1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

374 Commits

Author SHA1 Message Date
Jeremy Allison
05eb22f77c reply.c: Added code to not overwrite sesssetup_user when in share level security
and null session setup done.
smbpasswd.c: Fix from Gerald Carter <cartegw@Eng.Auburn.EDU> to fix incorrect
             use of pointer.
Jeremy.
(This used to be commit 69ace07609)
1998-05-11 17:53:37 +00:00
Luke Leighton
f004d84f68 ldap back-end database development
Makefile:

	created PASSBD_OBJ group

includes.h:

	added #ifdef USE_LDAP to #include <ldap> headers

ldap.c:

	- renamed "_machine" to "_trust" everywhere.
	- added sam_passwd support routines
	- removed get_ldappwd_entry function: replaced with get_sampwd_entry
	- removed getldappwnam/uid: replaced with getsampwnam/uid
	- other messing about bits which are probably going to annoy the
	  hell out of jean-francois (sorry!)

mkproto.awk:

	- added stuff to wrap ldap.c protos with #ifdef USE_LDAP
	- added uid_t and gid_t return results to the prototype generation

passdb.c:

	- created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry.
	- modified getsampwnam/uid and created getsam21pwnam/rid functions
	  to replace the local get_smbpwd_entry() and get_ldappwd_entry()
	  functions, which jeremy didn't like anyway because they were
	  dual-purpose.
	- added utility routines which are or may be useful to all the
	  password database routines.

password.c:

	- renamed "machine_" to "trust_" everywhere.

smbpass.c:

	- removed get_smbpwd_entry function: replaced it with get_sampwd_entry
	  functions in passdb.c
	- moved code that decoded acct_ctrl into passdb.c
	- moved encode_acct_ctrl into passdb.c
	- removed getsmbpwnam/uid: replaced with getsampwnam/uid
	- renamed "machine_" to "trust_" everywhere.

smbpasswd.c:

	- renamed "machine_" to "trust_" everywhere.

util.c:

	- moved gethexpwd function into passdb.c

lib/rpc/server/srv_util.c:

	- moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c
(This used to be commit 673ab50c4c)
1998-05-11 15:56:01 +00:00
Andrew Tridgell
3dfc0c8472 changed to use slprintf() instead of sprintf() just about
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.

This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb)
1998-05-11 06:38:36 +00:00
John Terpstra
839e47c5a6 Updated OSF1_ENH_SEC mode password handling.
This now tries Enhanced passwords first and if this fails trys Basic
mode (ie: Unix /etc/passwd) authentication. This only happens when
OSF1_ENH_SEC is defined at compilation.
(This used to be commit 29462c8d7a)
1998-05-10 06:20:27 +00:00
Jeremy Allison
9f57f01b14 clitar.c: #ifdef'ed out all the bits that were giving 'defined but not used'
messages.
nttrans.c: More updates.
smb.h: Removed stuff that didn't belong in the smb_passwd struct. Persuaded Luke
       to use a new structure.
web/swat.c: Fixed gcc complaints about shadowing global 'string'.
Jeremy.
(This used to be commit 61c1dbb978)
1998-05-08 16:59:30 +00:00
Jeremy Allison
9273102ea5 smb.h: Supporting defines for NT trans calls.
trans2.c: Paranoia bugfixes added when studying nttrans.c.
Jeremy.
(This used to be commit 94e70edef9)
1998-05-08 01:23:11 +00:00
Jeremy Allison
4cc7a1b0ef Initial cut at the code that will do NT SMB calls. Not linked in, not
compiled yet, just checked in for safe keeping :-).
Jeremy.
(This used to be commit 74565f0039)
1998-05-08 01:22:16 +00:00
Jeremy Allison
01df1ed95f This should (hopefully :-) be the final fix for the %U %G substitution
problem....
smbpass.c: Removed Luke's dire warning - as some of the functions in here
*need* to be called externally :-).
Jeremy.
(This used to be commit 1fd8d12ca4)
1998-05-07 19:04:14 +00:00
Luke Leighton
d8d9f77233 created "passdb.c" which is an interface point to (at present) either
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).

_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.

