1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

224 Commits

Author SHA1 Message Date
Gerald Carter
fd312721ea missed some of Derrel's changes
(This used to be commit 3aac1e549e)
2004-03-19 17:48:08 +00:00
Gerald Carter
aad3d8aeb0 asu/syntax/pc_netlink doesn't fill in the pipe name in the rpc_bind response so dont check for it
(This used to be commit 4d68d3d5dd)
2004-03-17 17:38:38 +00:00
Volker Lendecke
a92de03d9e Add 'net rpc group [add|del]mem' for domain groups and aliases.
Volker
(This used to be commit e597420421)
2004-02-28 18:41:16 +00:00
Andrew Bartlett
425699fce7 Correctly handle per-pipe NTLMSSP inside a NULL session. Previously we
would attempt to supply a password to the 'inside' NTLMSSP, which the
remote side naturally rejected.

Andrew Bartlett
(This used to be commit da408e0d5a)
2004-01-05 04:12:40 +00:00
Andrew Bartlett
1b6e6c98ba Do not add NTLM2 to the NTLMSSP flags unconditionally - allow the
defaults specified by the caller to prevail.

Don't use NTLM2 for RPC pipes, until we know how it works in signing or sealing.

Call ntlmssp_sign_init() unconditionally in the client - we setup the
session key, why not setup the rest of the data.

Andrew Bartlett
(This used to be commit 48123f7e42)
2003-11-25 11:25:38 +00:00
Gerald Carter
4e61fcbef1 strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in check_bind_response()
(This used to be commit 5e062f72ba)
2003-11-24 20:22:12 +00:00
Andrew Bartlett
fcbfc7ad06 Changes all over the shop, but all towards:
- NTLM2 support in the server
 - KEY_EXCH support in the server
 - variable length session keys.

In detail:

 - NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).

 * This is known as 'NTLMv2 session security' *

(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes.  We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)

This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed.  This also needs to be turned off for
'security=server', which does not support this.

- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.

- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.

- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure.  This should help the SPNEGO implementation.

- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.

- The other big change is to allow variable length session keys.  We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter.  However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.

 * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *

- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe.  This
should help reduce some of the 'it just doesn't work' issues.

- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer.  (just allocate)


REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0d)
2003-11-22 13:19:38 +00:00
Volker Lendecke
5faae2df8a This fixes a bug when establishing trust against a german W2k3 AD server. In
the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not
check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at
all, so making it a bit more liberal should hopefully not really hurt.

Volker
(This used to be commit 029dcb351b)
2003-11-17 18:00:43 +00:00
Gerald Carter
cbe69f65f6 commit sign only patch from Andrew; bug 167; tested using 2k & XP clientspreviously joined to the Samba domain
(This used to be commit 3802f5895e)
2003-10-01 21:18:32 +00:00
Andrew Bartlett
f0cd6b35e5 - Fix the kerberos downgrade problem:
- When connecting to the NETOGON pipe, we make a call to auth2, in order
   to verify our identity.  This call was being made with negotiation flags
   of 0x1ff.  This caused our account to be downgraded.  If we instead make
   the call with flags > 1ff (such as 0x701ff), then this does not occour.

 - This is *not* related to the use of kerberos for the CIFS-level connection

My theory is that Win2k has a test to see if we are sending *exactly* what
NT4 sent - setting any other flags seems to cause us to remain intact.

Also ensure that we only have 'setup schannel' code in a few places, not
scattered around cmd_netlogon too.

Andrew Bartlett
(This used to be commit e10f0529fe)
2003-08-19 20:39:32 +00:00
Herb Lewis
aa39cc37da get rid of more compiler warnings
(This used to be commit 398bd14fc6)
2003-08-15 04:42:05 +00:00
Andrew Bartlett
172766eea7 Change Samba to always use extended security for it's guest logins, (ie,
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to
all of Samba's clients.

When connecting to an Active Directory DC, you must initiate the CIFS level
session setup with Kerberos, not a guest login.  If you don't, your machine
account is demoted to NT4.

