1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

224 Commits

Author SHA1 Message Date
Jeremy Allison
f8e2baf39e Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547)
2001-11-03 23:34:24 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Simo Sorce
941a3a5d3a move to SAFE_FREE()
(This used to be commit 549fe42bd4)
2001-09-17 09:41:30 +00:00
Tim Potter
5836e1f7fe Use new client error api.
(This used to be commit b196a52483)
2001-08-10 06:11:31 +00:00
Tim Potter
62f7f6a022 Use the new client error api.
(This used to be commit 688da3c41d)
2001-08-10 06:01:11 +00:00
Jeremy Allison
5fb9a869b7 Use a logical cli_read(), removed the cli_read_one() hack.
Jeremy.
(This used to be commit 2999eab5ab)
2001-06-29 00:22:22 +00:00
Tim Potter
024250d6ca Use cli_read_one() for reading DCE/RPC reply fragments. We need to check
for and ignore ERRmoredata errors as the client library doesn't support
32-bit error messages.

Added some annotations for the RPC pipe code to make it a bit clearer
maybe.
(This used to be commit f179e0ff61)
2001-06-22 01:19:45 +00:00
Tim Potter
3bc291f55d Removed irritating and unecessary debug message.
(This used to be commit b49c4cd441)
2001-06-02 05:33:43 +00:00
Tim Potter
4ca3b30aec Added a SMB_ASSERT() so that two cli_state structures aren't opened
on different pipes.  This seriously confuses NT.  Unfortunately HEAD
branch is limited to one rpc pipe per connection as the fnum is stored
inside the cli_state structure.  It should really be broken out into
it's own structure so multiple pipes can be opened on one TCP/IP socket.

What a good idea!  But look over here! I've already done it in another
workarea but it will require a day or two to refactor some of the internal
samba rpc client stuff (i.e netlogon requests) so it will remain uncommitted
for another while.
(This used to be commit 657804f3be)
2001-05-04 07:25:43 +00:00
Jeremy Allison
00ab9021b0 Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d)
2001-03-09 23:48:58 +00:00
Andrew Tridgell
c565c98723 pipe opening now works with unicode
(This used to be commit ba3ce3404e)
2001-02-20 10:11:40 +00:00
Andrew Tridgell
d7a502f5a8 fixed a typo
(This used to be commit c9e4dea1cb)
2000-12-04 07:39:22 +00:00
Andrew Tridgell
d931013008 pass the desired access into cli_nt_create()
(This used to be commit a2d07994e0)
2000-12-04 07:26:56 +00:00
Jeremy Allison
7f36df301e Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817)
2000-08-01 18:32:34 +00:00
Jeremy Allison
5ec1642809 Ok - this is a *BIG* change - but it fixes the problems with static strings
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.

The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.

A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.

This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().

This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.

The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.

Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.

Jeremy.
(This used to be commit 0ff2ce543e)
2000-07-27 00:47:19 +00:00
Tim Potter
d39eaf1776 Reverted changes from rpcclient merge - contains memory leak!
(This used to be commit dea06ad7a5)
2000-07-17 05:40:48 +00:00
Gerald Carter
8213b96fd9 More functions merged from TNG for rpcclient. They don't all work
currently as I have to do something about the policy handle caching
issues.



--jerry
(This used to be commit 233b074f49)
2000-07-14 17:04:04 +00:00
Gerald Carter
d2b40a7de2 More rpcclient merge issues:
* fixes some readline bugs from the merge
        * first attempt at commands (spoolenum almost works)
        * no changes to existing functions in HEAD; only additions
          of new functions.  I'll weed out what I can as I go.




