| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
(This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26)
|
|
(This used to be commit 4c98d71ebd3f1cdaef664d46c998c864af34632a)
|
|
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
(This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
|
|
this_pdu_data_pos = data_pos - p->prev_pdu_file_offset;
is correct for first two PDU's only, after that it results in extra
garbage after each fragment and hence "Protocol Error" messages from
NT4 SP4. Changed to:
this_pdu_data_pos = (pdu_data_sent == 0) ? 0 : (pdu_data_sent - 0x18);
(This used to be commit b9e8a3ef3a25a81c4bb125bdd4f4d8334a578c85)
|
|
prev_pdu_file_offset was not being re-initialised to zero.
(This used to be commit fcaa1214412f5a417a648d4da5c4332f75f59f57)
|
|
right place (forgot to subtract 0x18 header bytes)
(This used to be commit 5b9a7278da4a25ea217f914c8daae31238fa5cfe)
|
|
(This used to be commit f082f07e764c04b75b6880f852b80faec86f1b1c)
|
|
smb.tgz file from my portable.
particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.
smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data. rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length. this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
|
|
(This used to be commit 29434f496c18e816d864060d68f357aea6ef5de8)
|
|
(This used to be commit 16256f86bf451535c7955b8f51a9b88fc33a8e4d)
|
|
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
|
|
(This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a)
|
|
(This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971)
|
|
(This used to be commit 34afa638f6f7bb145ec094510ac58f7a22dfc3aa)
|
|
Sets up the files array correctly - limited by the smb.conf parameter
and by the max fd's per process as found by getrlimit().
Jeremy.
(This used to be commit eca24bd24352c688cdf48c1ef14adb8ac353468f)
|
|
uid_t, gid_t and vuid. Added sys_getgroups() to get
around the int * return problem. Set correct datatypes
for all uid, gid and vuid variables.
Jeremy.
(This used to be commit e570db46fc3a78e499523fd342e9a34cebb18998)
|
|
winreg was missing from the list of pipes. advise using the array
already defined in... rpc_parse/parse_rpc.c's pipe_names[], but
writing code to strip "\PIPE\" from the front when making the
check.
one location to update when adding new pipes, not two.
srv_pipe_hnd.c:
moved the ZERO_STRUCT(p) macro to _before_ the DLIST_ADD(Pipes, p) macro.
dlinklist.h:
added { }s around the code inserted by DLIST_ADD and DLIST_REMOVE macros
(This used to be commit 29201d4b9b52652c7a992d0f6b677a09b4c33912)
|
|
(This used to be commit 7b154dc4313324dfad6cf0117b8ce246bf12bf16)
|
|
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
|
|
very large. files.c now promotes a files_struct to the top of the list
if it is used when it is more than 10 elements from the top.
also moved common linked list code for the 5 sets of linked lists that
I've created over the past few days into dlinklist.h (I've explained
to Chris why I didn't use the ubiqx code)
(This used to be commit 1eb9ae2996b5a243a147f485e7e353d54f820852)
|
|
the chain pointer is now stored as a static and is set whenever a
handle is created or extracted. This also makes the code less error
prone.
(This used to be commit 068a862982bea726e8d7b1b4065d510b9840a272)
|
|
removed most cases where a pnum is used and substituted a pipes_struct*.
in files.c I added a offset of 0x1000 to all file handles on the
wire. This makes it much less likely that bad parsing will give us the
wrong field.
(This used to be commit 8bc2627ff28d340db65bfa017daca2dc291d5ef7)
|
|
in files.c
it should now be faily easy to expand the default MAX_OPEN_FILES to
many thousands.
(This used to be commit b088c804f98908eb02f05ab2f2e8a61691a0a582)
|
|
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
|
|
(This used to be commit 81bf26309248b63cc7e167170a8b384c11126ded)
|
|
turns out that [it can be deduced that] microsoft ignores the SMBreadX
offset, and goes by the SMBreadX length only. this makes for a lot simpler
code, in both client and server.
(This used to be commit a8b641c027c8cce179455ac1f6fd0322a8ab017d)
|
|
(This used to be commit 2e1a08b28c1c0c9ea988a09067cd149926f25c69)
|
|
ipc.c: Added Luke's debug statement.
locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that
need it (not sure what these are yet).
membuffer.c ntdomain.h proto.h
lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h
lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c
lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c:
Re-merge of Luke's NTDOM changes 'cos he's a lazy git with
carpel tunnel syndrome :-).
Jeremy.
(This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|