Andrew Bartlett
(This used to be commit 3547cb3def)
2003-08-14 01:08:00 +00:00
Tim Potter
cdf562f5b2 Memory leak fix for create_rpc_bind_req()
(This used to be commit 4d26feabd7)
2003-08-04 02:51:30 +00:00
Jeremy Allison
d6ee1d167c Save us from possibly uninitialised variable (caught by gcc).
Jeremy.
(This used to be commit f3f29665bd)
2003-07-30 23:33:56 +00:00
Gerald Carter
6ec2213bdb domain in schannel bind credentials must be the dest domain, not ours
(This used to be commit e12f6a8c13)
2003-07-25 18:00:57 +00:00
Andrew Bartlett
c9305f1c64 Schannel, once setup, may be used on *ANY* TCP/IP connection until the
connection that set it up has been shut down.

(Also, pipes still connected, and reconnections to the same pipe (eg SAMR)
may continue to use that session key until their TCP/IP connection is shut
down)

Allow further testing by printing out the session key, and allowing it's input
into rpcclient.

Next step is automatic storage in a TDB.

Andrew Bartlett
(This used to be commit fa4d7be161)
2003-07-25 01:26:19 +00:00
Andrew Bartlett
4c53bb6b90 In the presense of RPC fragments, schannel is not strictly request/reply,
so the shared sequence number will not be strictly odd/even.

Andrew Bartlett
(This used to be commit 77c3e69aef)
2003-07-17 01:34:05 +00:00
Andrew Bartlett
8a4577cc22 Fix up our auth_pipe code to always cope with fragmented datagrams,
in both SCHANNEL and NTLMSSP.

(Try not to deal with a general case as individual special cases...)

Andrew Bartlett
(This used to be commit 6ca77bd28f)
2003-07-16 03:22:43 +00:00
Gerald Carter
b8ddc6238b fix schannel processing on fragmented PDUs. 'net rpc vampire' works again.
(This used to be commit ff0c71148e)
2003-07-15 21:33:28 +00:00
Andrew Bartlett
0b0fa60900 Fix compile error noticed by Ken Cross, use the utility function instead
of an inline replacement...

Andrew Bartlett
(This used to be commit d941255a97)
2003-07-14 12:56:30 +00:00
Andrew Bartlett
456f51bcbe Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request
the schannel code, but I've included that anyway. :-)

This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code.  The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.

The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets.  (Still not yet functional)

This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c.  In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection.  (Previously we were limited to sealing,
and could only use the LM-password derived key).

Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation.  A future step is to replace
it with calls to the same NTLMSSP library.

Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier.  While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow.  I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.

rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection.  The 'schannel' command enables schannel
for all pipes until disabled.

This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.

(The same needs to be done to our server)

Andrew Bartlett
(This used to be commit 5472ddc9ea)
2003-07-14 08:46:32 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Tim Potter
627aa735fb Clarify a comment: The secure channel connection must be opened on the
same session (TCP connection) as the one the challenge was requested
from.
(This used to be commit 5cb9b99f0f)
2003-05-16 01:57:57 +00:00
Tim Potter
5b776f179a Fix two bugs that were stopping net rpc vampire from working over secure
channel:

  - If the domain name passed to create_rpc_bind_req() is empty, use
    lp_workgroup()

  - Correctly set the auth_padding field when the send_size is a multiple
    of 8 bytes

I've tested with nt4sp6 and win2ksp0 and it seems to work, although
there are no password hashes transferred from win2k.  The empty
passwords are being protected by the secure channel encryption though.
(This used to be commit a8c11e8556)
2003-05-12 07:16:21 +00:00
Volker Lendecke
914ef37419 Ok, this is a hack. On a netsec bind reply I did not see anything
useful in the auth verifier yet. So this patch ignores it.

Really checking this would be a lot more intrusive: in rpc_api_pipe we
would have to distinguish between binds and normal requests, or have
more state in the netsec info of cli_state, which is also somewhat
hackish.

Volker
(This used to be commit 8de04fcf68)
2003-05-11 08:08:25 +00:00
Volker Lendecke
d1da999e0a This puts real netlogon connection caching to winbind. This becomes
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.

