cvs2svn Import User [Sat, 11 Mar 2000 01:01:18 +0000 (01:01 +0000)]
This commit was manufactured by cvs2svn to create tag
'release-alpha-0-14'.
Samba Release Account [Sat, 11 Mar 2000 01:01:17 +0000 (01:01 +0000)]
preparing for release of alpha.0.14
Luke Leighton [Sat, 11 Mar 2000 00:58:12 +0000 (00:58 +0000)]
removed check_vuser_ok() as it restricts things too much, unexpectedly.
"invalid users = root" will stop any msrpc daemons working, including
being able to add users to the sam database (!!!! not good!)
Luke Leighton [Sat, 11 Mar 2000 00:37:36 +0000 (00:37 +0000)]
tim, become_xxx shouldn't be called in winbindd.
Samba Release Account [Fri, 10 Mar 2000 21:59:21 +0000 (21:59 +0000)]
preparing for release of alpha.0.13
Luke Leighton [Fri, 10 Mar 2000 21:54:22 +0000 (21:54 +0000)]
always check that crypt may return NULL
Luke Leighton [Fri, 10 Mar 2000 21:43:20 +0000 (21:43 +0000)]
added debug reporting that tells you if "valid users" succeeds or fails,
on msrpc daemons.
Luke Leighton [Fri, 10 Mar 2000 19:53:33 +0000 (19:53 +0000)]
- spoolssd linked against shared libubiqx, not static.
- finaly fixed %U (at least for me), it was one line in
passdb/sampass.c
- started to merge some configure things from HEAD (not
that we currently realy need it)
- added some debugging to lsarpcd (policy-handles), so
maybe we'll get those mysterious crashes with ldap;
made some functions static
- prs_set_offset() (from J.F.) didn't prs_grow enough. I
don't know, if he needs prs_set_offset to actually grow
any buffer (for marshalling), but maybe it helps
- parse_samr.c cleanup:
+ rewrote most of the memory-things to use g_new
+ removed useless prs_align after smb_io_pol_hnd()
+ converted more memcpy(&q->pol, pol, sizeof()) to
q->pol = *pol;
this all made parse_samr.c about 100 lines smaller.
Luke Leighton [Fri, 10 Mar 2000 18:15:46 +0000 (18:15 +0000)]
patch from elrond for configure tests.
Luke Leighton [Fri, 10 Mar 2000 02:10:43 +0000 (02:10 +0000)]
initialiase USER_INFO_CTR to null
Luke Leighton [Fri, 10 Mar 2000 02:01:40 +0000 (02:01 +0000)]
use write_socket() not a direct write()
Luke Leighton [Thu, 9 Mar 2000 20:00:37 +0000 (20:00 +0000)]
patch from elrond: configure cleanups
Luke Leighton [Thu, 9 Mar 2000 04:30:57 +0000 (04:30 +0000)]
login validation level 2 and 3 negotiated from netr_auth2 neg_flags.
Samba Release Account [Wed, 8 Mar 2000 23:34:02 +0000 (23:34 +0000)]
preparing for release of alpha.0.12
Luke Leighton [Wed, 8 Mar 2000 22:50:33 +0000 (22:50 +0000)]
james f. hranicky pointed out that a standalone workstation couldn't
do a net use \\samba-tng\share /user:tnguser
you had to do net use \\samba-tng\share /user:samba-tngdomainname\tnguser
i solved this by putting "if domain name is unrecognised, use local SAM"
where domain name, by default on standalone workstations, is the name
of the workstation itself.
Luke Leighton [Wed, 8 Mar 2000 22:08:33 +0000 (22:08 +0000)]
indent defaults
Luke Leighton [Wed, 8 Mar 2000 22:07:42 +0000 (22:07 +0000)]
ran indent.
Luke Leighton [Wed, 8 Mar 2000 21:01:42 +0000 (21:01 +0000)]
#include missing in srv_spoolss.c
Luke Leighton [Wed, 8 Mar 2000 20:49:08 +0000 (20:49 +0000)]
found two bugs in lsalookup* - sid_name_use type is uint16 - by bouncing
off sun's cascade box. HOORAY!
good suggestion, elrond.
Luke Leighton [Wed, 8 Mar 2000 09:24:01 +0000 (09:24 +0000)]
attempting to get trust relationship setup going again.
Samba Release Account [Wed, 8 Mar 2000 08:09:10 +0000 (08:09 +0000)]
preparing for release of alpha.0.11
Luke Leighton [Wed, 8 Mar 2000 07:59:55 +0000 (07:59 +0000)]
- acb_info is a 32-bit field in samr stuff (oops!!) sun cascade with
a different byte order from nt is VERY useful, it can be used to
identify the size of structure members because the byte order will
be swapped, in comparative traces.
