Age | Commit message (Collapse) | Author | Files | Lines |
|
but a plain old uint32.
(This used to be commit 690cc12bad2a037684a43b0dcb48be8eb03aa7bc)
|
|
to NT_STATUS_UNSUCCESSFUL according to AB's funky new error map.
(This used to be commit 9c968fbb017d3369ac207e65348a9a22dbed0213)
|
|
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
(This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
|
|
Also change the structure so it has its own (optional) 'free' pointer - so we
don't free() a talloc'ed version.
also split out the data_blob_clear() functionaility.
Andrew Bartlett
(This used to be commit 207ee8aac42cf4b35f07e496b15fdeabe50950bc)
|
|
Jeremy.
(This used to be commit 6c51d90f13a40359baef08424f7ea1940f93d511)
|
|
This new table is rather different to the old one (see diff posted to the
list for a sorted list of differences) and needs a *lot* of testing.
It does however seem to line up much better with what NT is using, as
exampled by the change to the OBJECT_NAME_COLLISION DOS error, it now matches
win2k where it didn't before.
I can't see any critical errors we now get wrong, and I know that the auth
errors are correct as per my on-the-wire observations.
This table was produced (and I hope to comment this better later) by
using the ERRMAPEXTRACT smbtorture tool, a Win2k domain member and the
'name_to_ntstatus' auth module on the HEAD PDC. This module returned
the username as the error, and the NT box was forced to give me a dos
error becouse thats all I negotiated on that connection. Hence the map.
Andrew Bartlett
(This used to be commit a855dfb2e0b899d03087860e5462c2aed3ca4cad)
|
|
(This used to be commit 269a7d3c9ba8ca1444653c1aa56b843b8b1df08b)
|
|
contain new print-formatted information. (Also
talloc_vasprintf_append.) Idea borrowed from glib.
(This used to be commit 53723e874885936dd67483ebf46601fc73489d17)
|
|
stop smb_macros.h and tdb.h from fighting with each other.
I tried to rearrange the #include file order but that breaks other stuff.
Aargh!
(This used to be commit aae8cc6e450a6a0b33045ed1e6d49f8eebeb48b2)
|
|
(This used to be commit ab1bd916cf59e12366d9005f6ce1cf6521ff02be)
|
|
(This used to be commit 27ffce157a655e267f225126f586847e5a0b8614)
|
|
(This used to be commit 501f3f3a8fb5ea27155f8c2fe266f1f659d7d22d)
|
|
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.
This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live. This caught a pile of examples, and these have
beeen fixed.
The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.
I've also added some debugs to the pdb get and set, they can be removed if
requested.
I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.
The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.
Finally, any and all testing is always appriciated - but the basics seem to
work.
Andrew Bartlett
(This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
|
|
This means different return sizes depending on client bugs. This sucks :-(.
Jeremy.
(This used to be commit f6592628eb526c487069bb3fcd809aca930e668e)
|
|
(This used to be commit b354163834e0f2da7d3caacfe8d2ac6e2a6949e8)
|
|
so that we can print it in later debug messages.
(This used to be commit 37ae84f782e1de6fcea92acb2189683cdf8e7e92)
|
|
on some platforms using "" instead of <> in include statements
(This used to be commit d0ba307032340a22d77cb1d8fc78b4234e1a963c)
|
|
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c
- It hasn't been used by anything else since smbpasswd lost its -j
- Add a TALLOC_CTX to the auth subsytem. These are only valid for the length
of the calls to the individual modules, if you want a longer context hide it
in your private data.
Similarly, all returns (like the server_info) should still be malloced.
- Move the 'ntdomain' module (security=domain in oldspeak) over to use the new
libsmb domain logon code. Also rework much of the code to use some better
helper functions for the connection - getting us much better error returns
(the new code is NTSTATUS).
The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for
the LUID feilds is sufficient, or if we should do random LUIDs as per the old
code.
Similarly, I'll move winbind over to this when I get a chance.
This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in
rpc_client, at least as far as smbd is concerned.
While I've given this a basic rundown, any testing is as always appriciated.
Andrew Bartlett
(This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
|
|
member server. Firstly, use the same max enumeration size (0x400) as W2K
uses, otherwise W2K won't ask for any more. Secondly, if a enumeration
request with a non-zero offset comes in on a handle that hasn't started
an enumeration, don't bitch about it (return NT_STATUS_UNSUCCESSFUL),
just load the db on that handle and return at that offset.
Jeremy.
(This used to be commit 0b7da4a50ea02e28ab23e71de1e5f8b9194a9af3)
|
|
(This used to be commit c4d928e55fe99a3a1c4e53508a44949f92d74219)
|
|
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
(This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
|
|
but it will take more time as I don't want to loose any fixes that
are only in HEAD.
(This used to be commit efcde5d9d8ce44c0613764504d797be54ba21473)
|
|
We now include the libber.h file if required, but currently we just don't use
ldap. (I'll chase this up).
In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).
Andrew Bartlett
(This used to be commit 14407c87e2dcccae1784290e3eb7a2d611516aff)
|
|
signal management.
