Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit ca10eb44909e66a07dc7f88b0a740390f9ec3922)
|
|
(This used to be commit dacf5b152bf74cc3ee9a816911384a5eb0e77afa)
|
|
(This used to be commit e5ee965f8d8452ab694bc5d88e474c4b91dce5b0)
|
|
Jeremy.
(This used to be commit 60c3e2f14d5c31fd1fd7aebf7196ac186e31d8f1)
|
|
(This used to be commit f36cf3b6a70d0a91bce923ab51780d20d69e3bd6)
|
|
(This used to be commit f11eb4165836ce8d15a453d37c4e07913562d778)
|
|
(This used to be commit d06d6369942828ec89e90f99bd0d0d3f91d61d13)
|
|
(This used to be commit 8a85d7abed317fd06e3e0026d4b9e088311eede4)
|
|
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions. thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
|
|
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
|
|
(This used to be commit bf15343def5b95ce4387ac4357674aff31431194)
|
|
needed a flags fields as you get 0x0000 0010 and 0x0000 001f unknown
values for different purposes, no-one's going to tell us what they
are and i don't CARE!
(This used to be commit aabb4b3bc5119ef317b5697ae6fcf5d36c2d474e)
|
|
- samr_enum_dom_users, the first 4 bytes is some sort of garbage,
nt5-beta2 clears them out to zeros whereas nt4 does not.
fixed bug where we were assuming that the first 4 bytes of a
response _had_ to be non-zero.
- cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names()
client call.
- added in "addaliasmem" and "addgroupmem" commands. the addaliasmem
command actually turned out to be a "delaliasmem" :-) :-)
- parse_lsa.c: moved assert array check to after the size of useable
array space is set...
(This used to be commit 165b15a8cacc4bc7cf8cc0b9aaabb6b92cef7fdb)
|
|
- renamed do_lsa_xxx to lsa_xxx
- added "enumgroups [-m]" command, enumerates groups, shows members.
- added cmd_sam_add_groupmem(), need to call these in rpcclient.c
- added cmd_sam_add_aliasmem(), need to call these in rpcclient.c
- modified "enumaliases [-m]" command
- improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs.
- renamed "samr_unknown_12" to "samr_lookup_rids".
- added the following client-side functions:
get_samr_query_groupmem()
get_samr_query_aliasmem()
get_samr_query_groupinfo()
samr_enum_dom_groups()
samr_enum_dom_aliases()
samr_add_aliasmem()
samr_add_groupmem()
- improved display output (display.c)
(This used to be commit eacc5e581af2b4de24186b9be3238b352c54effe)
|
|
(This used to be commit 4771d5451b49375cc2fd4246d7d746b0d03cd5ba)
|
|
renamed do_samr_xxxx to samr_xxxx.
(This used to be commit 1e5d81c154740349a2cda4c1892b33a21c0683a8)
|
|
DB API
(This used to be commit ef58e48bc9af338ed6c734205d4faf82371284ac)
|
|
(This used to be commit 13a656b0e5c73e157b222765fb57a1bdafc67b80)
|
|
(This used to be commit e39c0c76ae52bbd4539f8f254e78566a5511efc1)
|
|
query.
domain groups now work, hurrah! only thing is that the description is
one character long, don't know why (which is wierd in itself).
(This used to be commit 78a86c64960a7823b0db8b7bebfffabb4a5ba864)
|
|
complaint about confusion because both the HEAD and SAMBA_2_0 reported
the same version info.
(This used to be commit 195b860b46b78a6a2dd83909477dbc2e9af8f845)
|
|
rid is needed not the name (see DOMAIN_GRP_MEMBER) decided to go home.
(This used to be commit 9337049dfc98becfa74522d418dae64a97c7a304)
|
|
(This used to be commit f7f2516df46dde1671235f788f7689c93d9395ae)
|
|
(This used to be commit bfb75e58ced1082d3bb7d6b3f3367d50a0ca26ea)
|
|
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
|
|
stupid compile errors with file_rename() call just created.
(This used to be commit f5cedb8c9618b83b63b5e2db867d238eebc7e13c)
|
|
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists.