--jerry
(This used to be commit 61d2aad5dc)
2000-07-07 06:20:46 +00:00
Andrew Tridgell
3db52feb1f first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76)
1999-12-13 13:27:58 +00:00
Luke Leighton
0ce128e355 delineation between smb and msrpc more marked. smbd now constructs
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service.  the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.

this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).

removed reference to pipes_struct in msrpc services.  all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.

created become_vuser() which does everything not related to connection_struct
that become_user() does.

removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.

todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.

had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons.  why?  because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency.  so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc.  this is the MINIMUM info identified so far that's
actually implemented.  missing bits include the called and calling
netbios names etc.  (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8d)
1999-12-12 01:25:49 +00:00
Luke Leighton
e302cb2b18 first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.
(This used to be commit 44dd3efa63)
1999-11-29 19:46:57 +00:00
Luke Leighton
3fc5ec73be further abstraction involving client states. main client-side code
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3)
1999-11-27 21:50:11 +00:00
Luke Leighton
75bc100943 cool! completed a samr* API that _would_ look like an msdn samr* api...
if microsoft bothered to publish it.  actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3)
1999-11-25 05:26:48 +00:00
Luke Leighton
2803a72751 ok. *whew*. this is the first completed part of the restructure.
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)

soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api!  cool!

the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82)
1999-11-24 22:45:09 +00:00
Luke Leighton
f8b82a7b95 first stages of removing struct cli_state* and uint16 fnum from all
msrpc client code.  the intent is to hide / abstract / associate
connection info behind policy handles.

this makes the msrpc functions look more and more like their nt equivalents.

who-hou!
(This used to be commit c01b18e632)
1999-11-24 20:24:33 +00:00
Luke Leighton
dab1a12278 you know what? this sort of thing makes me laugh. hmm, what functions
have we got.  and what data do we have.  hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved.  and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!

i love it when this sort of thing happens.  took all of fifteen minutes to
guess it.  tried concatenating client and server challenges.  tried
concatenating _random_ bits of client and server challenges.  tried
md5 of the above.  tried hmac_md5 of the above.  eventually, it boils down
to this:

kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd)
1999-11-21 19:24:01 +00:00
Luke Leighton
826ad16b36 debugging rpcclient spoolenum and spooljobs commands. oh, did i forget
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion?  prints out NT print jobs really nicely, too.
(This used to be commit e6e5caf16c)
1999-11-09 19:35:30 +00:00
Luke Leighton
23dc6eb70d horrible code to do SMBwriteX / SMBreadX for large MSRPC reads. ARGH!
(This used to be commit 0f9d661ca2)
1999-11-06 22:45:31 +00:00
Luke Leighton
6f9105c853 various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs.  cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db)
1999-10-21 16:53:50 +00:00
Luke Leighton
09e6f6eb9c adding CAP_EXTENDED_SECURITY support in a hurry last week. forgot to
deal with linking issues in other binaries
(This used to be commit 57f95a0198)
1999-10-14 18:49:24 +00:00
Luke Leighton
cba7662da1 - added rudimentary CAP_UNICODE support because i thought it was part of
a problem i was having.

- added rudimentary CAP_STATUS32 support for same reason.

- added hard-coded, copy-the-same-data-from-over-the-wire version of
CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate
GSSAPI which encodes
SPNEGO which is used to negotiate
Kerberos or NTLMSSP.  i have implemented
NTLMSSP which negotiates
NTLMv1 or NTLMv2 and 40-bit or 128-bit etc.  i have implemented
NTLMv1 / 40-bit.

*whew*.
(This used to be commit e5b80bd2f7)
1999-10-07 22:10:29 +00:00
Luke Leighton
f2e0bbffb5 renaming AUTH VERIFIER to AUTH NTLMSSP VERIFIER. ready for adding
another RPC authentication system.
(This used to be commit 1a211bafeb)
1999-07-26 21:47:23 +00:00
Matthew Chapman
30beb2dd10 BDC support.
Added synchronise_passdb function to update accounts in a BDC's smbpasswd.
Improved rpc_read, which was still somewhat broken for multiple PDU's.
modify_trust_password must initialise cli.pwd (pwd_set_nullpwd).
(This used to be commit 4783ac3968)
1999-07-22 10:54:49 +00:00
Luke Leighton
7672761567 use of safe_cli_errstr() and cli_establish_connection().
(This used to be commit b60eb8c9fc)
1999-07-06 21:29:54 +00:00
Luke Leighton
73891ca8e4 improving authentication code (tidyup).
(This used to be commit ab1a6aa42d)
1999-06-29 18:47:06 +00:00
Matthew Chapman
877db70926 Fixed a typo where the RPC header mem_buffer was initialised as 0x8 bytes long
rather than 0x18. Rather nasty, I doubt the client ever worked for multiple
PDU's.
(This used to be commit 90b6fce780)
1999-03-23 15:01:37 +00:00
Luke Leighton
9c848ec329 removed nt_pipe_fnum from struct cli_state. need to be able to call
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions.  thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b)
1998-12-07 20:23:41 +00:00
Luke Leighton
74d539f557 - group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.

