summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
1998-06-12ipc.c: map_username is now a BOOL function.Jeremy Allison3-33/+47
reply.c: map_username is now a BOOL function. server.c: Added capability to do map_username on service names when looking for a home directory. That's what the original code would do. lib/rpc/server/srv_util.c: Changed domain_ to builtin_ for BUILTIN aliases. username.c: Work in progress on groupname map parameter. Jeremy (This used to be commit fa95fae5eed95aff64f0a01825477610a101bbc7)
1998-06-10Minor changes as I've now discovered gcc -pedantic-errors. ThisJeremy Allison1-2/+1
does the signed/unsigned warnings I've been missing. Jeremy (This used to be commit 6d94e67624d1f2c08ac2e1c0eea23facd1e618f2)
1998-06-10De-coupled the mapping of a Windows to UNIX username from the Get_PwnamJeremy Allison2-3/+64
username case conversion wrapper. It is now (very) explicit where we are mapping between an incoming Windows username, and when we are doing a UNIX password entry lookup, which may change the case of the given username. This makes things *much* clearer (IMHO:-) and will ease the adding of the 'groupname map' parameter, and the addition of the special 'jeremy' mode for Samba where unix users will not be needed. (We must think of a better name for it :-). Jeremy. (This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
1998-06-04client.c: Allowed client to proceed even if it gets error 234 (more dataJeremy Allison1-6/+5
available) when scanning server/workgroup/share lists. ipc.c: Removed redundent definition of ERROR_MORE_DATA (234) we already have ERRmoredata in smb.h Jeremy. (This used to be commit ae3510e9fb309be343e245d8460c1ceb8164077b)
1998-06-03ipc.c: Fix bug where we don't return the correct error code when clientJeremy Allison2-91/+270
gives a too-small buffer for share info. Fix from Gil Kloepfer <gil@arlut.utexas.edu> smb.h: server.c: Fix for a nastly little security problem with multi-user Windows NT servers and Samba where the contents of the open-file cache can end up being served out to users who shouldn't have access. This is some *seriously* ugly code. Jeremy. (This used to be commit 05c85df3c7da982085615e5a1db6c71e164db4f5)
1998-05-27loadparm.c: Added machine password timeout parameter - set to 7 days be default.Jeremy Allison2-4/+52
password.c: Added code to tell server.c when machine password needs changing. server.c: Change machine password in idle cycles if it needs it. smbpassfile.c: Fixed up length calculations for machine password file. smbpasswd.c: Moved domain joining code/machine password changing code. lib/rpc/client/cli_netlogon.c: And this is where it now lives. Jeremy. (This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
1998-05-26smb.h: More NT SMB stuff (just defines).Jeremy Allison1-2/+10
smbpass.c: Do *NOT* make this function static. It breaks the compile on gcc util.c: Getting closer to MS wildcard semantics. A trailing '*' matches any trailing dot-separated components. trans2.c: Removed hacks that change multiple '?' -> '*' as this breaks things now. trans2.h: Removed NT_FILE_ATTRIBUTE_NORMAL - now FILE_ATTRIBUTE_NORMAL is defined in smb.h. Jeremy. (This used to be commit 42a65511068cd9006350c80bbed2f346f3f01cb0)
1998-05-22I've put the ubiqx headers back into includes.h, and removed them fromChristopher R. Hertel2-2/+0
dir.c & mangle.c. This was possible after I checked the tree code to make sure that the tree code did not reference functions by macro name. Also, note that the AVL module has been removed to prevent conflict with the SplayTree macro defines. Chris -)----- (This used to be commit a1f4c8567c3c5264cbfa99867fa894cafab7da81)
1998-05-22Removed all ubiqx includes from includes.h. So far, this was only a problemChristopher R. Hertel1-0/+1
