Age | Commit message (Collapse) | Author | Files | Lines |
|
srv_samr.c: Fix for pw caching.
smbd/nttrans.c: Fix to allow trans create to set ACL on open.
Jeremy.
(This used to be commit c4f810a7588a2faf41f4222dc77678c53ab1dec0)
|
|
(This used to be commit 793153ebde08db217a18882c5eec945b7b14de69)
|
|
smbd/reply.c:
Added fix needed for appliances. When using winbindd - a new user may
exist (from winbind) but have no home directory. Extend add user script
so it is called with a %H substitution when a user exists but their home
directory does not. Thanks to Alex Win at VA Linux for finding this one
and testing the fix.
libsmb/clidgram.c: Fixed missing return statements.
smbd/uid.c: Fixed typo in debug.
Jeremy.
(This used to be commit 7ba0a2192b89954604dd793c537b4a17c2d1ac07)
|
|
source/include/proto.h
source/param/loadparm.c
source/passdb/passdb.c
source/rpc_server/srv_samr.c
- add support for "hide local users" option to HEAD.
(This used to be commit 44dc339fe757b2b5578b30e74aad8c1b12c23f5f)
|
|
on read.
Jeremy.
(This used to be commit 76b8dd376d13eb4469417be217c966d54d333367)
|
|
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
(This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
the trust domain list reply on netlogon pipe was wrong, interim hack until
we have full trust relationships.
changed some unistr2 to parse the ending NULL char.
added a prs_align_needed() function. much like a prs_align but with a
condition. needed for the unistr2 parsing.
J.F.
(This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
|
|
.cvsignore remove config.h - not in this directory
include/profile.h profile changes
lib/messages.c added message to return debug level
libsmb/clierror.c cast to get rid of compiler warning
libsmb/smbencrypt.c cast to get rid of compiler warning
profile/profile.c add flush profile stats changes for profile struct
rpc_parse/parse_samr.c fix for compiler warning
rpc_server/srv_samr.c cast to get rid of compiler warning
smbd/ipc.c profile stats
message.c profile stats
smbd/negprot.c profile stats
smbd/nttrans.c profile stats
smbd/trans2.c profile stats
utils/smbcontrol.c new flush stats command
(This used to be commit bbb24daa25dca4e4b6b1f8942cd84ee3aa1bed8e)
|
|
a sam_user_info_24 doesn't have a uint16 at end
samr_create_user also creates the unix account now
samr_set_userinfo changes the password.
J.F.
(This used to be commit 94f4024481fcd0cb6647af1bd4364033be020641)
|
|
J.F.
(This used to be commit 044246fe7e40d83673120dc14b5d6572e6c23142)
|
|
J.F.
(This used to be commit c49cc884458d6efa0f7f4b1e40f7d98d84836e77)
|
|
cleanup of create_user
cleanup of rid/sid mix in samr. now we only have sid.
some prs_align() missing in parse_samr.c
a small debug change in srv_pipe.c
You still can't change a user's password in this commit.
Will be availble in the next one.
J.F.
(This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
|
|
Jeremy.
(This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
|
|
was not correct.
Jeremy.
(This used to be commit 1a3f7ecde2ca031b2f93a079f75822354fe241a0)
|
|
And we create the disabled account. That means we can create user and
trust accounts remotely !
ifdef out a return in passdb/smbpass.c. I think I didn't break any
security. Jeremy could you check if I didn't make any mistakes ???
J.F.
(This used to be commit 416be1b64f366c8b859f25856fce2467ec0446d9)
|
|
so renamed and tidy up of the server function.
J.F.
(This used to be commit 0f707ac1fb5685b800d6599b9074ec1d4e65b1c1)
|
|
check these in before.
jerry
(This used to be commit e682d6a599934e5460abe0d30cb2465fa80c7937)
|
|
jerry
(This used to be commit a606131508592d72f3fd8a0dd63073e9c559062f)
|
|
(This used to be commit 20a7fefee8c85f02f6a0e2a02c0df04a8b22b7cb)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
|
|
and samr_enum_dom_aliases commands. Unfortunately the algorithm for
determining winbind groups from normal groups is simply to check for the
presence of the lp_winbind_separator() character. )-:
(This used to be commit 363a9c45bf0a7d3266ccdf4eeb0b9f5e3d38389f)
|
|
this stuff doesn't need to be done as root anyway.
(This used to be commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)
|
|
(This used to be commit 66372765e7c3f85240d54894547a150351426d5f)
|
|
through to the individual pipe api calls. Instead of passing two
prs_struct pointers, we now pass the pipes_struct pointer which contains
the former information as well as other useful stuff like the vuid.
(This used to be commit 96addba216bad2189120d78f5531d5caa6f37880)
|
|
Added patches for random -> sys_random.
Added set_effective_xxx patches for AFS code.
