| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
time out of sending the session setup on Solaris 2.6. No idea.
I'll work on it some tomorrow. This is to fix the "Unable to
setup password vectors" thingy.
Also changed an inet_aton() to inet_addr() as the former is
not very portable :-)
Luke, I set the redir flag to false because the connection to
the smb-agent was failing and smbpasswd bombed. Double check me
on this one.
-jc
|
| |
|
|
|
| |
arguments: get_any_dc_name() was being called with a server name
not a domain name. oops.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
|
| |
|
|
|
| |
functions (cli_net_use_addlist()). needed originally because
there was no get_dc_any_name() function.
|
| | |
|
| |
|
|
| |
this is horrible.
|
| | |
|
| | |
|
| |
|
|
| |
parameters to connect to \PIPE\NETLOGON.
|
| |
|
|
|
|
| |
the remote machine, because i don't know what to _do_ with it!!!!
argh!!!
|
| |
|
|
|
| |
is pretty much independent of SMB client states, which will make it
easier to add other transports.
|
| |
|
|
|
|
| |
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
|
| |
|
|
|
|
| |
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
|
| |
|
|
| |
do so twice. possible memory corruption, revolving around getopt().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
|
| |
|
|
|
|
|
|
|
| |
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
|
| |
|
|
|
|
| |
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
|
| |
|
|
| |
attempted to fix regsetsec command
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
|
| | |
|
| |
|
|
| |
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
|
| |
|
|
|
|
|
| |
these _may_ not actually ever get used, as trust relationships
really need to be established with shared secrets, and you need
to get the SID of the trusted and trusting domains, so this
may have to go in a private/xxx.mac file.
|
| | |
|
| | |
|
| |
|
|
| |
spoolss_enumjobs parsing code to do read / writes not just writes.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
|
| |
|
|
| |
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no).
|
| |
|
|
| |
util_unistr.c in order to get bin/testparm to compile.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
char*
UNISTR2*
SID*
decided to create a higher-order function set, add_item_to_array()
free_item_array().
higher-order support routines needed to add a new type:
type* item_dup(const type*)
void item_free(type*)
of course, strdup() and free() are perfect, pre-existing examples
of such functions, used in the implementation of add_chars_to_array()
and free_char_array().
sid_dup() and free() work for the add_sids_to_array() and free_sid_array()
implementations.
use unistr2_dup() and created unistr2_free() because the functionality
behind these may change into something horrible, like [horror] dynamic
memory allocation of the UNISTR2 character array. argh!!!!
jean-francois, this function set implements what we talked about over...
a year ago, now :-)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
added samgroup <groupname> command
added samgroupmem <groupname> command
added proper registry key completion
added sam command user-completion (e.g samuser [tab])
added sam command group-completion (e.g samgroup [tab])
|
| | |
|
| |
|
|
| |
in rpcclient, regenum HKEY_CLASSES_ROOT or regenum HKCR to test.
|
| |
|
|
| |
- signed / unsigned issues.
|
| | |
|
| |
|
|
| |
break a few things...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a problem i was having.
- added rudimentary CAP_STATUS32 support for same reason.
- added hard-coded, copy-the-same-data-from-over-the-wire version of
CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate
GSSAPI which encodes
SPNEGO which is used to negotiate
Kerberos or NTLMSSP. i have implemented
NTLMSSP which negotiates
NTLMv1 or NTLMv2 and 40-bit or 128-bit etc. i have implemented
NTLMv1 / 40-bit.
*whew*.
|
| |
|
|
| |
nt 5 does. cool!
|
| | |
|
| | |
|
