1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

253 Commits

Author SHA1 Message Date
Volker Lendecke
c14b7e648b Split up async_req into a generic and a NTSTATUS specific part 2009-02-01 19:05:39 +01:00
Volker Lendecke
7967d8c779 Move rpc_pipe_open_internal to srv_pipe_hnd.c
This is a smbd-only function
2009-02-01 14:34:23 +01:00
Volker Lendecke
53394980ad Replace pipe names in pipes_struct by ndr_syntax_id
This was mainly used for debugging output
2009-02-01 14:34:23 +01:00
Volker Lendecke
99f021d0ef Fix the build on Solaris CC 2009-02-01 00:07:16 +01:00
Volker Lendecke
fa7ddc78b8 Remove unused np_read sync wrapper 2009-01-31 17:50:18 +01:00
Volker Lendecke
8b480b52ce Remove unused np_write sync wrapper 2009-01-31 17:50:18 +01:00
Volker Lendecke
e8b2b46cae Make-np_write-handle-0-byte-writes-as-NT_STATUS_OK 2009-01-31 17:50:18 +01:00
Volker Lendecke
b797c056a6 Add an async np_read wrapper 2009-01-31 17:50:18 +01:00
Volker Lendecke
e60d69d67d Add an async np_write wrapper 2009-01-31 17:50:18 +01:00
Volker Lendecke
520f88143b Remove some unused code 2009-01-20 16:41:32 +01:00
Volker Lendecke
b8b6cddb29 Remove some smb fsp knowledge from rpc_server/
np_open/read/write don't have to know about files_struct
2009-01-20 16:41:14 +01:00
Volker Lendecke
bd4718d281 Make use of TALLOC_FREE 2009-01-20 14:34:51 +01:00
Volker Lendecke
141b76d747 Remove unused argument "vuid" from make_internal_rpc_pipe_p 2009-01-03 15:25:00 +01:00
Volker Lendecke
2bb90b7a88 Remove "conn" parameter from np_open, smb_request contains it 2008-11-28 10:06:32 +01:00
Volker Lendecke
907f126d3e Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! 2008-11-24 11:39:03 +01:00
Volker Lendecke
ace87f16c0 For proxied named pipes, connect to np/<pipe_name> and send auth info
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-11-06 21:39:15 +01:00
Volker Lendecke
63da08d00f Apply some const to np_write() 2008-11-01 19:41:07 +01:00
Volker Lendecke
7bea6684c2 Add proxied named pipe support
This is a central piece of the "merged build" thing: Forward named pipes from
samba3 to samba4. This patch is not finished yet, as we will have to forward
the smb-level authentication information to samba4, but I'm pushing this patch
already to demonstrate the implementation without clutter.

It adds an intermediate parameter

np:proxy = srvsvc samr winreg wkssvc ... and so on

that states which of the pipes should be forwarded to the s4 unix domain socket
DEFAULT. The parameter is intermediate because once we have a proper endpoint
mapper implementation, this information will be retrieved out of a database.

If anybody wants to try this, do the merged build and configure s4 with

server services = samba3_smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl
samba3:smbd = /data/inst/sbin/smbd

and s3 with

auth methods = guest netlogond
np:proxy = srvsvc samr winreg wkssvc netlogon ntlsa ntsvcs lsass lsarpc netdfs \
rpcecho initshutdown epmapper svcctl eventlog drsuapi

Then run rpcclient against samba4. It will fork s3, which authenticates against
s4, and then forwards the rpc requests to s4.

