1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-15 05:57:49 +03:00

319 Commits

Author SHA1 Message Date
Tim Potter
e0bdcbc599 Converted cli_net_auth2() and cli_nt_setup_creds() to return NTSTATUS. -
Simo Sorce
549fe42bd4 move to SAFE_FREE() -
Andrew Bartlett
7f04a139b2 Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c where
they can have general effect.

Fixed up workstaion support in the rest of samba, so that we can do these
checks.

Pass through the workstation for cli_net_logon(), if supplied.
-
Andrew Tridgell
dcd6e735f7 the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -
Andrew Tridgell
1d36250e33 converted another bunch of stuff to NTSTATUS -
Tim Potter
031a19639c More status32 conversions. -
Tim Potter
ea8c0a75af Fixed typo in debug message. -
Tim Potter
7d5440a7ae Set secure channel type depending on server role. -
Andrew Bartlett
ea1c547ac8 This patch does a number of things, mostly smaller than they look :-)
In particuar, it moves the domain_client_validate stuff out of
auth_domain.c to somwhere where they (I hope) they can be shared
with winbind better.  (This may need some work)

The main purpose of this patch was however to improve some of the
internal documentation and to correctly place become_root()/unbecome_root()
calls within the code.

Finally this patch moves some more of auth.c into other files, auth_unix.c
in this case.

Andrew Bartlett
-
Tim Potter
b196a52483 Use new client error api. -
Tim Potter
688da3c41d Use the new client error api. -
Tim Potter
589aaa5fb1 Removed nt_error field from cli_state as it was not used anywhere. -
Andrew Bartlett
b30b6202f3 This is my 'Authentication Rewrite' version 1.01, mostly as submitted to
samba-technical a few weeks ago.

The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards.  The
interface currently implemented in as

nt_status = check_password(user_info, server_info)

where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.

The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.

This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing.  We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.

Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree.  (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
-
Tim Potter
2e33940360 Held a shoot-out between NT_STATUS_NO_PROBLEMO and NT_STATUS_NOPROBLEMO.
According to the incorruptible judges find and grep, the latter won.

Mmm - procrastination.  (-:
-
Andrew Bartlett
cf1d1cd9d6 This fixes security=domain, which has been broke since the big charset
changeover.  For my own sainity I have created a new function to fill out both
the header and buffer for a string in an RPC struct.  This DOES NOT take a
length argument, only the actual string to be placed.

The RPC code is currently littered with code that does init_uni_hdr() followed
immidiatly by init_unistr2(), and often the length argument is wrong.  (It was
for the code I changed, even before the charset stuff).  Another bug where we
made strings AT LEAST MAX_UNICODE_LEN long hid this bug.

This works for loopback connections to Samba, and can't be any more broke than
it was before :-).  (We had double and revese conversions, fun...).

In particular this makes us multibyte complient.

In any case, if there are no objections I will slowly convert other bits of
code to the same system.
-
Andrew Tridgell
c41fc06376 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn. -
Andrew Tridgell
debb471267 The big character set handling changeover!
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
-
Jeremy Allison
2999eab5ab Use a logical cli_read(), removed the cli_read_one() hack.
Jeremy.
-
Tim Potter
f179e0ff61 Use cli_read_one() for reading DCE/RPC reply fragments. We need to check
for and ignore ERRmoredata errors as the client library doesn't support
32-bit error messages.

Added some annotations for the RPC pipe code to make it a bit clearer
maybe.
-
Tim Potter
3e3b9bc538 Fixed some return code checks for cli_initialise() from False to NULL.
Spotted by Joe Doran <joed@interlude.eu.org>
-
Tim Potter
b49c4cd441 Removed irritating and unecessary debug message. -
Tim Potter
d1e5d5d62f Broke out change trust account password routines into separate file
since they're only used in one place anyway (timeout_processing() in
process.c)
-
Tim Potter
657804f3be Added a SMB_ASSERT() so that two cli_state structures aren't opened
on different pipes.  This seriously confuses NT.  Unfortunately HEAD
branch is limited to one rpc pipe per connection as the fnum is stored
inside the cli_state structure.  It should really be broken out into
it's own structure so multiple pipes can be opened on one TCP/IP socket.

