Age | Commit message (Collapse) | Author | Files | Lines |
|
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
|
|
(This used to be commit c60aa6c06f376684b6d6d9a2c14305ca9f4657ef)
|
|
(This used to be commit 5f625f2877fc5132be3030fc6ea9df4d59ecff05)
|
|
We now get the full account policy window in usermanager, and the
framework to store all those values. I plan to add a TDB file to store
them.
oh, and found that the last value in a sam_unknown_info_12_inf struct is
an uint16 and not a uint32.
andrewb: you hardcoded the MAX_PASSWORD_AGE to 21 days. We can now turn it
to a value setable in usermanager.
J.F.
(This used to be commit 99471d25693f6672d433b90a060378f6faad867f)
|
|
(This used to be commit 3f1cfb62e85343a45817651f111f01051fc66b18)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
|
J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
|
|
(This used to be commit 90ed3d47e16a511161532f75b98db3f4b10ba685)
|
|
(This used to be commit 96b3a65a73d403a41bf1b3aba79bd743698344ac)
|
|
discovered that our reply is short by 4 bytes since day 1 of this code.
Added a decode function to rpcclient too.
splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).
J.F.
(This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
|
|
Jeremy.
(This used to be commit 9148bb9eaa67de60c3b0b4709a9c05a840c20c66)
|
|
Jeremy.
(This used to be commit 9c8439f25b90d80adcd7161bfed3664af6256940)
|
|
Jeremy.
(This used to be commit be7323163bec9367e7457d7b6a4792fd00aa8ef5)
|
|
(This used to be commit 5c892badbcad43b8a2e002d1a42483c402f2d3e9)
|
|
not ascii.
(This used to be commit be5d32eb9c58bb1911299d095efcf230d50ed590)
|
|
GetPrinterDataEx() and SetPrinterDataEx(). Not sure what the command
number is for the latter is - I haven't seen it on the wire yet.
(This used to be commit 87614c74b3d66cf2ca706b33e6cf0a32b4166e7a)
|
|
Andrew, this fixes domain logons in head. Please look at the change,
as I think you may have misunderstood the max_str_len field (which is
badly named)
(This used to be commit fd3a657b440a61c0c146947bb62d2b83c1689b87)
|
|
Zero out some of the plaintext passwords for paranoia
Fix up some of the other passdb backends with the change to *uid_t rather than
uid_t.
Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.
Use sizeof() rather than magic numbers, it makes things easier to read.
Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.
Andrew Bartlett
(This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
of the lm challenge/response header in the NET_ID_INFO_2 structure included
in a network logon request. It seems Windows 2000 is the only OS that
cares about this.
(This used to be commit 0f6207f45567a8af0a125a838a5ed68ea6c22283)
|
|
(This used to be commit b496936634a4b676aa2df973e64c91aa0da5d7d5)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
other access. Problem was max time was being set to 0xffffffff, instead of
0x7fffffff.
Jeremy.
(This used to be commit 94403d841710391ec26539e4b4157439d5778ff7)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
Andrew Bartlett
(This used to be commit d1bc778301b31d77fdc3837ec3cff24ce37adcd7)
|
|
(This used to be commit 94b0fde8a8a4e888cee93ebde79390c7942a2785)
|
|
(This used to be commit 3245714243d15160b9e0e27c413fef65ea91f455)
|
|
is actually the user session key).
(This used to be commit 0f041597f8afa378fc3177264f1e52e014e6cf00)
|
|
by default in Samba 3.x
- got rid of some unused parameters in Makefile.in
- declare DEBUGLEVEL in debug.h rather than in each file
(This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
|
|
the build farm
(This used to be commit 5bb7e4f0f65edf1db20245f403cbe81833134240)
|
|
- put in checks for return values in rpc parsing routines
- replace a bunch of stupid &(foo->bar) with &foo->bar
- fixed bug in net_io_sam_alias_mem_info where there are zero members in
the alias
(This used to be commit eecdba2b015ed48d7dd88daea2af466f28cd2ff7)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
of const.
(This used to be commit af53e774d754d72b01d9840e8b45d27bc394e33d)
|
|
Reverse-engineered the sam replication protocol from staring at hex dumps
for a while. It's pretty similar to the sam sync protocol with a couple of
different delta header types.
I wasn't able to figure out the format of the privilege stuff - needs more
time and a whiteboard. (-:
The impressive bit is that the sam sync stuff from tng basically just
worked thanks mainly to Luke Leighton's efforts in this area.
(This used to be commit 3a60cb44f22d5f3f8c78a56ed8f5ea4794cd7ab3)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
Jeremy
(This used to be commit 0f5b187387fb536a6866d9109eff82411798f79e)
|
|
(This used to be commit fe4ffa8dda165b0d1197f022f59db0a284cbef79)
|
|
many possible mem leaks, and segfaults fixed.
someone should port this fix to 2.2 also.
(This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
|
|
Jeremy.
(This used to be commit a3781ad38ff6c70238e7e9b83324477e5c9780d5)
|
|
- ported two rpc back from TNG (WINREG: shutdown and abort shutdown)
- some optimizations and changed some DEBUG statement in loadparm.c
- changed rpcclient a bit moved from non reentrant next_token_nr to next_token
- in cmd_reg.c not sure if getopt will work ok on all platforms only setting optind=0
(This used to be commit fd54412ce9c3504a547e232602d6129e08dd9d4d)
|
|
matt_zinkevicius@hp.com
(This used to be commit ce22267ec840aaa3cc8f9b88a62b45c723a06b01)
|
|
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
|
|
(This used to be commit c9cbe3237e01983a5063e5680ad71c7579009f28)
|
|
Jeremy.
(This used to be commit c51cfc7f0d3ad1614ca1e0330c8707f7b263b8e6)
|
|
According to the incorruptible judges find and grep, the latter won.
Mmm - procrastination. (-:
(This used to be commit 2e339403605177b15d5185a8fdd1b06f3f043168)
|
|
coding :-). I'll be more carfull in this area in future.
This does not back out the cli_login change, so domain logons still work, but
only for english.
Andrew Bartlett
(This used to be commit bd3c2a0cddc71daa4165e1a0916208d0c650d55a)
|
|
changeover. For my own sainity I have created a new function to fill out both
the header and buffer for a string in an RPC struct. This DOES NOT take a
length argument, only the actual string to be placed.
The RPC code is currently littered with code that does init_uni_hdr() followed
immidiatly by init_unistr2(), and often the length argument is wrong. (It was
for the code I changed, even before the charset stuff). Another bug where we
made strings AT LEAST MAX_UNICODE_LEN long hid this bug.
This works for loopback connections to Samba, and can't be any more broke than
it was before :-). (We had double and revese conversions, fun...).
In particular this makes us multibyte complient.
In any case, if there are no objections I will slowly convert other bits of
code to the same system.
(This used to be commit cf1d1cd9d6362f6e32ed9c2f6d2f6f25c47705ad)
|