Volker
2008-10-25 15:42:51 +02:00
Volker Lendecke
f87219d6e6 Move the is_known_pipename check into np_open 2008-10-25 15:23:36 +02:00
Volker Lendecke
ff211be696 Remove "pipe_handle_offset" -- pipes now use "struct files_struct" 2008-10-25 12:09:58 +02:00
Volker Lendecke
2b1bef7e87 Remove the current_spoolss_pipes_open thingy.
I looked at a checkout from 2002 and even there it did not what it was supposed
to do. Sadly this also removes one of the nicest comments in the whole Samba
code :-)
2008-10-13 20:59:35 +02:00
Volker Lendecke
76dfca1569 Make the internal pipe functions static 2008-10-13 20:59:34 +02:00
Volker Lendecke
a781b78417 Remove smb_np_struct 2008-10-13 20:59:33 +02:00
Volker Lendecke
ac126ea818 Use "struct files_struct" for pipes instead of smb_np_struct 2008-10-13 20:59:32 +02:00
Volker Lendecke
756b4b6048 Revert "Make get_rpc_pipe() static"
This reverts commit f25972832e.
2008-10-12 12:16:18 +02:00
Volker Lendecke
f25972832e Make get_rpc_pipe() static 2008-10-12 11:45:33 +02:00
Volker Lendecke
6b98c1b159 Remove unused #defines 2008-10-12 11:45:26 +02:00
Jeremy Allison
e29e81624e Fix duplicate gloabl warning.
Jeremy.
(This used to be commit 6da33797b0)
2008-07-30 15:01:33 -07:00
Volker Lendecke
33cbe2f88c make read/write to internal pipes available externally
(This used to be commit e11b5cb1e0)
2008-07-26 13:20:10 +02:00
Volker Lendecke
a803f0a920 Refactoring: Make close_internal_rpc_pipe_hnd a talloc destructor
(This used to be commit 10b47a0c2c)
2008-07-26 13:20:10 +02:00
Volker Lendecke
1ee37bc9c3 Refactor make_internal_rpc_pipe_p: connection_struct is not needed
(This used to be commit defcf0eecf)
2008-07-26 13:20:10 +02:00
Volker Lendecke
aa02c3fcd5 Remove p->vuid
The users can use p->server_info.

Now pipes_struct is decoupled from the SMB transport.
(This used to be commit d4cf5a1319)
2008-06-26 13:13:23 +02:00
Volker Lendecke
747a580952 Now that we have p->server_info, use p->server_info->user_session_key
(This used to be commit aefad64e3a)
2008-06-26 13:13:23 +02:00
Volker Lendecke
d331624fdf Add server_info to pipes_struct
(This used to be commit d621867bb8)
2008-06-26 13:13:22 +02:00
Volker Lendecke
9ff4001245 Remove "conn" from pipes_struct
For spoolss, we need the client's IP address
(This used to be commit 64a4dfaa82)
2008-06-24 10:31:36 +02:00
Volker Lendecke
df905a5d77 Make pipes_struct its own talloc ctx
(This used to be commit 829b1ad469)
2008-06-21 10:34:34 +02:00
Volker Lendecke
c203de0e3a Fix a SAFE_FREE/TALLOC_FREE mixup
(This used to be commit b39852f513)
2008-06-21 10:34:34 +02:00
Volker Lendecke
82d2f07dae Remove "session_key" from "struct user_struct"
This one took a bit -- I hope I covered all data paths
(This used to be commit 74c88a4442)
2008-05-05 18:28:59 +02:00
Volker Lendecke
bb3755968f Remove "nt_user_token" from "struct user_struct"
(This used to be commit 51d5d512f2)
2008-05-05 18:28:58 +02:00
Marc VanHeyningen
e06aa46b9f Coverity fixes
(This used to be commit 3fc85d2259)
2008-03-17 20:52:25 +01:00
Volker Lendecke
02dd1f7f4c Make smb_np_struct talloc'ed
Convert "name" from string to a talloc'ed char *
(This used to be commit e82069f921)
2007-12-16 12:59:21 +01:00
Volker Lendecke
a9b6deaa05 Remove unused code
(This used to be commit fcd45ad6fb)
2007-12-16 12:59:14 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Gerald (Jerry) Carter
e5a951325a [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.
(This used to be commit 5c6c8e1fe9)
2007-10-10 15:34:30 -05:00
Jeremy Allison
d5c9d87946 r25118: More pstring elimination.
Jeremy.
(This used to be commit 7632f8fb40)
2007-10-10 12:30:41 -05:00
Jeremy Allison
fe6644fb5a r25023: Coverity #455. Not actually a bug, but this clarifies
the code a lot.
Jeremy.
(This used to be commit 5ba12eefbe)
2007-10-10 12:30:35 -05:00
Volker Lendecke
bfbd756535 r24106: Pass fnum instead of buf/offset into get_rpc_pipe_p
(This used to be commit eb353412c6)
2007-10-10 12:29:07 -05:00
Volker Lendecke
ece86db24c r23991: Some const
(This used to be commit 804be77e46)
2007-10-10 12:28:53 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
(This used to be commit 87c91e4362)
2007-10-10 12:28:27 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Stefan Metzmacher
56ba447668 r22001: change prototype of dump_data(), so that it takes unsigned char * now,
which matches what samba4 has.