-DUSE_LDAP is unlikely to compile at the moment.
(This used to be commit 57b01ad4ff)
1998-05-07 18:19:05 +00:00
Christopher R. Hertel
10a610cbc4 Andrew redefines the free() function to do some memory management testing.
He also suggested that some systems may implement free() as a macro (but
I think he was looking for an excuse ;).  Anyway, I've added a function
to mangle.c that calls free().
Chris -)-----
(This used to be commit 95f7b03285)
1998-05-06 19:22:45 +00:00
Jeremy Allison
346abceb27 smbpass.c: Fixed machine_passwd_lock() problems.
password.c: Fixed machine_passwd_lock() problems.
lib/rpc/server/srv_ldap_helpers.c: Oops - broke proto.h with dummy function. Fixed now.
Jeremy.
(This used to be commit d28427f21f)
1998-05-06 18:45:57 +00:00
Jeremy Allison
b54509045d loadparm.c: Added #ifdef USE_LDAP around ldap code.
server.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
          as only smbd knows about usernames. Also fixes problem with calling
          standard_sub_basic() from loadparm.c.
smbpass.c: Partial tidyup of machine_password_lock() code - not finished yet.
util.c: Moved %U, %G and %N into standard_sub() from standard_sub_basic()
          as only smbd knows about usernames. Also fixes problem with calling
          standard_sub_basic() from loadparm.c.
lib/rpc/server/srv_ldap_helpers.c: Added #ifdef USE_LDAP around ldap code.
lib/rpc/server/srv_samr.c: Added #ifdef USE_LDAP around ldap code.
Jeremy.
(This used to be commit 446b98ca07)
1998-05-06 18:14:02 +00:00
Jeremy Allison
a2bddb20ed Fixes for the %U and %G problems people have reported.
Essentially, multiple session_setup_and_X's may be done
to an smbd. As there is only one global variable containing
the requested connection name (sessionsetup_user), then any
subsequent sessionsetups overwrite this name (causing %U
and %G to get the wrong name). This is particularly common
when an NT client does a null session setup to get a
browse list after the user has connected, but before
a share has been mounted.

These changes store the requested_name in the vuid structure
(so this only really works for user level and above security)
and copies this name back into the global variable before
the standard_sub call.

Jeremy.
(This used to be commit b5187ad6a3)
1998-05-06 01:34:51 +00:00
Jeremy Allison
19f76f391b genrand.c: SGI compile warning fix.
ipc.c: Fix for duplicate printer names being long.
loadparm.c: Set bNetWkstaUserLogon to false by default - new code in password.c
protects us.
nmbd_logonnames.c:
nmbd_namequery.c:
nmbd_namerelease.c: Debug messages fix.
password.c: SGI compile warning fix, fix for tcon() with bNetWkstaUserLogon call.
reply.c: SGI compile warning fix.
server.c Debug messages fix.
smbpass.c: Fix for incorrect pointer.
Jeremy.
(This used to be commit 567d3f8389)
1998-05-05 19:24:32 +00:00
Jeremy Allison
3eae1e3f8e Added patch from Bruce Tenison <btenison@dibbs.net> to allow encrypted
passwords to be stored over time, allowing a smbpasswd file migration.
Adds new parameter "update encrypted".
Will also add to 1.9.18 branch.
Docs update to follow.
Jeremy.
(This used to be commit 5d3e874d78)
1998-04-30 01:39:22 +00:00
Jeremy Allison
90177708aa Makefile: Added files to smbpasswd.c.
loadparm.c: Patch from tim@quiknet.com for static string problems.
server.c: Setup global_myname.
smbpass.c: Fix up locking. Add machine_password_delete() call.
smbpasswd.c: Added provisional code to add to a domain.
lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password.
lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password.
Jeremy.
(This used to be commit 6a7164233e)
1998-04-29 22:27:26 +00:00
Jeremy Allison
e305c2c9e2 clientgen.c: Fixed null session setup bug.
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
            Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df201)
1998-04-29 19:22:01 +00:00
Luke Leighton
a8e7f804ca password.c:
added become_root / unbecome_root around the get machine account password.

smbpass.c:

	cleaning up code.