- auth_resp in NETLOGON is a parameter to net_r_sam_logon, NOT part of
the NET_USER_INFO struct.
- domain_client_validate was grabbing the secret $MACHINE.ACC, then
the unicode string needed to be byte-swapped before being passwd
to nt_owf_genW.
Luke Leighton [Wed, 8 Mar 2000 05:24:12 +0000 (05:24 +0000)]
1) logon hours _is_ a 32-bit not a 16-bit. oops
2) logon to local workstation when it is a member of a domain is also
allowed, by making domain_client_validate accept our own localservername
as the domain name (a la MYSERVERNAME\user)
Luke Leighton [Wed, 8 Mar 2000 01:12:38 +0000 (01:12 +0000)]
yet another stage in net user info level 2. server-side and client-side
support but no neg_flags used, yet.
Luke Leighton [Tue, 7 Mar 2000 23:54:55 +0000 (23:54 +0000)]
next stage of having a NET_USER_INFO_CTR
Luke Leighton [Tue, 7 Mar 2000 23:07:04 +0000 (23:07 +0000)]
created a NET_USER_INFO_2.
Samba Release Account [Tue, 7 Mar 2000 20:15:38 +0000 (20:15 +0000)]
preparing for release of alpha.0.10
Luke Leighton [Tue, 7 Mar 2000 20:07:00 +0000 (20:07 +0000)]
jean-francois' tng patch, updated. cleaned up some of the
global / local variable clashes (found with ./configure.developer)
Luke Leighton [Tue, 7 Mar 2000 19:26:16 +0000 (19:26 +0000)]
more of those wonderful connection-related issues, found by rpctorture
Luke Leighton [Tue, 7 Mar 2000 18:29:17 +0000 (18:29 +0000)]
patch from jf who was having difficulty doing cvs commits on TNG.
Luke Leighton [Tue, 7 Mar 2000 18:24:33 +0000 (18:24 +0000)]
make proto
Luke Leighton [Tue, 7 Mar 2000 18:18:44 +0000 (18:18 +0000)]
From Elrond@Wunder-Nett.org Wed Mar 8 05:16:00 2000
Date: Tue, 7 Mar 2000 18:03:39 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: cleanup: sam_enum_domains (passdb) and share info 502
Hi Luke,
- munged around with share_info_502, cause I want to
integrate ShareGetInfo and ShareEnum more, so both
support the same info-levels and there isn't so much
doubled code. (note: I want that, it's not currently
anywhere near there.)
- moved enumdomains from lib/sids.c to
samrd/srv_samr_passdb.c, it's only used there.
Luke Leighton [Tue, 7 Mar 2000 18:12:42 +0000 (18:12 +0000)]
POL_HND_SIZE not defined any more
Luke Leighton [Tue, 7 Mar 2000 05:17:04 +0000 (05:17 +0000)]
set user info 2 - 0x12 sorted out, client and server side. i hope.
Luke Leighton [Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)]
attempting to get samr_set_userinfo2 info level 0x12 working.
Luke Leighton [Tue, 7 Mar 2000 00:16:37 +0000 (00:16 +0000)]
solving issue of cascade joining domain. it's decided that the
password set is to be an info level 0x12, due to get_usrdom_pwinfo. eh???
Luke Leighton [Mon, 6 Mar 2000 23:30:03 +0000 (23:30 +0000)]
info level 23 password change also has alignment issues
Luke Leighton [Mon, 6 Mar 2000 23:25:18 +0000 (23:25 +0000)]
set_userinfo at level 23 was wrong.
Luke Leighton [Mon, 6 Mar 2000 20:01:47 +0000 (20:01 +0000)]
oi! who changed set_tdbsam to set_tdbsid without also changing all
occurrences of get_tdbsam to get_tdbsid!!!!
who added global_sid_S_1_1 to tdb_samr_connect?
Luke Leighton [Mon, 6 Mar 2000 18:23:36 +0000 (18:23 +0000)]
patch from elrond for libtool hack
Samba Release Account [Mon, 6 Mar 2000 10:40:35 +0000 (10:40 +0000)]
preparing for release of alpha.0.9
Luke Leighton [Mon, 6 Mar 2000 10:33:12 +0000 (10:33 +0000)]
fascinating: may be the answer to some of the login problems: byte ordering
in passwords. AAGH!
Luke Leighton [Mon, 6 Mar 2000 09:34:19 +0000 (09:34 +0000)]
interesting. had to add code to stop cascade's SMBtconX encrypted password
from being used, i have a) no idea if it's valid b) no idea how to decode
it!
