| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
LsaLookupNames being incorrect. this is a bit wierd: why would the
lsass.exe on the nt _client_ crash due to an LsaLookupNames response
from a samba _server_?
(This used to be commit a15a3f95f2a14ab164ca758e2145444a803190b2)
|
|
(This used to be commit 0b2095e092d747f741e78a3349f0b81a72811629)
|
|
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
|
|
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
(This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
|
|
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
|
|
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|
|
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
|
|
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4.
(This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
|
|
well-known aliases S-1-5-20 is actually S-1-5-0x20 but sid_to_string does
decimal not hexadecimal oops.
(This used to be commit 4d830e243650729344a2d1b238075e787802ff8b)
|
|
for sid S-1-5-20 and does (nothing at the moment) if you query for
your own sid.
(This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
|
|
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
|
|
code. added "quality of service" capability to lsa_open_policy code.
different lsa_open_policy queries are *not* dealt with in the server code.
answers like "0xC000 0022" - access denied - will have to be made to
lsa_lookup_sids calls when a "quality of service" request is *not* specified
in the lsa_open_policy call.
(This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
|
|
uid_t, gid_t and vuid. Added sys_getgroups() to get
around the int * return problem. Set correct datatypes
for all uid, gid and vuid variables.
Jeremy.
(This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
|
|
arrays. This prevents (harmless) warnings from some compilers
(This used to be commit c2da46d1d0820a86e7f77506563cfe7f67b08fee)
|
|
have an ASSERT macro defined.
Jeremy.
(This used to be commit dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)
|
|
in the rpc code.
(This used to be commit e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)
|
|
Luke, you need to do something similar in the rest of the rpc code.
Have fun!
(This used to be commit bdd8aaa544780898e20189195d4019b9beb4445c)
|
|
username case conversion wrapper. It is now (very) explicit where we are
mapping between an incoming Windows username, and when we are doing a
UNIX password entry lookup, which may change the case of the given
username.
This makes things *much* clearer (IMHO:-) and will ease the adding of
the 'groupname map' parameter, and the addition of the special 'jeremy'
mode for Samba where unix users will not be needed. (We must think of
a better name for it :-).
Jeremy.
(This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
|
|
(This used to be commit eb157d6da4719b415a1f5202364aa77f2596bc03)
|
|
- split smbpass.c "password file lock" routines into smbpassfile.c: moved
trust account routines into smbpassfile.c as well
(This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
|
|
not present in smb.conf).
Jeremy.
(This used to be commit e7c1100390b714bf2f489a9032156b0c9272e403)
|
|
ipc.c: Caused samba password changing not to be done if UNIX password
changing requested and not successful.
util.c: Added string_to_sid() and sid_to_string() functions.
lib/rpc/client/cli_samr.c:
lib/rpc/include/rpc_misc.h:
lib/rpc/parse/parse_lsa.c:
lib/rpc/parse/parse_misc.c:
lib/rpc/parse/parse_net.c:
lib/rpc/parse/parse_samr.c:
lib/rpc/server/srv_lsa.c:
lib/rpc/server/srv_lsa_hnd.c:
lib/rpc/server/srv_netlog.c:
lib/rpc/server/srv_samr.c:
lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs
around as char *, they are converted to DOM_SID at the earliest
opportunity, and passed around as that. Also added dynamic memory
allocation of group sids. Preparing to auto-generate machine sid.
Jeremy.
(This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|