Volker
(This used to be commit 5b3cb7725a)
2003-05-08 08:02:52 +00:00
Jeremy Allison
fa497c6c76 Fixes from Ronan Waide <waider@waider.ie> for large RPC writes.
Jeremy.
(This used to be commit a330bf170e)
2003-04-28 18:42:34 +00:00
Jeremy Allison
e156cf7df4 Fixes for multi-PDU schannel - based on Volker's code. This code needs
tidying up. Samsync still doesn't work due to bad parsing of net_io_sam_alias_info
with a blank description. Still working on this....
Jeremy.
(This used to be commit 942fede9a5)
2003-04-16 21:09:48 +00:00
Jeremy Allison
09a50497d1 Fixes to make SCHANNEL work in 3.0 against a W2K DC. Still need to fix
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC.
Jeremy.
(This used to be commit ff66d40970)
2003-04-16 15:39:57 +00:00
Tim Potter
e9a4e1bb2e Merge: remove unused variables.
(This used to be commit dfa9412da5)
2003-04-14 05:28:09 +00:00
Volker Lendecke
7238bf5f40 This is the netlogon schannel client code. Try a
rpcclient -S pdc -U% -c "samlogon user password"

and it should work with the schannel. Needs testing against platforms
different from NT4SP6.

Volker
(This used to be commit eaef0d8aef)
2003-04-09 15:54:17 +00:00
Tim Potter
f27d292efc Merge: remove dead function.
(This used to be commit 648307ab3d)
2003-01-22 23:33:18 +00:00
Gerald Carter
4242eda183 merging some rpcclient and net functionality from HEAD
(This used to be commit 7a4c874842)
2003-01-15 17:22:48 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Jeremy Allison
1c8e1e0448 Ensure callid is not used uninitialized.
Jeremy.
(This used to be commit ddd7099595)
2002-12-02 23:51:53 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Jeremy Allison
98f9e758f0 Merge Jim's new rpc client code to 3.0.
Jeremy.
(This used to be commit 121c456d43)
2002-11-07 18:54:02 +00:00
Tim Potter
c49573e59f Display pipe name in rpc bind failure debug.
(This used to be commit 70838b33a6)
2002-11-02 00:43:38 +00:00
Tim Potter
5dd341d647 Tidyup of some DCERPC pipe connection debugs. The new LSA_DS stuff
generates some errors we haven't seen before which are inappropriately
logged at level 0.
(This used to be commit 40d5112048)
2002-11-01 00:37:45 +00:00
Tim Potter
14a85b0008 Merge of SMB_ASSERT.
(This used to be commit 1094e1ffde)
2002-10-17 05:23:14 +00:00
Gerald Carter
bfa93735ab merge from APP_HEAD of winbindd's domain local group fix
(This used to be commit 09c6f6329d)
2002-10-08 18:32:42 +00:00
Gerald Carter
055e6d1491 * merge native_mode flag in winbindd_domain struct from app-head
* add some files missing from a previous commit
(This used to be commit 29159c9737)
2002-10-04 21:42:04 +00:00
Gerald Carter
9c1b62c0fd merge of working dsrolegetprimdominfo() client code from APP_HEAD
(This used to be commit 028477e352)
2002-10-04 19:33:41 +00:00
Gerald Carter
36ef82a529 merge of new client side support the Win2k LSARPC UUID in rpcbind
from APP_HEAD
(This used to be commit 1cfd2ee433)
2002-10-04 04:10:23 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Martin Pool
4f3a2be2b9 Add prs_dump_before to dump everything from the start of the prs
buffer up to the current position, and use this to dump pipe buffers
just before parsing.
(This used to be commit 92a3ab274e)
2002-01-02 07:48:07 +00:00
Martin Pool
05ae7ca1cb Also capture received data
(This used to be commit 93fadcd111)
2002-01-02 06:08:02 +00:00
Martin Pool
f23cc6ab25 struct cli_state remembers the pipe name that it's talking to, if any,
so that we can print it in later debug messages.

