Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
filled, at
least with dummy routines. We need a way to indicate that we do not support a
call, so that srv_pipe_hnd.c can return the DCE level RNG_ERROR.
This flag can be set in the backend routines for this one. I'll change pidl to
generate code to "return False" in srv_lsa.c if this flag is set.
Volker
(This used to be commit 5260657664caf9546d324a81c392f0d9e8532d58)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Jeremy.
(This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
|
|
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
|
|
(This used to be commit b9d1a659109daeeb625f3e6caf7ec706ccdde230)
|
|
Ensure that the mach_acct and remote machine entries are
set correctly in struct dcinfo - we'll need this as a key
for a persistent schannel state later.
Jeremy.
(This used to be commit 47269b5c7161d740c2e86227de3acd9e08c53817)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
|
|
segvs
(This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
|
|
in the late 1990's may be more appropriate though.
(This used to be commit 4c881b7a9e40307710ec860375985dc2145f2dd8)
|
|
my (C) to a header file that was at least 50% mine :-).
Jeremy.
(This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
#534
(This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
|
|
There is a workaround documented in the bug report.
This patch does:
* add server support for the LSA_DS UUID on the lsarpc pipe
* store a list of context_ids/api_structs in the pipe_struct
so that we don't have to lookup the function table for a pipe.
We just match the context_id. Note that a dce/rpc alter_context
does not destroy the previous context so it is possible to
have multiple bindings active on the same pipe. Observed from
standalone win2k sp4 client.
* added server code for DsROleGetPrimaryDOmainInfo() but disabled it
since it causes problems enumerating users and groups from a 2ksp4
domain member in a Samba domain.
(This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
|
|
(This used to be commit b0fd4e5555dd93c584cd86eaac080663b9e4031f)
|
|
Only compiled in when --enable-developer argument passed to configure.
(This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
|
|
No more XP requiresignorseal anymore!
Thanks again to Luke :-)
Volker
(This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
(This used to be commit 028477e35208e76fedbc7c743426fd9be94b7cf0)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit a7fa0733badad66ae610eac5e01569cf264976f3)
|
|
Andrew Bartlett
(This used to be commit a9edcc1cb7c5f2692bc1931f0a2059a91891f178)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
Jeremy.
(This used to be commit 0db93d8752197e213f0974edae53e2dafdd77b51)
|
|
This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.
This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.
Andrew Bartlett
(This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
|
|
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
(This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
|
|
(This used to be commit 06c619b395f212ec3122cf1c804b27afba04e79d)
|
|
(This used to be commit 2eb28b3d516325725678a67f8b0030aec8ec61d7)
|
|
rpc_server/srv_lsa_hnd.c: Remove back pointer from policy handle list as the pipe
that opened the handle may have been closed. We were dereferencing
into something that had been closed.
rpc_parse/parse_spoolss.c: Sync up with Gerald's changes in 2.2.
lib/replace.c: Don't do proto on setlinebuf as it differs between systems.
Jeremy.
(This used to be commit 887ef3e12dc56b89b2284d42b16a81f03e15110b)
|
|
Jeremy.
(This used to be commit a24b248a77ccac364832ff7d4df083d437caf9ed)
|
|
now in pipe struct (where used) rather than user_struct.
Secured machine account password changing in srv_netlog_nt.c - ensure
that only the given machine can change its own password. May need to
free this up later for NT admin tools, but this is a fail-safe secure
position for now.
Jeremy.
(This used to be commit 46b12f2275dcd4b3114085160cd456441f9e921e)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
|
|
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
|
|
functions work now:
- spoolenum
- spoolopen
- spoolgetprinter
- spoolgetprinterdriver
Items todo:
- track down memory bug with spoolenumdata
- fix spoolgetprinterdriverdir
- fix spoolgetdata
- fix display_job_info_ctr in spooljobs
All part of the ongoing rpcclient work.
Also included a new generic list ADT. Cleaner and simplier
than the stuff in util_array.c i think (but then that's why I wrote it).
--jerry
(This used to be commit 381aba2c9a63faa53728f0520ac316478bc7a1c3)
|
|
and a few changes to ntdomain for rpcclient printing functions
--jerry
(This used to be commit eb3f545f54eabb8b2b9a735808ebf49808ea85eb)
|
|
* fixes some readline bugs from the merge
* first attempt at commands (spoolenum almost works)
* no changes to existing functions in HEAD; only additions
of new functions. I'll weed out what I can as I go.
--jerry
(This used to be commit 61d2aad5dc2b212b11c981f1eca47efa627e9fc8)
|
|
(This used to be commit 3c4a5f624bfa69eb81d998530d9227e158edd109)
|
|
structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)
|
|
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
The changes to the header files were minor. A few struct's and a few
additional fields to existing ones. No deletions. **minimal change
necessary** :-) Well, maybe not minimal, but I tried.
All other programs compile, link and run ok from what I can tell so
I don;t think I broke anything.
--jerry
(This used to be commit cd7f0b0b91afd3331c0607ba2fcb3ccdd41ecebf)
|
|
instead of two prs_data pointers.
(This used to be commit 73e4466fc30fee149f51a5aa45c26beb783306c5)
|
|
on the samba server.
(This used to be commit 15e7d8f6c5cddf6ce409ee2505744250d181ec34)
|
|
the buffer
(This used to be commit 725889869ca2eb66000efe8a77cde52d9737a814)
|
|
it is now at the stage that winbindd can compile in the head branch,
but not link
(This used to be commit d178c00aae77710ae6ff20a7f54a30e3bd8232bb)
|
|
head/tng merge.
It goes something like this:
- headers from tng get copied over one at a time
- the old headers get renamed to *_old.h
- server side code that used the old headers gets a
#define OLD_NTDOMAIN 1
#undef OLD_NTDOMAIN
at the start and end of the code
- mkproto.awk recognises these special defines and does magic stuff so
that each .c file sees the right headers
- we start moving the rpc client libraries from tng to head.
if this goes OK then, in theory, we should be able to move the client
side rpc code from tng to head without disturbing the existing head
server side code. Then when that works we can consider merging the
server side.
it remains to be seen if this scheme will work. So far I've moved
rpc_samr.h and don't seem to have broken anything.
Note this this is still a very delicate operation, as at every step of
the way I want to keep head fully functional. Please don't take part
unless you discuss it with me first.
(This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
|
|
functions that need to access the vuid, it can be obtained from the
current_user global.
Did some whitespace cleanup.
(This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
|