diff options
author | Luke Leighton <lkcl@samba.org> | 2000-04-09 03:49:03 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-04-09 03:49:03 +0000 |
commit | 96f8ab38622ad29b0e27dec0c74087bdeb5f1073 (patch) | |
tree | 9cb26807783a92f83ddbb54fe184261ec43be47d | |
parent | 56bfe40a6cb2625f2f010aab2dff87acfa12e154 (diff) | |
download | samba-96f8ab38622ad29b0e27dec0c74087bdeb5f1073.tar.gz samba-96f8ab38622ad29b0e27dec0c74087bdeb5f1073.tar.xz samba-96f8ab38622ad29b0e27dec0c74087bdeb5f1073.zip |
good grief. sometimes, i can be very stupid. ok, mike, that mode you
wanted (lp_server_role() = SERVER_ROLE_NONE, which is stand-alone
workgroup member) is working:
security = user
domain master = no
domain logons = no
you should check this with lsaquery command, it should give:
Domain: WORKGROUP SID: S-0-0
Domain: WORKSTATIONNAME SID: S-1-5-21-xxx-yyy-zzz
this just leaves security = domain, which is broke, too.
-rw-r--r-- | source/lib/sids.c | 6 | ||||
-rw-r--r-- | source/netlogond/srv_netlogon_nt.c | 2 | ||||
-rw-r--r-- | source/rpcclient/cmd_lsarpc.c | 117 | ||||
-rw-r--r-- | source/smbd/negprot.c | 8 |
4 files changed, 71 insertions, 62 deletions
diff --git a/source/lib/sids.c b/source/lib/sids.c index 32cb71149de..e2d8fe99c4c 100644 --- a/source/lib/sids.c +++ b/source/lib/sids.c @@ -193,17 +193,19 @@ static void get_sam_domain_name(void) break; } case ROLE_DOMAIN_MEMBER: + case ROLE_DOMAIN_NONE: { /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */ fstrcpy(global_sam_name, global_myname); - DEBUG(5,("get_sam_domain_name: Dom-Mem")); + DEBUG(5,("get_sam_domain_name: Local SAM Database ")); break; } default: { /* no domain role, probably due to "security = share" */ memset(global_sam_name, 0, sizeof(global_sam_name)); - DEBUG(5,("get_sam_domain_name: no role")); + DEBUG(0,("get_sam_domain_name: unknown role type!\n")); + DEBUG(5,("get_sam_domain_name: no SAM name")); break; } } diff --git a/source/netlogond/srv_netlogon_nt.c b/source/netlogond/srv_netlogon_nt.c index 02b05a2f628..dc6eeaf7eb7 100644 --- a/source/netlogond/srv_netlogon_nt.c +++ b/source/netlogond/srv_netlogon_nt.c @@ -91,6 +91,7 @@ static uint32 direct_samr_userinfo(const UNISTR2 *uni_user, SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &usr_pol); } + DEBUG(10,("_samr_open_user: status %x\n", status_usr)); if (status_usr == NT_STATUS_NOPROBLEMO) { if (!set && gids != NULL && num_grps != NULL) @@ -98,6 +99,7 @@ static uint32 direct_samr_userinfo(const UNISTR2 *uni_user, status_grp = _samr_query_usergroups(&usr_pol, num_grps, gids); } + DEBUG(10,("_samr_query_usergroups: status %x\n", status_grp)); if (set) { status_pwd = _samr_set_userinfo(&usr_pol, level, ctr); diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 0911fbb0271..a47b1a92d70 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -29,7 +29,7 @@ extern int DEBUGLEVEL; #define DEBUG_TESTING -extern FILE* out_hnd; +extern FILE *out_hnd; /**************************************************************************** nt enumerate trusted domains @@ -49,28 +49,30 @@ void cmd_lsa_enum_trust_dom(struct client_info *info, int argc, char *argv[]) fstrcat(srv_name, info->dest_host); strupper(srv_name); - DEBUG(4,("cmd_lsa_enum_trust_dom: server:%s\n", srv_name)); + DEBUG(4, ("cmd_lsa_enum_trust_dom: server:%s\n", srv_name)); /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy( srv_name, - &lsa_pol, False, - SEC_RIGHTS_MAXIMUM_ALLOWED) : False; + res = res ? lsa_open_policy(srv_name, + &lsa_pol, False, + SEC_RIGHTS_MAXIMUM_ALLOWED) : False; do { /* send enum trusted domains query */ - res = res ? lsa_enum_trust_dom( &lsa_pol, - &enum_ctx, - &num_doms, &domains, &sids) : False; + res = res ? lsa_enum_trust_dom(&lsa_pol, + &enum_ctx, + &num_doms, &domains, + &sids) : False; - } while (res && enum_ctx != 0); + } + while (res && enum_ctx != 0); res = res ? lsa_close(&lsa_pol) : False; if (res) { uint32 i; - DEBUG(5,("cmd_lsa_enum_trust_dom: query succeeded\n")); + DEBUG(5, ("cmd_lsa_enum_trust_dom: query succeeded\n")); report(out_hnd, "LSA Enumerate Trusted