Call prs_dump to dump out requests sent by the client at sufficiently
high debug levels.
(This used to be commit 9973b22b34)
2002-01-02 05:39:49 +00:00
Jeremy Allison
f8e2baf39e Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547)
2001-11-03 23:34:24 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Simo Sorce
941a3a5d3a move to SAFE_FREE()
(This used to be commit 549fe42bd4)
2001-09-17 09:41:30 +00:00
Tim Potter
5836e1f7fe Use new client error api.
(This used to be commit b196a52483)
2001-08-10 06:11:31 +00:00
Tim Potter
62f7f6a022 Use the new client error api.
(This used to be commit 688da3c41d)
2001-08-10 06:01:11 +00:00
Jeremy Allison
5fb9a869b7 Use a logical cli_read(), removed the cli_read_one() hack.
Jeremy.
(This used to be commit 2999eab5ab)
2001-06-29 00:22:22 +00:00
Tim Potter
024250d6ca Use cli_read_one() for reading DCE/RPC reply fragments. We need to check
for and ignore ERRmoredata errors as the client library doesn't support
32-bit error messages.

Added some annotations for the RPC pipe code to make it a bit clearer
maybe.
(This used to be commit f179e0ff61)
2001-06-22 01:19:45 +00:00
Tim Potter
3bc291f55d Removed irritating and unecessary debug message.
(This used to be commit b49c4cd441)
2001-06-02 05:33:43 +00:00
Tim Potter
4ca3b30aec Added a SMB_ASSERT() so that two cli_state structures aren't opened
on different pipes.  This seriously confuses NT.  Unfortunately HEAD
branch is limited to one rpc pipe per connection as the fnum is stored
inside the cli_state structure.  It should really be broken out into
it's own structure so multiple pipes can be opened on one TCP/IP socket.

What a good idea!  But look over here! I've already done it in another
workarea but it will require a day or two to refactor some of the internal
samba rpc client stuff (i.e netlogon requests) so it will remain uncommitted
for another while.
(This used to be commit 657804f3be)
2001-05-04 07:25:43 +00:00
Jeremy Allison
00ab9021b0 Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d)
2001-03-09 23:48:58 +00:00
Andrew Tridgell
c565c98723 pipe opening now works with unicode
(This used to be commit ba3ce3404e)
2001-02-20 10:11:40 +00:00
Andrew Tridgell
d7a502f5a8 fixed a typo
(This used to be commit c9e4dea1cb)
2000-12-04 07:39:22 +00:00
Andrew Tridgell
d931013008 pass the desired access into cli_nt_create()
(This used to be commit a2d07994e0)
2000-12-04 07:26:56 +00:00
Jeremy Allison
7f36df301e Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817)
2000-08-01 18:32:34 +00:00
Jeremy Allison
5ec1642809 Ok - this is a *BIG* change - but it fixes the problems with static strings
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.

The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.

A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.

This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().

This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.

The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.

Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.

Jeremy.
(This used to be commit 0ff2ce543e)
2000-07-27 00:47:19 +00:00
Tim Potter
d39eaf1776 Reverted changes from rpcclient merge - contains memory leak!
(This used to be commit dea06ad7a5)
2000-07-17 05:40:48 +00:00
Gerald Carter
8213b96fd9 More functions merged from TNG for rpcclient. They don't all work
currently as I have to do something about the policy handle caching
issues.



--jerry
(This used to be commit 233b074f49)
2000-07-14 17:04:04 +00:00
Gerald Carter
d2b40a7de2 More rpcclient merge issues:
* fixes some readline bugs from the merge
        * first attempt at commands (spoolenum almost works)
        * no changes to existing functions in HEAD; only additions
          of new functions.  I'll weed out what I can as I go.




--jerry
(This used to be commit 61d2aad5dc)
2000-07-07 06:20:46 +00:00
Andrew Tridgell
3db52feb1f first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76)
1999-12-13 13:27:58 +00:00
Luke Leighton
0ce128e355 delineation between smb and msrpc more marked. smbd now constructs
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service.  the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.

this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).

removed reference to pipes_struct in msrpc services.  all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.

created become_vuser() which does everything not related to connection_struct
that become_user() does.

removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.

todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.