Memory allocation changes in spoolss code.
Jeremy.
(This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d)
|
|
- what a concept :-). All this code will be replaced with TNG stuff anyway,
so not a big deal....
Jeremy.
(This used to be commit b090cff4b5fcdef01fc553e6359627bb2285d68e)
|
|
(This used to be commit eefb36f130f79f2f2c6cfb58c1646aa6ce4303be)
|
|
head/tng merge.
It goes something like this:
- headers from tng get copied over one at a time
- the old headers get renamed to *_old.h
- server side code that used the old headers gets a
#define OLD_NTDOMAIN 1
#undef OLD_NTDOMAIN
at the start and end of the code
- mkproto.awk recognises these special defines and does magic stuff so
that each .c file sees the right headers
- we start moving the rpc client libraries from tng to head.
if this goes OK then, in theory, we should be able to move the client
side rpc code from tng to head without disturbing the existing head
server side code. Then when that works we can consider merging the
server side.
it remains to be seen if this scheme will work. So far I've moved
rpc_samr.h and don't seem to have broken anything.
Note this this is still a very delicate operation, as at every step of
the way I want to keep head fully functional. Please don't take part
unless you discuss it with me first.
(This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
|
|
(This used to be commit 92f85cef8b4c283374edb726ff0b4999a2000b2a)
|
|
functions that need to access the vuid, it can be obtained from the
current_user global.
Did some whitespace cleanup.
(This used to be commit 738b307bd7053ede369431da7b1349befaa523d9)
|
|
include/byteorder.h: Added alignment macros.
include/nameserv.h: Added defines for msg_type field options - from rfc1002.
lib/time.c: Typo fix.
lib/util_unistr.c: Updates from UNICODE branch.
printing/nt_printing.c: bzero -> memset.
smbd/connection.c: Added check for UT_SYSLEN for utmp code.
Other fixes : Rollback of unapproved commit from Luke.
Please *ask* next time before doing large changes to HEAD.
Jeremy.
(This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
|
|
as NT aliases. no allowance is made for possible clashes with some
unix groups that may be mapped to NT groups, not NT aliases.
it is not the place of this code to make decisions about which unix
groups should be mapped to NT aliases or NT groups, or in fact whether
unix groups exist at all (e.g "appliance" mode).
please could the person who wrote this code contact me and i will outline
the architecture and design issues that you need to be aware of when
working in this area: i need your skills and ability -- applied in the
right places.
thank you.
(This used to be commit 67d9b3733f7f3ffab0ff6e78de7638fb469195e6)
|
|
get_passwd_entries(). get_sampwd_entries() calls the generic
SAM pwdb API, whereas get_passwd_entries() calls the Unix database
explicitly.
this will result in LDAP, MYSQL, NISPLUS and any other future modules
(e.g "appliance" mode SAM database) failing to operate correctly.
i know what problem was attempted to be fixed, here, but this is
not the right place to attempt to fix it.
(This used to be commit 04fa6a02739671fa02b531ae47e5d24c54753331)
|
|
the spoolss code (it's cut from TNG) and the smb-dce/rpc interface
code that jeremy has been working up to TNG-functionality.
i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE,
because it is intolerable that potentially good modifications be made
to code that is going to be thrown away, and people waste their time
fixing bugs and adding enhancements that have already been carried
out already, up to two years ago in the TNG branch.
/*
* THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY,
* INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE
* UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH.
*
* PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY.
*
* REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT
* FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT
* FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH
*
* YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT
* YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG.
* IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG
* AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO
* ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT
* MAY BE LOST.
*
* PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST.
*
* THANK YOU.
*
* lkcl@samba.org
*/
(This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
|
|
and backended with a tdb database so the list can be shared between
multiple smbds. ToDO.
Jermey.
(This used to be commit 171222ce22595743a052e5c3d4428ce916d7c345)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
attempted to fix regsetsec command
(This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
|
|
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.
(This used to be commit a51f62f4cf610c23e45251cedb543144747a3e54)
|
|
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
(This used to be commit 172601b84ae94044b27ded917d4e0e21e47a5a66)
|
|
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
(This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
|
|
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae272c496fc4519141accf01ee9f1e49e)
|
|
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
(This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
|
|
(This used to be commit 60b0840106a6f5c283a8339428f3cfeb62398355)
|
|
(This used to be commit edb49e754b66ecb59685234338a96d48a53f0161)
|
|
(This used to be commit 497d4231723576390b10f5ea8704bd0af88d76ab)
|
|
implementation (NT5) when you discover that your code is trash.
samr_enum_dom_users(), samr_enum_dom_aliases() and samr_enum_dom_groups()
all take a HANDLE for multiple-call enumeration purposes.
(This used to be commit 19490d8b4fb8a103f3df4e6104f6f22937b0c518)
|
|
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)
|