also fix all the callers to prevent compiler warnings

metze
(This used to be commit fa322f0cc9)
2007-10-10 12:18:59 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Günther Deschner
1d5ab8fd05 r14597: Merge DCERPC_FAULT constants from Samba 4.
Guenther
(This used to be commit 3f195f8248)
2007-10-10 11:15:38 -05:00
Jeremy Allison
77709e58ad r14031: Coverity bug CID #110. Free all resources correctly
on pipe initialization failure.
Jeremy.
(This used to be commit daa919a94b)
2007-10-10 11:11:06 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Jeremy Allison
d14af63e6a r13293: Rather a big patch I'm afraid, but this should fix bug #3347
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
2007-10-10 11:06:21 -05:00
Jeremy Allison
05fafb8396 r11950: If we got a connection oriented cancel pdu we would spin processing it.
Fix that, and also add in comments for all possible CL and CO PDU
types. Make sure we process them correctly.
Jeremy.
(This used to be commit 672113a627)
2007-10-10 11:05:39 -05:00
Gerald Carter
90b1ca2597 r11292: Missed merge from Samba 2.2 many years ago....
Don't count open pipes in the num_files_open on a connection.
conn_idle_all() handles this by looking for open rpc handles
If there are no open handles, we can close the IPC$ share.
(This used to be commit 747fba4dbf)
2007-10-10 11:05:10 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Jeremy Allison
7b9d6ac23e r6595: This is Volkers new-talloc patch. Just got the go-ahead from
Volker to commit. Woo Hoo !
Jeremy.
(This used to be commit 316df944a4)
2007-10-10 10:56:46 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Jeremy Allison
cd87b3b972 r1414: Memory leak fixes found by valgrind whilst checking the password history code.
Error code paths were not freeing up some memory.
Jeremy.
(This used to be commit 7c4666e56c)
2007-10-10 10:52:11 -05:00
Jeremy Allison
d4ac326d46 r1412: Fix password history list in tdbsam. Fix some memory leaks. Add
my (C) to a header file that was at least 50% mine :-).
Jeremy.
(This used to be commit 8ee6060977)
2007-10-10 10:52:10 -05:00
Volker Lendecke
5f9af6df05 r1338: A netlogon schannel failure is a normal event with XP clients. They cache the
netlogon session key and try to reconnect using that key. This fails with a
restarted smbd, we expect another serverauth2. XP falls back immediately.

Make the corresponding messages a debug level 3, not 0 to not flood log.smbd.

Volker
(This used to be commit 4fda68a62f)
2007-10-10 10:52:07 -05:00
Jeremy Allison
8c0db1bbc4 r786: Memory leak fixes in (mostly) error code paths from
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in
mainline code paths though :-).
Jeremy.
(This used to be commit 4695cc95fe)
2007-10-10 10:51:38 -05:00
Volker Lendecke
35016d0201 r238: Fix memleak
(This used to be commit fe7daa3b8a)
2007-10-10 10:51:15 -05:00
Gerald Carter
16194fbc5a fix process_incoming_data() to return the number of bytes handled this call whether we have a complete pdu or not; fixes bug with multiple pdu request rpc's broken over SMBwriteX calls each
(This used to be commit ff06f3ca8e)
2003-12-04 20:20:59 +00:00
Andrew Bartlett
fcbfc7ad06 Changes all over the shop, but all towards:
- NTLM2 support in the server
 - KEY_EXCH support in the server
 - variable length session keys.

In detail:

 - NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).

 * This is known as 'NTLMv2 session security' *

(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes.  We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)

This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed.  This also needs to be turned off for
'security=server', which does not support this.

- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.

- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.

- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure.  This should help the SPNEGO implementation.

- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.

- The other big change is to allow variable length session keys.  We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter.  However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.

 * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *

- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe.  This
should help reduce some of the 'it just doesn't work' issues.

- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer.  (just allocate)


REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0d)
2003-11-22 13:19:38 +00:00
Tim Potter
cedc634118 Fix typo in debug statement.
(This used to be commit 66e5043553)
2003-11-04 19:53:37 +00:00
Tim Potter
fbb8f131c2 Fix more 64-bit printf warnings.
(This used to be commit 23443e3aa0)
2003-11-03 14:34:25 +00:00
Gerald Carter
11777e6a30 Attempt at fixing bug #283. There however is no solution.
There is a workaround documented in the bug report.

This patch does:

  * add server support for the LSA_DS UUID on the lsarpc pipe
  * store a list of context_ids/api_structs in the pipe_struct
    so that we don't have to lookup the function table for a pipe.
    We just match the context_id.  Note that a dce/rpc alter_context
    does not destroy the previous context so it is possible to
    have multiple bindings active on the same pipe. Observed from
    standalone win2k sp4 client.
  * added server code for DsROleGetPrimaryDOmainInfo() but disabled it
    since it causes problems enumerating users and groups from a 2ksp4
    domain member in a Samba domain.
(This used to be commit 96bc2abfcb)
2003-08-14 21:14:28 +00:00
Volker Lendecke
b4d0f208fb Merge the TNG netlogon schannel from HEAD.
No more XP requiresignorseal anymore!

Thanks again to Luke :-)

Volker
(This used to be commit 6b2b55901d)
2003-04-06 07:04:09 +00:00
Jeremy Allison
8fc1f1aead Ensure that only parse_prs.c access internal members of the prs_struct.
Needed to move to disk based i/o later.
Jeremy.
(This used to be commit a823fee5b4)
2003-02-14 22:55:46 +00:00
Jeremy Allison
ef8bd7c4f7 Forward port the change to talloc_init() to make all talloc contexts
named. Ensure we can query them.
Jeremy.
(This used to be commit 09a218a9f6)
2002-12-20 20:21:31 +00:00
Jeremy Allison
83219da302 Fix for systems that allow more than 65536 open files per process.
Jeremy.
(This used to be commit 947a56ce00)
2002-10-22 22:17:29 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Gerald Carter
7dbaaa0964 merge from APPLIANCE_HEAD
(This used to be commit e734c1971d)
2002-02-08 21:51:40 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Gerald Carter
e24937d9a2 merge from appliance_head
(This used to be commit 38d2d26af9)
2002-01-22 18:19:00 +00:00
Andrew Bartlett
32101155d4 Kill off another ugly wart from the side of the passdb subsystem.
This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'.  This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.

This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.

Andrew Bartlett
(This used to be commit 799ac01fe0)
2002-01-20 13:26:31 +00:00
Andrew Bartlett
bb6af711b8 This is the current patch from Luke Leighton <lckl@samba-tng.org> to add a
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.

This patch is designed for no change in behaviour, and my tests hold that to be
true.  This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.

The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.

Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).

