| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
was not correct.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
And we create the disabled account. That means we can create user and
trust accounts remotely !
ifdef out a return in passdb/smbpass.c. I think I didn't break any
security. Jeremy could you check if I didn't make any mistakes ???
J.F.
|
| |
|
|
|
|
|
|
| |
passdb/smbpass.c: Insure uninitialized memory reference fix.
printing/nt_printing.c:
rpc_server/srv_spoolss_nt.c: Insure memory leak fixes.
smbd/unix_acls.c: Shadow ref fix.
Jeremy.
|
| | |
|
| |
|
|
|
| |
of doing a system call every time we want to just get our pid.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
<btenison@dibbs.net>.
Jeremy.
|
| |
|
|
|
|
|
| |
libsmb/clientgen.c: Fixes for Win2k smbclient browsing.
Other fixes implement smbpasswd -x user to delete users. Also allows swat
to do the same.
Jeremy.
|
| | |
|
| |
|
|
|
| |
parameter is "builtin rid file".
Copyright 1999 Bertl <bp@vpnet.at>
|
| |
|
|
|
|
| |
as they are generic "file line-by-line" reading routines. lines with
"#" at the front are ignored (as comments). this code started out as
the password file reading code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
|
| |
|
|
| |
using smbpasswd command.
|
| | |
|
| |
|
|
|
| |
to resolution of unix name to nt name being unnecessarily _inside_
another loop.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change it now?" message when you login to a Samba Controlled domain.
The fix is a hard coded 42 days from right now until you need to
change you pasword again time (see passdb/sampassdb.c:pwdb_smb_to_sam())
Also fixed getsmbfilepwent() so that it will read in the last password
change time correctly.
* Related to this lib/util_pwdb.c:StrnCaseCmp() returns 0 if the
strings match. Chouldn't this be the pther way? Oh well. I
didn't change the return code as it was used in several
other cases (see lib/util_pwdb.c:pwdb_get_last_set_time())
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- lib/sids.c:
generate_sam_sid() modified to take a domain name: it now
generates "DOMAIN_NAME.SID". reasons:
1) if you run multiple samba servers on the same machine
under different netbios names as members of a domain,
they won't all use the same SID, which is a _big_ mistake
but it would happen _by default_.
2) we have (had) a problem with sid_to_string() and string_to_sid()
which cause SIDs to be incorrectly read. one of the major
reasons for *NOT* making this change was so as not to disrupt
existing users. but as they will be anyway by this bug,
we might as well go ahead.
- passdb/smbpass.c:
wanted to change the meaning of the name in the smbpasswd
file to an "nt" name not a "unix" name. this is probably
not a good idea: reverted this.
- output formatting / bug-fixing in rpcclient query_useraliases code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
|
| |
|
|
|
|
|
|
|
| |
would only be a domain group rid. it can also be a local group rid,
which causes us problems in attempting to turn a unix gid into the
correct rid (domain group or local group).
sooo.... the fix is _in_ there, we just can't use it because it causes
link / knock-on problems in nmbd.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Tidied up some of the mess (no other word for it). Still doesn't
compile cleanly. There are calls with incorrect parameters that
don't seem to be doing the right thing.
This code still needs surgery :-(.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
|
| |
|
|
| |
it appears!
|
| |
|
|
| |
cli_session_setup handles null sessions correctly
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
|
| |
|
|
| |
awry (ascii_p16)
|
| |
|
|
|
| |
locked.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
Changes to get Samba to compile cleanly with the IRIX compiler
with the options : -fullwarn -woff 1209,1174 (the -woff options
are to turn off warnings about unused function parameters and
controlling loop expressions being constants).
Split prototype generation as we hit a limit in IRIX nawk.
Removed "." code in smbd/filename.c (yet again :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added $(PROGS) $(SPROGS) as targets for make clean.
acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES.
configure.in: Added sys/capability.h header check.
Added function checks for srandom random srand rand.
Added HAVE_IRIX_SPECIFIC_CAPABILITIES test.
includes.h: Added #include <sys/capability.h>.
ntdomain.h: Moved struct acct_info into here from smb.h
smb.h: Added KERNEL_OPLOCK_CAPABILITY define.
Moved enum action_type into rpcclient.h
Moved struct cli_state into client.h
Moved struct nt_client_info, struct tar_client_info, struct client_info
into rpcclient.h
lib/genrand.c: Changed to use sys_random() & friends.
lib/smbrun.c: Lose capabilities after fork.
lib/system.c: Added set_process_capability(), set_inherited_process_capability()
sys_random(), sys_srandom().
lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an
32 bit mounted NFS filesystem.
nmbd/nmbd.c: Changed to use sys_random() & friends.
nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends.
passdb/ldap.c: Missed one pdb_encode_acct_ctrl call.
passdb/passdb.c: Changed to Ander's code for ' ' characters.
passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ.
script/mkproto.awk: Added 'long' to prototypes.
smbd/chgpasswd.c: Lose capabilities after fork.
smbd/open.c: Do the mmap *after* the kernel oplock.
smbd/oplock.c: Removed stub code from kernel oplock path.