	- turning if (BOOL_expr == False) into if (BOOL_expr)
	  what if you test if (BOOL_expr == True) and someone defines
	  True to be -1 on one system and 1 on another?  or if you get
	  inconsistent return results between developers

	- removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) -
	  cannot assume that NULL is zero integer.  plus there are typecast
	  issues to deal with

	- removed return (ret == 0) ? True : False and made this return ret == 0
	  rely on the compiler to return correct BOOL value: not all developers
	  will return True or False #defines: stick with BOOL test (non-zero).

	- removed if (ret == False) replaced with if (!ret)

	- bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a
	  boolean test if (pstring-len-len-6).

	- removed "." after debugging of filenames: the "." - a fullstop -
	  looked like it was part of the filename, making things difficult
	  to sort out.

still to be resolved: the global_myname isn't set up, such that the
machine account password file is named "TEST3..mac".
(This used to be commit 315e26c23a)
1998-04-29 11:00:12 +00:00
Jeremy Allison
d3832506b2 This is the checkin that adds the security=domain functionality.
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).

Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.

Jeremy.
(This used to be commit 17b94a7084)
1998-04-29 00:02:57 +00:00
Jeremy Allison
e7ac86607c This looks like a big change but really isn't.
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.

This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).

Jeremy.
(This used to be commit 866406bfe3)
1998-04-25 01:12:08 +00:00
Jeremy Allison
30675f81f6 Makefile: Added nterr.c into the mix.
clientgen.c: Added nt_error as an entry in the struct client_state.
password.c: Open the netlogon pipe.
smb.h: Added nt_error as an entry in the struct client_state.
lib/rpc/parse/parse_net.c: Added comments on net logon.
lib/rpc/server/srv_netlog.c: Added comments on net logon.
Jeremy.
(This used to be commit 899a9f0dce)
1998-04-23 22:59:19 +00:00
Jeremy Allison
002a47de8e clientgen.c: Added rap error codes to cli_error, moved from smbpasswd.c
password.c: Changed global cli -> pw_cli, removed strtok (bad strtok, bad :-)
use in security=server, started to extend security=domain code.
smbpasswd.c: Removed rap error code functions.
Jeremy.
(This used to be commit 0f00b8fce1)
1998-04-23 20:12:17 +00:00
Jeremy Allison
a85f5bc268 genrand.c: Changed SMB_PASSWD_FILE to lp_smb_passwd_file().
password.c: Started the initial code for domain_client_validate(). All
            bracketed with #ifdef DOMAIN_CLIENT for now.
reply.c: Call to domain_client_validate(). All
            bracketed with #ifdef DOMAIN_CLIENT for now.
smbpass.c: New code to get/set machine passwords. Tidied up nesting
           of lock calls.
Jeremy.
(This used to be commit 89fe059a68)
1998-04-23 18:54:57 +00:00
Jeremy Allison
8584c6bd66 genrand.c: Improved generation of random values, more secure.
loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
(This used to be commit e6bda112eb)
1998-04-22 00:56:38 +00:00
Luke Leighton
76d3bc36a5 put server-side long dce/rpc code in main branch.
(This used to be commit 2e1a08b28c)
1998-04-21 02:36:37 +00:00
Jeremy Allison
c41f6c8fdf Added cli_ulogoff() calls to all the exit code paths in security=server.
Jeremy.
(This used to be commit 78d87a5bfd)
1998-04-21 02:27:12 +00:00
Jeremy Allison
2dee1ed388 clientgen.c: Added cli_ulogoff() call.
password.c: Added call to cli_ulogoff on successfull sessionsetup.
Jeremy.
(This used to be commit 77882f002b)
1998-04-21 02:23:24 +00:00
Jeremy Allison
6babe8da07 Added 'passwd chat debug' parameter to allow admins to debug their
Samba passwd chat scripts.
Jeremy.
(This used to be commit 5a995f4f75)
1998-04-20 23:07:28 +00:00
Jeremy Allison
efb71742ca Makefile: Added genrand.o
clientgen.c: Changed to fill change password buffer with random stuff.
password.c: Changed to get challenge from genrand.c
server.c: Added #ifdef around O_SYNC.
version.h: Changed to 1.9.19prealpha.
genrand.c:

   New code to generate (hopefully) good random numbers for
use in crypto challenges/session keys etc.

PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!!

