeremy. (This used to be commit cf15b3bd74a262e7af3d739a83ef7b43df4935e5)