(This used to be commit 51c1c31768a92d9c57ee6c09b78419bcbc544f03)
|
|
(This used to be commit 3257b72c6e2722a6de6b40b4c16e934c02a7c508)
|
|
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
(This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
SCO 3.2 (including it also requires lots of streams stuff, making it a
total mess).
If this causes problems on some other platform then please add a
comment stating what platform and why the include is needed so we can
work out how to test for it properly.
(This used to be commit 21d779bf7def71d5d9c899eabbb6a110860bd8e2)
|
|
now need search capability on S-1-5-20, which will need argh, a
"group database API" on S-1-5-20, and the ability to add BUILTIN\Admins
etc to "local group map" argh.
(This used to be commit a24f6eb00ba7486479cbcf7fadf5456521c56179)
|
|
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
|
|
aclocal.m4: Added AC_LIBTESTFUNC.
configure.in: Fixed -lsecurity -lsec problems.
client.c: dos_ fixes.
groupdb/aliasunix.c: Dead code removal.
include/includes.h: Added default PRINTCAP_NAME.
lib/genrand.c: dos_ fixes.
lib/replace.c: Added strtoul.
lib/system.c: dos_ fixes.
lib/util.c: dos_ fixes.
lib/util_sid.c: Signed/unsigned fixes.
lib/util_str.c: removed bad const.
locking/locking_slow.c: dos_ fixes.
printing/printing.c: dos_ fixes.
rpc_server/srv_samr.c: Dead code removal.
rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN !
smbd/dir.c: dos_ fixes.
smbd/open.c: dos_ fixes.
smbd/oplock.c: dos_ fixes.
smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes.
Jeremy.
(This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
|
|
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
|
|
(This used to be commit 53339b63897f51913fef183fd3b4565dad2ffad1)
|
|
(This used to be commit 0fdac4b42fb55a26cdd73d6d5f4a3017d1b4db46)
|
|
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
|
|
use all_string_sub() if you don't want this.
(This used to be commit a3357ab49335106674fe7a7481cd0f146d74fbe5)
|
|
(This used to be commit bdcee2557bd243a1bfbde3353ebcfe3d82bf9fc5)
|
|
-lsecurity checks
in a more sane way.
rpc_client/cli_netlogon.c: Removed correct bits check to see if this works with an NT3.51 PDC.
rpc_parse/parse_samr.c: Fixed compile warnings.
Jeremy.
(This used to be commit 34d8f4b1c4d59ab3c009360fc67eef9361dd859b)
|
|
Jeremy.
(This used to be commit b02d21a73d7f098c5599c606abbb5c92ea4ba13e)
|
|
configure
configure.in
include/config.h.in: Fixes for AIX4.x. AIX *will not*
enable large file support of *any* description unless
either -D_LARGE_FILES or -D_LARGE_FILES_API are defined.
I chose "-D_LARGE_FILES" as this leads to cleaner code...
Also fixed bug where getpwnam was listed as getpw(a)nam in configure.in.
Jeremy.
(This used to be commit 2d62dc26f4e3a171ecbe56f33d94db2fea0ef0ad)
|
|
Added HPUX autoconf changes.
Added "gross hack" printer code.
Jeremy.
(This used to be commit 1ef6d3bd63722afe9c376793a6ea72046d1a0602)
|
|
acconfig.h configure configure.in include/config.h.in: Fixes to DEC OSF1.
libsmb/nmblib.c: Fixes to nmbd jumps in scope names.
Jeremy.
(This used to be commit 5ad77769be85e6727319afb0f02e5d94c2f9f16f)
|
|
groupdb/groupdb.c: Fixed compile error caught by IRIX compiler.
utils/smbpasswd.c: Fixed SunOS optind, optarg problem.
Jeremy.
(This used to be commit 30af39ae1edf51d5d06a1764982e5df431c142ac)
|
|
that cannot support it.
Jeremy.
(This used to be commit 7a6f25ac4ab0f0bef7a66f26004c15120248ff66)
|
|
If a client does a modify timestamp on an open file (which will
do no good at all on UNIX :-) then keep the modify request pending
in the files_struct and apply it at close instead.
Jeremy.
(This used to be commit 92a7a86f0e0255e3812dd35bebfcd653091514ae)
|
|
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
(This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|