Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit ec1b7000fd88c5a08e438c7033f60e49b9ec44a8)
|
|
(This used to be commit ba5919bcaefa792bae503c7ab19d4b7bbf9bb954)
|
|
(This used to be commit b314430b2102e47529b093b1b98b5b6f3b6ea74f)
|
|
(This used to be commit dad5baef194b18c674c0d908a0e0714c0a1aefa4)
|
|
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
(This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
|
|
(This used to be commit 6a437cfb33f24913e0c1f8484c0b08ef317e513b)
|
|
(This used to be commit 73db80f34183324845407b00f58462ff2d7b47ea)
|
|
(This used to be commit c5109ff782be8774db47a92b48ca6335ec8d6065)
|
|
under SID_NAME_ENUM 0x5 instead of 0x2 (Well-known group instead of
Domain Group) was making it impossible to view these groups from USRMGR.EXE.
(This used to be commit 3072044134eadbf46350b32c1ed0703681b0d590)
|
|
which is more appropriate.
(This used to be commit ac72fe1ab3d10f64a5945ccbd4ed3817e30f9f7b)
|
|
(This used to be commit 9084b7e33dfe717bd8d5604ee71d137e3baef0f5)
|
|
(This used to be commit f7dfa55a2e191ae780d399026bce48f68cda4bf0)
|
|
(This used to be commit e1e3875057bed830fdc0aaa9c85f04a1479fd64a)
|
|
lookupsmbpwuid that was causing a SEGFAULT in smbd.
(This used to be commit cabc7e739cb6a6c8dfc4b6988a8ef5837e3312d2)
|
|
(This used to be commit 090512e18770bab9222a30e68dee83d1612eca10)
|
|
better "fit" with other Samba code. This is a small first step toward
doing what (I think) we agreed to do.
I've moved the key function from ubiqx/debugparse.c into lib/debug.c. I
have also moved the enum from ubiqx/debugparse.h into the debug section in
smb.h.
The next thing to do is to get debug2html added into the Makefile.in so
that it is always produced when compiling the suite.
Chris -)-----
(This used to be commit 782474f41e0c2bc0b1f098758a3e5cb44e87d8b1)
|
|
(This used to be commit 0b2095e092d747f741e78a3349f0b81a72811629)
|
|
(This used to be commit 2cce78aa00f31b79d51aaf46da72019b926e8226)
|
|
(This used to be commit ca10eb44909e66a07dc7f88b0a740390f9ec3922)
|
|
(This used to be commit 501617307f3b9bbad76406d00b1bc82f5cb479a6)
|
|
Jeremy.
(This used to be commit b993081db1d371b8f0d16db23a46a2d5fedcc9ef)
|
|
creating locking masks
(This used to be commit 5e2844d5edb15de29b976d2ff077ffbe012b860c)
|
|
cnums and snums.
(This used to be commit 657f46edfbea852309505f5e3065506127eda6a2)
|
|
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions. thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
|
|
(This used to be commit 783d4b3477fa9e363aa1f7524bd060019648ab0d)
|
|
sure it is a samba process that is running.
(This used to be commit f7ad78e369ebf2f4d31e8259e3e1fdd4c087b037)
|
|
- renamed do_lsa_xxx to lsa_xxx
- added "enumgroups [-m]" command, enumerates groups, shows members.
- added cmd_sam_add_groupmem(), need to call these in rpcclient.c
- added cmd_sam_add_aliasmem(), need to call these in rpcclient.c
- modified "enumaliases [-m]" command
- improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs.
- renamed "samr_unknown_12" to "samr_lookup_rids".
- added the following client-side functions:
get_samr_query_groupmem()
get_samr_query_aliasmem()
get_samr_query_groupinfo()
samr_enum_dom_groups()
samr_enum_dom_aliases()
samr_add_aliasmem()
samr_add_groupmem()
- improved display output (display.c)
(This used to be commit eacc5e581af2b4de24186b9be3238b352c54effe)
|
|
DB API
(This used to be commit ef58e48bc9af338ed6c734205d4faf82371284ac)
|
|
(This used to be commit 81be1e60764d380adf47737552659854d94ca626)
|
|
(This used to be commit a74b6dcc76794c1fe350d6906f156fdf5189e18b)
|
|
(This used to be commit 779a7aa30d4b8a3c8ca1d817a3fd9886c0437def)
|
|
being able to use next_token() outside of string_to_sid calls.
use strchr instead
(This used to be commit 1c478ca1723558cc5dde693b4abacb56bd98cd43)
|
|
(This used to be commit bfb75e58ced1082d3bb7d6b3f3367d50a0ca26ea)
|
|
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
|
|
stupid compile errors with file_rename() call just created.
(This used to be commit f5cedb8c9618b83b63b5e2db867d238eebc7e13c)
|
|
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists.
(This used to be commit 51c1c31768a92d9c57ee6c09b78419bcbc544f03)
|
|
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
(This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
|
|
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
(This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
|
|
added their replacements, added sam password database API modules
(This used to be commit b1d1c1337c69c6f6bf25ab932a1a6a757e3ea2ae)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
aclocal.m4: Added AC_LIBTESTFUNC.
configure.in: Fixed -lsecurity -lsec problems.
client.c: dos_ fixes.
groupdb/aliasunix.c: Dead code removal.
include/includes.h: Added default PRINTCAP_NAME.
lib/genrand.c: dos_ fixes.
lib/replace.c: Added strtoul.
lib/system.c: dos_ fixes.
lib/util.c: dos_ fixes.
lib/util_sid.c: Signed/unsigned fixes.
lib/util_str.c: removed bad const.
locking/locking_slow.c: dos_ fixes.
printing/printing.c: dos_ fixes.
rpc_server/srv_samr.c: Dead code removal.
rpc_server/srv_sid.c: global_myworkgroup defined with wrong size AGAIN !
smbd/dir.c: dos_ fixes.
smbd/open.c: dos_ fixes.
smbd/oplock.c: dos_ fixes.
smbd/reply.c smbd/server.c smbd/service.c smbd/uid.c: dos_ fixes.
Jeremy.
(This used to be commit 6acb4b68f68d516e2ac3c47e500f5600d653435e)
|
|
unix groups are not explicitly mapped.
i.e as a PDC or BDC you can have domain groups, as a member of a domain
you cannot.
as a member of a domain, unmapped unix groups are assumed to be aliases,
and as a PDC or BDC, unmapped unix groups are assumed to be unix groups.
there is _one_ other check needed with aliases to be added: unmapped unix
groups that have the same name as an NT group on the PDC (for which i will
need to write an LsaLookupNames call) should be assumed to be domain groups
on the PDC.
(This used to be commit 53b49b44e13a4ca9818ebc947372b1374831b568)
|
|
(This used to be commit 16ac5c89b7417a6aa2596c5c7fbb1fa7542accfd)
|
|
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
|
|
(This used to be commit e93491953a2555401a372de74ac2aee0cc44cb88)
|
|
use all_string_sub() if you don't want this.
(This used to be commit a3357ab49335106674fe7a7481cd0f146d74fbe5)
|
|
(This used to be commit 42d2509c9fab5c774fd33b9d4b5bd1ee125479c3)
|
|
that cannot support it.
Jeremy.
(This used to be commit 7a6f25ac4ab0f0bef7a66f26004c15120248ff66)
|
|
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
(This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|