had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons.  why?  because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency.  so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc.  this is the MINIMUM info identified so far that's
actually implemented.  missing bits include the called and calling
netbios names etc.  (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8d)
1999-12-12 01:25:49 +00:00
Luke Leighton
e302cb2b18 first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.
(This used to be commit 44dd3efa63)
1999-11-29 19:46:57 +00:00
Luke Leighton
3fc5ec73be further abstraction involving client states. main client-side code
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3)
1999-11-27 21:50:11 +00:00
Luke Leighton
75bc100943 cool! completed a samr* API that _would_ look like an msdn samr* api...
if microsoft bothered to publish it.  actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3)
1999-11-25 05:26:48 +00:00
Luke Leighton
2803a72751 ok. *whew*. this is the first completed part of the restructure.
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)

soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api!  cool!

the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82)
1999-11-24 22:45:09 +00:00
Luke Leighton
f8b82a7b95 first stages of removing struct cli_state* and uint16 fnum from all
msrpc client code.  the intent is to hide / abstract / associate
connection info behind policy handles.

this makes the msrpc functions look more and more like their nt equivalents.

who-hou!
(This used to be commit c01b18e632)
1999-11-24 20:24:33 +00:00
Luke Leighton
dab1a12278 you know what? this sort of thing makes me laugh. hmm, what functions
have we got.  and what data do we have.  hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved.  and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!

i love it when this sort of thing happens.  took all of fifteen minutes to
guess it.  tried concatenating client and server challenges.  tried
concatenating _random_ bits of client and server challenges.  tried
md5 of the above.  tried hmac_md5 of the above.  eventually, it boils down
to this:

kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd)
1999-11-21 19:24:01 +00:00
Luke Leighton
826ad16b36 debugging rpcclient spoolenum and spooljobs commands. oh, did i forget
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion?  prints out NT print jobs really nicely, too.
(This used to be commit e6e5caf16c)
1999-11-09 19:35:30 +00:00
Luke Leighton
23dc6eb70d horrible code to do SMBwriteX / SMBreadX for large MSRPC reads. ARGH!
(This used to be commit 0f9d661ca2)
1999-11-06 22:45:31 +00:00
Luke Leighton
6f9105c853 various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs.  cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db)
1999-10-21 16:53:50 +00:00
Luke Leighton
09e6f6eb9c adding CAP_EXTENDED_SECURITY support in a hurry last week. forgot to
deal with linking issues in other binaries
(This used to be commit 57f95a0198)
1999-10-14 18:49:24 +00:00
Luke Leighton
cba7662da1 - added rudimentary CAP_UNICODE support because i thought it was part of
a problem i was having.

- added rudimentary CAP_STATUS32 support for same reason.

- added hard-coded, copy-the-same-data-from-over-the-wire version of
CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate
GSSAPI which encodes
SPNEGO which is used to negotiate
Kerberos or NTLMSSP.  i have implemented
NTLMSSP which negotiates
NTLMv1 or NTLMv2 and 40-bit or 128-bit etc.  i have implemented
NTLMv1 / 40-bit.

*whew*.
(This used to be commit e5b80bd2f7)
1999-10-07 22:10:29 +00:00
Luke Leighton
f2e0bbffb5 renaming AUTH VERIFIER to AUTH NTLMSSP VERIFIER. ready for adding
another RPC authentication system.
(This used to be commit 1a211bafeb)
1999-07-26 21:47:23 +00:00
Matthew Chapman
30beb2dd10 BDC support.
Added synchronise_passdb function to update accounts in a BDC's smbpasswd.
Improved rpc_read, which was still somewhat broken for multiple PDU's.
modify_trust_password must initialise cli.pwd (pwd_set_nullpwd).
(This used to be commit 4783ac3968)
1999-07-22 10:54:49 +00:00
Luke Leighton
7672761567 use of safe_cli_errstr() and cli_establish_connection().
(This used to be commit b60eb8c9fc)
1999-07-06 21:29:54 +00:00
Luke Leighton
73891ca8e4 improving authentication code (tidyup).
(This used to be commit ab1a6aa42d)
1999-06-29 18:47:06 +00:00
Matthew Chapman
877db70926 Fixed a typo where the RPC header mem_buffer was initialised as 0x8 bytes long
rather than 0x18. Rather nasty, I doubt the client ever worked for multiple
PDU's.
(This used to be commit 90b6fce780)
1999-03-23 15:01:37 +00:00
Luke Leighton
9c848ec329 removed nt_pipe_fnum from struct cli_state. need to be able to call
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions.  thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b)
1998-12-07 20:23:41 +00:00
Luke Leighton
74d539f557 - group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.