Andrew Bartlett
(This used to be commit 8ef13cabdd)
2002-01-20 02:40:05 +00:00
Jeremy Allison
198612deda Changed MAX_OPEN_PIPES to 2048.
Jeremy.
(This used to be commit 591d217ed4)
2001-11-05 07:42:55 +00:00
Tim Potter
d876260d88 Don't put a \n on the end of the arg to exit_server()
(This used to be commit dfb8566220)
2001-11-05 00:02:38 +00:00
Jeremy Allison
d04824639d Raise simultaneous open pipes from 64 to 1024 for large print server
environments.
Jeremy.
(This used to be commit e5f8147d02)
2001-10-27 07:16:48 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Simo Sorce
87945989c0 move to SAFE_FREE()
(This used to be commit 5ceecc7bef)
2001-09-17 10:26:23 +00:00
Andrew Tridgell
b031af348c converted another bunch of stuff to NTSTATUS
(This used to be commit 1d36250e33)
2001-08-27 19:46:22 +00:00
Jeremy Allison
d309035c3e Spaces -> Tabs.
Jeremy.
(This used to be commit 5b665122f5)
2001-08-26 20:05:33 +00:00
Tim Potter
b5a5fe44cc Fix for filers sending -1 for the maximum read request length on the
LSA pipe.
(This used to be commit 95307a5d38)
2001-08-23 18:05:44 +00:00
Tim Potter
fd0f3dfd3c Fixed typo in debug message.
(This used to be commit d05577c332)
2001-06-19 06:52:45 +00:00
Jeremy Allison
c912d04389 Fix the W2KSP2 joining a Samba domain problem.
Jeremy.
(This used to be commit 6bbcab5e48)
2001-05-18 01:30:21 +00:00
Jeremy Allison
e532d96a26 Move to a handle database per pipe name, not per pipe.
Jeremy.
(This used to be commit a24b248a77)
2001-03-13 20:18:45 +00:00
Jeremy Allison
5107a7a96a Ok - we're now sending back policy handles to bigendian AS/U correctly.
Jeremy.
(This used to be commit 67e09aea47)
2001-03-12 20:19:31 +00:00
Jeremy Allison
7c99297ea1 Looks like AS/U doesn't set the FIRST flag in a BIND packet.
Jeremy.
(This used to be commit a8df5e04b5)
2001-03-12 16:43:01 +00:00
Jeremy Allison
b2bc2bfaf0 Ensure we're checking for the "FIRST" flag in other types of PDU than "REQUEST"
(ie. BIND, BINDRESP and ALTERCONTEXT) - if we don't do this then we don't set
the endianness flag correctly for these PDU's.
Herb - this should fix the bug you reported to me today.
Jeremy.
(This used to be commit dde795154c)
2001-03-11 04:33:05 +00:00
Jeremy Allison
da3053048c Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158)
2001-03-11 00:32:10 +00:00
Jeremy Allison
00ab9021b0 Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d)
2001-03-09 23:48:58 +00:00
Jeremy Allison
93169a1f34 Roll back to using malloc/realloc on some of spoolss in head.
I'm having problems with talloc_realloc in the 2.2 branch and I
want a stable reference.

The only problem is this breaks the clean auto-generated code
in *one* call in srv_spoolss.c (the rfnpcnex call).

Jeremy.
(This used to be commit 57a9340cba)
2001-03-03 05:27:26 +00:00
Jeremy Allison
5265ce7837 Added total memory allocated counter to talloc, so we can tell if a talloc
pool is getting bloated. Also added a talloc_zero function to return zeroed memory.
Added debug in rpc_server/srv_pipe_hnd.c so we know when a talloc pool is being
freed. Syncup with srv_pipe_hnd.c from 2.2 so we are freeing memory at the same time.
Jeremy.
(This used to be commit d3a56c6042)
2001-02-27 19:22:02 +00:00
Jeremy Allison
06e4f11acd Fixed up the user/group contexts when using authenticated pipes.
Added a become_root()/unbecome_root() (push/pop security context)
around the initgroups() call to ensure it would succeed. Hmmm - I
wonder if this call being done as non-root might explain any "group access"
bugs we've had in the past....
Jeremy.
(This used to be commit 06a65972e8)
2000-08-04 00:59:09 +00:00
Jeremy Allison
7f36df301e Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817)
2000-08-01 18:32:34 +00:00
Jeremy Allison
5ec1642809 Ok - this is a *BIG* change - but it fixes the problems with static strings
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.

The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.

A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.

This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().

This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.

The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.

Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.

