Age | Commit message (Collapse) | Author | Files | Lines |
|
from Samba4 on how to decode the 532 byte password buffers.
Getting closer to passing samba4 RPC-SCHANNEL test.
Jeremy.
(This used to be commit 205db6968a26c43dec64c14d8053d8e66807086f)
|
|
Jeremy.
(This used to be commit 6f8334ad31ac773f5c13335f5d8c5bed62987466)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
patch by Alex Deiter (tiamat@komi.mts.ru).
Introduces level 9 of getuserinfo and allows to successfully install MS SMS2003
on a member of a Samba domain. Also added support for this level in rpcclient.
The code for infolevel 9 is modelled upon Samba-TNG by Alex Deiter.
Jerry, we need this in 3.0.21b.
(This used to be commit 93461646ce2ad6e2f8b11d40ce98722d56a83b43)
|
|
(This used to be commit 53f15a0881de489e809bb58217ecabccd6d77e2c)
|
|
Guenther
(This used to be commit 0705fed566efdeab05d605dd239afe67ca5e9811)
|
|
Can anyone remember why we initialize groups only with 0x03 instead of 0x07 ?
Guenther
(This used to be commit 3282c7c458d390547fbaca44821eff376e8f9aaa)
|
|
Guenther
(This used to be commit a8bc4bc902075cfd009dc92674c4560a44a74277)
|
|
client behaviour (ie.:
open pipe/open SAMR handle/enumerate 0 - 1024
close SAMR handle, close pipe.
open pipe/open SAMR handle/enumerate 1024 - 2048...
close SAMR handle, close pipe.
And on ad-nausium. Amazing.... probably object-oriented
client side programming in action yet again.
This change should *massively* improve performance when
enumerating users from an LDAP database.
Jeremy.
(This used to be commit 8ce705d9cc1b6a79d710a10ff38f72a0f1006dda)
|
|
if changing to support samr_connect5 might help so quickly coded
it up. No it doesn't :-(. Don't merge this for 3.0.21 please.
Jeremy.
(This used to be commit bff1df678a8948d382f4555e83a1df23146a4b12)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
using USER_INFO_XX structs and functions where XX was sometimes
in hex and sometimes in decimal. Now it's all in decimal (should
be no functionality change).
Jeremy.
(This used to be commit 84651aca04cbcbf50ab2e78333cc9d9e49dd92f5)
|
|
MMC manage computer plugin.
(This used to be commit c43c1ec80cb52569ccabcdf95e4004386ecb29d6)
|
|
referencing unknown_6 from sam, because it's just fixed at 1260, the max
len of LOGON_HRS. Need to go in and mark it as "remove me" from passdb.
(This used to be commit ffac752875938d510446ebbeba6fc983f65cda1e)
|
|
should not say we are a PDC.
Guenther
(This used to be commit 6cdf3b97de2c28ac92f972621b0ce04c1c80cea5)
|
|
Note that Samba3 does not yet support it server-side.
Guenther
(This used to be commit b2c8220931733593fd312fc25b6c73f440b4567a)
|
|
set the value "forcibly disconnect remote users from server when logon
hours expire" to "no", instead take the value from our account-policy
storage.
Guenther
(This used to be commit e3bd2a22a5cebc4adf6910d3ec31bc6fada8cd35)
|
|
based on samba4-idl.
This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.
Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.
Guenther
(This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
|
|
comment string and not an unknown 12 byte structure...
Found after abartlet's smbtorture extended this string to
"Tortured by Samba4: Fri Nov 26 15:40:18 2004 CET"
;-))
Volker
(This used to be commit b41d94d8186f66136918432cf32e9dcef5a8bd12)
|
|
Andrew Bartlett
(This used to be commit 61768f4cb3a268ce30911b15b30f82de36716b5f)
|
|
Volker
(This used to be commit 9ceff803278bdbc09cb5ab678a108cea24ab49a9)
|
|
Jeremy.
(This used to be commit b9e79004a4c1e4a472f0627d2c33c966af22ccd2)
|
|
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
|
|
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes.
(This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
|
|
* don't fall back to unmapped UNIX group for
get_local_group_from_sid()
* remove an extra become/unbecome_root() pair
from group enumeration
(This used to be commit da12bbdb0dd9179b1ed457fa009679e2da4a8440)
|
|
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
|
|
call.
