Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
|
|
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
information when one or more of the names/sids being queried were not
resolvable. We now return a list the same length as the parameters passed
instead of an array of just the resolvable names/sids.
(This used to be commit 245468dbabb7c849ce423cc3cb586fa913d0adfe)
|
|
POLICY_HND structure when passing new handles back from the appropriate
cli_* functions. When closing the policy handle free the memory.
Insure (and indeed other memory checkers) should detect handles that have
not been closed properly as memory leaks. Unfortunately this can only be
done when the program terminates (set insure++.summarize leaks in your
.psrc file) rather than when the policy handle falls out of scope.
Looks like Jeremy has squished all the policy handle leaks at the moment
but more are bound to crop up later.
(This used to be commit 6dc80d625752f0a3ce6fd7b2278095529c6ec29f)
|
|
(This used to be commit 6b20a809020821276b0330810317a4d10c9fdb5a)
|
|
of strdup().
(This used to be commit fb32f7199b8a487757b509555e5a69ec5cae8fbd)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
where we pass the client's name. We should pass the servers name.
Andrew Bartlett
(This used to be commit aeecb7a06b006e69879f00699f4b8b6497553d19)
|
|
(This used to be commit 50fa21c995d33601920b3b56a3e03b09262e7fd9)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
(This used to be commit 5c8f6be290e78c4e72c821abdc9f06b7150e68e7)
|
|
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the
length fields are not correct but that's what NT send. We don't anymore
underflow or overflow the decoding.
added the domain admins group to the default SD.
we are now checking the desired access flag in the lsa_open_policy_X()
calls and in most functions also.
J.F.
(This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
|
|
- added lsaquerysecobj to rpcclient
- renamed querysecobj to samquerysecobj
- removed duplicated display_sec_acl() code from cmd_spoolss.c and
cmd_samr.c and moved it into display_sec.c
(This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
|
|
of how to use this interface.
Jeremy.
(This used to be commit 291985123515f99bb3fd86605d5b8a08301070a2)
|
|
(This used to be commit 359ca8f246c46b1700418fe0226458023f808d67)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined
as 0x8000001a instead of 0xc000001a. The former is actually a
NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status
code.
Removed the & 0xffffff from the loop in get_nt_error_msg() as all the
error constants now have the correct high bits set.
(This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
(This used to be commit d1dee2d0323fe6fc498e50201535b1718a88abaf)
|
|
(This used to be commit d2034bc5f7dc9b5b9d5e4f17ee8e468307dcb2d5)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
|
J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
|
|
lookupname/lookupsid.
There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was
being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped
was being returned. The correct field is mapped_count, *NOT* num_entries.
Jeremy.
(This used to be commit 9f8c644abc455510c06dbd5dbac49c6270746560)
|
|
(This used to be commit 5c892badbcad43b8a2e002d1a42483c402f2d3e9)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
(This used to be commit 9e69f59d6c4ec4e0474c594ada3a05ecc2bc806b)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
(This used to be commit afaafc3e5a2adef4736196aa5f4e6ca25a0571d2)
|
|
(This used to be commit 04d978258ba2fea702232c815e140ab12364e8e7)
|
|
and name if there is no name.
(This used to be commit e0ebbc9ae3277a5a389eef021f32509a017cbd4d)
|
|
group using rpcstr_pull_unistr2_fstring rather than pull_ascii_fstring (!!)
(This used to be commit 2accab2589d8c3decc489fb6af8d65d437a506e7)
|
|
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
|
|
allocate 0 bytes.
(This used to be commit 465994cfbca72649474345bc057d436961cccf97)
|
|
(This used to be commit 48688c4592d03d6404631a7d57701f0af38cfb2d)
|
|
Cleanup of exit paths.
Added query domain info and query display info.
(This used to be commit ff9e222e2ff3f50f4966d3c5859738a831c7adc9)
|
|
(This used to be commit 0a6ceed279cc8111008b21f75c6791efbd993f4b)
|
|
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
|
|
Added cli_lsa_enum_trust_dom().
Misc other cosmetic changes.
(This used to be commit 751483a155723581f987d46605b59cdeba34ad72)
|
|
(This used to be commit dcea2a4bc0503822667b73d19c4f0a59b15715a5)
|
|
Allow NULL to be passed to cli_lsa_initialise() which creates an anonymous
connection to the server.
(This used to be commit 8ccd06ee9635e81bdefa8ae58a88c39f132b371c)
|
|
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
(This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
|
|
rpc_client/cli_pipe.c
Only cli_lsa_open_policy(), cli_lsa_close(), cli_lsa_lookup_names()
and cli_lsa_lookup_sids() implemented so far.
(This used to be commit 129d5a155a73d926868d74f8447c1e93b429388d)
|