Jeremy.
(This used to be commit 0ff2ce543e)
2000-07-27 00:47:19 +00:00
Tim Potter
f048209484 Some more sec_ctx changes. Modified some fields in the pipe_struct
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124d)
2000-07-03 06:52:31 +00:00
Tim Potter
218653764f Removed save directory argument to become_root() calls. Probably most of
this stuff doesn't need to be done as root anyway.
(This used to be commit c3cad0ff64)
2000-06-23 05:53:18 +00:00
Shirish Kalele
f3c44fba11 Fixed memory leak in RPC parsing code.
Problem in prs_set_buffer_size() was Realloc returns a NULL when newsize is zero (equivalent to a free()). We were returning a failure here without resetting the buffer_size or the data_p pointer in the prs_struct. And we weren't checking for a failure from prs_set_buffer_size(). So realloc's to zero size were not reflected in the prs_struct: memory leak.
(This used to be commit 590d9ece84)
2000-05-26 22:37:08 +00:00
Jeremy Allison
819c154498 Fixed bug I introduced last night (sorry). Now truncate incoming prs_struct
buffer size to exact size of incoming data to prevent read overruns into slop
space.
Jeremy.
(This used to be commit aa1a4f46da)
2000-05-17 19:17:16 +00:00
Andrew Tridgell
49a0e6d598 more merging voodoo
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c)
2000-05-10 10:41:59 +00:00
Jeremy Allison
045469493c rpc_server/srv_lsa.c: Bring into sync with 2.0.x.
rpc_server/srv_pipe_hnd.c: Bring into sync with 2.0.x.
smbd/blocking.c: Improve blocking debug reporting.
utils/torture.c: Added check for NT locking bug.
Jeremy.
(This used to be commit e8ff6d3fb5)
2000-05-04 21:57:28 +00:00
Andrew Tridgell
f3a861e04e - use full_name instead of real_name
- got rid of guest map code in lpq parser
(This used to be commit 8e53f781d3)
2000-05-04 07:59:34 +00:00
Andrew Tridgell
32d5416b6a split the username in the vuser structure into a separate
userdom_struct. As the name implies this also contains a domain
(unused at the moment).

This will be important shortly, as operation in appliance mode needs
the domain to be always carried with the username.
(This used to be commit ee8546342d)
2000-05-02 13:55:42 +00:00
Jeremy Allison
693ffb8466 Added sys_fork() and sys_getpid() functions to stop the overhead
of doing a system call every time we want to just get our pid.
Jeremy.
(This used to be commit 148628b616)
2000-05-02 02:23:41 +00:00
Andrew Tridgell
9e3f457db0 fixed a prs memory leak (weren't freeing input buffer)
(This used to be commit be7186b0dd)
2000-04-23 07:38:18 +00:00
Jeremy Allison
15bb28ccd2 IRIX include fixes.
Jeremy.
(This used to be commit 3a39acd353)
2000-03-31 20:44:55 +00:00
Jeremy Allison
5e22394654 Fixups for compiles with gcc flags -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual
Partially implemented rpc daemon redirect (needs more work).
Jeremy.
(This used to be commit a462191698)
2000-03-10 19:50:03 +00:00
Jean-François Micouleau
115d98e639 removed unused variable
J.F.
(This used to be commit e2557ae551)
2000-03-10 17:06:12 +00:00
Jeremy Allison
6bb92a6d38 Big update moving the multi-pdu support from 2.0.x into HEAD for JF
and the printer functions.
Also tidied up some header includes and got the order right so you
can now do a :

make proto
make clean
make

Jeremy.
(This used to be commit 833cd9fba9)
2000-03-09 21:45:16 +00:00
Jeremy Allison
9db96b7646 lib/system.c: Fixed gcc warnings.
nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0.
Others - preparing for multiple pdu write code.
Jeremy.
(This used to be commit 9f879ec396)
2000-02-23 02:02:33 +00:00
Luke Leighton
d91bfabc5d made cvs main up-to-date with samba_tng, with addition of process id to
msrpc loop-back interface.
(This used to be commit adbf97c0a9)
2000-01-21 02:33:21 +00:00
Luke Leighton
8433aa4379 modified smbd/msrpc credential transfer system. user session key
is *missing* from samba cvs main, therefore it is set to all zeros.
this will cause, amongst other things, administrator-changing-user-passwords,
and setting up new accounts, to fail, as the user's password can only be
decoded with the session key (in this case, the administrator's usr sess key).

it's never a perfect world, is it?
(This used to be commit 3362fcdfa4)
2000-01-11 02:00:31 +00:00
Luke Leighton
fbd17c8daf simple mods to add msrpc pipe redirection. default behaviour: fall back
to using internal msrpc code in smbd.
(This used to be commit 8976e26d46)
2000-01-03 19:19:48 +00:00
Andrew Tridgell
3db52feb1f first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76)
1999-12-13 13:27:58 +00:00
Luke Leighton
4f8a24522c final part of "first" phase converting over to msrpc daemon architecture.
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage.  this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there.  for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.

