Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 13a656b0e5c73e157b222765fb57a1bdafc67b80)
|
|
(This used to be commit e39c0c76ae52bbd4539f8f254e78566a5511efc1)
|
|
query.
domain groups now work, hurrah! only thing is that the description is
one character long, don't know why (which is wierd in itself).
(This used to be commit 78a86c64960a7823b0db8b7bebfffabb4a5ba864)
|
|
rid is needed not the name (see DOMAIN_GRP_MEMBER) decided to go home.
(This used to be commit 9337049dfc98becfa74522d418dae64a97c7a304)
|
|
(This used to be commit f7f2516df46dde1671235f788f7689c93d9395ae)
|
|
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
|
|
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists.
(This used to be commit 51c1c31768a92d9c57ee6c09b78419bcbc544f03)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
now need search capability on S-1-5-20, which will need argh, a
"group database API" on S-1-5-20, and the ability to add BUILTIN\Admins
etc to "local group map" argh.
(This used to be commit a24f6eb00ba7486479cbcf7fadf5456521c56179)
|
|
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
|
|
-lsecurity checks
in a more sane way.
rpc_client/cli_netlogon.c: Removed correct bits check to see if this works with an NT3.51 PDC.
rpc_parse/parse_samr.c: Fixed compile warnings.
Jeremy.
(This used to be commit 34d8f4b1c4d59ab3c009360fc67eef9361dd859b)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|
|
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
|
|
now as "RPC fault" if the UNIHDR structure lengths do not exactly
match up to the length of the data stream.
so, all versions of samba prior to this one have an off-by-one bug
in unicode string lengths.
all versions of NT prior to NT 5 beta 2 could possibly have buffer
problems when receiving badly formatted UNICODE strings.
(This used to be commit 161eb6f511e161b63c1fa90a08c562fcf208344a)
|
|
for sid S-1-5-20 and does (nothing at the moment) if you query for
your own sid.
(This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
|
|
it appears!
(This used to be commit 399035098f212e976cc0000a215e0705ebe78c05)
|
|
smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack based variables. Doh !
smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO on directory handles.
Jeremy.
(This used to be commit 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80)
|
|
(This used to be commit 500e5536bee8ea8e58d5991bfab2cff923068926)
|
|
(This used to be commit bd2fc6bb85739cb8e7ed2254e2a553486daed054)
|
|
over-run buffers
(This used to be commit 06cc6eaa50fa4b673d527e91740f9d2d2b16d367)
|
|
(This used to be commit 29434f496c18e816d864060d68f357aea6ef5de8)
|
|
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
|
|
(This used to be commit 8a7ac4a25d177235a98c0f84f97ee50432fb6359)
|
|
(This used to be commit 3a00023efedb34684bd45bd8a562f07a9880f1ad)
|
|
automatically removed because they were "unused", would be appreciated.
(This used to be commit d0f7b0d915973ccb85409af3d6d951a716cd66d2)
|
|
DOM_GID static-size array, because it's malloc'd now.
(This used to be commit 7776002218232c3ea0140d91c6033b7f9c6d3050)
|
|
failing. running these two programs on a samba pdc now work.
parse_samr.c:
- removed __LINE__ from debug macros.
- removed call to SMB_ASSERT_ARRAY() in samr_r_query_usergroups. the
DOM_GID array is a malloc'd array (by make_dom_gids) not a static
array.
srv_samr.c:
- replaced all "struct smb_passwd"s with sam_passwds instead. there
were uid to rid confusion issues (assumptions that uids were equal
to rids).
- #if 0'd the pdb_rid_is_user() call which, given the above corrections,
would probably work now.
srv_util.c:
- replaced "struct smb_passwd" with sam_passwd in lookup_user_rid, as
assumptions were being made that uids were equal to rids.
(This used to be commit 3f98697cd5203fba07518d7c777ba19644e35b45)
|
|
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
|
|
have an ASSERT macro defined.
Jeremy.
(This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
|
|
in the rpc code.
(This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)
|
|
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
|
|
server.c: Moved generate_machine_sid() into passdb.c for Jean-Francois
(who might want an LDAP version). Changed locking to free exclusive
lock as soon as possible to prevent contention.
lib/rpc/parse/parse_samr.c
lib/rpc/server/srv_samr.c: Changed last SID-as-string manipulation
function to use DOM_SID structure.
Jeremy.
(This used to be commit 3b8f5aef57b4f37265c0403385053085f0df6f18)
|
|
ipc.c: Caused samba password changing not to be done if UNIX password
changing requested and not successful.
util.c: Added string_to_sid() and sid_to_string() functions.
lib/rpc/client/cli_samr.c:
lib/rpc/include/rpc_misc.h:
lib/rpc/parse/parse_lsa.c:
lib/rpc/parse/parse_misc.c:
lib/rpc/parse/parse_net.c:
lib/rpc/parse/parse_samr.c:
lib/rpc/server/srv_lsa.c:
lib/rpc/server/srv_lsa_hnd.c:
lib/rpc/server/srv_netlog.c:
lib/rpc/server/srv_samr.c:
lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs
around as char *, they are converted to DOM_SID at the earliest
opportunity, and passed around as that. Also added dynamic memory
allocation of group sids. Preparing to auto-generate machine sid.
Jeremy.
(This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
|
|
(This used to be commit 6074d09dbf7c9ae03a56773e6ff0a52a60cc75da)
|
|
(This used to be commit da11063cbd23c376c4e1afaad647adcb989934eb)
|
|
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|