- interactive debug detection

- re-added mem_man (andrew's memory management, detects memory corruption)

- american spellings of "initialise" replaced with english spelling of
  "initialise".

- started on "lookup_name()" and "lookup_sid()" functions.  proper ones.

- moved lots of functions around.  created some modules of commonly used
  code.  e.g the password file locking code, which is used in groupfile.c
  and aliasfile.c and smbpass.c

- moved RID_TYPE_MASK up another bit.  this is really unfortunate, but
  there is no other "fast" way to identify users from groups from aliases.
  i do not believe that this code saves us anything (the multipliers)
  and puts us at a disadvantage (reduces the useable rid space).
  the designers of NT aren't silly: if they can get away with a user-
  interface-speed LsaLookupNames / LsaLookupSids, then so can we.  i
  spoke with isaac at the cifs conference, the only time for example that
  they do a security context check is on file create.  certainly not on
  individual file reads / writes, which would drastically hit their
  performance and ours, too.

- renamed myworkgroup to global_sam_name, amongst other things, when used
  in the rpc code.  there is also a global_member_name, as we are always
  responsible for a SAM database, the scope of which is limited by the role
  of the machine (e.g if a member of a workgroup, your SAM is for _local_
  logins only, and its name is the name of your server.  you even still
  have a SID.  see LsaQueryInfoPolicy, levels 3 and 5).

- updated functionality of groupname.c to be able to cope with names
  like DOMAIN\group and SERVER\alias.  used this code to be able to
  do aliases as well as groups.  this code may actually be better
  off being used in username mapping, too.

- created a connect to serverlist function in clientgen.c and used it
  in password.c

- initialisation in server.c depends on the role of the server.  well,
  it does now.

- rpctorture.  smbtorture.  EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e609)
1998-11-17 16:19:04 +00:00
Jeremy Allison
8fc1504ff8 Makefile.in configure configure.in include/config.h.in: Changes for DGUX and UNIXWARE.
groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf.
include/includes.h: Fix YP problem.
include/smb.h: Fix ZERO_STRUCTP.
lib/util_sock.c: Added strerror() in debugs.
passdb/ldap.c: Don't use snprinf, use slprintf.
rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf.
script/installman.sh: DGUX changes.
smbd/open.c smbd/oplock.c: Fixed gcc warnings.
web/swat.c: Changes USER to SWAT_USER.
(This used to be commit 4c2b5a0098)
1998-11-13 21:41:01 +00:00
Luke Leighton
5b863af4c0 cleaning up conflicts between group code not yet committed and
changes from yesterday by me, jeremy and andrew.

jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user
didn't exist (first check should be for smb_pass != NULL)
(This used to be commit cbac0f165d)
1998-11-12 16:07:00 +00:00
Jeremy Allison
10a9addc22 Moved some code (NTLMSSPcalc) out of smbdes and inline for paranioa
resons and my own piece of mind...
Jeremy.
(This used to be commit 45131501f2)
1998-11-12 04:17:54 +00:00
Jeremy Allison
1ee499385c libsmb/smbdes.c: #ifdef'ed out code prior to removal.
rpc_client/cli_pipe.c: Inlined code removed from smbdes.c
rpc_server/srv_samr.c: Fixed unused variable warning.
rpc_server/srv_util.c: Inlined code removed from smbdes.c

Luke - the above changes are the first part of the changes
you and I discussed as being neccessary at the CIFS conference.
*PLEASE REVIEW THESE CHANGES* - make sure I haven't broken
any of the authenticated DCE/RPC code.

smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares
                with NT SMB support.
smbd/open.c: Fixed mkdir when called from nttrans calls.
smbd/server.c: Set correct size for strcpy of global_myworkgroup.

