From: Luke Leighton Date: Sun, 12 Dec 1999 20:03:42 +0000 (+0000) Subject: final part of "first" phase converting over to msrpc daemon architecture. X-Git-Tag: samba-4.0.0alpha6~801^2~20420 X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=4f8a24522c683761c6f2ee23dba56f6c7913377b;p=kai%2Fsamba-autobuild%2F.git final part of "first" phase converting over to msrpc daemon architecture. done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135) --- diff --git a/source3/Makefile.in b/source3/Makefile.in index d6b959afdce..9282685bbfc 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -36,9 +36,9 @@ INSTALLPERMS = 0755 # set these to where to find various files # These can be overridden by command line switches (see smbd(8)) # or in smb.conf (see smb.conf(5)) -SMBLOGFILE = $(VARDIR)/log.smb -LSARPCLOGFILE = $(VARDIR)/log.lsarpc -NMBLOGFILE = $(VARDIR)/log.nmb +LOGFILEBASE = $(VARDIR) +SMBLOGFILE = $(LOGFILEBASE)/log.smb +NMBLOGFILE = $(LOGFILEBASE)/log.nmb CONFIGFILE = $(LIBDIR)/smb.conf LMHOSTSFILE = $(LIBDIR)/lmhosts DRIVERFILE = $(LIBDIR)/printers.def @@ -83,7 +83,7 @@ FLAGS1 = $(CFLAGS) \ -I$(srcdir)/ubiqx \ -I$(srcdir)/smbwrapper \ $(CPPFLAGS) \ - -DLSARPCLOGFILE=\"$(LSARPCLOGFILE)\" \ + -DLOGFILEBASE=\"$(LOGFILEBASE)\" \ -DSMBLOGFILE=\"$(SMBLOGFILE)\" \ -DNMBLOGFILE=\"$(NMBLOGFILE)\" FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" @@ -92,7 +92,9 @@ FLAGS4 = -DDRIVERFILE=\"$(DRIVERFILE)\" -DBINDIR=\"$(BINDIR)\" -DFORMSFILE=\"$(F FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $(FLAGS4) -DHAVE_INCLUDES_H FLAGS = $(FLAGS5) $(PASSWD_FLAGS) -SPROGS = bin/smbd bin/lsarpcd bin/nmbd bin/swat +SPROGS = bin/smbd bin/lsarpcd bin/svcctld bin/spoolssd bin/samrd \ + bin/srvsvcd bin/wkssvcd bin/browserd bin/netlogond bin/winregd \ + bin/nmbd bin/swat PROGS1 = bin/smbclient bin/testparm bin/testprns bin/smbrun bin/smbstatus PROGS2 = bin/rpcclient bin/smbpasswd bin/make_smbcodepage bin/debug2html PROGS3 = @WRAP@ @WRAP32@ @@ -139,29 +141,20 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/namequery.o libsmb/nmblib.o \ RPC_SRVUTIL_OBJ = \ rpc_server/srv_pipe_hnd.o \ - rpc_server/srv_lookup.o \ rpc_server/srv_pipe.o -RPC_SERVER_OBJ1 = \ - rpc_server/srv_lsa.o \ - rpc_server/srv_netlog.o \ - rpc_server/srv_reg.o \ - rpc_server/srv_samr.o \ - rpc_server/srv_srvsvc.o \ - rpc_server/srv_svcctl.o \ - rpc_server/srv_wkssvc.o \ - rpc_server/srv_brs.o \ - rpc_server/srv_spoolss.o - -RPC_SERVER_OBJ = $(RPC_SERVER_OBJ1) $(RPC_SRVUTIL_OBJ) +RPC_SERVER_OBJ = $(RPC_SRVUTIL_OBJ) RPC_PARSE_OBJ1 = rpc_parse/parse_lsa.o \ rpc_parse/parse_net.o \ rpc_parse/parse_reg.o \ - rpc_parse/parse_samr.o rpc_parse/parse_srv.o \ + rpc_parse/parse_samr.o \ + rpc_parse/parse_srv.o \ rpc_parse/parse_wks.o \ - rpc_parse/parse_svc.o rpc_parse/parse_at.o \ - rpc_parse/parse_spoolss.o rpc_parse/parse_eventlog.o \ + rpc_parse/parse_svc.o \ + rpc_parse/parse_at.o \ + rpc_parse/parse_spoolss.o \ + rpc_parse/parse_eventlog.o \ rpc_parse/parse_brs.o RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \ @@ -178,7 +171,6 @@ RPC_PARSE_OBJ = $(RPC_PARSE_OBJ1) $(RPC_PARSE_OBJ2) RPC_CLIENT_OBJ = \ rpc_client/cli_login.o \ rpc_client/cli_netlogon.o \ - rpc_client/cli_netlogon_sync.o \ rpc_client/cli_reg.o \ rpc_client/cli_pipe.o \ rpc_client/cli_connect.o \ @@ -191,6 +183,7 @@ RPC_CLIENT_OBJ = \ rpc_client/cli_svcctl.o \ rpc_client/cli_samr.o \ rpc_client/msrpc_samr.o \ + rpc_client/msrpc_netlogon.o \ rpc_client/msrpc_lsarpc.o \ rpc_client/cli_atsvc.o \ rpc_client/cli_eventlog.o \ @@ -222,28 +215,135 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/ssl.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o smbd/vfs.o \ - smbd/vfs-wrap.o printing/nt_printing.o smbd/dfs.o \ + smbd/vfs-wrap.o smbd/dfs.o \ + rpc_server/srv_lookup.o \ smbd/challenge.o PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o -LSARPCD_OBJ1 = lsarpcd/lsarpcd.o \ - lsarpcd/lsarpcd_process.o \ - rpc_server/srv_lsa.o \ +MSRPCD_OBJ = msrpc/msrpcd.o \ + msrpc/msrpcd_process.o \ + rpc_parse/parse_net.o \ + rpc_client/cli_login.o \ + rpc_client/cli_netlogon.o \ + rpc_client/cli_pipe.o \ + rpc_client/cli_connect.o \ + rpc_client/cli_use.o \ + rpc_client/msrpc_netlogon.o \ smbd/uid.o +BROWSERD_OBJ1 = browserd/browserd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_brs.o \ + rpc_server/srv_brs.o + +WKSSVCD_OBJ1 = wkssvcd/wkssvcd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_wks.o \ + rpc_server/srv_wkssvc.o + +SRVSVCD_OBJ1 = srvsvcd/srvsvcd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_srv.o \ + rpc_server/srv_srvsvc.o + +WINREGD_OBJ1 = winregd/winregd.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_reg.o \ + rpc_server/srv_reg.o + +NETLOGOND_OBJ1 = netlogond/netlogond.o \ + rpc_server/srv_netlog.o \ + rpc_server/srv_lookup.o \ + rpc_client/cli_lsarpc.o \ + rpc_parse/parse_lsa.o \ + smbd/chgpasswd.o + +SAMRD_OBJ1 = samrd/samrd.o \ + rpc_server/srv_lookup.o \ + rpc_parse/parse_samr.o \ + rpc_client/cli_lsarpc.o \ + rpc_parse/parse_lsa.o \ + rpc_server/srv_samr.o smbd/chgpasswd.o + +SVCCTLD_OBJ1 = svcctld/svcctld.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_svc.o \ + rpc_server/srv_svcctl.o + +LSARPCD_OBJ1 = lsarpcd/lsarpcd.o \ + rpc_server/srv_lookup.o \ + rpc_client/cli_lsarpc.o \ + rpc_parse/parse_lsa.o \ + rpc_server/srv_lsa.o + +SPOOLSSD_OBJ1 = spoolssd/spoolssd.o \ + rpc_server/srv_spoolss.o \ + passdb/smbpassfile.o \ + rpc_parse/parse_spoolss.o \ + printing/nt_printing.o + SMBD_OBJ = $(SMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ $(LIBSRV_OBJ) +SRVSVCD_OBJ = $(MSRPCD_OBJ) $(SRVSVCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSTATUS_OBJ) $(LIBSRV_OBJ) + +WKSSVCD_OBJ = $(MSRPCD_OBJ) $(WKSSVCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +BROWSERD_OBJ = $(MSRPCD_OBJ) $(BROWSERD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +WINREGD_OBJ = $(MSRPCD_OBJ) $(WINREGD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) -LSARPCD_OBJ = $(LSARPCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ +SVCCTLD_OBJ = $(MSRPCD_OBJ) $(SVCCTLD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(UBIQX_OBJ) \ - $(RPC_SRVUTIL_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +LSARPCD_OBJ = $(MSRPCD_OBJ) $(LSARPCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSTATUS_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +SPOOLSSD_OBJ = $(MSRPCD_OBJ) $(SPOOLSSD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) $(PRINTING_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +NETLOGOND_OBJ = $(MSRPCD_OBJ) $(NETLOGOND_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(LIBSTATUS_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) + +SAMRD_OBJ = $(MSRPCD_OBJ) $(SAMRD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(UBIQX_OBJ) \ + $(RPC_SRVUTIL_OBJ) $(RPC_PARSE_OBJ2) \ + $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(LIBSTATUS_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ $(LIBSRV_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -287,7 +387,8 @@ TESTPARM_OBJ = utils/testparm.o \ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ +SMBPASSWD_OBJ = utils/smbpasswd.o rpc_client/cli_netlogon_sync.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(PASSDB_OBJ) \ $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) @@ -363,8 +464,12 @@ RPCTORTURE_OBJ = utils/rpctorture.o \ $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(PASSDB_OBJ) -PROTO_OBJ = $(LSARPCD_OBJ) $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \ - $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) +PROTO_OBJ = $(MSRPCD_OBJ) $(SVCCTLD_OBJ1) $(WINREGD_OBJ1) $(SAMRD_OBJ1) \ + $(SRVSVCD_OBJ1) $(WKSSVCD_OBJ1) $(BROWSERD_OBJ1) \ + $(SPOOLSSD_OBJ1) $(NETLOGOND_OBJ1) \ + $(LSARPCD_OBJ1) $(SMBD_OBJ) $(NMBD_OBJ) \ + $(SWAT_OBJ) $(CLIENT_OBJ) \ + $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) $(SMBPASSWD_OBJ) PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32) @@ -453,10 +558,42 @@ bin/smbd: $(SMBD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LIBS) +bin/svcctld: $(SVCCTLD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SVCCTLD_OBJ) $(LDFLAGS) $(LIBS) + bin/lsarpcd: $(LSARPCD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(LSARPCD_OBJ) $(LDFLAGS) $(LIBS) +bin/spoolssd: $(SPOOLSSD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SPOOLSSD_OBJ) $(LDFLAGS) $(LIBS) + +bin/srvsvcd: $(SRVSVCD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SRVSVCD_OBJ) $(LDFLAGS) $(LIBS) + +bin/wkssvcd: $(WKSSVCD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(WKSSVCD_OBJ) $(LDFLAGS) $(LIBS) + +bin/browserd: $(BROWSERD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(BROWSERD_OBJ) $(LDFLAGS) $(LIBS) + +bin/winregd: $(WINREGD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(WINREGD_OBJ) $(LDFLAGS) $(LIBS) + +bin/netlogond: $(NETLOGOND_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(NETLOGOND_OBJ) $(LDFLAGS) $(LIBS) + +bin/samrd: $(SAMRD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SAMRD_OBJ) $(LDFLAGS) $(LIBS) + bin/nmbd: $(NMBD_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS) diff --git a/source3/browserd/browserd.c b/source3/browserd/browserd.c new file mode 100644 index 00000000000..dde62721ead --- /dev/null +++ b/source3/browserd/browserd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "browser"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_brs_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/include/proto.h b/source3/include/proto.h index db5aa0b9b43..4ac79a02fdb 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3,6 +3,11 @@ /* This file is automatically generated with "make proto". DO NOT EDIT */ +/*The following definitions come from browserd/browserd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from client/client.c */ void do_list(const char *mask,uint16 attribute,void (*fn)(file_info *),BOOL rec, BOOL dirs); @@ -526,6 +531,17 @@ void reg_get_subkey(char *full_keyname, char *key_name, char *subkey_name); BOOL reg_split_key(const char *full_keyname, uint32 *reg_type, char *key_name); BOOL become_user_permanently(uid_t uid, gid_t gid); char *get_trusted_serverlist(const char* domain); +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); +uint16 pwdb_decode_acct_ctrl(const char *p); +time_t pwdb_get_last_set_time(const char *p); +void pwdb_set_logon_time(char *p, int max_len, time_t