for dir.h, which I've fixed. Andrew did not add includes.h to the ubiqx headers, which is good because it would cause internal conflicts within the ubiqx tree modules. It's also bad because the definitions and includes that are part of includes.h are now in the ubiqx C files, but not in the header files. So, if includes.h were to redefine int, for example, the new definition would be in the ubiqx C files, but not in the headers. So, until Andrew and I can work something out that we both agree upon, there are three basic rules: 1) Don't include includes.h in the ubiqx headers. Problems may arise. 2) The ubiqx headers must follow includes.h in any Samba module that uses them. This can and should all be worked out. We just have to talk about it. Chris -)----- (This used to be commit 2b6be7084df4ddfca3a1ab7b73304007c5f9d0aa)
1998-05-21Fixed 'revalidate' parameter so it's only considered in security=shareJeremy Allison1-29/+29
mode. Jeremy. (This used to be commit 7727f09ea9055053ed1d3e2af1069ddae245efb4)
1998-05-21printing.c: Fixed overflow by one problem in LPRng.Jeremy Allison1-15/+17
reply.c: Fixed password length modifiers to always be done is none-encrypted mode used. This fixes Samba for people who are using non-encrypted passwords with security=server. Jeremy. (This used to be commit 720b565349e3467bd81d6d863b9ac54237edd3cf)
1998-05-20Fixed incorrect last arg to safe_strcpy in new wildcard code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 67007d98b9daf5cccf049cb836dbb989516eb0ce)
1998-05-20Minor tweak for wcard compatibility paranoia.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5d8ef7d0f1ecb358c841f382fc48e6eccbe8e171)
1998-05-20Fixed Samba's wildcard algorithm to be *exactly* the sameJeremy Allison1-1/+10
as NT. You do not want to know how this code works :-). Jeremy (This used to be commit 7adbd2dfc1eda0e147b7ab4b5ff5e71f173794af)
1998-05-18Abstracted all the crappy password interfaces through an indirectJeremy Allison1-0/+3
function table, selectable at compile time. This should make the code that implements all the password functions much cleaner, as it's now very clear exactly what a particular password database needs to provide to Samba. Jeremy. (This used to be commit 27ca536ad974242524c12f7100e419d9e7f9647f)
1998-05-18chgpasswd.c: Changed back to getsmb... from getsam...Jeremy Allison4-52/+179
ldap.c: Stoped dummy_function being prototyped. loadparm.c: Fixed slprintf sizes. nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved stuff around a lot - stopped any lookups by rid. This needs to be indirected through a function table (soon). password.c: Changed back to getsmb... from getsam... reply.c: Changed back to getsmb... from getsam... slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems. smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam... Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)
1998-05-18resolving compilation errorsLuke Leighton1-1/+1
(This used to be commit dea0c06eec44a7c2860f97d8f23584d30e482e0a)
1998-05-14passdb.cJeremy Allison1-181/+2
server.c: Moved generate_machine_sid() into passdb.c for Jean-Francois (who might want an LDAP version). Changed locking to free exclusive lock as soon as possible to prevent contention. lib/rpc/parse/parse_samr.c lib/rpc/server/srv_samr.c: Changed last SID-as-string manipulation function to use DOM_SID structure. Jeremy. (This used to be commit 3b8f5aef57b4f37265c0403385053085f0df6f18)
1998-05-14namequery.c: Fixed SGI IRIX 5.x compiler problem.Jeremy Allison1-2/+191
server.c: Added MACHINE.SID file generation - use lp_domain_sid() be default. smbpass.c: Exposed do_file_lock() as I now use it in server.c Jeremy. (This used to be commit 5bf17840ac7d65d08dd3fdfe8b789010488f6808)
1998-05-14chgpasswd.c: Added comments to #ifdefsJeremy Allison2-4/+5
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
1998-05-12This is a security audit change of the main source.Jeremy Allison11-193/+193
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-05-11reply.c: Added code to not overwrite sesssetup_user when in share level securityJeremy Allison1-1/+8
and null session setup done. smbpasswd.c: Fix from Gerald Carter <cartegw@Eng.Auburn.EDU> to fix incorrect use of pointer. Jeremy. (This used to be commit 69ace0760986a6e892cd5b25ca85930b65e38c45)
