Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
to NLTEST /BDC_QUERY:DOMAIN when acting as a BDC.
Reverse engineered a couple of status constants.
(This used to be commit 0678c302825afef521ae2b80958a1d7c5aa76d23)
|
|
Jeremy.
(This used to be commit 6248fb22926d72fddaecad5af117af1bdd08fda3)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs.
Jeremy.
(This used to be commit 2b1f66eb82f05fe0b85ac5b4916e32847b8de675)
|
|
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
|
|
this stuff doesn't need to be done as root anyway.
(This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
|
|
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
Removed dependency on extern current_user and fetch the vuid from the
pipes_struct.
(This used to be commit 1b06451fff11f54be7def4a427a1528bbb52f3d7)
|
|
and if you have unix realname=yes, you get the gecos name when locking the
station.
J.F.
(This used to be commit b5ad24ae0b15643df5832e2369fb4e43c98a1359)
|
|
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
|
|
- got rid of guest map code in lpq parser
(This used to be commit 8e53f781d3cf6a7007764916a0d8e8f1abea1f66)
|
|
userdom_struct. As the name implies this also contains a domain
(unused at the moment).
This will be important shortly, as operation in appliance mode needs
the domain to be always carried with the username.
(This used to be commit ee8546342d5be90e730372b985710d764564b124)
|
|
assumption that we have one socket everywhere
while doing so I discovered a few bugs!
1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary
2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.
3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
|
|
Jeremy.
(This used to be commit 6c442d68afae4140e28b770343a900b5ce510b4a)
|
|
functions that need to access the vuid, it can be obtained from the
current_user global.
Did some whitespace cleanup.
(This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
|
|
include/byteorder.h: Added alignment macros.
include/nameserv.h: Added defines for msg_type field options - from rfc1002.
lib/time.c: Typo fix.
lib/util_unistr.c: Updates from UNICODE branch.
printing/nt_printing.c: bzero -> memset.
smbd/connection.c: Added check for UT_SYSLEN for utmp code.
Other fixes : Rollback of unapproved commit from Luke.
Please *ask* next time before doing large changes to HEAD.
Jeremy.
(This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
|
|
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface
code that jeremy has been working up to TNG-functionality.
i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE,
because it is intolerable that potentially good modifications be made
to code that is going to be thrown away, and people waste their time
fixing bugs and adding enhancements that have already been carried
out already, up to two years ago in the TNG branch.
/*
* THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY,
* INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE
* UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH.
*
* PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY.
*
* REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT
* FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT
* FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH
*
* YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT
* YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG.
* IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG
* AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO
* ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT
* MAY BE LOST.
*
* PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST.
*
* THANK YOU.
*
* lkcl@samba.org
*/
(This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
|
|
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
(This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
|
|
these _may_ not actually ever get used, as trust relationships
really need to be established with shared secrets, and you need
to get the SID of the trusted and trusting domains, so this
may have to go in a private/xxx.mac file.
(This used to be commit 71f12138679251a9ebcada35969d9baea286a3e9)
|
|
happier in joining a Samba domain.
(This used to be commit 70274b5253182f3541584ecd844f07376a3d3df9)
|
|
(This used to be commit 3adc31083b5308e983e057c7b942242209d74f59)
|
|
which i didn't know about!
(This used to be commit 30620b93e5c476ba7bf09c459ab4b7bea3f67642)
|
|
(This used to be commit e6d43ddb1bdb249f93dca65180964a61d281935b)
|
|
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
|
|
to alignment, missing fields, etc. - it should now work correctly.
There is still the problem of decoding the private data field.
(This used to be commit c3c25e762fbc30d5663323f23449c913f2ce4b0e)
|
|
and of rpcclient eventlog funtion
Jean Francois
(This used to be commit 7fc8659e83bf0269df297016beac6793ff0bdf32)
|
|
* Added SEC_CHAN_BDC
* Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A
BUFFER2 is really a "unibuf" in my terminology and we should treat it as
such.
* Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4).
* Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication.
Still experimental and incomplete, with a few too many NULL security
descriptors lying around (must go look at Jeremy's SD code). Haven't
worked out password encryption yet either.
However, the XXX_INFO structures I've added to rpc_netlogon.h are quite
nice as they give some insight into how these objects are stored in the
SAM.
(This used to be commit 74d6dec25d6b44e26d3895f789f1958d5f4639ee)
|
|
(This used to be commit 2f02a083b2f766d2f3d3f410377da7f552739345)
|
|
(This used to be commit d8946f1cc7b77b06f346344ffdb4772e6d225396)
|
|
Also some string length and sizeof(pointer) corrections.
(This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
|
|
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
(This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
|
|
pwdb_sam_map_names() was using a "blank" static string instead of
a NULL pointer for nt names. NULL means over-ride, so the nt name
got left as "blank".
this causes nt clients to terminate with extreme prejudice.
(This used to be commit ddd350198202d6a1d2c715b3dce7db3a5d76a63a)
|
|
around anyway.
The real problem is, once again, the brokenness of pwdb_sam_map_names et al.
This time it is deciding to return blank NT usernames, which NT's redirector
objects to.
I'm currently working on improving the pwdb/mapping code, should be ready in a
couple of weeks.
(This used to be commit 30a085bf80982c619cd78aee9ad410ece5f88679)
|
|
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
(This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
|
|
(This used to be commit 90a24664318da97a6e8cfe4622a8573c0e3cbe5e)
|
|
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
|
|
changes from yesterday by me, jeremy and andrew.
jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user
didn't exist (first check should be for smb_pass != NULL)
(This used to be commit cbac0f165d351ba9497c222e55e453d781376e58)
|
|
script/makeyodldocs.sh: Added code to make text docs for non-man page YODL docs.
web/cgi.c web/swat.c: SGI compiler warnings fixed.
Jeremy.
(This used to be commit 80e0f7e1071f032c5004aecb01a91d1397e6a161)
|
|
this is 0x4000 01ff on NT4 SP4, and 0x0000 01ff on pre-NT4 SP4.
(This used to be commit 59cf9c00d91f9706d58c3d3000842eccb9d272fc)
|
|
for sid S-1-5-20 and does (nothing at the moment) if you query for
your own sid.
(This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
|
|
(This used to be commit f69cf05ff56dffb313304964d5bf5e5aee2f40a7)
|
|
uid_t, gid_t and vuid. Added sys_getgroups() to get
around the int * return problem. Set correct datatypes
for all uid, gid and vuid variables.
Jeremy.
(This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
|
|
nmbd_namelistdb.c: Added comment for Chris.
nmbd_subnetdb.c: Went back to Chris's comparison code as with the make_nmb_name
change it all works now.
lib/rpc/server/srv_netlog.c: Ensure we return 'account disabled' for disabled
accounts, rather than crashing.
Jeremy.
(This used to be commit 4ab3d1682789319965a55edb37212b7671a743bb)
|