t); +void pwdb_set_logoff_time(char *p, int max_len, time_t t); +void pwdb_set_kickoff_time(char *p, int max_len, time_t t); +void pwdb_set_can_change_time(char *p, int max_len, time_t t); +void pwdb_set_must_change_time(char *p, int max_len, time_t t); +void pwdb_set_last_set_time(char *p, int max_len, time_t t); +void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl); +BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl); /*The following definitions come from lib/util_array.c */ @@ -601,17 +617,6 @@ uint32 lookup_wk_user_name(const char *user_name, const char *domain, DOM_SID *sid, uint8 *type); uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, DOM_SID *sid, uint8 *type); -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); -uint16 pwdb_decode_acct_ctrl(const char *p); -time_t pwdb_get_last_set_time(const char *p); -void pwdb_set_logon_time(char *p, int max_len, time_t t); -void pwdb_set_logoff_time(char *p, int max_len, time_t t); -void pwdb_set_kickoff_time(char *p, int max_len, time_t t); -void pwdb_set_can_change_time(char *p, int max_len, time_t t); -void pwdb_set_must_change_time(char *p, int max_len, time_t t); -void pwdb_set_last_set_time(char *p, int max_len, time_t t); -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl); -BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl); BOOL pwdb_initialise(BOOL is_server); char *lookup_wk_alias_rid(uint32 rid); char *lookup_wk_user_rid(uint32 rid); @@ -1034,15 +1039,8 @@ struct shmem_ops *sysv_shm_open(int ronly); /*The following definitions come from lsarpcd/lsarpcd.c */ +void msrpc_service_init(void); BOOL reload_services(BOOL test); -void exit_server(char *reason); - -/*The following definitions come from lsarpcd/lsarpcd_process.c */ - -BOOL receive_next_smb(char *inbuf, int bufsize, int timeout); -void process_smb(char *inbuf, char *outbuf); -BOOL get_user_creds(struct user_creds *usr); -void lsarpcd_process(void); /*The following definitions come from mem_man/mem_man.c */ @@ -1061,6 +1059,22 @@ void smb_mem_write_errors(FILE *outfile); void smb_mem_set_multiplier(int multiplier); void *smb_mem_resize(void *ptr,size_t newsize); +/*The following definitions come from msrpc/msrpcd.c */ + +void exit_server(char *reason); +int msrpc_main(int argc,char *argv[]); + +/*The following definitions come from msrpc/msrpcd_process.c */ + +BOOL get_user_creds(int c, struct user_creds *usr); +BOOL msrpcd_init(int c, pipes_struct *p); +void msrpcd_process(int c, pipes_struct *p); + +/*The following definitions come from netlogond/netlogond.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from nmbd/asyncdns.c */ int asyncdns_fd(void); @@ -2008,10 +2022,6 @@ BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas); -/*The following definitions come from rpc_client/cli_netlogon_sync.c */ - -BOOL synchronise_passdb(void); - /*The following definitions come from rpc_client/cli_pipe.c */ BOOL create_rpc_bind_resp(struct pwd_info *pwd, @@ -2278,6 +2288,14 @@ BOOL msrpc_lsa_query_secret(const char* srv_name, STRING2 *secret, NTTIME *last_update); +/*The following definitions come from rpc_client/msrpc_netlogon.c */ + +BOOL check_domain_security(char *orig_user, char *domain, + uchar *challenge, + char *smb_apasswd, int smb_apasslen, + char *smb_ntpasswd, int smb_ntpasslen, + uchar user_sess_key[16]); + /*The following definitions come from rpc_client/msrpc_samr.c */ BOOL req_user_info( const POLICY_HND *pol_dom, @@ -4046,6 +4064,11 @@ void display_sam_sync(FILE *out_hnd, enum action_type action, void readline_init(void); +/*The following definitions come from samrd/samrd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from smbd/blocking.c */ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int lock_num); @@ -4274,11 +4297,6 @@ struct cli_state *server_cryptkey(void); BOOL server_validate(char *user, char *domain, char *pass, int passlen, char *ntpass, int ntpasslen); -BOOL domain_client_validate( char *user, char *domain, - char *acct_name, uint16 acct_type, - char *smb_apasswd, int smb_apasslen, - char *smb_ntpasswd, int smb_ntpasslen, - uchar user_sess_key[16]); /*The following definitions come from smbd/pipes.c */ @@ -4533,6 +4551,21 @@ int smbw_stat_printjob(struct smbw_server *srv,char *path, int smbw_fstat(int fd, struct stat *st); int smbw_stat(const char *fname, struct stat *st); +/*The following definitions come from spoolssd/spoolssd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + +/*The following definitions come from srvsvcd/srvsvcd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + +/*The following definitions come from svcctld/svcctld.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + /*The following definitions come from web/cgi.c */ void cgi_load_variables(FILE *f1); @@ -4565,4 +4598,14 @@ void status_page(void); /*The following definitions come from web/swat.c */ + +/*The following definitions come from winregd/winregd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); + +/*The following definitions come from wkssvcd/wkssvcd.c */ + +void msrpc_service_init(void); +BOOL reload_services(BOOL test); #endif /* _PROTO_H_ */ diff --git a/source3/include/smb.h b/source3/include/smb.h index b06cfe2b7b8..43c5dc6bb1e 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -255,7 +255,7 @@ typedef char fstring[FSTRING_LEN]; #define PIPE_WINREG "\\PIPE\\winreg" #define PIPE_WKSSVC "\\PIPE\\wkssvc" #define PIPE_NETLOGON "\\PIPE\\NETLOGON" -#define PIPE_SVCCTL "\\PIPE\\SVCCTL" +#define PIPE_SVCCTL "\\PIPE\\svcctl" #define PIPE_NTLSA "\\PIPE\\ntlsa" #define PIPE_NTSVCS "\\PIPE\\ntsvcs" #define PIPE_LSASS "\\PIPE\\lsass" diff --git a/source3/lib/util.c b/source3/lib/util.c index 22adee49df5..7d099282f84 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -3239,18 +3239,11 @@ char *get_trusted_serverlist(const char* domain) static char *server_list = NULL; static pstring srv_list; char *trusted_list = lp_trusted_domains(); - int my_role = lp_server_role(); if (strequal(lp_workgroup(), domain)) { - if ((my_role == ROLE_DOMAIN_PDC) || (my_role == ROLE_DOMAIN_NONE)) { - pstrcpy(srv_list,global_myname); - } - /* we must be a BDC or MEMBER if we execute this branch */ - else { - pstrcpy(srv_list, lp_passwordserver()); - } - DEBUG(10,("local domain server list: %s\n", srv_list)); + DEBUG(10,("local domain server list: %s\n", server_list)); + pstrcpy(srv_list, lp_passwordserver()); return srv_list; } @@ -3275,3 +3268,238 @@ char *get_trusted_serverlist(const char* domain) return NULL; } +/********************************************************** + Encode the account control bits into a string. + length = length of string to encode into (including terminating + null). length *MUST BE MORE THAN 2* ! + **********************************************************/ + +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +{ + static fstring acct_str; + size_t i = 0; + + acct_str[i++] = '['; + + if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; + if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; + if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; + if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; + if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; + if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; + if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; + if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; + if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; + if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; + if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; + if (acct_ctrl & ACB_PWLOCK ) acct_str[i++] = 'P'; + + for ( ; i < length - 2 ; i++ ) + { + acct_str[i] = ' '; + } + + i = length - 2; + acct_str[i++] = ']'; + acct_str[i++] = '\0'; + + return acct_str; +} + +/********************************************************** + Decode the account control bits from a string. + + this function breaks coding standards minimum line width of 80 chars. + reason: vertical line-up code clarity - all case statements fit into + 15 lines, which is more important. + **********************************************************/ + +uint16 pwdb_decode_acct_ctrl(const char *p) +{ + uint16 acct_ctrl = 0; + BOOL finished = False; + + /* + * Check if the account type bits have been encoded after the + * NT password (in the form [NDHTUWSLXI]). + */ + + if (*p != '[') return 0; + + for (p++; *p && !finished; p++) + { + switch (*p) + { + case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } + case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } + case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } + case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } + case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } + case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } + case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } + case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } + case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } + case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } + case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } + case 'P': { acct_ctrl |= ACB_PWLOCK ; break; /* 'P'assword cannot be changed remotely */ } + case ' ': { break; } + case ':': + case '\n': + case '\0': + case ']': + default: { finished = True; } + } + } + + return acct_ctrl; +} + +/******************************************************************* + gets password-database-format time from a string. + ********************************************************************/ + +static time_t get_time_from_string(const char *p) +{ + int i; + + for (i = 0; i < 8; i++) + { + if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) + { + break; + } + } + if (i == 8) + { + /* + * p points at 8 characters of hex digits - + * read into a time_t as the seconds since + * 1970 that the password was last changed. + */ + return (time_t)strtol(p, NULL, 16); + } + return (time_t)-1; +} + +/******************************************************************* + gets password last set time + ********************************************************************/ + +time_t pwdb_get_last_set_time(const char *p) +{ + if (*p && !StrnCaseCmp(p, "LCT-", 4)) + { + return get_time_from_string(p + 4); + } + return (time_t)-1; +} + + +/******************************************************************* + sets