1998-05-11ldap back-end database developmentLuke Leighton1-6/+6
Makefile: created PASSBD_OBJ group includes.h: added #ifdef USE_LDAP to #include <ldap> headers ldap.c: - renamed "_machine" to "_trust" everywhere. - added sam_passwd support routines - removed get_ldappwd_entry function: replaced with get_sampwd_entry - removed getldappwnam/uid: replaced with getsampwnam/uid - other messing about bits which are probably going to annoy the hell out of jean-francois (sorry!) mkproto.awk: - added stuff to wrap ldap.c protos with #ifdef USE_LDAP - added uid_t and gid_t return results to the prototype generation passdb.c: - created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry. - modified getsampwnam/uid and created getsam21pwnam/rid functions to replace the local get_smbpwd_entry() and get_ldappwd_entry() functions, which jeremy didn't like anyway because they were dual-purpose. - added utility routines which are or may be useful to all the password database routines. password.c: - renamed "machine_" to "trust_" everywhere. smbpass.c: - removed get_smbpwd_entry function: replaced it with get_sampwd_entry functions in passdb.c - moved code that decoded acct_ctrl into passdb.c - moved encode_acct_ctrl into passdb.c - removed getsmbpwnam/uid: replaced with getsampwnam/uid - renamed "machine_" to "trust_" everywhere. smbpasswd.c: - renamed "machine_" to "trust_" everywhere. util.c: - moved gethexpwd function into passdb.c lib/rpc/server/srv_util.c: - moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c (This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
1998-05-11changed to use slprintf() instead of sprintf() just aboutAndrew Tridgell6-20/+20
everywhere. I've implemented slprintf() as a bounds checked sprintf() using mprotect() and a non-writeable page. This should prevent any sprintf based security holes. (This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
1998-05-10Updated OSF1_ENH_SEC mode password handling.John Terpstra1-1/+8
This now tries Enhanced passwords first and if this fails trys Basic mode (ie: Unix /etc/passwd) authentication. This only happens when OSF1_ENH_SEC is defined at compilation. (This used to be commit 29462c8d7a241eb462b1583170a0b5f16096ea3f)
1998-05-08clitar.c: #ifdef'ed out all the bits that were giving 'defined but not used'Jeremy Allison1-4/+17
messages. nttrans.c: More updates. smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke to use a new structure. web/swat.c: Fixed gcc complaints about shadowing global 'string'. Jeremy. (This used to be commit 61c1dbb9785ed1e6fe40f93c7cc65024884df6f5)
1998-05-08smb.h: Supporting defines for NT trans calls.Jeremy Allison1-4/+8
trans2.c: Paranoia bugfixes added when studying nttrans.c. Jeremy. (This used to be commit 94e70edef91c71703a7ebcdaf2b5a2bdce940a69)
1998-05-08Initial cut at the code that will do NT SMB calls. Not linked in, notJeremy Allison1-0/+225
compiled yet, just checked in for safe keeping :-). Jeremy. (This used to be commit 74565f0039be8ab02a501accad5e671e80733314)
1998-05-07This should (hopefully :-) be the final fix for the %U %G substitutionJeremy Allison4-34/+34
problem.... smbpass.c: Removed Luke's dire warning - as some of the functions in here *need* to be called externally :-). Jeremy. (This used to be commit 1fd8d12ca414066acec71b33eb8a13e16c2acd3a)
1998-05-07created "passdb.c" which is an interface point to (at present) eitherLuke Leighton4-58/+58
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment. (This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
1998-05-06Andrew redefines the free() function to do some memory management testing.Christopher R. Hertel1-1/+19
He also suggested that some systems may implement free() as a macro (but I think he was looking for an excuse ;). Anyway, I've added a function to mangle.c that calls free(). Chris -)----- (This used to be commit 95f7b03285c42e8f5573690939b79afc7e686908)
