| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
clash with gnu readline library.
fixed issue with [homes] service not being there - call lp_add_home()
just before starting the msrpc processing.
(This used to be commit 054195df9b6187c663ede5cf4489499abbdc29fc)
|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)
|
|
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
|
|
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
(This used to be commit 2245b0c6d13c7c5886e81f9137b05df883598c26)
|
|
get_any_dc_name().
(This used to be commit e21367c0ebdc5e202cdc39d50950bff089bf67f8)
|
|
this is horrible.
(This used to be commit 9df973fe711f322075d86d6792d6c0b8539c1d00)
|
|
the heck is a cli_session_setup() call doing in here??? this should use
cli_establish_connection()server!
(This used to be commit fa054c96c62ed0f0a0c6649a7ad7a143fe09694b)
|
|
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
|
|
parameters to connect to \PIPE\NETLOGON.
(This used to be commit d1986ade30bdcac1f49707221a3e5a5ae597ce62)
|
|
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
(This used to be commit c26e8a6ac59934ae580077df937439c2c538dbdb)
|
|
attempted to fix regsetsec command
(This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741)
|
|
(This used to be commit 1092b4f6fbdf3770c0dab756b982a562def1738e)
|
|
_use_ user session key.
(This used to be commit be6a6b13939798a9c7242b38864f0ce842391a74)
|
|
(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
|
|
NT refuses to play nice, and establish a trust relationship.
(This used to be commit 98c42764fba365d612a8ae4b3172b03367066112)
|
|
smbpasswd so it can be used to set up inter-domain trust account.
(This used to be commit 99ec0620c3bf4af96440c684f880d414659de2e9)
|
|
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
(This used to be commit 97ec74e1fa99d773812d2df402251fafb76b181c)
|
|
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
(This used to be commit 8e406c1fa296c3f97b1cd7ddde7b5aeb9232b26e)
|
|
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
(This used to be commit a8801942f72b2394a54e4a46546029fac70efeed)
|
|
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
(This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
|
|
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no).
(This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
|
|
error wrong password against nt. ????
(This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
|
|
removed all comparisons to if (fn() == False), replaced with if (!fn()).
(This used to be commit fdef97eb7c20a33b26104661cd010baebcb4bdcd)
|
|
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs. cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
(This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
|
|
to use ulong use uint32 instead.
(This used to be commit 16dd94db1fd2ed8ed7d240c5aac5a481b64cd26d)
|
|
don't coredump when adding forms,
and a small non obvious memory leak in the rpc buffers
J.F.
(This used to be commit bee11f8889378b9f1cc6e2818fd0f8dd7ddcf10d)
|
|
(This used to be commit 25025f450531c66c0fd9f7eed886cb288d76d025)
|
|
(This used to be commit a8d4560e0064a67a234eae89a564b79d2426d9a9)
|
|
- cleanup
- #defined report to sprintf as it's #defined to another function in
other uses of cmd_lsarpc.c
(This used to be commit 8fb2ff247a2fe0ec5ce0c232d8a3da9774f7e6ae)
|
|
(This used to be commit 4e5eac18d0d9325c8e524fb53b4e049f0893fae7)
|
|
nt 5 does. cool!
(This used to be commit 727e1421b2c0f8c72c428776593498103304082b)
|
|
(This used to be commit b8ac96cd9c8efaf0e07651657f878a2dea127290)
|
|
(This used to be commit 41cb8b0ba071ef73bf00130ec863b592c16d359a)
|
|
(This used to be commit 19242cd44e059d90e91f1c27bfb45899ce5de26a)
|
|
(This used to be commit 8cde172a77a1582c0af2e685097c53ba5f302a4e)
|
|
was modified.
(This used to be commit 50f7bd8a9c47d073bbde66ae26e9f71f030afc4c)
|
|
added check to ensure response is more than 24 chars before bothering
to do an NTLMv2 check.
(This used to be commit 7a58895ff26fcad09ee45de99086739bf5761fd9)
|
|
found by Bertl <bs@vpnet.at>.
(This used to be commit 93298bca1c573532c5250c84bac39cf9214ba3b5)
|
|
placed in data stream before username / domain, whereas NT doesn't do
this...
(This used to be commit 44e6d4c1b0b6ae54e76e96471b40bb784c8b3c8c)
|
|
the vfs tables. at the moment, i replaced all calls to unix_convert()
with unix_dfs_convert().
this does the job, but it's not very nice.
(This used to be commit 00d4aebce9f268a737ef9df9bdbe59f8fe831979)
|
|
(This used to be commit d9ada8b55d539e555d25298e0a308ea952e2807e)
|
|
(This used to be commit ec918ba144e7c1bd1689007143ca2b8bee604768)
|
|
(This used to be commit 4bdff2748956a61f12a92e19a9af98c7b9668e8f)
|
|
the correct length.
(This used to be commit 5d1fad53c2bdfef63930e0b9d5cc460c9740066e)
|
|
(This used to be commit e6116c40d4d0473a7412e82791afd9f44e4905a4)
|
|
random. values seen can be as high as 18255. this fails the check
of <= 24 which sets NT password length to 0, effectively ignoring it.
the <= 24 was removed in reply_sesssetup_X.
(This used to be commit 98d43b20dc4df72ddbfaeb34581222adc53d15dd)
|
|
Nigel Williams. despite the data format being *exactly* the same as
NT's, this still doesn't work yet. more work needed.
(This used to be commit 270981960bb5aab52d2f8e494827101ece6729c4)
|
|
(This used to be commit 6b4b24d2208b1b076dfc2f7202917ca0acaeb398)
|