password-database-format time in a string. + ********************************************************************/ +static void set_time_in_string(char *p, int max_len, char *type, time_t t) +{ + slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); +} + +/******************************************************************* + sets logon time + ********************************************************************/ +void pwdb_set_logon_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LNT", t); +} + +/******************************************************************* + sets logoff time + ********************************************************************/ +void pwdb_set_logoff_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LOT", t); +} + +/******************************************************************* + sets kickoff time + ********************************************************************/ +void pwdb_set_kickoff_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "KOT", t); +} + +/******************************************************************* + sets password can change time + ********************************************************************/ +void pwdb_set_can_change_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "CCT", t); +} + +/******************************************************************* + sets password last set time + ********************************************************************/ +void pwdb_set_must_change_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "MCT", t); +} + +/******************************************************************* + sets password last set time + ********************************************************************/ +void pwdb_set_last_set_time(char *p, int max_len, time_t t) +{ + set_time_in_string(p, max_len, "LCT", t); +} + + +/************************************************************* + Routine to set 32 hex password characters from a 16 byte array. +**************************************************************/ +void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl) +{ + if (pwd != NULL) + { + int i; + for (i = 0; i < 16; i++) + { + slprintf(&p[i*2], 33, "%02X", pwd[i]); + } + } + else + { + if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ)) + { + safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); + } + else + { + safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); + } + } +} + +/************************************************************* + Routine to get the 32 hex characters and turn them + into a 16 byte array. +**************************************************************/ +BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl) +{ + if (strnequal(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32)) + { + if (acct_ctrl != NULL) + { + *acct_ctrl |= ACB_PWNOTREQ; + } + pwd[0] = 0; + return True; + } + else if (strnequal(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32)) + { + pwd[0] = 0; + return True; + } + else + { + return strhex_to_str(pwd, 32, p) == 16; + } +} diff --git a/source3/lib/util_array.c b/source3/lib/util_array.c index 5a21053cc6b..c3945ff9f83 100644 --- a/source3/lib/util_array.c +++ b/source3/lib/util_array.c @@ -42,6 +42,7 @@ void free_void_array(uint32 num_entries, void **entries, void* add_copy_to_array(uint32 *len, void ***array, const void *item, void*(item_dup)(const void*), BOOL alloc_anyway) { + void* copy = NULL; if (len == NULL || array == NULL) { return NULL; @@ -49,14 +50,10 @@ void* add_copy_to_array(uint32 *len, void ***array, const void *item, if (item != NULL || alloc_anyway) { - void* copy = NULL; - if (item != NULL || alloc_anyway) - { - copy = item_dup(item); - } - add_item_to_array(len, array, copy); + copy = item_dup(item); + return add_item_to_array(len, array, copy); } - return NULL; + return copy; } void* add_item_to_array(uint32 *len, void ***array, void *item) diff --git a/source3/lib/util_pwdb.c b/source3/lib/util_pwdb.c index d4058b80998..3de1829da3e 100644 --- a/source3/lib/util_pwdb.c +++ b/source3/lib/util_pwdb.c @@ -363,242 +363,6 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, return 0xC0000000 | NT_STATUS_NONE_MAPPED; } -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - if (acct_ctrl & ACB_PWLOCK ) acct_str[i++] = 'P'; - - for ( ; i < length - 2 ; i++ ) - { - acct_str[i] = ' '; - } - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - - this function breaks coding standards minimum line width of 80 chars. - reason: vertical line-up code clarity - all case statements fit into - 15 lines, which is more important. - **********************************************************/ - -uint16 pwdb_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') return 0; - - for (p++; *p && !finished; p++) - { - switch (*p) - { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case 'P': { acct_ctrl |= ACB_PWLOCK ; break; /* 'P'assword cannot be changed remotely */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/******************************************************************* - gets password-database-format time from a string. - ********************************************************************/ - -static time_t get_time_from_string(const char *p) -{ - int i; - - for (i = 0; i < 8; i++) - { - if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - { - break; - } - } - if (i == 8) - { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - return (time_t)strtol(p, NULL, 16); - } - return (time_t)-1; -} - -/******************************************************************* - gets password last set time - ********************************************************************/ - -time_t pwdb_get_last_set_time(const char *p) -{ - if (*p && !StrnCaseCmp(p, "LCT-", 4)) - { - return get_time_from_string(p + 4); - } - return (time_t)-1; -} - - -/******************************************************************* - sets password-database-format time in a string. - ********************************************************************/ -static void set_time_in_string(char *p, int max_len, char *type, time_t t) -{ - slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); -} - -/******************************************************************* - sets logon time - ********************************************************************/ -void pwdb_set_logon_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LNT", t); -} - -/******************************************************************* - sets logoff time - ********************************************************************/ -void pwdb_set_logoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LOT", t); -} - -/******************************************************************* - sets kickoff time - ********************************************************************/ -void pwdb_set_kickoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "KOT", t); -} - -/******************************************************************* - sets password can change time - ********************************************************************/ -void pwdb_set_can_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "CCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_must_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "MCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_last_set_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LCT", t); -} - - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) - { - int i; - for (i = 0; i < 16; i++) - { - slprintf(&p[i*2], 33, "%02X", pwd[i]); - } - } - else - { - if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ)) - { - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - } - else - { - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ -BOOL pwdb_gethexpwd(const char *p, char *pwd, uint32 *acct_ctrl) -{ - if (strnequal(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32)) - { - if (acct_ctrl != NULL) - { - *acct_ctrl |= ACB_PWNOTREQ; - } - pwd[0] = 0; - return True; - } - else if (strnequal(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32)) - { - pwd[0] = 0; - return True; - } - else - { - return strhex_to_str(pwd, 32, p) == 16; - } -} - /************************************************************* initialise password databases, domain names, domain sid. diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 27efc132c0f..62c7429b595 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -1337,9 +1337,7 @@ int cli_nt_create(struct cli_state *cli, const char *fname) pstrcpy(p,fname); p = skip_string(p,1); - if (!cli_send_smb(cli, True)) { - return -1; - } + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return -1; } @@ -2947,7 +2945,7 @@ static BOOL cli_init_redirect(struct cli_state *cli, if (strequal(srv_name, "*SMBSERVER")) { fstrcpy(ip_name, "\\\\"); - destip->s_addr = inet_addr(&ip_name[2]); + inet_aton(&ip_name[2], destip); srv_name = ip_name; } diff --git a/source3/lsarpcd/lsarpcd.c b/source3/lsarpcd/lsarpcd.c index ed665e85c5c..050a593eb0f 100644 --- a/source3/lsarpcd/lsarpcd.c +++ b/source3/lsarpcd/lsarpcd.c @@ -20,201 +20,52 @@ */ #include "includes.h" -#include "trans2.h" + +fstring pipe_name; pstring servicesf = CONFIGFILE; extern pstring debugf; -extern pstring global_myname; - -int am_parent = 1; - -/* the last message the was processed */ -int last_message = -1; - -/* a useful macro to debug the last message processed */ -#define LAST_MESSAGE() smb_fn_name(last_message) - -extern pstring scope; +extern BOOL append_log; extern int DEBUGLEVEL; -extern fstring remote_machine; -extern pstring myhostname; - -extern pstring OriginalDir; - -/**************************************************************************** - when exiting, take the whole family -****************************************************************************/ -static void *dflt_sig(void) -{ - exit_server("caught signal"); - return NULL; -} - -/**************************************************************************** - Send a SIGTERM to our process group. -*****************************************************************************/ -static void killkids(void) -{ - if(am_parent) kill(0,SIGTERM); -} - - -/**************************************************************************** - open and listen to a socket -****************************************************************************/ -static int open_server_socket(void) +void msrpc_service_init(void) { - int s; - fstring dir; - fstring path; - - slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc"); - slprintf(path, sizeof(path)-1, "%s/lsarpc", dir); - - s = create_pipe_socket(dir, 0777, path, 0777); - - if (s == -1) - return -1; - /* ready to listen */ - if (listen(s, 5) == -1) { - DEBUG(0,("listen: %s\n", strerror(errno))); - close(s); - return -1; + if (!pwdb_initialise(True)) + { + exit(-1); } - return s; -} -/**************************************************************************** - open the socket communication -****************************************************************************/ -static BOOL open_sockets(BOOL is_daemon) -{ - extern int Client; - int num_interfaces = iface_count(); - int fd_listenset; - fd_set listen_set; - int s; - - memset(&fd_listenset, 0, sizeof(fd_listenset)); - -#ifdef HAVE_ATEXIT + if(!initialise_sam_password_db()) { - static int atexit_set; - if(atexit_set == 0) { - atexit_set=1; - atexit(killkids); - } + exit(-1); } -#endif - /* Stop zombies */ - CatchChild(); - - - FD_ZERO(&listen_set); - - /* Just bind to 0.0.0.0 - accept connections - from anywhere. */ - num_interfaces = 1; - - /* open an incoming socket */ - s = open_server_socket(); - if (s == -1) - return(False); - fd_listenset = s; - FD_SET(s,&listen_set); - - /* now accept incoming connections - forking a new process - for each incoming connection */ - DEBUG(2,("waiting for a connection\n")); - while (1) + if(!initialise_passgrp_db()) { - struct sockaddr_un addr; - int in_addrlen = sizeof(addr); - fd_set lfds; - int num; - - memcpy((char *)&lfds, (char *)&listen_set, - sizeof(listen_set)); - - num = sys_select(256,&lfds,NULL, NULL); - - if (num == -1 && errno == EINTR) - continue; - - /* Find the sockets that are read-ready - - accept on these. */ - - s = -1; - if(FD_ISSET(fd_listenset,&lfds)) - { - s = fd_listenset; - } - - /* Clear this so we don't look at it again. */ - FD_CLR(s,&lfds); - - Client = accept(s,(struct sockaddr*)&addr,&in_addrlen); - - if (Client == -1 && errno == EINTR) - continue; - - if (Client == -1) - { - DEBUG(0,("open_sockets: accept: %s\n", - strerror(errno))); - continue; - } - - if (Client != -1 && fork()==0) - { - /* Child code ... */ - - /* close the listening socket(s) */ - close(fd_listenset); - - /* close our standard file - descriptors */ - close_low_fds(); - am_parent = 0; - - /* Reset global variables in util.c so - that client substitutions will be - done correctly in the process. */ - reset_globals_after_fork(); - - /* - * Ensure this child has kernel oplock - * capabilities, but not it's children. - */ - set_process_capability(KERNEL_OPLOCK_CAPABILITY, True); - set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY, False); + exit(-1); + } - return True; - } - /* The parent doesn't need this socket */ - close(Client); + if(!initialise_group_db()) + { + exit(-1); + } - /* Force parent to check log size after - * spawning child. Fix from - * klausr@ITAP.Physik.Uni-Stuttgart.De. The - * parent lsarpcd will log to logserver.smb. It - * writes only two messages for each child - * started/finished. But each child writes, - * say, 50 messages also in logserver.smb, - * begining with the debug_count of the - * parent, before the child opens its own log - * file logserver.client. In a worst case - * scenario the size of logserver.smb would be - * checked after about 50*50=2500 messages - * (ca. 100kb). - * */ - force_check_log_size(); + if(!initialise_alias_db()) + { + exit(-1); + } - } /* end while 1 */ + if(!initialise_builtin_db()) + { + exit(-1); + } -/* NOTREACHED return True; */ + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(-1); + } } /**************************************************************************** @@ -242,8 +93,6 @@ BOOL reload_services(BOOL test) ret = lp_load(servicesf,False,False,True); - load_printers(); - /* perhaps the config filename is now set */ if (!test) reload_services(True); @@ -255,166 +104,11 @@ BOOL reload_services(BOOL test) return(ret); } - - -/**************************************************************************** -this prevents zombie child processes -****************************************************************************/ -BOOL reload_after_sighup = False; - -static void sig_hup(int sig) -{ - BlockSignals(True,SIGHUP); - DEBUG(0,("Got SIGHUP\n")); - - /* - * Fix from here. - * We used to reload in the signal handler - this - * is a *BIG* no-no. - */ - - reload_after_sighup = True; - BlockSignals(False,SIGHUP); -} - - - -#if DUMP_CORE -/******************************************************************* -prepare to dump a core file - carefully! -********************************************************************/ -static BOOL dump_core(void) -{ - char *p; - pstring dname; - pstrcpy(dname,debugf); - if ((p=strrchr(dname,'/'))) *p=0; - pstrcat(dname,"/corefiles"); - mkdir(dname,0700); - sys_chown(dname,getuid(),getgid()); - chmod(dname,0700); - if (chdir(dname)) return(False); - umask(~(0700)); - -#ifdef HAVE_GETRLIMIT -#ifdef RLIMIT_CORE - { - struct rlimit rlp; - getrlimit(RLIMIT_CORE, &rlp); - rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur); - setrlimit(RLIMIT_CORE, &rlp); - getrlimit(RLIMIT_CORE, &rlp); - DEBUG(3,("Core limits now %d %d\n", - (int)rlp.rlim_cur,(int)rlp.rlim_max)); - } -#endif -#endif - - - DEBUG(0,("Dumping core in %s\n",dname)); - abort(); - return(True); -} -#endif - - -/**************************************************************************** -exit the server -****************************************************************************/ -void exit_server(char *reason) -{ - static int firsttime=1; - extern char *last_inbuf; - - - if (!firsttime) exit(0); - firsttime = 0; - - unbecome_user(); - DEBUG(2,("Closing connections\n")); - -#ifdef WITH_DFS - if (dcelogin_atmost_once) { - dfs_unlogin(); - } -#endif - - if (!reason) { - int oldlevel = DEBUGLEVEL; - DEBUGLEVEL = 10; - if (last_inbuf) - show_msg(last_inbuf); - DEBUGLEVEL = oldlevel; - DEBUG(0,("===============================================================\n")); -#if DUMP_CORE - if (dump_core()) return; -#endif - } - - locking_end(); - - DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); -#ifdef MEM_MAN - { - extern FILE *dbf; - smb_mem_write_verbose(dbf); - dbgflush(); - } -#endif - exit(0); -} - - - -/**************************************************************************** - initialise connect, service and file structs -****************************************************************************/ -static void init_structs(void) -{ -#if 0 - conn_init(); -#endif - init_rpc_pipe_hnd(); /* for RPC pipes */ - if (!init_policy_hnd(MAX_SERVER_POLICY_HANDLES)) - { - exit_server("could not allocate policy handles\n"); - } -} - -/**************************************************************************** -usage on the program -****************************************************************************/ -static void usage(char *pname) -{ - DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n")); - - printf("Usage: %s [-D] [-p port] [-d debuglevel] ", pname); - printf("[-l log basename] [-s services file]\n" ); - printf("Version %s\n",VERSION); - printf("\t-D become a daemon\n"); - printf("\t-p port listen on the specified port\n"); - printf("\t-d debuglevel set the debuglevel\n"); - printf("\t-l log basename. Basename for log/debug files\n"); - printf("\t-s services file. Filename of services file\n"); - printf("\t-P passive only\n"); - printf("\t-a append to log file (default)\n"); - printf("\t-o overwrite log file, don't append\n"); - printf("\t-i scope NetBIOS scope to use (default none)\n"); - printf("\n"); -} - - /**************************************************************************** main program ****************************************************************************/ int main(int argc,char *argv[]) { - extern BOOL append_log; - /* shall I run as a daemon */ - BOOL is_daemon = False; - int opt; - extern char *optarg; - #ifdef HAVE_SET_AUTH_PARAMETERS set_auth_parameters(argc,argv); #endif @@ -428,229 +122,10 @@ static void usage(char *pname) TimeInit(); - pstrcpy(debugf,LSARPCLOGFILE); - - pstrcpy(remote_machine, "lsarpcd"); - + fstrcpy(pipe_name, "lsarpc"); setup_logging(argv[0],False); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_ntlsa_rpc ); - charset_initialise(); - - /* make absolutely sure we run as root - to handle cases where people - are crazy enough to have it setuid */ -#ifdef HAVE_SETRESUID - setresuid(0,0,0); -#else - setuid(0); - seteuid(0); - setuid(0); - seteuid(0); -#endif - - fault_setup((void (*)(void *))exit_server); - CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig); - - /* we are never interested in SIGPIPE */ - BlockSignals(True,SIGPIPE); - - /* we want total control over the permissions on created files, - so set our umask to 0 */ - umask(0); - - dos_GetWd(OriginalDir); - - init_uid(); - - /* this is for people who can't start the program correctly */ - while (argc > 1 && (*argv[1] != '-')) { - argv++; - argc--; - } - - while ( EOF != (opt = getopt(argc, argv, "i:l:s:d:Dh?Paof:")) ) - switch (opt) { - case 'i': - pstrcpy(scope,optarg); - break; - - case 'P': - { - extern BOOL passive; - passive = True; - } - break; - - case 's': - pstrcpy(servicesf,optarg); - break; - - case 'l': - pstrcpy(debugf,optarg); - break; - - case 'a': - append_log = True; - break; - - case 'o': - append_log = False; - break; - - case 'D': - is_daemon = True; - break; - - case 'd': - if (*optarg == 'A') - DEBUGLEVEL = 10000; - else - DEBUGLEVEL = atoi(optarg); - break; - - case 'h': - case '?': - usage(argv[0]); - exit(0); - break; - - default: - usage(argv[0]); - exit(1); - } - - reopen_logs(); - - DEBUG(1,( "lsarpcd version %s started.\n", VERSION)); - DEBUGADD(1,( "Copyright Andrew Tridgell 1992-1999\n")); - - DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n", - (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid())); - - if (sizeof(uint16) < 2 || sizeof(uint32) < 4) { - DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n")); - exit(1); - } - - get_myname(myhostname,NULL); - - if (!reload_services(False)) - return(-1); - - init_structs(); - -#ifdef WITH_PROFILE - if (!profile_setup(False)) { - DEBUG(0,("ERROR: failed to setup profiling\n")); - return -1; - } -#endif - - /* - * Set the machine NETBIOS name if not already - * set from the config file. - */ - if (!