Added set_process_capability(), set_inherited_process_capability() calls.
smbd/reply.c: Initialize count = 0, offset = 0.
smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls.
tests/summary.c: Ensure we have RANDOM or RAND.
utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ.
utils/torture.c: Changed to use sys_random() & friends.
Jeremy.
|
| |
|
|
|
|
| |
smbpasswd changes. Not exactly the same as his code - several
changes.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
widening (I hope :-).
include/config.h.in: Added #undef STAT_STATVFS64.
include/includes.h: Added SMB_STRUCT_STATVFS type, Changed SMB_BIG_INTEGER to
SMB_BIG_UINT and SMB_BIG_INT types.
include/smb.h: Added flag defines from CIFS spec.
lib/debug.c: Fixed one more mode_t issue.
lib/system.c: Added sys_statvfs wrapper.
lib/util.c: Changed trim_string to use size_t.
param/loadparm.c: Moved "blocking locks" into locking section. Alphabetised
locking options. Question - shuld we do this for all options ?
passdb/ldap.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT.
passdb/nispass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT.
passdb/smbpass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT.
smbd/dfree.c: Changed to use 64 bit types if available. Moved to use unsigned
types.
smbd/dosmode.c: Fixed one more mode_t issue.
smbd/negprot.c: Changed literals to be FLAG_ #defines.
smbd/nttrans.c: Removed dead code.
smbd/open.c: Changed disk_free call.
smbd/process.c: Changed literals to be FLAG_ #defines.
smbd/reply.c: Changed disk_free call.
smbd/trans2.c: Fixed but in SMB_QUERY_FS_VOLUME_INFO call. Was using
UNICODE - should use ascii.
tests/summary.c: Added STAT_STATVFS64 check.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
config.h.in: Added fseek64 and ftell64.
includes.h: Added definition of SMB_BIG_INTEGER.
smb.h: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
access.c: Tidyup of dbug statement.
system.c: Added sys_fseek and sys_ftell. Changed mode calls to use mode_t.
asyncdns.c: Tidyup of comment.
loadparm.c: Tidyup of set_default_server_announce_type() function definition.
ldap.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
nispass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
smbpass.c: Changed (*getsmbpwpos) and (*setsmbpwpos) to use SMB_BIG_INTEGER.
smbpassfile.c: Use sys_fseek().
chgpasswd.c: Tidyup of debug statement.
dosmode.c: Changed mode calls to use mode_t.
ipc.c: Removal of dead code.
nttrans.c: Changed mode calls to use mode_t.
open.c: Changed mode calls to use mode_t.
pipes.c: Removal of dead code.
reply.c: Removal of dead code.
trans2.c: Removal of dead code. Changed mode calls to use mode_t.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to check for stat64 and friends, and then changes much of Samba
to use the data type SMB_OFF_T for file size information.
stat/fstat/lstat/lseek/ftruncate have now become sys_stat etc. to hide
the 64 bit calls if needed.
Note that this still does not expose 64 bit functionality to the
client, as the changes to the reply_xxx smb's are not yet done.
This code change should make these changes possible.
Still to do before full 64 bit-ness to the client:
fcntl lock code.
statfs code
widening of dev_t and ino_t (now possible due to SMB_DEV_T and SMB_OFF_T
types being in place).
Let me know if wierd things happen after this check-in and I'll
fix them :-).
Jeremy.
|
| |
|
|
| |
to a linked list with bitmap format.
|
| |
|
|
|
|
|
|
| |
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
|
| | |
|
| |
|
|
|
| |
smbpass.c: Fixed irix warnings.
Jeremy.
|
| |
|
|
|
|
|
| |
passdb.c:
lib/rpc/include/rpc_misc.h: First cut at automatic uid/gid to rid mapping.
We can change this at a later date to make more bits available if neccessary.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
smbpass.c: Do *NOT* make this function static. It breaks the compile on gcc
util.c: Getting closer to MS wildcard semantics. A trailing '*' matches
any trailing dot-separated components.
trans2.c: Removed hacks that change multiple '?' -> '*' as this
breaks things now.
trans2.h: Removed NT_FILE_ATTRIBUTE_NORMAL - now FILE_ATTRIBUTE_NORMAL is defined
in smb.h.
Jeremy.
|
| |
|
|
|
|
| |
store passwords in ascii format
- dealt with lots of signed/unsigned char thingies spotted by Tim Winders.
|
| |
|
|
| |
unnecessary "address of" warnings.
|
| |
|
|
|
|
|
|
| |
smb.h: Removed comments no longer valid.
smbpass.c: Stopped dummy function from being prototyped.
util.c: Fix for multibyte char problems with strlower, strupper
and string_replace.
Jeremy.
|
| |
|
|
| |
be exposed.
|
| | |
|
| |
|
|
|
|
|
| |
be supported. there are some stub routines in passdb.c which can be
copied into a password database api which do conversion. the module
writer can choose which of these to provide full support for instead
of using the conversion routines.
|