- interactive debug detection

- re-added mem_man (andrew's memory management, detects memory corruption)

- american spellings of "initialise" replaced with english spelling of
  "initialise".

- started on "lookup_name()" and "lookup_sid()" functions.  proper ones.

- moved lots of functions around.  created some modules of commonly used
  code.  e.g the password file locking code, which is used in groupfile.c
  and aliasfile.c and smbpass.c

- moved RID_TYPE_MASK up another bit.  this is really unfortunate, but
  there is no other "fast" way to identify users from groups from aliases.
  i do not believe that this code saves us anything (the multipliers)
  and puts us at a disadvantage (reduces the useable rid space).
  the designers of NT aren't silly: if they can get away with a user-
  interface-speed LsaLookupNames / LsaLookupSids, then so can we.  i
  spoke with isaac at the cifs conference, the only time for example that
  they do a security context check is on file create.  certainly not on
  individual file reads / writes, which would drastically hit their
  performance and ours, too.

- renamed myworkgroup to global_sam_name, amongst other things, when used
  in the rpc code.  there is also a global_member_name, as we are always
  responsible for a SAM database, the scope of which is limited by the role
  of the machine (e.g if a member of a workgroup, your SAM is for _local_
  logins only, and its name is the name of your server.  you even still
  have a SID.  see LsaQueryInfoPolicy, levels 3 and 5).

- updated functionality of groupname.c to be able to cope with names
  like DOMAIN\group and SERVER\alias.  used this code to be able to
  do aliases as well as groups.  this code may actually be better
  off being used in username mapping, too.

- created a connect to serverlist function in clientgen.c and used it
  in password.c

- initialisation in server.c depends on the role of the server.  well,
  it does now.

- rpctorture.  smbtorture.  EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e609)
1998-11-17 16:19:04 +00:00
Jeremy Allison
8fc1504ff8 Makefile.in configure configure.in include/config.h.in: Changes for DGUX and UNIXWARE.
groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf.
include/includes.h: Fix YP problem.
include/smb.h: Fix ZERO_STRUCTP.
lib/util_sock.c: Added strerror() in debugs.
passdb/ldap.c: Don't use snprinf, use slprintf.
rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf.
script/installman.sh: DGUX changes.
smbd/open.c smbd/oplock.c: Fixed gcc warnings.
web/swat.c: Changes USER to SWAT_USER.
(This used to be commit 4c2b5a0098)
1998-11-13 21:41:01 +00:00
Luke Leighton
5b863af4c0 cleaning up conflicts between group code not yet committed and
changes from yesterday by me, jeremy and andrew.

jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user
didn't exist (first check should be for smb_pass != NULL)
(This used to be commit cbac0f165d)
1998-11-12 16:07:00 +00:00
Jeremy Allison
10a9addc22 Moved some code (NTLMSSPcalc) out of smbdes and inline for paranioa
resons and my own piece of mind...
Jeremy.
(This used to be commit 45131501f2)
1998-11-12 04:17:54 +00:00
Jeremy Allison
1ee499385c libsmb/smbdes.c: #ifdef'ed out code prior to removal.
rpc_client/cli_pipe.c: Inlined code removed from smbdes.c
rpc_server/srv_samr.c: Fixed unused variable warning.
rpc_server/srv_util.c: Inlined code removed from smbdes.c

Luke - the above changes are the first part of the changes
you and I discussed as being neccessary at the CIFS conference.
*PLEASE REVIEW THESE CHANGES* - make sure I haven't broken
any of the authenticated DCE/RPC code.

smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares
                with NT SMB support.
smbd/open.c: Fixed mkdir when called from nttrans calls.
smbd/server.c: Set correct size for strcpy of global_myworkgroup.