*global_myname) - { - fstrcpy(global_myname, dns_to_netbios_name(myhostname)); - } - strupper(global_myname); - - add_msrpc_command_processor( "lsarpc", argv[0], api_ntlsa_rpc ); - - codepage_initialise(lp_client_code_page()); - - if (!pwdb_initialise(True)) - { - exit(1); - } - - if(!initialise_sam_password_db()) - { - exit(1); - } - - if(!initialise_passgrp_db()) - { - exit(1); - } - - if(!initialise_group_db()) - { - exit(1); - } - - if(!initialise_alias_db()) - { - exit(1); - } - - if(!initialise_builtin_db()) - { - exit(1); - } - - if (!get_member_domain_sid()) - { - DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", - lp_passwordserver())); - exit(1); - } - - CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); - - /* Setup the signals that allow the debug log level - to by dynamically changed. */ - - /* If we are using the malloc debug code we can't use - SIGUSR1 and SIGUSR2 to do debug level changes. */ - -#ifndef MEM_MAN -#if defined(SIGUSR1) - CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); -#endif /* SIGUSR1 */ - -#if defined(SIGUSR2) - CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); -#endif /* SIGUSR2 */ -#endif /* MEM_MAN */ - - DEBUG(3,( "loaded services\n")); - - if (!is_daemon && !is_a_socket(0)) { - DEBUG(0,("standard input is not a socket, assuming -D option\n")); - is_daemon = True; - } - - if (is_daemon) { - DEBUG( 3, ( "Becoming a daemon.\n" ) ); - become_daemon(); - } - - if (!directory_exist(lp_lockdir(), NULL)) { - mkdir(lp_lockdir(), 0755); - } - - if (is_daemon) { - pidfile_create("lsarpcd"); - } - - if (!open_sockets(is_daemon)) - exit(1); - - if (!locking_init(0)) - exit(1); - - /* possibly reload the services file. */ - reload_services(True); - - if (*lp_rootdir()) { - if (sys_chroot(lp_rootdir()) == 0) - DEBUG(2,("Changed root to %s\n", lp_rootdir())); - } - - lsarpcd_process(); - close_sockets(); - - exit_server("normal exit"); - return(0); + return msrpc_main(argc, argv); } diff --git a/source3/msrpc/msrpcd.c b/source3/msrpc/msrpcd.c new file mode 100644 index 00000000000..942d6f1258a --- /dev/null +++ b/source3/msrpc/msrpcd.c @@ -0,0 +1,571 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "trans2.h" + +extern pstring servicesf; +extern pstring debugf; +extern pstring global_myname; + +int am_parent = 1; + +/* the last message the was processed */ +int last_message = -1; + +/* a useful macro to debug the last message processed */ +#define LAST_MESSAGE() smb_fn_name(last_message) + +extern pstring scope; +extern int DEBUGLEVEL; + +extern fstring remote_machine; +extern pstring myhostname; +extern pstring pipe_name; + +extern pstring OriginalDir; + +/**************************************************************************** + when exiting, take the whole family +****************************************************************************/ +static void *dflt_sig(void) +{ + exit_server("caught signal"); + return NULL; +} + +/**************************************************************************** + Send a SIGTERM to our process group. +*****************************************************************************/ +static void killkids(void) +{ + if(am_parent) kill(0,SIGTERM); +} + + +/**************************************************************************** + open and listen to a socket +****************************************************************************/ +static int open_server_socket(void) +{ + int s; + fstring dir; + fstring path; + + slprintf(dir, sizeof(dir)-1, "/tmp/.msrpc"); + slprintf(path, sizeof(path)-1, "%s/%s", dir, pipe_name); + + s = create_pipe_socket(dir, 0777, path, 0777); + + if (s == -1) + return -1; + /* ready to listen */ + if (listen(s, 5) == -1) { + DEBUG(0,("listen: %s\n", strerror(errno))); + close(s); + return -1; + } + return s; +} + +/**************************************************************************** + open the socket communication +****************************************************************************/ +static int open_sockets(BOOL is_daemon) +{ + int ClientMSRPC; + int num_interfaces = iface_count(); + int fd_listenset; + fd_set listen_set; + int s; + + memset(&fd_listenset, 0, sizeof(fd_listenset)); + +#ifdef HAVE_ATEXIT + { + static int atexit_set; + if(atexit_set == 0) { + atexit_set=1; + atexit(killkids); + } + } +#endif + + /* Stop zombies */ + CatchChild(); + + + FD_ZERO(&listen_set); + + /* Just bind to 0.0.0.0 - accept connections + from anywhere. */ + num_interfaces = 1; + + /* open an incoming socket */ + s = open_server_socket(); + if (s == -1) + return -1; + fd_listenset = s; + FD_SET(s,&listen_set); + + /* now accept incoming connections - forking a new process + for each incoming connection */ + DEBUG(2,("waiting for a connection\n")); + while (1) + { + struct sockaddr_un addr; + int in_addrlen = sizeof(addr); + fd_set lfds; + int num; + + memcpy((char *)&lfds, (char *)&listen_set, + sizeof(listen_set)); + + num = sys_select(256,&lfds,NULL, NULL); + + if (num == -1 && errno == EINTR) + continue; + + /* Find the sockets that are read-ready - + accept on these. */ + + s = -1; + if(FD_ISSET(fd_listenset,&lfds)) + { + s = fd_listenset; + } + + /* Clear this so we don't look at it again. */ + FD_CLR(s,&lfds); + + ClientMSRPC = accept(s,(struct sockaddr*)&addr,&in_addrlen); + + if (ClientMSRPC == -1 && errno == EINTR) + continue; + + if (ClientMSRPC == -1) + { + DEBUG(0,("open_sockets: accept: %s\n", + strerror(errno))); + continue; + } + + if (ClientMSRPC != -1 && fork()==0) + { + /* Child code ... */ + + /* close the listening socket(s) */ + close(fd_listenset); + + /* close our standard file + descriptors */ + close_low_fds(); + am_parent = 0; + + /* Reset global variables in util.c so + that client substitutions will be + done correctly in the process. */ + reset_globals_after_fork(); + + return ClientMSRPC; + } + /* The parent doesn't need this socket */ + close(ClientMSRPC); + + /* Force parent to check log size after + * spawning child. Fix from + * klausr@ITAP.Physik.Uni-Stuttgart.De. The + * parent daemon will log to logserver.smb. It + * writes only two messages for each child + * started/finished. But each child writes, + * say, 50 messages also in logserver.smb, + * begining with the debug_count of the + * parent, before the child opens its own log + * file logserver.client. In a worst case + * scenario the size of logserver.smb would be + * checked after about 50*50=2500 messages + * (ca. 100kb). + * */ + force_check_log_size(); + + } /* end while 1 */ + +/* NOTREACHED */ +} + + +/**************************************************************************** +this prevents zombie child processes +****************************************************************************/ +BOOL reload_after_sighup = False; + +static void sig_hup(int sig) +{ + BlockSignals(True,SIGHUP); + DEBUG(0,("Got SIGHUP\n")); + + /* + * Fix from here. + * We used to reload in the signal handler - this + * is a *BIG* no-no. + */ + + reload_after_sighup = True; + BlockSignals(False,SIGHUP); +} + + + +#if DUMP_CORE +/******************************************************************* +prepare to dump a core file - carefully! +********************************************************************/ +static BOOL dump_core(void) +{ + char *p; + pstring dname; + pstrcpy(dname,debugf); + if ((p=strrchr(dname,'/'))) *p=0; + pstrcat(dname,"/corefiles"); + mkdir(dname,0700); + sys_chown(dname,getuid(),getgid()); + chmod(dname,0700); + if (chdir(dname)) return(False); + umask(~(0700)); + +#ifdef HAVE_GETRLIMIT +#ifdef RLIMIT_CORE + { + struct rlimit rlp; + getrlimit(RLIMIT_CORE, &rlp); + rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur); + setrlimit(RLIMIT_CORE, &rlp); + getrlimit(RLIMIT_CORE, &rlp); + DEBUG(3,("Core limits now %d %d\n", + (int)rlp.rlim_cur,(int)rlp.rlim_max)); + } +#endif +#endif + + + DEBUG(0,("Dumping core in %s\n",dname)); + abort(); + return(True); +} +#endif + + +/**************************************************************************** +exit the server +****************************************************************************/ +void exit_server(char *reason) +{ + static int firsttime=1; + extern char *last_inbuf; + + + if (!firsttime) exit(0); + firsttime = 0; + + unbecome_vuser(); + DEBUG(2,("Closing connections\n")); + +#ifdef WITH_DFS + if (dcelogin_atmost_once) { + dfs_unlogin(); + } +#endif + + if (!reason) { + int oldlevel = DEBUGLEVEL; + DEBUGLEVEL = 10; + if (last_inbuf) + show_msg(last_inbuf); + DEBUGLEVEL = oldlevel; + DEBUG(0,("===============================================================\n")); +#if DUMP_CORE + if (dump_core()) return; +#endif + } + + locking_end(); + + DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); +#ifdef MEM_MAN + { + extern FILE *dbf; + smb_mem_write_verbose(dbf); + dbgflush(); + } +#endif + exit(0); +} + + + +/**************************************************************************** + initialise connect, service and file structs +****************************************************************************/ +static void init_structs(void) +{ +#if 0 + conn_init(); +#endif + init_rpc_pipe_hnd(); /* for RPC pipes */ + if (!init_policy_hnd(MAX_SERVER_POLICY_HANDLES)) + { + exit_server("could not allocate policy handles\n"); + } +} + +/**************************************************************************** +usage on the program +****************************************************************************/ +static void usage(char *pname) +{ + DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n")); + + printf("Usage: %s [-D] [-p port] [-d debuglevel] ", pname); + printf("[-l log basename] [-s services file]\n" ); + printf("Version %s\n",VERSION); + printf("\t-D become a daemon\n"); + printf("\t-p port listen on the specified port\n"); + printf("\t-d debuglevel set the debuglevel\n"); + printf("\t-l log basename. Basename for log/debug files\n"); + printf("\t-s services file. Filename of services file\n"); + printf("\t-P passive only\n"); + printf("\t-a append to log file (default)\n"); + printf("\t-o overwrite log file, don't append\n"); + printf("\t-i scope NetBIOS scope to use (default