1998-05-06smbpass.c: Fixed machine_passwd_lock() problems.Jeremy Allison1-5/+4
password.c: Fixed machine_passwd_lock() problems. lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now. Jeremy. (This used to be commit d28427f21fff49da6b38c24625e3e2dae49a9713)
1998-05-06loadparm.c: Added #ifdef USE_LDAP around ldap code.Jeremy Allison1-7/+16
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet. util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic() as only smbd knows about usernames. Also fixes problem with calling standard_sub_basic() from loadparm.c. lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code. lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code. Jeremy. (This used to be commit 446b98ca071170fc950bad86ad96b58308a5b75c)
1998-05-06Fixes for the %U and %G problems people have reported.Jeremy Allison6-18/+30
Essentially, multiple session_setup_and_X's may be done to an smbd. As there is only one global variable containing the requested connection name (sessionsetup_user), then any subsequent sessionsetups overwrite this name (causing %U and %G to get the wrong name). This is particularly common when an NT client does a null session setup to get a browse list after the user has connected, but before a share has been mounted. These changes store the requested_name in the vuid structure (so this only really works for user level and above security) and copies this name back into the global variable before the standard_sub call. Jeremy. (This used to be commit b5187ad6a3b3af9fbbeee8bced0ab16b41e9825b)
1998-05-05genrand.c: SGI compile warning fix.Jeremy Allison4-17/+18
ipc.c: Fix for duplicate printer names being long. loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c protects us. nmbd_logonnames.c: nmbd_namequery.c: nmbd_namerelease.c: Debug messages fix. password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call. reply.c: SGI compile warning fix. server.c Debug messages fix. smbpass.c: Fix for incorrect pointer. Jeremy. (This used to be commit 567d3f838988cafab4770fce1cf68b73085e6c71)
1998-04-30Added patch from Bruce Tenison <btenison@dibbs.net> to allow encryptedJeremy Allison3-4/+38
passwords to be stored over time, allowing a smbpasswd file migration. Adds new parameter "update encrypted". Will also add to 1.9.18 branch. Docs update to follow. Jeremy. (This used to be commit 5d3e874d780d595415cc27a7f5945fc2e694c3ac)
1998-04-29Makefile: Added files to smbpasswd.c.Jeremy Allison1-0/+16
loadparm.c: Patch from tim@quiknet.com for static string problems. server.c: Setup global_myname. smbpass.c: Fix up locking. Add machine_password_delete() call. smbpasswd.c: Added provisional code to add to a domain. lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password. lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password. Jeremy. (This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
1998-04-29clientgen.c: Fixed null session setup bug.Jeremy Allison1-5/+13
password.c: Stopped cli_nt_logout call (we don't have it correct yet). Added Luke object-orientation fix :-). smb.h: Added clnt_name_slash to cli_state. lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed. lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error. lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix. lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1. Jeremy. (This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
1998-04-29password.c:Luke Leighton1-0/+4
