| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
SWAT status page and smbstatus. It made the code _much_ simpler, I
wish we'd done a database module a long time ago!
|
| |
|
|
|
| |
on user auth fail.
Jeremy.
|
| |
|
|
|
|
|
| |
<eggert@twinsun.com>.
I wish I had written this one :-).
Jeremy.
|
| |
|
|
| |
that were in the head branch but weren't in SAMBA_2_0
|
| | |
|
| |
|
|
|
|
|
| |
clash with gnu readline library.
fixed issue with [homes] service not being there - call lp_add_home()
just before starting the msrpc processing.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
|
| |
|
|
| |
get_any_dc_name().
|
| |
|
|
| |
this is horrible.
|
| |
|
|
|
| |
the heck is a cli_session_setup() call doing in here??? this should use
cli_establish_connection()server!
|
| | |
|
| |
|
|
| |
parameters to connect to \PIPE\NETLOGON.
|
| |
|
|
|
|
| |
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
|
| |
|
|
| |
attempted to fix regsetsec command
|
| | |
|
| |
|
|
| |
_use_ user session key.
|
| | |
|
| |
|
|
| |
NT refuses to play nice, and establish a trust relationship.
|
| |
|
|
| |
smbpasswd so it can be used to set up inter-domain trust account.
|
| |
|
|
|
|
|
|
|
|
| |
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
|
| |
|
|
|
|
|
|
| |
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
|
| |
|
|
| |
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
|
| |
|
|
|
|
|
|
|
| |
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
|
| |
|
|
| |
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no).
|
| |
|
|
| |
error wrong password against nt. ????
|
| |
|
|
| |
removed all comparisons to if (fn() == False), replaced with if (!fn()).
|
| |
|
|
|
|
|
| |
samr_lookup_rids() moved to a dynamic memory structure not a
static one limited to 32 RIDs. cli_pipe.c reading wasn't checking
ERRmoredata when DOS error codes negotiated (this terminates
MSRPC code with prejudice).
|
| |
|
|
| |
to use ulong use uint32 instead.
|
| |
|
|
|
|
|
| |
don't coredump when adding forms,
and a small non obvious memory leak in the rpc buffers
J.F.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- cleanup
- #defined report to sprintf as it's #defined to another function in
other uses of cmd_lsarpc.c
|
| | |
|
| |
|
|
| |
nt 5 does. cool!
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
was modified.
|
| |
|
|
|
| |
added check to ensure response is more than 24 chars before bothering
to do an NTLMv2 check.
|
| |
|
|
| |
found by Bertl <bs@vpnet.at>.
|
| |
|
|
|
| |
placed in data stream before username / domain, whereas NT doesn't do
this...
|
| |
|
|
|
|
|
| |
the vfs tables. at the moment, i replaced all calls to unix_convert()
with unix_dfs_convert().
this does the job, but it's not very nice.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
the correct length.
|