What a good idea!  But look over here! I've already done it in another
workarea but it will require a day or two to refactor some of the internal
samba rpc client stuff (i.e netlogon requests) so it will remain uncommitted
for another while.
-
Andrew Tridgell
5d899e51a4 fixed some uninitialised variables -
Gerald Carter
0feaac00a1 few cleanups to bring in line with 2.2 -
Gerald Carter
83d6bc4454 added getdriver and enumdrivers commands. Also fixed
enumprinters so that it works as well.  Couple of other
misc fixes while we're working on rpcclient.
-
Jeremy Allison
be9933ce35 Removed JRATEST line.
Jeremy.
-
Jeremy Allison
0be41d5158 Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
-
Jeremy Allison
0cd37c831d Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues.
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
-
Jeremy Allison
0e6a34510e Sync up handle creation with 2.2 branch. We can now join AS/U domains and
authenticate against them. Big/little endian issues fixed.
Jeremy.
-
Jeremy Allison
70beabf73b Ooops - forgot to check the rpcclient and smbcacls compile with the new
code :-(.
Jeremy.
-
Jeremy Allison
14d5997dc8 Move to talloc control of SPOOL_XXX structs. Move to talloc control of
security descriptors and pointers. Syncup with 2.2 tree.
Jeremy.
-
Jeremy Allison
f0d11b6997 rpc_client/cli_netlogon.c: Fixed incorrect printf.
Added Solaris ACL support.
Jeremy.
-
Jeremy Allison
bda1d6d4a4 This patch (donated by Marc Jacobsen of HP) should make Sun and HP very happy :-).
Probably Veritas too... :-).
It allows Samba as a domain member to authenticate against an AS/U server such
as the older HP PDC product or PD Netlink. It does this by trying a netlogon
with info level 3 and then falling back to info level 2 if the PDC returns
invalid info level.
Jeremy.
-
Andrew Tridgell
ba3ce3404e pipe opening now works with unicode -
Jeremy Allison
3ded1e6bd5 configure configure.in smbd/posix_acls.c smbd/dosmode.c: Fix for zero permission W2K profiles.
libsmb/cliconnect.c rpc_client/cli_login.c smbd/reply.c: codepage fixes from Tim.
Jeremy.
-
Tim Potter
79045bd72a Merge of i18n fixes from appliance branch. Samba can now talk to a network
with a PDC that has international netbios name and domain name.  There's
still quite a bit of i18n stuff to fix though...
-
Jeremy Allison
c25533de99 Fixed bug found by Gerald. If a Samba server joins a domain and is set
to search for a DC to authenticate to using the "*" syntax than ensure
that for the first hour after the password change is searches for the
PDC using the 1B name not the 1C name as domain replication may not
have occured.
Jeremy.
-
Jeremy Allison
506b5e34c3 Added lock backouts on fail.
When chaining together long lines of bloody "if" statements, which should
logically be separated, and one of them allocates memory, remember to
*free* it *WHETHER OR NOT THE IF STATEMENTS SUCCEEDED* !!!!
Yes I do consider this a bug in the coding style of Tridge, Rusty, Tim et al. :-).
I'm just pissed 'cos this took 4 hours to track down even with an insure error report
stating me in the face and also Ben Woodward looking over the code with me :-).
Jeremy.
-
Jeremy Allison
0a40bc83e1 Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. Merged
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
-
Tim Potter
1db0f31ae0 Wrong length for unistr2 in init_q_lookup_names()
Removed some more static arrays and replaced with tallocated memory
blocks.
-
Tim Potter
fa604bc85e Fixed some accidentally reversed patches. -
Jeremy Allison
9e9c71c8b3 Merged in Tim's changes : Removed static limit of MAX_LOOKUP_SIDS in rpc server and client
lsa_lookup_names() and lsa_lookup_sids().
Jeremy.
-
Tim Potter
4c8ce7af46 Removed a dead function. -
Tim Potter
817819d0cc Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from
TNG branch.

Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient.

This requires most samba binaries to link in another handful of object
files due to uncessary coupling between modules.  )-:
-
Andrew Tridgell
c9e4dea1cb fixed a typo -
Andrew Tridgell
a2d07994e0 pass the desired access into cli_nt_create() -
Andrew Tridgell
9ec4b1fa48 no longer pass the type to make_sec_desc(), instead the type is
derived from the other arguments
-
Jean-François Micouleau
b655bc281f added samr_set_user_info and info_2.
cleanup of create_user
cleanup of rid/sid mix in samr. now we only have sid.

some prs_align() missing in parse_samr.c

a small debug change in srv_pipe.c

You still can't change a user's password in this commit.
Will be availble in the next one.

	J.F.
-
Jeremy Allison
dfe77c7046 Herb's warning fixes. Also the POSIX locking fix.
We now use our own vfs layer to do get/set acl calls (hurrah!).
Jeremy.
-