Age | Commit message (Collapse) | Author | Files | Lines |
|
that were in the head branch but weren't in SAMBA_2_0
(This used to be commit d7b208786590b5a28618590172b8d523627dda09)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
time out of sending the session setup on Solaris 2.6. No idea.
I'll work on it some tomorrow. This is to fix the "Unable to
setup password vectors" thingy.
Also changed an inet_aton() to inet_addr() as the former is
not very portable :-)
Luke, I set the redir flag to false because the connection to
the smb-agent was failing and smbpasswd bombed. Double check me
on this one.
-jc
(This used to be commit e1d2b174caf5f0c48a8fac25778f72a868ec6eb7)
|
|
arguments: get_any_dc_name() was being called with a server name
not a domain name. oops.
(This used to be commit 631814302d6992138cfe024ba7bd456cc7e0d3bf)
|
|
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
|
|
(This used to be commit 5e5a1dceee0b6088822697284d3e0af04d197477)
|
|
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
(This used to be commit d923bc8da2cf996408194d98381409191dd81a16)
|
|
moved smb-agent over to a single-process model instead of fork()
in order to reuse client connections. except, of course, you
can't do a select() on the same socket connections! argh!
(This used to be commit e9e5a34de8e8f9a69e817aceb8c16284334d4642)
|
|
which isn't actually used right now :-)
(This used to be commit d54a64ae3ab7cdc1ac67fb49f7255e6a106d624e)
|
|
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
(This used to be commit 294b653f2e9cdc1864ec638ae8b4300df25723cf)
|
|
lp_trusted_domains() parameter, so trusted domain logins should work,
right, if you put user = TRUSTED_DOMAIN\NTuser in "domain name map", right?
right - as _long_ as you're not using NTLMv2, because the damn NT username
gets mapped to the damn unix name too early, and NTLMv2 challenge-responses
are based on the client's user name, client's domain name, client's host name
etc damn etc.
so it becomes necessary to stop using char* username because this allows
for massive amounts of confusion as to which username is being referred to.
the underlying unix username on the local unix system that is associated with
the smbd process that represents the NT username? or the NT username itself?
(This used to be commit dd3ccdd7d996c107766cdad3c403e8b8947b9e65)
|
|
functions (cli_net_use_addlist()). needed originally because
there was no get_dc_any_name() function.
(This used to be commit 3a2b920ea2e6704b2574f404e1e41c7cfc0f96b2)
|
|
(This used to be commit f0946d1ccafeb5f541935b41f2d54bcbc06797ed)
|
|
(This used to be commit 50dc709fa95e86ebe2b3132176241cb3a2cc4e36)
|
|
up.
added a complicated prompt which i don't like, but it tells you
domain\user@hostname$
(This used to be commit 338d08f69b0eeefa0f3f2c0217ef17ea3e815e1f)
|
|
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
(This used to be commit fcc39b3f4f2f8d04d3fab09db048b4f3dc1e97d5)
|
|
in private .mac file (oops). ntlogin test now works.
(This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
|
|
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
|
|
and then set a default random password.
(This used to be commit 7846818432a93295651c8c67445a2d6a0f3b21d8)
|
|
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
|
|
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
|
|
freed / cleaned up. oops, dat bad, cos they get freed again when u quit.
(This used to be commit 3c4a6256dd790413ce96d208689e13c649787c4c)
|
|
by cli_net_use_add() and cli_net_use_del(). MSRPC connections are
established with cli_connection_init(), and automatically unlinked with
cli_connection_unlink. client states are _reused_ by cli_connection_init.
(This used to be commit 0fcd8ce0967169362bd126a28aa309401abdf17d)
|
|
(This used to be commit 1abdf9a45ff2e1d903a08891fbec0794349a9546)
|
|
equivalents of NetUseAdd and NetUseDel!
(This used to be commit 86f4b1d3cc3887c4bb7bd6433f5f932f7db1b88e)
|
|
to \PIPE\NETLOGON.
(This used to be commit 2ae9ee148582cc0ba9e067be3d6338079aea49a1)
|
|
parameters to connect to \PIPE\NETLOGON.
(This used to be commit d1986ade30bdcac1f49707221a3e5a5ae597ce62)
|
|
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
(This used to be commit 85cc680736f17e3f879895be5dac8f1427653919)
|
|
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
|
|
specify \PIPE\spoolss instead of \PIPE\lsarpc...
(This used to be commit 4e92090016badc78ae6532f0eb57af6bbdb789bd)
|
|
(This used to be commit 7a696330586b9ad5157b0c1ab249cc66e9accef7)
|
|
initialised dest_wks _after_ using it in at_soon() :-) so i fixed this :)
(This used to be commit 0aaf0c9c80b4a506955065e822a356b1c43a5ac5)
|
|
(This used to be commit 601d217f44ea1ce3735b9267b6f829b472a982b4)
|
|
(This used to be commit 4c3556fae73c60693355f95f48ac63834ba4dd10)
|
|
(This used to be commit e4e5743a407b60c3695410eaf3df4ca3de4a870e)
|
|
modified resolve_srv_name() to return dest host of *SMBSERVER if
server name is \\ip.add.ress.format
(This used to be commit 3204829225792974c8b20efb6ba6e24661a4f658)
|
|
again.
(This used to be commit 6b67d6164dbfda3ba690d86597ae560b7e5c7584)
|
|
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
|
|
except with only one user. done by sharing same code.
(This used to be commit 4e029d50fcb9148f2d65c6be2703b1003e68cec7)
|
|
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
(This used to be commit 29c480085e786905bfd92ea3cd93658f94e96e47)
|
|
(This used to be commit cda25778816f6d74f02c7e7c85e455b40e80bad2)
|
|
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req().
modified cli_lsarpc.c to use this. the rest is const issues.
(This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588)
|
|
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3b4e1c1e28aa1dde38cdef184eff3c1)
|
|
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
(This used to be commit 45e92258e7df84c21d23c0be7e1d85457ccac551)
|
|
do so twice. possible memory corruption, revolving around getopt().
(This used to be commit 7cacf8bd026f1ee274f1d352c68cf79cf4f3b499)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb)
|
|
attempted to fix regsetsec command
(This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
|