Jeremy.
(This used to be commit d891421d16)
1998-10-22 16:55:03 +00:00
Jeremy Allison
6e3af45afe Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn mode.
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh !
smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles.
Jeremy.
(This used to be commit 0b44d27d0b)
1998-10-21 16:58:34 +00:00
Luke Leighton
ac9be4ddca oops!
(This used to be commit 500e5536be)
1998-10-21 16:54:23 +00:00
Luke Leighton
4773506383 signed / unsigned issues
(This used to be commit bd2fc6bb85)
1998-10-21 16:28:44 +00:00
Luke Leighton
9307940876 fixing smbd encrypted rpcs (data lens, alloc hints, sequence nums argh).
put unicode strings after SAMLOGON query regardless of whether it's
an NT mailslot or a non-NT mailslot, after having observed this behaviour
out of NT machines.
(This used to be commit c101113ec2)
1998-10-21 01:35:01 +00:00
Luke Leighton
d8f0e60195 signed / unsigned warnings (found by herb).
how do i switch on these warnings in gcc?????
(This used to be commit 39db385a0c)
1998-10-20 22:37:44 +00:00
Luke Leighton
1ebeb54932 some quite important bug-fixes i missed because i transferred the wrong
smb.tgz file from my portable.

particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.

smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data.  rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length.  this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a9)
1998-10-20 18:27:49 +00:00
Luke Leighton
01de603084 - dce/rpc code
- removed debug info in struni2 and unistr2 (security risk)

- rpc_pipe function was getting pointer to data then calling realloc *dur*

- password check function, the start of "credential checking",
  user, wks, domain, pass as the credentials (not just user,pass which
  is incorrect in a domain context)

- cli_write needs to return ssize_t not size_t, because total can be -1
  if the write fails.

- fixed signed / unsigned warnings (how come i don't get those any more
  when i compile with gcc???)

- nt password change added in smbd.  yes, jeremy, i verified that the
  SMBtrans2 version still works.
(This used to be commit fcfb40d2b0)
1998-10-19 17:32:10 +00:00
Jeremy Allison
fc62d6bf36 Small tidyups for gcc in 'preen' mode....
Jeremy.
(This used to be commit 60dc1a4a00)
1998-10-17 17:41:13 +00:00
Luke Leighton
97f0c9d550 made pass_check_smb() available for dce/rpc use.
(This used to be commit 95e8a910c5)
1998-10-16 21:36:19 +00:00
Luke Leighton
d4a82ea26d rpc client mods (ntlmssp flags)
(This used to be commit 16256f86bf)
1998-10-16 20:07:02 +00:00
Luke Leighton
a42afcdcc7 bug-fixing against:
AS/U:
      it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
      response, when they should be set in a (small) packet.  they also,
      in the bind/ack do not set a secondary address string at all, so
      we can't check against that...

Win95:
      client-side dce/rpc code is a bit odd.  it does a "WaitNamedPipeState"
      and has slightly different pipe-naming (\PIPE\LANMAN is joined by
      \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
      and \PIPE\).

Win95-USRMGR.EXE:
      added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
      added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b)
1998-10-15 05:47:29 +00:00
Luke Leighton
948f81a592 warnings spotted by ./configure.developer options
(This used to be commit 29434bf195)
1998-10-14 07:00:00 +00:00
Luke Leighton
935dc98f66 dce/rpc
(This used to be commit 69f5f9f889)
1998-10-14 06:29:20 +00:00
Luke Leighton
abb67ee6de signed / unsigned issues spotted by herb
(This used to be commit 0b90442021)
1998-10-09 20:31:52 +00:00
Luke Leighton
8158620124 dce/rpc.
(This used to be commit e0445419b2)
1998-10-09 20:17:11 +00:00
Luke Leighton
4e004a0b5e basic client-side ntcreateX function (hard-wired values except filename)
(This used to be commit caeb99201a)
1998-10-09 19:34:57 +00:00
Luke Leighton
755986764f dce/rpc
(This used to be commit 32d0f5e4a5)
1998-10-09 19:05:19 +00:00
Luke Leighton
6909350ed9 dce/rpc
(This used to be commit 62fdeef1b7)
1998-10-08 23:57:46 +00:00
Luke Leighton
48b31ae44f dce/rpc
(This used to be commit 6677b888bd)
1998-10-07 21:42:24 +00:00
Luke Leighton
c07b2bdf90 dce/rpc
(This used to be commit eb279cabd0)
1998-10-06 22:03:04 +00:00
Luke Leighton
732d4ff7da Makefile.in :
- added srvsvc client files

clientgen.c :