added become_root / unbecome_root around the get machine account password. smbpass.c: cleaning up code. - turning if (BOOL_expr == False) into if (BOOL_expr) what if you test if (BOOL_expr == True) and someone defines True to be -1 on one system and 1 on another? or if you get inconsistent return results between developers - removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) - cannot assume that NULL is zero integer. plus there are typecast issues to deal with - removed return (ret == 0) ? True : False and made this return ret == 0 rely on the compiler to return correct BOOL value: not all developers will return True or False #defines: stick with BOOL test (non-zero). - removed if (ret == False) replaced with if (!ret) - bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a boolean test if (pstring-len-len-6). - removed "." after debugging of filenames: the "." - a fullstop - looked like it was part of the filename, making things difficult to sort out. still to be resolved: the global_myname isn't set up, such that the machine account password file is named "TEST3..mac". (This used to be commit 315e26c23abf7137684bf084c825ad241076132e)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison3-29/+78
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-04-25This looks like a big change but really isn't.Jeremy Allison5-28/+26
It is changing the global variables "myname" and "myworkgroup" to "global_myname" and "global_myworkgroup" respectively. This is to make it very explicit when we are messing with a global (don't ask - it makes the domain client code much clearer :-). Jeremy. (This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
1998-04-23Makefile: Added nterr.c into the mix.Jeremy Allison1-0/+13
clientgen.c: Added nt_error as an entry in the struct client_state. password.c: Open the netlogon pipe. smb.h: Added nt_error as an entry in the struct client_state. lib/rpc/parse/parse_net.c: Added comments on net logon. lib/rpc/server/srv_netlog.c: Added comments on net logon. Jeremy. (This used to be commit 899a9f0dce50c73e03c8da2ebe920957491c8ad7)
1998-04-23clientgen.c: Added rap error codes to cli_error, moved from smbpasswd.cJeremy Allison1-54/+161
password.c: Changed global cli -> pw_cli, removed strtok (bad strtok, bad :-) use in security=server, started to extend security=domain code. smbpasswd.c: Removed rap error code functions. Jeremy. (This used to be commit 0f00b8fce1a5cad7f8c212568fa33f09986e5bd6)
1998-04-23genrand.c: Changed SMB_PASSWD_FILE to lp_smb_passwd_file().Jeremy Allison2-54/+128
password.c: Started the initial code for domain_client_validate(). All bracketed with #ifdef DOMAIN_CLIENT for now. reply.c: Call to domain_client_validate(). All bracketed with #ifdef DOMAIN_CLIENT for now. smbpass.c: New code to get/set machine passwords. Tidied up nesting of lock calls. Jeremy. (This used to be commit 89fe059a6816f32d2cc5c4c04c4089b60590e7e6)
1998-04-22genrand.c: Improved generation of random values, more secure.Jeremy Allison3-4/+51
loadparm.c: Started add of 'security=domain' code. password.c: Fix for security=server NT bugs. reply.c: Started add of 'security=domain' code. server.c: Started add of 'security=domain' code. smb.h: Started add of 'security=domain' code. Jeremy. (This used to be commit e6bda112ebe0d41f54c4249b5c2e1f24011347e1)
1998-04-21put server-side long dce/rpc code in main branch.Luke Leighton1-6/+6
(This used to be commit 2e1a08b28c1c0c9ea988a09067cd149926f25c69)
1998-04-21Added cli_ulogoff() calls to all the exit code paths in security=server.Jeremy Allison1-0/+5
Jeremy. (This used to be commit 78d87a5bfdfc6d3f4428591d30294fe7d05d0f91)
1998-04-21clientgen.c: Added cli_ulogoff() call.Jeremy Allison1-0/+1
password.c: Added call to cli_ulogoff on successfull sessionsetup. Jeremy. (This used to be commit 77882f002b2a8203aad419e485fc885303d999a0)
1998-04-20Added 'passwd chat debug' parameter to allow admins to debug theirJeremy Allison1-6/+4
Samba passwd chat scripts. Jeremy. (This used to be commit 5a995f4f75ffb0d55d6ceaa63a1209d230001991)
1998-04-20Makefile: Added genrand.oJeremy Allison2-0/+12
clientgen.c: Changed to fill change password buffer with random stuff. password.c: Changed to get challenge from genrand.c server.c: Added #ifdef around O_SYNC. version.h: Changed to 1.9.19prealpha. genrand.c: New code to generate (hopefully) good random numbers for use in crypto challenges/session keys etc. PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!! Jeremy. (This used to be commit 608e98546392fd0aac9b33f4feac43615dbb4405)