Jeremy.
(This used to be commit 608e985463)
1998-04-20 22:43:54 +00:00
Jeremy Allison
7b9a53b680 reply.c: Fix bugs where debug statements were accessing the fd_ptr struct
internals after Andrews' code had memset it to zero (this was causing core
dumps).
charcnv.c: Fixes for ISO8859-2 from Petr Hubeny <psh@capitol.cz>.
Jeremy.
(This used to be commit df8783ca76)
1998-04-16 19:23:10 +00:00
Jeremy Allison
041a292c43 ipc.c: Fix for printer queue spinning with Win95.
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
(This used to be commit eb4fe9ecdf)
1998-04-15 20:00:41 +00:00
Jeremy Allison
2a53d6f707 Modified interfaces to getting smb password entries from
get_smbpwd_entry (now an internal function to smbpass.c)
to a more UNIX-like :

getsmbpwnam() - get entry by name.
getsmbpwuid() - get entry by uid.

Changed the type returned by the smbpasswd enumeration
functions to be a void * so that people don't come to
depend on it being a FILE *.

These abstractions should make it much easier to
replace the smbpasswd file with a better backend
in future.

Other files changed are to match the above changes.

Jeremy.
(This used to be commit 1161cfb7f2)
1998-04-14 00:41:59 +00:00
Jeremy Allison
3f5d0ae6b2 Fixed aggregate initializer problem for gcc.
Jeremy.
(This used to be commit e74428e428)
1998-04-13 23:27:22 +00:00
Christopher R. Hertel
d5e040247e Changes include:
proto.h:  The unusual.  ;)
reply.c:  I changes some function names, and updated reply.c to match.
          See mangle.c below for more.
server.c: Changed function names and parameters in file mangle.c, so
          changed server.c calls to match.  See mangle.c below for more.

mangle.c:

  I replaced the caching mechanism used for caching reverse mangled name
  maps.  The old method was a large array of 256-byte strings.  Movement
  in the stack (including push and pop) was done by memcpy()ing whole
  chunks of memory around.

  The new system uses the ubi_Cache module which, in turn, uses a splay
  tree.  Entries are dynamically allocated using a minimum amount of
  memory.  Searches are non-linear, which should speed things up a bit,
  too.  Overall, this should save memory and be faster.

  Other changes:  I streamlined the is_mangled() test and made other
  speed enhancements including replacing some static functions with
  macros.  Added comments, etc.

Note:  Per an E'mail conversation with Andrew, the 'mangled stack'
       parameter in smb.conf doesn't do anything anymore.  The cache is
       now set for 16K bytes maximum memory usage.  The mangle stack
       parameter is silently ignored.  This can easily be changed, but
       I'd rather introduce a 'mangled cache memory' parameter and
       remove 'mangled stack'.

Remaining problems:
       While testing the module, I noticed that something is calling
       name_map_mangle() twice.  The result is that names which contain
       illegal characters are getting mangled twice.

       Also, the entire module works by overwriting the input string.
       This has a variety of nasty side effects.

Summary:

  There's a lot still to be done, but the changes I have in place *should*
  work in exactly the same way (except for the mangle stack parameter).
  The rest of the bugs and other issues are separate.

Chris -)-----
(This used to be commit 8759bec11b)
1998-04-13 22:45:52 +00:00
Jeremy Allison
cac6a060af Changes to allow Samba to be compiled with -Wstrict-prototypes
with gcc. (Not a big change although it looks like it :-).

Jeremy.
(This used to be commit cd2613c572)
1998-04-13 19:24:06 +00:00
Andrew Tridgell
e40b24249b fixed a memory leak in close_file(). Each time a file was opened
we leaked memory equal to the length of the filename.
(This used to be commit 30a347de74)
1998-04-13 11:12:44 +00:00
Andrew Tridgell
77da897307 support O_SYNC at open time in files (previously we only supported it
on individual writes)
(This used to be commit ce017a233b)
1998-04-12 02:52:13 +00:00
Jeremy Allison
e300c0346f includes.h: Moved HPUX undefine of SEMMSL to where it actually does something.
ipc.c: Added Luke's debug statement.
locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that
need it (not sure what these are yet).

membuffer.c ntdomain.h proto.h
lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h
lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c
lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c:
   Re-merge of Luke's NTDOM changes 'cos he's a lazy git with
   carpel tunnel syndrome :-).