none)\n"); + printf("\n"); +} + + +/**************************************************************************** + main program +****************************************************************************/ +int msrpc_main(int argc,char *argv[]) +{ + extern BOOL append_log; + /* shall I run as a daemon */ + BOOL is_daemon = False; + int opt; + extern char *optarg; + int ClientMSRPC = -1; + pipes_struct static_pipe; + + pstrcpy(remote_machine, pipe_name); + + charset_initialise(); + + /* make absolutely sure we run as root - to handle cases where people + are crazy enough to have it setuid */ +#ifdef HAVE_SETRESUID + setresuid(0,0,0); +#else + setuid(0); + seteuid(0); + setuid(0); + seteuid(0); +#endif + + fault_setup((void (*)(void *))exit_server); + CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig); + + /* we are never interested in SIGPIPE */ + BlockSignals(True,SIGPIPE); + + /* we want total control over the permissions on created files, + so set our umask to 0 */ + umask(0); + + dos_GetWd(OriginalDir); + + init_uid(); + + /* this is for people who can't start the program correctly */ + while (argc > 1 && (*argv[1] != '-')) { + argv++; + argc--; + } + + while ( EOF != (opt = getopt(argc, argv, "i:l:s:d:Dh?Paof:")) ) + switch (opt) { + case 'i': + pstrcpy(scope,optarg); + break; + + case 'P': + { + extern BOOL passive; + passive = True; + } + break; + + case 's': + pstrcpy(servicesf,optarg); + break; + + case 'l': + pstrcpy(debugf,optarg); + break; + + case 'a': + append_log = True; + break; + + case 'o': + append_log = False; + break; + + case 'D': + is_daemon = True; + break; + + case 'd': + if (*optarg == 'A') + DEBUGLEVEL = 10000; + else + DEBUGLEVEL = atoi(optarg); + break; + + case 'h': + case '?': + usage(argv[0]); + exit(0); + break; + + default: + usage(argv[0]); + exit(1); + } + + reopen_logs(); + + DEBUG(1,( "%s version %s started.\n", argv[0], VERSION)); + DEBUGADD(1,( "Copyright Andrew Tridgell 1992-1999\n")); + + DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n", + (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid())); + + if (sizeof(uint16) < 2 || sizeof(uint32) < 4) { + DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n")); + exit(1); + } + + get_myname(myhostname,NULL); + + if (!reload_services(False)) + return(-1); + + init_structs(); + +#ifdef WITH_PROFILE + if (!profile_setup(False)) { + DEBUG(0,("ERROR: failed to setup profiling\n")); + return -1; + } +#endif + + /* + * Set the machine NETBIOS name if not already + * set from the config file. + */ + if (!*global_myname) + { + fstrcpy(global_myname, dns_to_netbios_name(myhostname)); + } + strupper(global_myname); + + codepage_initialise(lp_client_code_page()); + + CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); + + /* Setup the signals that allow the debug log level + to by dynamically changed. */ + + /* If we are using the malloc debug code we can't use + SIGUSR1 and SIGUSR2 to do debug level changes. */ + +#ifndef MEM_MAN +#if defined(SIGUSR1) + CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); +#endif /* SIGUSR1 */ + +#if defined(SIGUSR2) + CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); +#endif /* SIGUSR2 */ +#endif /* MEM_MAN */ + + DEBUG(3,( "loaded services\n")); + + if (!is_daemon && !is_a_socket(0)) { + DEBUG(0,("standard input is not a socket, assuming -D option\n")); + is_daemon = True; + } + + if (is_daemon) { + DEBUG( 3, ( "Becoming a daemon.\n" ) ); + become_daemon(); + } + + if (!directory_exist(lp_lockdir(), NULL)) { + mkdir(lp_lockdir(), 0755); + } + + if (is_daemon) { + pidfile_create(pipe_name); + } + + ClientMSRPC = open_sockets(is_daemon); + if (ClientMSRPC == -1) + { + exit_server("open socket failed"); + } + + if (!locking_init(0)) + exit(1); + + /* possibly reload the services file. */ + reload_services(True); + + if (*lp_rootdir()) { + if (sys_chroot(lp_rootdir()) == 0) + DEBUG(2,("Changed root to %s\n", lp_rootdir())); + } + + msrpc_service_init(); + + ZERO_STRUCT(static_pipe); + fstrcpy(static_pipe.name, pipe_name); + if (msrpcd_init(ClientMSRPC, &static_pipe)) + { + reload_services(False); + msrpcd_process(ClientMSRPC, &static_pipe); + } + if (ClientMSRPC != -1) + { + close(ClientMSRPC); + } + + exit_server("normal exit"); + return(0); +} diff --git a/source3/lsarpcd/lsarpcd_process.c b/source3/msrpc/msrpcd_process.c similarity index 84% rename from source3/lsarpcd/lsarpcd_process.c rename to source3/msrpc/msrpcd_process.c index e33de5ce571..240087be14d 100644 --- a/source3/lsarpcd/lsarpcd_process.c +++ b/source3/msrpc/msrpcd_process.c @@ -24,7 +24,6 @@ extern int DEBUGLEVEL; time_t smb_last_time=(time_t)0; -static struct pipes_struct static_pipe; char *InBuffer = NULL; char *OutBuffer = NULL; @@ -73,10 +72,9 @@ extern int max_send; The timeout is in milli seconds ****************************************************************************/ -static BOOL receive_message_or_smb(char *buffer, int buffer_len, +static BOOL receive_message_or_msrpc(int c, char *buffer, int buffer_len, int timeout, BOOL *got_smb) { - extern int Client; fd_set fds; int selrtn; struct timeval to; @@ -96,13 +94,13 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, */ FD_ZERO(&fds); - FD_SET(Client,&fds); + FD_SET(c,&fds); maxfd = 0; to.tv_sec = timeout / 1000; to.tv_usec = (timeout % 1000) * 1000; - selrtn = sys_select(MAX(maxfd,Client)+1,&fds,NULL, timeout>0?&to:NULL); + selrtn = sys_select(MAX(maxfd,c)+1,&fds,NULL, timeout>0?&to:NULL); /* Check if error */ if(selrtn == -1) { @@ -117,44 +115,14 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, return False; } - if (FD_ISSET(Client,&fds)) + if (FD_ISSET(c,&fds)) { *got_smb = True; - return receive_smb(Client, buffer, 0); + return receive_smb(c, buffer, 0); } return False; } -/**************************************************************************** -Get the next SMB packet, doing the local message processing automatically. -****************************************************************************/ - -BOOL receive_next_smb(char *inbuf, int bufsize, int timeout) -{ - BOOL got_smb = False; - BOOL ret; - - do - { - ret = receive_message_or_smb(inbuf,bufsize,timeout,&got_smb); - - if(ret && !got_smb) - { - continue; - } - - if(ret && (CVAL(inbuf,0) == 0x85)) - { - /* Keepalive packet. */ - got_smb = False; - } - - } - while(ret && !got_smb); - - return ret; -} - /* These flags determine some of the permissions required to do an operation @@ -179,11 +147,11 @@ force write permissions on print services. /**************************************************************************** do a switch on the message type, and return the response size ****************************************************************************/ -static int do_message(char *inbuf,char *outbuf,int size,int bufsize) +static int do_message(pipes_struct *p, + char *inbuf,char *outbuf,int size,int bufsize) { static int pid= -1; - pipes_struct *p = &static_pipe; prs_struct pd; int outsize = -1; @@ -213,12 +181,13 @@ static int do_message(char *inbuf,char *outbuf,int size,int bufsize) /**************************************************************************** construct a reply to the incoming packet ****************************************************************************/ -static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) +static int construct_reply(pipes_struct *p, + char *inbuf,char *outbuf,int size,int bufsize) { int outsize = 0; smb_last_time = time(NULL); - outsize = do_message(inbuf,outbuf,size,bufsize) + 4; + outsize = do_message(p, inbuf,outbuf,size,bufsize) + 4; if(outsize > 4) _smb_setlen(outbuf,outsize - 4); @@ -230,9 +199,8 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) process an smb from the client - split out from the process() code so it can be used by the oplock break code. ****************************************************************************/ -void process_smb(char *inbuf, char *outbuf) +static void process_msrpc(pipes_struct *p, int c, char *inbuf, char *outbuf) { - extern int Client; static int trans_num; int32 len = smb_len(inbuf); int nread = len + 4; @@ -242,11 +210,11 @@ void process_smb(char *inbuf, char *outbuf) deny parameters before doing any parsing of the packet passed to us by the client. This prevents attacks on our parsing code from hosts not in the hosts allow list */ - if (!check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1))) { + if (!check_access(c, lp_hostsallow(-1), lp_hostsdeny(-1))) { /* send a negative session response "not listining on calling name" */ DEBUG( 1, ( "Connection denied from %s\n", - client_addr(Client) ) ); + client_addr(c) ) ); exit_server("connection denied"); } } @@ -264,7 +232,7 @@ void process_smb(char *inbuf, char *outbuf) } #endif - nread = construct_reply(inbuf,outbuf,nread,max_send); + nread = construct_reply(p, inbuf,outbuf,nread,max_send); if(nread > 0) { @@ -276,19 +244,20 @@ void process_smb(char *inbuf, char *outbuf) nread, smb_len(outbuf))); } else - send_smb(Client,outbuf); + send_smb(c,outbuf); } trans_num++; } - -BOOL get_user_creds(struct user_creds *usr) +/**************************************************************************** + reads user credentials from the socket +****************************************************************************/ +BOOL get_user_creds(int c, struct user_creds *usr) { pstring buf; int rl; uint32 len; BOOL new_con = False; - extern int Client; uint32 status; CREDS_CMD cmd; @@ -300,7 +269,7 @@ BOOL get_user_creds(struct user_creds *usr) DEBUG(10,("get_user_creds: first request\n")); - rl = read(Client, &buf, sizeof(len)); + rl = read(c, &buf, sizeof(len)); if (rl != sizeof(len)) { @@ -317,7 +286,7 @@ BOOL get_user_creds(struct user_creds *usr) return False; } - rl = read(Client, buf, len); + rl = read(c, buf, len); if (rl < 0) { @@ -370,7 +339,7 @@ BOOL get_user_creds(struct user_creds *usr) status = new_con ? 