(This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
|
|
(This used to be commit c9b209be2b17c2e4677cc30b46b1074f48878f43)
|
|
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
|
|
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
|
|
Thanks to Andrew Brtlet for the diff :-)
(This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c)
|
|
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
This means different return sizes depending on client bugs. This sucks :-(.
Jeremy.
(This used to be commit f6592628eb526c487069bb3fcd809aca930e668e)
|
|
member server. Firstly, use the same max enumeration size (0x400) as W2K
uses, otherwise W2K won't ask for any more. Secondly, if a enumeration
request with a non-zero offset comes in on a handle that hasn't started
an enumeration, don't bitch about it (return NT_STATUS_UNSUCCESSFUL),
just load the db on that handle and return at that offset.
Jeremy.
(This used to be commit 0b7da4a50ea02e28ab23e71de1e5f8b9194a9af3)
|
|
J.F.
(This used to be commit 87928c4d91940447191af4fe83a2be7ac3477361)
|
|
calculate them and always reply a size of 32 bytes whereas NT4 did the
maths. Anyway, it looks like the clients don't complain.
in query_dom_info() at level 2, return the real number of users and
groups. That's the fix to the W95/98 userlist bug !
as W95/98 does a query_dom_info(2) followed by a query_disp_info(4) on
the SAME context handle (err we call it an lsa policy handle ! plain
wrong name), I was tempted to keep the snapshoot in memory, to prevent
2 full user db enumerations in a row and just have one shared. But if some
client does the 2 calls on two different handles, we would have 2 copies
in memory not free'ed before the samr_close().
We still have too many fixed constant and too many magic values in that
code. And btw, I really hates how the sequence number is generated !
J.F.
(This used to be commit c0178e1a03f8225e5b350feb8fcbfb02f43327b4)
|
|
instead of enumerating the whole user db or group db every time, we store
a in memory copy linked to the handle.
that's much faster for large enumeration where the db can't fit in a
single rpc packet. And as it's a copy, it's constant between enumeration.
still some stuff to clean. But now I can fix the W95 userlist bug, as I've
finally found it.
J.F.
(This used to be commit 3ab45215369e8e93d750f4687e9c1f7d47782590)
|
|
(This used to be commit 589aa4fe226ee5bdae0a244631193714b0b556ac)
|
|
It's just to keep usermanager happy ;-)
clean up a bit samr_query_aliasinfo to return the group description
added: samr_del_aliasmem, samr_del_groupmem and samr_del_domuser
with the correct scripts, you can now entirely manage the users from
usermanager ! Closer to full PDC every day ;-)
J.F.
(This used to be commit 0a727afc669704cda9b44d44dbac9e989e906ae3)
|
|
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
(This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
|
|
We now get the full account policy window in usermanager, and the
framework to store all those values. I plan to add a TDB file to store
them.
oh, and found that the last value in a sam_unknown_info_12_inf struct is
an uint16 and not a uint32.
andrewb: you hardcoded the MAX_PASSWORD_AGE to 21 days. We can now turn it
to a value setable in usermanager.
J.F.
(This used to be commit 99471d25693f6672d433b90a060378f6faad867f)
|
|
discovered that our reply is short by 4 bytes since day 1 of this code.
Added a decode function to rpcclient too.
splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).
J.F.
(This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
Jeremy.
(This used to be commit c51cfc7f0d3ad1614ca1e0330c8707f7b263b8e6)
|
|
add query dominfo level 5
some cleanup, don't free talloced memory.
implement delete domain and local groups.
J.F.
(This used to be commit 3f14dda2a21850edfd540be2624867e5f70a382c)
|
|
Jeremy.
(This used to be commit c8c138c1fbb49799a2dd4c6e781bd89f51c0c0c5)
|
|
hi jeremy,
can you commit the following patch against HEAD. I can't do it right now
Thanks Tim for me. He changed the SAM_DISPINFO_1 array without checking if
he didn't break the server code. And he did.
So on my way I cleaned info_1, 2, .. 5
it may break winbind. I leave to tim the pleasure to fix it ;-)
jf.
I added some talloc changes and checks for alloc fails.
Jeremy.
(This used to be commit 001e9b7b540f04c80ba65c879aaa41acddc86f3e)
|