Jeremy.
(This used to be commit 52e3966fbc)
1998-04-10 18:21:16 +00:00
Jeremy Allison
31ae9c7013 Fix for [homes] problem with security=share. We were still relying
on a valid vuid to get the connecting username - this is *never* true
(anymore) with security=share.
Jeremy.
(This used to be commit 5d6f63a7e6)
1998-04-10 01:19:18 +00:00
Jeremy Allison
af80d8e98f Makefile, loadparm.c, server.c, smb.h, util.c: Patch from
stn@techfak.uni-kiel.de (Stefan Nehlsen) to get homes from
the NIS+ map.
smbpasswd.c: Tidy up of cli_state structure.
Jeremy.
(This used to be commit fc2295e0f5)
1998-04-09 20:48:48 +00:00
John Terpstra
d1cc06083d Added const cast to struct args to get rid of compile time warning.
(This used to be commit 5d956abb4f)
1998-04-09 14:13:20 +00:00
Jeremy Allison
1af95effe9 Fix to stop Windows 95 spinning on print queue requests when it
gets an error message it doesn't understand.
Jeremy.
(This used to be commit 838e2fe2f7)
1998-04-08 19:12:22 +00:00
Jeremy Allison
724cab4d08 loadparm.c: Cause IPC$ comment to be evaluated at runtime, rather than
load time (patch from "Marty Leisner" <leisner@sdsp.mc.xerox.com>.
server.c: Patch from Josef Hinteregger <joehtg@joehtg.co.at> - string
could be overwritten when find_service() called recursively.
Jeremy.
(This used to be commit cf15b3bd74)
1998-04-06 18:14:56 +00:00
Jeremy Allison
10fe54befa includes.h: Added semaphore fix for HPUX10.x
server.c trans2.c: Added oplock deadlock bug fix.
lib/rpc/server/srv_netlog.c: Made code that changes machine account password the default.
Jeremy.
(This used to be commit 3b56fbc11e)
1998-03-31 20:55:14 +00:00
Jeremy Allison
2a0b0873e3 Fixed compile-time error introduced by log message change.
Added support for 32bit error messages needed for NTDOM code (was
in NTDOM branch, somehow missed during the merge).
Jeremy.
(This used to be commit 188fb28d7b)
1998-03-30 22:45:10 +00:00
John Terpstra
6f1fc787de Added remote machine and address to debug message in make_connection() function.
contributor: <ado@flower.nci.nih.gov>
(This used to be commit 7775b0f2aa)
1998-03-29 05:34:03 +00:00
Jeremy Allison
a4156f9b50 chgpasswd.c, ipc.c, loadparm.c: Added boolean "unix password sync"
parameter which allows the new change password code to change the
unix password also. Defaults to OFF.
includes.h: Added termios.h to FreeBSD to allow password changing.
namequery.c: Fixed missing name parameters to debug statements.
Jeremy.
(This used to be commit 4ac50c0f0a)
1998-03-27 19:59:14 +00:00
Jeremy Allison
f52bb48748 Fix for client generated core-dump bug where offset to readraw
was so large that when used with -DUSE_MMAP it caused the unsigned
subtraction to wrap aound and become positive - thus causing
a silly memcpy offset. Thanks to "Michael St. Laurent" <rowl@earthlink.net>
for giving me the core dump that allowed me to track this one
down.
Jeremy.
(This used to be commit c9e066037a)
1998-03-27 02:39:26 +00:00
Jeremy Allison
5d7c8375e4 clientgen.c ipc.c smbpasswd.c: Fixes for warnings (from Herb).
quotas.c: Linux quota fix.
util.c: Ensure smb_read_error is zero in all calls that can set it.
lib/rpc/include/rpc_misc.h lib/rpc/include/rpc_netlogon.h
lib/rpc/parse/parse_misc.c lib/rpc/parse/parse_net.c
lib/rpc/server/srv_netlog.c : Modify Luke's code to call
SamOEMhash().

Jeremy.
(This used to be commit 7f74970838)
1998-03-24 00:37:53 +00:00
Jeremy Allison
4269286835 Finally made OS/2 WP fix the default.
Jeremy.
(This used to be commit 7cc7a65dec)
1998-03-19 21:44:30 +00:00