Jeremy.
(This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
|
|
members (such as uid and gid). This way we will be able to
keep ourselves from writing out default smb.conf settings when
the admin doesn't want to, That part is not done yet.
Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd
backend.
oh...and smbpasswd doesn'y automatically expire accounts after 21 days
from the last password change either now. Just ifdef'd out that code
in build_sam_account().
Will merge updates into 2.2 as they are necessary.
jerry
(This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
|
|
J.F.
(This used to be commit 87928c4d91940447191af4fe83a2be7ac3477361)
|
|
calculate them and always reply a size of 32 bytes whereas NT4 did the
maths. Anyway, it looks like the clients don't complain.
in query_dom_info() at level 2, return the real number of users and
groups. That's the fix to the W95/98 userlist bug !
as W95/98 does a query_dom_info(2) followed by a query_disp_info(4) on
the SAME context handle (err we call it an lsa policy handle ! plain
wrong name), I was tempted to keep the snapshoot in memory, to prevent
2 full user db enumerations in a row and just have one shared. But if some
client does the 2 calls on two different handles, we would have 2 copies
in memory not free'ed before the samr_close().
We still have too many fixed constant and too many magic values in that
code. And btw, I really hates how the sequence number is generated !
J.F.
(This used to be commit c0178e1a03f8225e5b350feb8fcbfb02f43327b4)
|
|
instead of enumerating the whole user db or group db every time, we store
a in memory copy linked to the handle.
that's much faster for large enumeration where the db can't fit in a
single rpc packet. And as it's a copy, it's constant between enumeration.
still some stuff to clean. But now I can fix the W95 userlist bug, as I've
finally found it.
J.F.
(This used to be commit 3ab45215369e8e93d750f4687e9c1f7d47782590)
|
|
(This used to be commit b28dbbf56987fcea24941b8c46c4d5b52551a815)
|
|
(This used to be commit 9542b0a42cf0c51c171d50e825665245584ac87d)
|
|
(This used to be commit 5ed31faeb1f3cddc0e61acc63f96119e26f2b529)
|
|
the need for valid.dat
(This used to be commit 0cfd0a5e543181b1384f7afee93fbaf3ccb2b999)
|
|
(This used to be commit b3aff6b5a35da3660ede060b42439324a2309644)
|
|
It's not as strong as Insure, but it's free, reasonably efficient and
works on every platform.
(This used to be commit e76d27fcdb33df5212ca5b0ce53c77ed8ca58906)
|
|
nsswitch code uses vsyslog without checking for it.
Provide replacement for vsyslog in lib/snprintf if not found by configure.
Jeremy.
(This used to be commit ab2e55cdb376d6699c9a09fac243fba7d3840447)
|
|
(This used to be commit c0ff2743790c78962b111f9be69a1642185b528e)
|
|
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
|
|
- gss error code patch from a.bokovoy@sam-solutions.net
- better sid dumping in ads_dump
- fixed help in wbinfo
(This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
|
|
Add a global singly-linked list of all active talloc pools, so that we
can eventually show how much memory is used for different purposes.
This also gives a check that pools are not being doubly freed.
talloc_init_named now handle a NULL name properly (ie does nothing)
Add accessor talloc_pool_name().
(This used to be commit 4c6c03c8c7c18762dd9ef1a1bd88350b8960542f)
|
|
(This used to be commit 7da982e9268be7eb93fe7d6ad7da5b33ce44181c)
|
|
talloc_vasprintf.
(This used to be commit e6be48671d520f952be0b6dc0848569d0d834179)
|
|
(This used to be commit 5b6c22a209a26cb9adbf6d7733d396038c729633)
|
|
ancient mem_man.c:
Each TALLOC_CTX now has a field to store its purpose, to aid in
tracking down memory bloat. A new call talloc_init_named() should be
used instead of talloc_init() so that this is set.
Added talloc_vasprintf to be called by varargs functions.
(This used to be commit 25b97a743573b8c5e0ac886e4bfab581c11b3714)
|
|
(This used to be commit 589aa4fe226ee5bdae0a244631193714b0b556ac)
|
|
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the
length fields are not correct but that's what NT send. We don't anymore
underflow or overflow the decoding.
added the domain admins group to the default SD.
we are now checking the desired access flag in the lsa_open_policy_X()
calls and in most functions also.
J.F.
(This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
|
|
(This used to be commit 6b20d863b75b2b27d8dd8683cc3dc4486b18ceff)
|
|
Jeremy.
(This used to be commit 6d03184f8c039ad81de47b5f3bde7dac5b2815ad)
|
|
Jeremy.
(This used to be commit 59e01a22c5cb1046758c8cd6b09333c19d6cd26e)
|
|
owner. that's basic stuff.
got the POLICY_ define from TNG but they are also in an include file in
the NT SDK.
J.F.
(This used to be commit 84289a9bf42847981926e198ad36c050904fa9ed)
|
|
Jeremy.
(This used to be commit 064a3e0fc406d5ab408da0fbfbf68c89ce8defdd)
|