	- replaced cli_error(cli, int *cls, int *err) with
	  cli_error(cli, uint8 cls, uint32 *err).  this version detects
	  32 bit status messages.  the DOS error "MORE_DATA", the
	  equivalent of the 32 bit *warning* 0x8000 0005
	  (STATUS_BUFFER_OVERFLOW), was being processed as an error,
	  terminating the cli_receive_trans() call.

cli_pipe.c :

	- replaced calls that had been incorrectly modified from
	  32 bit warnings (0x8000 0005 - STATUS_BUFFER_OVERFLOW)
	  to 8 bit DOS errors (0x01 0xEA - MORE_DATA).
	  the use of the old version of cli_error (DOS only)
	  instead of the new one (DOS and 32 bit) caused the
	  dce/rpc client code to fail.

	- replaced 2 space indentation with tab indentation in all functions.

cli_srvsvc.c :
cmd_srvsvc.c :

	- added these files back in, fixing them up to use jeremy's
	  modified versions of the dce/rpc client functions.

parse_srv.c :

	- added back in some "unused" functions required by dce/rpc
	  client-side code.  it would be helpful if all such "unused"
	  functions could be added back in.

rpcclient.c :

	- added "session", "file", "share", "connection" enumeration
	  functions back in.  these are equivalent to nt's "NetXXXXXEnum"
	  Win32 (MSDN) functions.

	- added "srvinfo" function back in.  this is equivalent to
	  nt's NetServerGetInfo Win32 (MSDN) function.
(This used to be commit bcf39ffdcc)
1998-10-02 21:09:23 +00:00
Luke Leighton
c43c53b886 microsoft is slowly fixing some buffer overflow errors in dce/rpc code (SP4).
therefore, they are being more strict, first in the server-side code, and
now in the client-side code.

this fixes a bind-request that was too short by 16 bytes, and an rpc-request
that was too long by 24 bytes.
(This used to be commit a69ed7846a)
1998-10-02 18:14:38 +00:00
Andrew Tridgell
e9ea36e4d2 tridge the destroyer returns!
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...

I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).

in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.

So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)

One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87)
1998-09-05 05:07:05 +00:00
Jeremy Allison
f888868f46 This is a security audit change of the main source.
It removed all ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d77445400)
1998-05-12 00:55:32 +00:00
Andrew Tridgell
3dfc0c8472 changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.

This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb)
1998-05-11 06:38:36 +00:00
Jeremy Allison
e305c2c9e2 clientgen.c: Fixed null session setup bug.
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
            Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df201)
1998-04-29 19:22:01 +00:00
Jeremy Allison
22abe47e29 First version that compiles. Much more to do.....
Jeremy.
(This used to be commit 45393a19ad)
1998-04-28 01:24:40 +00:00
Jeremy Allison
e7ac86607c This looks like a big change but really isn't.
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.

This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).

Jeremy.
(This used to be commit 866406bfe3)
1998-04-25 01:12:08 +00:00
Jeremy Allison
42058f3c66 cli_pipe.c: Corrected cli_api_pipe() calls.
Jeremy.
(This used to be commit 2571ba0213)
1998-04-24 00:34:21 +00:00
Jeremy Allison
d5114f6245 These don't compile yet - but they are the core code in what
will be DOMAIN_CLIENT called code.
Jeremy.
(This used to be commit ad81735fa1)
1998-04-23 22:45:53 +00:00
Luke Leighton
76d3bc36a5 put server-side long dce/rpc code in main branch.
(This used to be commit 2e1a08b28c)
1998-04-21 02:36:37 +00:00
Jeremy Allison
fdeea341ed "For I have laboured mightily on Luke's code, and hath broken
all I saw" - the book of Jeremy, chapter 1 :-).

So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.

This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.

Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.

This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.

I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).

Jeremy.
(This used to be commit 118ba4d77a)
1998-03-11 21:11:04 +00:00