0x0 : 0x1; - if (write(Client, &status, sizeof(status)) != + if (write(c, &status, sizeof(status)) != sizeof(status)) { return False; @@ -380,22 +349,18 @@ BOOL get_user_creds(struct user_creds *usr) } /**************************************************************************** - process commands from the client + initialise from pipe ****************************************************************************/ -void lsarpcd_process(void) +BOOL msrpcd_init(int c, pipes_struct *p) { struct user_creds usr; gid_t *groups = NULL; - ZERO_STRUCT(static_pipe); - - fstrcpy(static_pipe.name, "lsarpc"); - - if (!get_user_creds(&usr)) + if (!get_user_creds(c, &usr)) { DEBUG(0,("authentication failed\n")); free_user_creds(&usr); - return; + return False; } if (usr.uxs.num_grps != 0) @@ -404,7 +369,7 @@ void lsarpcd_process(void) groups = malloc(usr.uxs.num_grps * sizeof(groups[0])); if (groups == NULL) { - return; + return False; } for (i = 0; i < usr.uxs.num_grps; i++) { @@ -412,7 +377,7 @@ void lsarpcd_process(void) } } - static_pipe.vuid = create_vuid(usr.uxs.uid, usr.uxs.gid, + p->vuid = create_vuid(usr.uxs.uid, usr.uxs.gid, usr.uxs.num_grps, groups, usr.uxc.user_name, usr.uxc.requested_name, @@ -420,23 +385,34 @@ void lsarpcd_process(void) usr.uxc.guest, usr.ntc.pwd.sess_key); - if (static_pipe.vuid == UID_FIELD_INVALID) + if (p->vuid == UID_FIELD_INVALID) { - return; + return False; } free_user_creds(&usr); - become_vuser(static_pipe.vuid); + if (!become_vuser(p->vuid)) + { + return False; + } - static_pipe.l = malloc(sizeof(*static_pipe.l)); - if (static_pipe.l == NULL) + p->l = malloc(sizeof(*p->l)); + if (p->l == NULL) { - return; + return False; } - ZERO_STRUCTP(static_pipe.l); + ZERO_STRUCTP(p->l); + return True; +} + +/**************************************************************************** + process commands from the client +****************************************************************************/ +void msrpcd_process(int c, pipes_struct *p) +{ InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); if ((InBuffer == NULL) || (OutBuffer == NULL)) @@ -459,7 +435,7 @@ void lsarpcd_process(void) errno = 0; for (counter=SMBD_SELECT_LOOP; - !receive_message_or_smb(InBuffer,BUFFER_SIZE, + !receive_message_or_msrpc(c, InBuffer,BUFFER_SIZE, SMBD_SELECT_LOOP*1000,&got_smb); counter += SMBD_SELECT_LOOP) { @@ -486,9 +462,6 @@ void lsarpcd_process(void) t = time(NULL); - /* become root again if waiting */ - unbecome_vuser(); - /* check for smb.conf reload */ if (counter >= service_load_counter + SMBD_RELOAD_CHECK) { @@ -523,6 +496,6 @@ void lsarpcd_process(void) } if(got_smb) - process_smb(InBuffer, OutBuffer); + process_msrpc(p, c, InBuffer, OutBuffer); } } diff --git a/source3/netlogond/netlogond.c b/source3/netlogond/netlogond.c new file mode 100644 index 00000000000..fb0ace784db --- /dev/null +++ b/source3/netlogond/netlogond.c @@ -0,0 +1,134 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; +extern int DEBUGLEVEL; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ + if (!pwdb_initialise(True)) + { + exit(-1); + } + + if(!initialise_sam_password_db()) + { + exit(-1); + } + + if(!initialise_passgrp_db()) + { + exit(-1); + } + + if(!initialise_group_db()) + { + exit(-1); + } + + if(!initialise_alias_db()) + { + exit(-1); + } + + if(!initialise_builtin_db()) + { + exit(-1); + } + + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(-1); + } +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "NETLOGON"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_netlog_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index d2a7b0bdf91..7a73bf59324 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -243,13 +243,13 @@ BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *mynam * Get the trust account password. */ if(!trust_password_lock( domain, myname, False)) { - DEBUG(0,("domain_client_validate: unable to open the trust account password file for \ + DEBUG(0,("trust_get_passwd: unable to open the trust account password file for \ trust %s in domain %s.\n", myname, domain )); return False; } if(get_trust_account_password( trust_passwd, &lct) == False) { - DEBUG(0,("domain_client_validate: unable to read the trust account password for \ + DEBUG(0,("trust_get_passwd: unable to read the trust account password for \ trust %s in domain %s.\n", myname, domain )); trust_password_unlock(); return False; diff --git a/source3/rpc_client/cli_connect.c b/source3/rpc_client/cli_connect.c index fcca3e44fff..f935b530444 100644 --- a/source3/rpc_client/cli_connect.c +++ b/source3/rpc_client/cli_connect.c @@ -96,7 +96,7 @@ static struct cli_connection *cli_con_get(const char* srv_name, con->pipe_name = strdup(pipe_name); } - con->cli = cli_net_use_add(srv_name, usr_creds, False, reuse); + con->cli = cli_net_use_add(srv_name, usr_creds, True, reuse); if (con->cli == NULL) { diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 2b620f036e9..7ddbb9dbe40 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -62,7 +62,7 @@ BOOL spoolss_enum_printers(uint32 flags, const char *srv_name, DEBUG(5,("SPOOLSS Enum Printers (Server: %s level: %d)\n", srv_name, level)); - make_spoolss_q_enumprinters(&q_o, flags, srv_name, level, 0x50); + make_spoolss_q_enumprinters(&q_o, flags, srv_name, level, 0x200); /* turn parameters into data stream */ spoolss_io_q_enumprinters("", &q_o, &buf, 0); diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index b28b2dcc75f..5cb6179936f 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -2024,8 +2024,11 @@ BOOL spoolss_io_r_enumprinters(char *desc, PRINTER_INFO_1 *info1; PRINTER_INFO_2 *info2; + fstring tmp; - prs_debug(ps, depth, desc, "spoolss_io_r_enumprinters"); + slprintf(tmp, sizeof(tmp)-1, "spoolss_io_r_enumprinters %d", r_u->level); + + prs_debug(ps, depth, desc, tmp); depth++; prs_align(ps); prs_uint32("pointer", ps, depth, &useless_ptr); diff --git a/source3/rpc_server/srv_brs.c b/source3/rpc_server/srv_brs.c index cde5a79bebf..c9abab20be5 100644 --- a/source3/rpc_server/srv_brs.c +++ b/source3/rpc_server/srv_brs.c @@ -93,6 +93,6 @@ struct api_struct api_brs_cmds[] = ********************************************************************/ BOOL api_brs_rpc(rpcsrv_struct *p, prs_struct *data) { - return api_rpcTNP(p, "api_brssvc_rpc", api_brs_cmds, data); + return api_rpcTNP(p, "api_brs_rpc", api_brs_cmds, data); } diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 22788508ebf..9721b3bf003 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -334,6 +334,13 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) return True; } + if (strequal(mach_name, global_myname)) + { + DEBUG(0,("get_md4pw: *** LOOPBACK DETECTED - USING NULL KEY ***\n")); + memset(md4pw, 0, 16); + return True; + } + DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); return False; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 73a06b208c8..d15cc1248c6 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -231,8 +231,6 @@ static BOOL api_pipe_ntlmssp_verify(rpcsrv_struct *l) size_t wks_len; BOOL anonymous = False; - struct smb_passwd *smb_pass = NULL; - memset(null_pwd, 0, sizeof(null_pwd)); DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -304,19 +302,13 @@ static BOOL api_pipe_ntlmssp_verify(rpcsrv_struct *l) else { DEBUG(5,("user: %s domain: %s wks: %s\n", l->user_name, l->domain, l->wks)); - become_root(True); - smb_pass = getsmbpwnam(l->user_name); - l->ntlmssp_validated = pass_check_smb(smb_pass, l->domain, + become_root(False); + l->ntlmssp_validated = check_domain_security(l->user_name, l->domain, (uchar*)l->ntlmssp_chal.challenge, lm_owf, lm_owf_len, nt_owf, nt_owf_len, - NULL, l->user_sess_key); - unbecome_root(True); - - if (smb_pass != NULL) - { - pwd = smb_pass->smb_passwd; - } + l->user_sess_key); + unbecome_root(False); } if (l->ntlmssp_validated && pwd != NULL) @@ -463,20 +455,6 @@ static struct api_cmd* add_api_cmd_to_array(uint32 *len, } -#if 0 -{ - { "lsarpc", "lsass", api_ntlsa_rpc }, - { "samr", "lsass", api_samr_rpc }, - { "srvsvc", "ntsvcs", api_srvsvc_rpc }, - { "wkssvc", "ntsvcs", api_wkssvc_rpc }, - { "browser", "ntsvcs", api_brs_rpc }, - { "svcctl", "ntsvcs", api_svcctl_rpc }, - { "NETLOGON", "lsass", api_netlog_rpc }, - { "winreg", "winreg", api_reg_rpc }, - { "spoolss", "spoolss", api_spoolss_rpc }, - { NULL, NULL, NULL } -}; -#endif void close_msrpc_command_processor(void) { diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 8a28674d3de..f8bde1bf9b0 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -135,14 +135,13 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); } - if (strequal(pipe_name, "lsarpc")) + m = msrpc_use_add(pipe_name, &usr, False); + if (m == NULL) { - m = msrpc_use_add(pipe_name, &usr, False); - if (m == NULL) - { - DEBUG(5,("open pipes: msrpc redirect failed\n")); - return NULL; - } + DEBUG(5,("open pipes: msrpc redirect failed\n")); + return NULL; + } +#if 0 } else { @@ -164,6 +163,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, memcpy(l->user_sess_key, vuser->user_sess_key, sizeof(l->user_sess_key)); } +#endif p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c index 8d8d8f01678..275db6e12be 100644 --- a/source3/rpcclient/cmd_reg.c +++ b/source3/rpcclient/cmd_reg.c @@ -326,6 +326,7 @@ void cmd_reg_query_info(struct client_info *info, int argc, char *argv[]) { BOOL res = True; BOOL res1 = True; + BOOL res2 = True; POLICY_HND key_pol; POLICY_HND pol_con; @@ -379,10 +380,10 @@ void cmd_reg_query_info(struct client_info *info, int argc, char *argv[]) } /* query it */ - res1 = res1 ? reg_query_info(&key_pol, + res2 = res1 ? reg_query_info(&key_pol, val_name, &type, &buf) : False; - if (res1) + if (res2) { reg_display_val_info(full_keyname, val_name, type, &buf); } @@ -394,7 +395,7 @@ void cmd_reg_query_info(struct client_info *info, int argc, char *argv[]) } res = res ? reg_close(&pol_con) : False; - if (res && res1) + if (res2) { DEBUG(5,("cmd_reg_query: query succeeded\n")); } diff --git a/source3/samrd/samrd.c b/source3/samrd/samrd.c new file mode 100644 index 00000000000..40ebf45b518 --- /dev/null +++ b/source3/samrd/samrd.c @@ -0,0 +1,134 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; +extern int DEBUGLEVEL; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ + if (!pwdb_initialise(True)) + { + exit(-1); + } + + if(!initialise_sam_password_db()) + { + exit(-1); + } + + if(!initialise_passgrp_db()) + { + exit(-1); + } + + if(!initialise_group_db()) + { + exit(-1); + } + + if(!initialise_alias_db()) + { + exit(-1); + } + + if(!initialise_builtin_db()) + { + exit(-1); + } + + if (!get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(-1); + } +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "samr"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_samr_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 91f727701c7..fa46a74c14b 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -606,132 +606,3 @@ use this machine as the password server.