this first implementation has minor problems with not reinstantiating
the same services as the caller.  the "homes" service is a good example.
(This used to be commit caa5052522)
1999-12-12 20:03:42 +00:00
Luke Leighton
0ce128e355 delineation between smb and msrpc more marked. smbd now constructs
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service.  the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.

this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).

removed reference to pipes_struct in msrpc services.  all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.

created become_vuser() which does everything not related to connection_struct
that become_user() does.

removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.

todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.

had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons.  why?  because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency.  so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc.  this is the MINIMUM info identified so far that's
actually implemented.  missing bits include the called and calling
netbios names etc.  (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8d)
1999-12-12 01:25:49 +00:00
Luke Leighton
a0ba234cf9 the first independent msrpc daemon - lsarpcd.
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.

the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons.  i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real.  at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.

i can't believe this all worked!!!
(This used to be commit 2245b0c6d1)
1999-12-06 00:44:32 +00:00
Luke Leighton
003f7364fd adding error checking in parsing code
(This used to be commit 4c98d71ebd)
1999-10-15 20:00:30 +00:00
Luke Leighton
43a460075a SAM database "set user info".
----------------------------

- removed DOM_RID4

- removed SAMR_UNKNOWN_32

- added SAMR_SET_USERINFO (opcode 0x32)

- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)

- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

- added mod_sam21pwd_entry()

- preparing to call mod_sam21pwd_entry()

- added "user session key" to user_struct.dc.  this is md4(nt#) and is
  needed to decode user's clear-text passwords in SAMR_SET_USERINFO.

- split code out in chgpasswd.c to decode 516 byte password buffers.
(This used to be commit 2e58ed7424)
1999-03-25 13:54:31 +00:00
Matthew Chapman
a4bc522a72 The line:
this_pdu_data_pos = data_pos - p->prev_pdu_file_offset;

is correct for first two PDU's only, after that it results in extra
garbage after each fragment and hence "Protocol Error" messages from
NT4 SP4. Changed to:

    this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18);
(This used to be commit b9e8a3ef3a)
1999-03-21 13:01:31 +00:00
Luke Leighton
96983a13ba when multiple independent large rpc calls come in on the same pipe,
prev_pdu_file_offset was not being re-initialised to zero.
(This used to be commit fcaa121441)
1999-02-09 21:42:39 +00:00
Luke Leighton
f61fc8923d corrections to get data stream for 2nd and subsequent pdus copied from
right place (forgot to subtract 0x18 header bytes)
(This used to be commit 5b9a7278da)
1999-02-03 01:58:52 +00:00
Luke Leighton
fe609d810e multiple dce/rpc PDUs failed to work after ntlmssp update was added.
(This used to be commit f082f07e76)
1999-02-03 00:48:27 +00:00
Luke Leighton
1ebeb54932 some quite important bug-fixes i missed because i transferred the wrong
smb.tgz file from my portable.

particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.

smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data.  rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length.  this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a9)
1998-10-20 18:27:49 +00:00
Luke Leighton
a785f8d2c9 dce/rpc
(This used to be commit 29434f496c)
1998-10-16 23:40:59 +00:00
Luke Leighton
d4a82ea26d rpc client mods (ntlmssp flags)
(This used to be commit 16256f86bf)
1998-10-16 20:07:02 +00:00
Luke Leighton
a42afcdcc7 bug-fixing against:
AS/U:
      it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
      response, when they should be set in a (small) packet.  they also,
      in the bind/ack do not set a secondary address string at all, so
      we can't check against that...

Win95:
      client-side dce/rpc code is a bit odd.  it does a "WaitNamedPipeState"
      and has slightly different pipe-naming (\PIPE\LANMAN is joined by
      \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
      and \PIPE\).