Domains\n"); for (i = 0; i < num_doms; i++) @@ -78,12 +80,12 @@ void cmd_lsa_enum_trust_dom(struct client_info *info, int argc, char *argv[]) fstring sid; sid_to_string(sid, sids[i]); report(out_hnd, "Domain:\t%s\tSID:\t%s\n", - domains[i], sid); + domains[i], sid); } } else { - DEBUG(5,("cmd_lsa_enum_trust_dom: query failed\n")); + DEBUG(5, ("cmd_lsa_enum_trust_dom: query failed\n")); } free_char_array(num_doms, domains); @@ -109,21 +111,21 @@ void cmd_lsa_query_info(struct client_info *info, int argc, char *argv[]) fstrcat(srv_name, info->dest_host); strupper(srv_name); - DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name)); + DEBUG(4, ("cmd_lsa_query_info: server:%s\n", srv_name)); /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(srv_name, &lsa_pol, False, - SEC_RIGHTS_MAXIMUM_ALLOWED) : False; + res = res ? lsa_open_policy(srv_name, &lsa_pol, False, + SEC_RIGHTS_MAXIMUM_ALLOWED) : False; /* send client info query, level 3. receive domain name and sid */ - res = res ? lsa_query_info_pol( &lsa_pol, 0x03, - info->dom.level3_dom, - &info->dom.level3_sid) : False; + res = res ? lsa_query_info_pol(&lsa_pol, 0x03, + info->dom.level3_dom, + &info->dom.level3_sid) : False; /* send client info query, level 5. receive domain name and sid */ - res = res ? lsa_query_info_pol( &lsa_pol, 0x05, - info->dom.level5_dom, - &info->dom.level5_sid) : False; + res = res ? lsa_query_info_pol(&lsa_pol, 0x05, + info->dom.level5_dom, + &info->dom.level5_sid) : False; res = res ? lsa_close(&lsa_pol) : False; @@ -131,33 +133,34 @@ void cmd_lsa_query_info(struct client_info *info, int argc, char *argv[]) { BOOL domain_something = False; fstring sid; - DEBUG(5,("cmd_lsa_query_info: query succeeded\n")); + DEBUG(5, ("cmd_lsa_query_info: query succeeded\n")); report(out_hnd, "LSA Query Info Policy\n"); + sid_to_string(sid, &info->dom.level3_sid); + report(out_hnd, "Domain Member - Domain: %s SID: %s\n", + info->dom.level3_dom, sid); if (info->dom.level3_dom[0] != 0) { - sid_to_string(sid, &info->dom.level3_sid); - report(out_hnd, "Domain Member - Domain: %s SID: %s\n", - info->dom.level3_dom, sid); domain_something = True; } - if (info->dom.level5_dom[0] != 0) + sid_to_string(sid, &info->dom.level5_sid); + report(out_hnd, "Domain Controller - Domain: %s SID: %s\n", + info->dom.level5_dom, sid); + if (info->dom.level3_dom[0] != 0) { - sid_to_string(sid, &info->dom.level5_sid); - report(out_hnd, "Domain Controller - Domain: %s SID: %s\n", - info->dom.level5_dom, sid); domain_something = True; } if (!domain_something) { - report(out_hnd, "%s is not a Domain Member or Controller\n", - info->dest_host); + report(out_hnd, + "%s is not a Domain Member or Controller\n", + info->dest_host); } } else { - DEBUG(5,("cmd_lsa_query_info: query failed\n")); + DEBUG(5, ("cmd_lsa_query_info: query failed\n")); } } @@ -178,7 +181,7 @@ void cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]) fstrcat(srv_name, info->dest_host); strupper(srv_name); - DEBUG(4,("cmd_lsa_lookup_names: server: %s\n", srv_name)); + DEBUG(4, ("cmd_lsa_lookup_names: server: %s\n", srv_name)); argc--; argv++; @@ -193,8 +196,7 @@ void cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]) } ret = lookup_lsa_names(srv_name, - num_names, names, - &num_sids, &sids, &types); + num_names, names, &num_sids, &sids, &types); if (ret != 0x0) { @@ -247,7 +249,7 @@ void cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]) fstrcat(srv_name, info->dest_host); strupper(srv_name); - DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name)); + DEBUG(4, ("cmd_lsa_lookup_sids: server: %s\n", srv_name)); argv++; argc--; @@ -265,15 +267,16 @@ void cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]) if (sid_name[0] == 0) { - report(out_hnd, "please use lsaquery first or specify a complete SID\n"); + report(out_hnd, + "please use lsaquery first or specify a complete SID\n"); return; } - + fstrcat(sid_name, "-"); fstrcat(sid_name, argv[0]); } string_to_sid(&sid, sid_name); - + add_sid_to_array(&num_sids, &sids, &sid); argc--; @@ -287,23 +290,23 @@ void cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]) } /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(srv_name, &lsa_pol, True, - SEC_RIGHTS_MAXIMUM_ALLOWED) : False; + res = res ? lsa_open_policy(srv_name, &lsa_pol, True, + SEC_RIGHTS_MAXIMUM_ALLOWED) : False; /* send lsa lookup sids call */ - res = res ? lsa_lookup_sids( &lsa_pol, - num_sids, sids, - &names, &types, &num_names) : False; + res = res ? lsa_lookup_sids(&lsa_pol, + num_sids, sids, + &names, &types, &num_names) : False; res = res ? lsa_close(&lsa_pol) : False; if (res) { - DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n")); + DEBUG(5, ("cmd_lsa_lookup_sids: query succeeded\n")); } else { - DEBUG(5,("cmd_lsa_lookup_sids: query failed\n")); + DEBUG(5, ("cmd_lsa_lookup_sids: query failed\n")); } if (names != NULL) { @@ -359,7 +362,8 @@ void cmd_lsa_set_secret(struct client_info *info, int argc, char *argv[]) make_unistr2(&uni_data, data, len); if (msrpc_lsa_set_secret(srv_name, secret_name, - (const char*)uni_data.buffer, uni_data.uni_str_len * 2)) + (const char *)uni_data.buffer, + uni_data.uni_str_len * 2)) { report(out_hnd, "LSA Set Secret: OK\n"); } @@ -402,7 +406,8 @@ void cmd_lsa_create_secret(struct client_info *info, int argc, char *argv[]) /**************************************************************************** nt lsa query ****************************************************************************/ -void cmd_lsa_query_secret_secobj(struct client_info *info, int argc, char *argv[]) +void cmd_lsa_query_secret_secobj(struct client_info *info, int argc, + char *argv[]) { char *secret_name; fstring srv_name; @@ -430,21 +435,21 @@ void cmd_lsa_query_secret_secobj(struct client_info *info, int argc, char *argv[ secret_name = argv[1]; /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(srv_name, &lsa_pol, False, - SEC_RIGHTS_MAXIMUM_ALLOWED) : False; + res = res ? lsa_open_policy(srv_name, &lsa_pol, False, + SEC_RIGHTS_MAXIMUM_ALLOWED) : False; /* lookup domain controller; receive a policy handle */ - res1 = res ? lsa_open_secret(&lsa_pol, secret_name, - SEC_RIGHTS_MAXIMUM_ALLOWED, + res1 = res ? lsa_open_secret(&lsa_pol, secret_name, + SEC_RIGHTS_MAXIMUM_ALLOWED, &pol_sec) : False; res2 = res1 ? lsa_query_sec_obj(&pol_sec, 0x07, &buf) : False; if (buf.sec != NULL) { - display_sec_desc(out_hnd, ACTION_HEADER , buf.sec); + display_sec_desc(out_hnd, ACTION_HEADER, buf.sec); display_sec_desc(out_hnd, ACTION_ENUMERATE, buf.sec); - display_sec_desc(out_hnd, ACTION_FOOTER , buf.sec); + display_sec_desc(out_hnd, ACTION_FOOTER, buf.sec); } else { @@ -484,7 +489,7 @@ void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[]) secret_name = argv[1]; if (msrpc_lsa_query_secret(srv_name, secret_name, &secret, - &last_update)) + &last_update)) { int i; report(out_hnd, "\tValue : "); @@ -494,7 +499,7 @@ void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[]) } report(out_hnd, "\n\tLast Updated: %s\n\n", - http_timestring(nt_time_to_unix(&last_update))); + http_timestring(nt_time_to_unix(&last_update))); } else { diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c index 55e2e42d665..6d4cb723c11 100644 --- a/source/smbd/negprot.c +++ b/source/smbd/negprot.c @@ -24,7 +24,7 @@ extern int DEBUGLEVEL; extern int Protocol; extern int max_recv; -extern fstring global_myworkgroup; +extern fstring global_sam_name; extern fstring remote_machine; /**************************************************************************** @@ -187,11 +187,11 @@ static int reply_nt1(char *outbuf) /* decide where (if) to put the encryption challenge, and follow it with the OEM'd domain name in Unicode. */ - data_len = crypt_len + (strlen(global_myworkgroup)+1)*2; + data_len = crypt_len + (strlen(global_sam_name)+1)*2; set_message(outbuf,17,data_len,True); - ascii_to_unibuf(smb_buf(outbuf)+crypt_len, global_myworkgroup, - (strlen(global_myworkgroup)+1)*2); + ascii_to_unibuf(smb_buf(outbuf)+crypt_len, global_sam_name, + (strlen(global_sam_name)+1)*2); CVAL(outbuf,smb_vwv1) = secword; SSVALS(outbuf,smb_vwv16+1,crypt_len); |