\n")); return(True); } -/*********************************************************************** - Do the same as security=server, but using NT Domain calls and a session - key from the workstation trust account password. -************************************************************************/ - -BOOL domain_client_validate( char *user, char *domain, - char *acct_name, uint16 acct_type, - char *smb_apasswd, int smb_apasslen, - char *smb_ntpasswd, int smb_ntpasslen, - uchar user_sess_key[16]) -{ - unsigned char local_challenge[8]; - unsigned char local_lm_response[24]; - unsigned char local_nt_reponse[24]; - unsigned char trust_passwd[16]; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 info3; - uint32 smb_uid_low; - fstring trust_acct; - fstring srv_name; - - fstrcpy(trust_acct, acct_name); - fstrcat(trust_acct, "$"); - - /* - * Check that the requested domain is not our own machine name. - * If it is, we should never check the PDC here, we use our own local - * password file. - */ - - if(strequal( domain, global_myname)) - { - DEBUG(3,("domain_client_validate: Requested domain was for this machine.\n")); - return False; - } - - if (!get_any_dc_name(domain, srv_name)) - { - DEBUG(3,("domain_client_validate: could not find domain %s\n", - domain)); - return False; - } - - /* - * Next, check that the passwords given were encrypted. - */ - - if(((smb_apasslen != 24) && (smb_apasslen != 0)) || - ((smb_ntpasslen <= 24) && (smb_ntpasslen != 0))) - { - /* - * Not encrypted - do so. - */ - - DEBUG(3,("domain_client_validate: User passwords not in encrypted format.\n")); - generate_random_buffer( local_challenge, 8, False); - SMBencrypt( (uchar *)smb_apasswd, local_challenge, local_lm_response); - SMBNTencrypt((uchar *)smb_ntpasswd, local_challenge, local_nt_reponse); - smb_apasslen = 24; - smb_ntpasslen = 24; - smb_apasswd = (char *)local_lm_response; - smb_ntpasswd = (char *)local_nt_reponse; - } - else - { - /* - * Encrypted - get the challenge we sent for these - * responses. - */ - - if (!last_challenge(local_challenge)) - { - DEBUG(0,("domain_client_validate: no challenge done - password failed\n")); - return False; - } - } - - /* - * Get the workstation trust account password. - */ - if (!trust_get_passwd( trust_passwd, domain, acct_name)) - { - return False; - } - - /* - * At this point, smb_apasswd points to the lanman response to - * the challenge in local_challenge, and smb_ntpasswd points to - * the NT response to the challenge in local_challenge. Ship - * these over the secure channel to a domain controller and - * see if they were valid. - */ - - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - if(cli_nt_setup_creds(srv_name, global_myname, trust_acct, - trust_passwd, acct_type) != 0x0) - { - DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \ - %s.\n", srv_name)); - return False; - } - - /* We really don't care what LUID we give the user. */ - generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); - - if (!cli_nt_login_network(srv_name, global_myname, - domain, user, - smb_uid_low, (char *)local_challenge, - ((smb_apasslen != 0) ? smb_apasswd : NULL), - ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL), - &ctr, &info3)) - { - DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \ - %s to Domain controller %s.\n", user, domain, srv_name)); - return False; - } - - /* - * Here, if we really want it, we have lots of info about the user in info3. - * LKCLXXXX - really important to check things like "is this user acct - * locked out / disabled" etc!!!! - */ - - return True; -} diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 81f2a9beb9e..10146c1287c 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -495,41 +495,6 @@ static BOOL check_server_security(char *orig_user, char *domain, smb_ntpasswd, smb_ntpasslen); } -/**************************************************************************** - Check for a valid username and password in security=domain mode. -****************************************************************************/ - -static BOOL check_domain_security(char *orig_user, char *domain, - char *smb_apasswd, int smb_apasslen, - char *smb_ntpasswd, int smb_ntpasslen, - uchar user_sess_key[16]) -{ - fstring acct_name; - uint16 acct_type = 0; - - if (lp_security() == SEC_SHARE || lp_security() == SEC_SERVER) - { - return False; - } - - if (lp_security() == SEC_DOMAIN && strequal(domain, global_myworkgroup)) - { - fstrcpy(acct_name, global_myname); - acct_type = SEC_CHAN_WKSTA; - } - else - { - fstrcpy(acct_name, global_myworkgroup); - acct_type = SEC_CHAN_DOMAIN; - } - - return domain_client_validate(orig_user, domain, - acct_name, acct_type, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen, - user_sess_key); -} - /**************************************************************************** reply to a session setup command ****************************************************************************/ @@ -552,6 +517,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int static BOOL done_sesssetup = False; BOOL doencrypt = SMBENCRYPT(); char *domain = ""; + uchar last_chal[8]; *smb_apasswd = 0; *smb_ntpasswd = 0; @@ -736,7 +702,9 @@ user %s attempted down-level SMB connection\n", user)); !check_server_security(orig_user, domain, smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) && + !last_challenge(last_chal) && !check_domain_security(orig_user, domain, + last_chal, smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen, user_sess_key) && !check_hosts_equiv(user) diff --git a/source3/smbd/server.c b/source3/smbd/server.c index f6ea8ecb654..bdb2827483e 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -480,7 +480,6 @@ static void init_structs(void) { exit_server("could not allocate policy handles\n"); } - init_printer_hnd(); /* for SPOOLSS handles */ init_dptrs(); init_dfs_table(); } @@ -678,16 +677,6 @@ static void usage(char *pname) } #endif /* WITH_SSL */ - start_msrpc_agent("lsarpc"); - add_msrpc_command_processor( "samr", "lsass", api_samr_rpc ); - add_msrpc_command_processor( "srvsvc", "ntsvcs", api_srvsvc_rpc ); - add_msrpc_command_processor( "wkssvc", "ntsvcs", api_wkssvc_rpc ); - add_msrpc_command_processor( "browser", "ntsvcs", api_brs_rpc ); - add_msrpc_command_processor( "svcctl", "ntsvcs", api_svcctl_rpc ); - add_msrpc_command_processor( "NETLOGON", "lsass", api_netlog_rpc ); - add_msrpc_command_processor( "winreg", "winreg", api_reg_rpc ); - add_msrpc_command_processor( "spoolss", "spoolss", api_spoolss_rpc ); - codepage_initialise(lp_client_code_page()); if (!pwdb_initialise(True)) diff --git a/source3/spoolssd/spoolssd.c b/source3/spoolssd/spoolssd.c new file mode 100644 index 00000000000..7ea5195009b --- /dev/null +++ b/source3/spoolssd/spoolssd.c @@ -0,0 +1,100 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ + init_printer_hnd(); /* for SPOOLSS handles */ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + load_printers(); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "spoolss"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_spoolss_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/srvsvcd/srvsvcd.c b/source3/srvsvcd/srvsvcd.c new file mode 100644 index 00000000000..78c64a200b3 --- /dev/null +++ b/source3/srvsvcd/srvsvcd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "srvsvc"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_srvsvc_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/svcctld/svcctld.c b/source3/svcctld/svcctld.c new file mode 100644 index 00000000000..95470ad4a49 --- /dev/null +++ b/source3/svcctld/svcctld.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "svcctl"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_svcctl_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index a1a870a674a..3b87687c261 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -794,8 +794,6 @@ int main(int argc, char **argv) load_interfaces(); - init_policy_hnd(64); - if(!pwdb_initialise(False)) { fprintf(stderr, "Can't setup password database vectors.\n"); diff --git a/source3/winregd/winregd.c b/source3/winregd/winregd.c new file mode 100644 index 00000000000..c317ddd6f44 --- /dev/null +++ b/source3/winregd/winregd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "winreg"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_reg_rpc ); + + return msrpc_main(argc, argv); +} diff --git a/source3/wkssvcd/wkssvcd.c b/source3/wkssvcd/wkssvcd.c new file mode 100644 index 00000000000..dcb5bb98eef --- /dev/null +++ b/source3/wkssvcd/wkssvcd.c @@ -0,0 +1,97 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Main SMB server routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +fstring pipe_name; + +pstring servicesf = CONFIGFILE; +extern pstring debugf; +extern BOOL append_log; + +/************************************************************************* + initialise an msrpc service + *************************************************************************/ +void msrpc_service_init(void) +{ +} + +/**************************************************************************** + reload the services file + **************************************************************************/ +BOOL reload_services(BOOL test) +{ + BOOL ret; + + if (lp_loaded()) { + pstring fname; + pstrcpy(fname,lp_configfile()); + if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) { + pstrcpy(servicesf,fname); + test = False; + } + } + + reopen_logs(); + + if (test && !lp_file_list_changed()) + return(True); + + lp_killunused(NULL); + + ret = lp_load(servicesf,False,False,True); + + /* perhaps the config filename is now set */ + if (!test) + reload_services(True); + + reopen_logs(); + + load_interfaces(); + + return(ret); +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ +#ifdef HAVE_SET_AUTH_PARAMETERS + set_auth_parameters(argc,argv); +#endif + +#ifdef HAVE_SETLUID + /* needed for SecureWare on SCO */ + setluid(0); +#endif + + append_log = True; + + TimeInit(); + + setup_logging(argv[0],False); + fstrcpy(pipe_name, "wkssvc"); + slprintf(debugf, sizeof(debugf), "%s/log.%s", LOGFILEBASE, pipe_name); + add_msrpc_command_processor( pipe_name, argv[0], api_wkssvc_rpc ); + + return msrpc_main(argc, argv); +}