Win95-USRMGR.EXE:
      added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
      added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b)
1998-10-15 05:47:29 +00:00
Luke Leighton
6909350ed9 dce/rpc
(This used to be commit 62fdeef1b7)
1998-10-08 23:57:46 +00:00
Luke Leighton
48b31ae44f dce/rpc
(This used to be commit 6677b888bd)
1998-10-07 21:42:24 +00:00
Luke Leighton
2fef8f2e87 dce/rpc
(This used to be commit 34afa638f6)
1998-10-07 15:22:49 +00:00
Jeremy Allison
5b4d94e20f (Finally) implemented "max open files" as a global smb.conf parameter.
Sets up the files array correctly - limited by the smb.conf parameter
and by the max fd's per process as found by getrlimit().
Jeremy.
(This used to be commit eca24bd243)
1998-09-30 01:49:24 +00:00
Jeremy Allison
9066025a8a Got very strict about the differences and uses of
uid_t, gid_t and vuid. Added sys_getgroups() to get
around the int * return problem. Set correct datatypes
for all uid, gid and vuid variables.
Jeremy.
(This used to be commit e570db46fc)
1998-09-29 20:24:17 +00:00
Luke Leighton
500a474aae nttrans.c:
winreg was missing from the list of pipes.  advise using the array
already defined in... rpc_parse/parse_rpc.c's pipe_names[], but
writing code to strip "\PIPE\" from the front when making the
check.

one location to update when adding new pipes, not two.


srv_pipe_hnd.c:

moved the ZERO_STRUCT(p) macro to _before_ the DLIST_ADD(Pipes, p) macro.

dlinklist.h:

added { }s around the code inserted by DLIST_ADD and DLIST_REMOVE macros
(This used to be commit 29201d4b9b)
1998-09-23 21:49:09 +00:00
Andrew Tridgell
f6044c87c0 some cleanups to use ZERO_STRUCT() and friends
(This used to be commit 7b154dc431)
1998-09-05 13:24:20 +00:00
Andrew Tridgell
e9ea36e4d2 tridge the destroyer returns!
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...

I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).

in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.

So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)

One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87)
1998-09-05 05:07:05 +00:00
Andrew Tridgell
72ed7049d8 added some optimisation for the case where the number of open files is
very large. files.c now promotes a files_struct to the top of the list
if it is used when it is more than 10 elements from the top.

also moved common linked list code for the 5 sets of linked lists that
I've created over the past few days into dlinklist.h (I've explained
to Chris why I didn't use the ubiqx code)
(This used to be commit 1eb9ae2996)
1998-08-17 06:47:53 +00:00
Andrew Tridgell
8978aae696 much cleaner chain pointer handling for both files and pipes.
the chain pointer is now stored as a static and is set whenever a
handle is created or extracted. This also makes the code less error
prone.
(This used to be commit 068a862982)
1998-08-17 03:52:05 +00:00
Andrew Tridgell
f2d538a105 some cleanups from the conversion of Pipes[] to a linked list. I also
removed most cases where a pnum is used and substituted a pipes_struct*.

in files.c I added a offset of 0x1000 to all file handles on the
wire. This makes it much less likely that bad parsing will give us the
wrong field.
(This used to be commit 8bc2627ff2)
1998-08-17 03:06:20 +00:00
Andrew Tridgell
127655cc88 this checkin gets rid of the global Files[] array and makes it local
in files.c

it should now be faily easy to expand the default MAX_OPEN_FILES to
many thousands.
(This used to be commit b088c804f9)
1998-08-15 07:27:34 +00:00
Andrew Tridgell
b9623ab59e this is the bug change to using connection_struct* instead of cnum.
Connections[] is now a local array in server.c

I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead)
1998-08-14 17:38:29 +00:00
Luke Leighton
4ff2a51c15 compiler warning for unimportant uninitialised variable
(This used to be commit 81bf263092)
1998-05-06 12:11:35 +00:00
Luke Leighton
9189005f7f ABOUT time. dce/rpc long packet format now works, server-side.
turns out that [it can be deduced that] microsoft ignores the SMBreadX
offset, and goes by the SMBreadX length only.  this makes for a lot simpler
code, in both client and server.
(This used to be commit a8b641c027)
1998-04-24 21:01:08 +00:00