Jeremy.
(This used to be commit d891421d16)
1998-10-22 16:55:03 +00:00
Jeremy Allison
6e3af45afe Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode.
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh !
smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles.
Jeremy.
(This used to be commit 0b44d27d0b)
1998-10-21 16:58:34 +00:00
Luke Leighton
ac9be4ddca oops!
(This used to be commit 500e5536be)
1998-10-21 16:54:23 +00:00
Luke Leighton
4773506383 signed / unsigned issues
(This used to be commit bd2fc6bb85)
1998-10-21 16:28:44 +00:00
Luke Leighton
9307940876 fixing smbd encrypted rpcs (data lens, alloc hints, sequence nums argh).
put unicode strings after SAMLOGON query regardless of whether it's
an NT mailslot or a non-NT mailslot, after having observed this behaviour
out of NT machines.
(This used to be commit c101113ec2)
1998-10-21 01:35:01 +00:00
Luke Leighton
d8f0e60195 signed / unsigned warnings (found by herb).
how do i switch on these warnings in gcc?????
(This used to be commit 39db385a0c)
1998-10-20 22:37:44 +00:00
Luke Leighton
1ebeb54932 some quite important bug-fixes i missed because i transferred the wrong
smb.tgz file from my portable.

particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.

smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data.  rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length.  this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a9)
1998-10-20 18:27:49 +00:00
Luke Leighton
01de603084 - dce/rpc code
- removed debug info in struni2 and unistr2 (security risk)

- rpc_pipe function was getting pointer to data then calling realloc *dur*

- password check function, the start of "credential checking",
  user, wks, domain, pass as the credentials (not just user,pass which
  is incorrect in a domain context)

- cli_write needs to return ssize_t not size_t, because total can be -1
  if the write fails.

- fixed signed / unsigned warnings (how come i don't get those any more
  when i compile with gcc???)

- nt password change added in smbd.  yes, jeremy, i verified that the
  SMBtrans2 version still works.
(This used to be commit fcfb40d2b0)
1998-10-19 17:32:10 +00:00
Jeremy Allison
fc62d6bf36 Small tidyups for gcc in 'preen' mode....
Jeremy.
(This used to be commit 60dc1a4a00)
1998-10-17 17:41:13 +00:00
Luke Leighton
97f0c9d550 made pass_check_smb() available for dce/rpc use.
(This used to be commit 95e8a910c5)
1998-10-16 21:36:19 +00:00
Luke Leighton
d4a82ea26d rpc client mods (ntlmssp flags)
(This used to be commit 16256f86bf)
1998-10-16 20:07:02 +00:00
Luke Leighton
a42afcdcc7 bug-fixing against:
AS/U:
      it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
      response, when they should be set in a (small) packet.  they also,
      in the bind/ack do not set a secondary address string at all, so
      we can't check against that...

Win95:
      client-side dce/rpc code is a bit odd.  it does a "WaitNamedPipeState"
      and has slightly different pipe-naming (\PIPE\LANMAN is joined by
      \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
      and \PIPE\).

Win95-USRMGR.EXE:
      added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
      added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b)
1998-10-15 05:47:29 +00:00
Luke Leighton
948f81a592 warnings spotted by ./configure.developer options
(This used to be commit 29434bf195)
1998-10-14 07:00:00 +00:00
Luke Leighton
935dc98f66 dce/rpc
(This used to be commit 69f5f9f889)
1998-10-14 06:29:20 +00:00
Luke Leighton
abb67ee6de signed / unsigned issues spotted by herb
(This used to be commit 0b90442021)
1998-10-09 20:31:52 +00:00
Luke Leighton
8158620124 dce/rpc.
(This used to be commit e0445419b2)
1998-10-09 20:17:11 +00:00
Luke Leighton
4e004a0b5e basic client-side ntcreateX function (hard-wired values except filename)
(This used to be commit caeb99201a)
1998-10-09 19:34:57 +00:00
Luke Leighton
755986764f dce/rpc
(This used to be commit 32d0f5e4a5)
1998-10-09 19:05:19 +00:00
Luke Leighton
6909350ed9 dce/rpc
(This used to be commit 62fdeef1b7)
1998-10-08 23:57:46 +00:00
Luke Leighton
48b31ae44f dce/rpc
(This used to be commit 6677b888bd)
1998-10-07 21:42:24 +00:00
Luke Leighton
c07b2bdf90 dce/rpc
(This used to be commit eb279cabd0)
1998-10-06 22:03:04 +00:00
Luke Leighton
732d4ff7da Makefile.in :
- added srvsvc client files

clientgen.c :

