| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 8a85d7abed317fd06e3e0026d4b9e088311eede4)
|
|
cnums and snums.
(This used to be commit 657f46edfbea852309505f5e3065506127eda6a2)
|
|
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions. thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
|
|
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
|
|
(This used to be commit 783d4b3477fa9e363aa1f7524bd060019648ab0d)
|
|
sure it is a samba process that is running.
(This used to be commit f7ad78e369ebf2f4d31e8259e3e1fdd4c087b037)
|
|
this....
Jeremy.
(This used to be commit 5287f3d19b7d8e76970f1ce1abfd95b7341434e5)
|
|
(This used to be commit bf15343def5b95ce4387ac4357674aff31431194)
|
|
needed a flags fields as you get 0x0000 0010 and 0x0000 001f unknown
values for different purposes, no-one's going to tell us what they
are and i don't CARE!
(This used to be commit aabb4b3bc5119ef317b5697ae6fcf5d36c2d474e)
|
|
- samr_enum_dom_users, the first 4 bytes is some sort of garbage,
nt5-beta2 clears them out to zeros whereas nt4 does not.
fixed bug where we were assuming that the first 4 bytes of a
response _had_ to be non-zero.
- cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names()
client call.
- added in "addaliasmem" and "addgroupmem" commands. the addaliasmem
command actually turned out to be a "delaliasmem" :-) :-)
- parse_lsa.c: moved assert array check to after the size of useable
array space is set...
(This used to be commit 165b15a8cacc4bc7cf8cc0b9aaabb6b92cef7fdb)
|
|
- renamed do_lsa_xxx to lsa_xxx
- added "enumgroups [-m]" command, enumerates groups, shows members.
- added cmd_sam_add_groupmem(), need to call these in rpcclient.c
- added cmd_sam_add_aliasmem(), need to call these in rpcclient.c
- modified "enumaliases [-m]" command
- improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs.
- renamed "samr_unknown_12" to "samr_lookup_rids".
- added the following client-side functions:
get_samr_query_groupmem()
get_samr_query_aliasmem()
get_samr_query_groupinfo()
samr_enum_dom_groups()
samr_enum_dom_aliases()
samr_add_aliasmem()
samr_add_groupmem()
- improved display output (display.c)
(This used to be commit eacc5e581af2b4de24186b9be3238b352c54effe)
|
|
(This used to be commit 4771d5451b49375cc2fd4246d7d746b0d03cd5ba)
|
|
renamed do_samr_xxxx to samr_xxxx.
(This used to be commit 1e5d81c154740349a2cda4c1892b33a21c0683a8)
|
|
DB API
(This used to be commit ef58e48bc9af338ed6c734205d4faf82371284ac)
|
|
nmbd and smbd. nmbd is now client: smbd is solely responsible for
creating sam_name.SID
(This used to be commit 50fa4822df679b4d54b5a868179594ec087e811f)
|
|
(This used to be commit 81be1e60764d380adf47737552659854d94ca626)
|
|
(This used to be commit 13a656b0e5c73e157b222765fb57a1bdafc67b80)
|
|
jean-francois' going to get annoyed, again.
andrew's going to threaten to take cvs access away, again.
missed compilation of this file when updating sam_unknown_12 call.
(This used to be commit 74f826af36a7af4e91f9325d11ef8432d343c3bd)
|
|
(This used to be commit e39c0c76ae52bbd4539f8f254e78566a5511efc1)
|
|
query.
domain groups now work, hurrah! only thing is that the description is
one character long, don't know why (which is wierd in itself).
(This used to be commit 78a86c64960a7823b0db8b7bebfffabb4a5ba864)
|
|
(This used to be commit 9bce7340d60a49594f67cc3c6cc6119b33a5358a)
|
|
(This used to be commit a74b6dcc76794c1fe350d6906f156fdf5189e18b)
|
|
(This used to be commit 9266137fcb87b6e4b2cc45a55341ebaa69c594b7)
|
|
(This used to be commit 779a7aa30d4b8a3c8ca1d817a3fd9886c0437def)
|
|
being able to use next_token() outside of string_to_sid calls.
use strchr instead
(This used to be commit 1c478ca1723558cc5dde693b4abacb56bd98cd43)
|
|
complaint about confusion because both the HEAD and SAMBA_2_0 reported
the same version info.
(This used to be commit 195b860b46b78a6a2dd83909477dbc2e9af8f845)
|
|
rid is needed not the name (see DOMAIN_GRP_MEMBER) decided to go home.
(This used to be commit 9337049dfc98becfa74522d418dae64a97c7a304)
|
|
need to check, when looking up group members, that a group member is
a unix user [being mapped to an nt user] FIRST then if that fails
check that a group member is a unix group [being mapped to an nt group].
why? because you can have group names in a unix /etc/group file with
the same name as users.
this _might_ be a problem...
(This used to be commit 585d47644d3d709ccdfd5135c5f77166b609eb3b)
|
|
(This used to be commit 9d4e810e7dd8d6d80b47204636f9a37774f95455)
|
|
(This used to be commit f7f2516df46dde1671235f788f7689c93d9395ae)
|
|
(This used to be commit bfb75e58ced1082d3bb7d6b3f3367d50a0ca26ea)
|
|
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
(This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
|
|
modified map_nt_and_unix_names() to never refuse a mapping (returns void
now not BOOL).
(This used to be commit faffcb3c8955dcea3987e2978dc34b4dba580167)
|
|
restriction and "domain user map" seems to work.
amazing.
(This used to be commit 2c0d91e64a6b330b209ca62c3306ec1a53fda873)
|
|
stupid compile errors with file_rename() call just created.
(This used to be commit f5cedb8c9618b83b63b5e2db867d238eebc7e13c)
|
|
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists.
(This used to be commit 51c1c31768a92d9c57ee6c09b78419bcbc544f03)
|
|
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.
might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...
issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.
noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
(This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
|
|
a call _outside_ of this was _also_ calling getpwnam. the calls to
getsmbpwnam() were therefore overwriting the static buffer.
(This used to be commit c5ba5fa6feab2884a23b8bcb5dcb349ee1a7c139)
|
|
(This used to be commit 4b5bd4e18cee72aeb76909cf85b1f932393fcfc8)
|
|
My bad... Earlier one was the patch from the CIFS conference that
didn't work, this fixes...
(This used to be commit 12739f0456e9f707a361bce2fa01b0baaae182d9)
|
|
(This used to be commit 3257b72c6e2722a6de6b40b4c16e934c02a7c508)
|
|
(This used to be commit 603c5f6df8c525f30d00da912d408b98378ea538)
|
|
(This used to be commit 58c0f0a77c396a6021596c84d4a30b1c9a4b1419)
|
|
a connection succeeds...).
(This used to be commit c0efc35b27d50c40bc04bfd9fb1d61ea5d32bde5)
|
|
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
(This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
|
|
(This used to be commit 776abe3fe52748b9d2939ff77f8a39155894b952)
|
|
(This used to be commit e717b898405fdcd0bb7787394961589aa62cacc3)
|
|
added their replacements, added sam password database API modules
(This used to be commit b1d1c1337c69c6f6bf25ab932a1a6a757e3ea2ae)
|
|
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
|
|
SCO 3.2 (including it also requires lots of streams stuff, making it a
total mess).
If this causes problems on some other platform then please add a
comment stating what platform and why the include is needed so we can
work out how to test for it properly.
(This used to be commit 21d779bf7def71d5d9c899eabbb6a110860bd8e2)
|