	- replaced cli_error(cli, int *cls, int *err) with
	  cli_error(cli, uint8 cls, uint32 *err).  this version detects
	  32 bit status messages.  the DOS error "MORE_DATA", the
	  equivalent of the 32 bit *warning* 0x8000 0005
	  (STATUS_BUFFER_OVERFLOW), was being processed as an error,
	  terminating the cli_receive_trans() call.

cli_pipe.c :

	- replaced calls that had been incorrectly modified from
	  32 bit warnings (0x8000 0005 - STATUS_BUFFER_OVERFLOW)
	  to 8 bit DOS errors (0x01 0xEA - MORE_DATA).
	  the use of the old version of cli_error (DOS only)
	  instead of the new one (DOS and 32 bit) caused the
	  dce/rpc client code to fail.

	- replaced 2 space indentation with tab indentation in all functions.

cli_srvsvc.c :
cmd_srvsvc.c :

	- added these files back in, fixing them up to use jeremy's
	  modified versions of the dce/rpc client functions.

parse_srv.c :

	- added back in some "unused" functions required by dce/rpc
	  client-side code.  it would be helpful if all such "unused"
	  functions could be added back in.

rpcclient.c :

	- added "session", "file", "share", "connection" enumeration
	  functions back in.  these are equivalent to nt's "NetXXXXXEnum"
	  Win32 (MSDN) functions.

	- added "srvinfo" function back in.  this is equivalent to
	  nt's NetServerGetInfo Win32 (MSDN) function.
(This used to be commit bcf39ffdcc)
1998-10-02 21:09:23 +00:00
Luke Leighton
c43c53b886 microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4).
therefore, they are being more strict, first in the server-side code, and
now in the client-side code.

this fixes a bind-request that was too short by 16 bytes, and an rpc-request
that was too long by 24 bytes.
(This used to be commit a69ed7846a)
1998-10-02 18:14:38 +00:00
Andrew Tridgell
e9ea36e4d2 tridge the destroyer returns!
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...

I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).

in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.

So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)

One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87)
1998-09-05 05:07:05 +00:00
Jeremy Allison
f888868f46 This is a security audit change of the main source.
It removed all ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d77445400)
1998-05-12 00:55:32 +00:00
Andrew Tridgell
3dfc0c8472 changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.

This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb)
1998-05-11 06:38:36 +00:00
Jeremy Allison
e305c2c9e2 clientgen.c: Fixed null session setup bug.
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
            Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df201)
1998-04-29 19:22:01 +00:00
Jeremy Allison
22abe47e29 First version that compiles. Much more to do.....
Jeremy.
(This used to be commit 45393a19ad)
1998-04-28 01:24:40 +00:00
Jeremy Allison
e7ac86607c This looks like a big change but really isn't.
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.

This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).

Jeremy.
(This used to be commit 866406bfe3)
1998-04-25 01:12:08 +00:00
Jeremy Allison
42058f3c66 cli_pipe.c: Corrected cli_api_pipe() calls.
Jeremy.
(This used to be commit 2571ba0213)
1998-04-24 00:34:21 +00:00
Jeremy Allison
d5114f6245 These don't compile yet - but they are the core code in what
will be DOMAIN_CLIENT called code.
Jeremy.
(This used to be commit ad81735fa1)
1998-04-23 22:45:53 +00:00
Luke Leighton
76d3bc36a5 put server-side long dce/rpc code in main branch.
(This used to be commit 2e1a08b28c)
1998-04-21 02:36:37 +00:00
Jeremy Allison
fdeea341ed "For I have laboured mightily on Luke's code, and hath broken
all I saw" - the book of Jeremy, chapter 1 :-).

So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.

This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.

Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.

This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.

I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).

Jeremy.
(This used to be commit 118ba4d77a)
1998-03-11 21:11:04 +00:00