Luke Leighton [Mon, 6 Mar 2000 08:16:09 +0000 (08:16 +0000)]
had to create a table referencing the incoming DCE/RPC context_id to an
internal context id.
also fixing issues where i had earlier removed POL_HND_SIZE #define.
Luke Leighton [Mon, 6 Mar 2000 07:23:36 +0000 (07:23 +0000)]
ok, got bigendian byte order requests working.
Luke Leighton [Mon, 6 Mar 2000 05:13:26 +0000 (05:13 +0000)]
turns out that POLICY_HND actually contains an RPC_UUID. only found this
out by receiving little-endian DCE/RPC packets and sending big-endian
DCE/RPC packets, of course the POLICY_HND was wrong...
Luke Leighton [Mon, 6 Mar 2000 04:09:20 +0000 (04:09 +0000)]
fixing careful alignment IVAL const issues
Luke Leighton [Mon, 6 Mar 2000 03:25:59 +0000 (03:25 +0000)]
first connectathon 2000 tests produces results!
cascade shows that pipe names are case-insensitive. they send all uppercase.
Luke Leighton [Mon, 6 Mar 2000 03:18:20 +0000 (03:18 +0000)]
careful alignment needs const versions of SVAL, IVAL etc.
Samba Release Account [Fri, 3 Mar 2000 20:12:15 +0000 (20:12 +0000)]
preparing for release of alpha.0.8
Luke Leighton [Fri, 3 Mar 2000 20:09:04 +0000 (20:09 +0000)]
unbecome_root()( fix - only actually do an unbecome_root
when root depth reaches zero again.
Tim Potter [Wed, 1 Mar 2000 01:11:09 +0000 (01:11 +0000)]
Check for null tdb context in tdb_exists()
Tim Potter [Tue, 29 Feb 2000 22:52:28 +0000 (22:52 +0000)]
Merge of changes from HEAD branch.
Luke Leighton [Tue, 29 Feb 2000 18:04:51 +0000 (18:04 +0000)]
allow nested become_root() calls. this is a hack.
Luke Leighton [Mon, 28 Feb 2000 20:07:44 +0000 (20:07 +0000)]
DCE/RPC header - pack type tests
Luke Leighton [Mon, 28 Feb 2000 19:41:09 +0000 (19:41 +0000)]
From Elrond@Wunder-Nett.org Tue Feb 29 05:53:10 2000
Date: Mon, 28 Feb 2000 17:29:48 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: _samr_query_sec_obj
Hi Luke,
- moved the SD-generation code out of
samrd/srv_samr_sam_tdb.c:_samr_query_sec_obj into its own
samrd/samr_util.c
- updated the SD to have the same order and include
Builtin\Account Operators, as seen on an nt4sp4 ws.
- used this function in samrpassd (which was broken here
and usrmgr didn't work) and samrtdbd (for consistency)
(I can't compile-check samrnt5ldap, so I will send Luke
Howard a patch to inspect.)
- clean-up: Mainly policy-handles... but also other stuff
- debugging and type-checking of data associated with
POLICY_HND in samrtdbd
(I suspect, there's a problem in sam_query_sec_obj, see
the new WARNING, that appears.)
- rpcclient/samedit: enumaliases has new option:
[-d Domain], so I could do "enumaliases -d Builtin"
After this patch my usrmgr worked better, but now it looks
like it is thinking, it talks to a WS instead of a server.
I can't see the domain-groups, only aliases, and in the
user-properties, there are only 3 buttons for "Groups",
"Profiles" and "RAS", the others are missing... I tried a
long time to find out about it... I failed, so could you
have a look at this?
[lkcl: this because winregd is returning "i am a wksta"]
Okay, and another thing:
You seemed to look for the bit on the user-objects, that
allows password-changing: I think, it must be 0x0004,
cause:
Everyone has: 0x2035b
Normal user : 0x20044
0x20040 is included in the bits, everyone has, 0x0004 is
left over....
Just some thoughts...
Elrond
Luke Leighton [Mon, 28 Feb 2000 15:56:46 +0000 (15:56 +0000)]
reversed irix include standard.h patch because it breaks other irix
configures.
Samba Release Account [Mon, 28 Feb 2000 01:00:35 +0000 (01:00 +0000)]
preparing for release of alpha.0.7
cvs2svn Import User [Mon, 28 Feb 2000 00:51:55 +0000 (00:51 +0000)]
This commit was manufactured by cvs2svn to create branch 'SAMBA_TNG'.
Tim Potter [Mon, 28 Feb 2000 00:51:53 +0000 (00:51 +0000)]
Makefile for tdb directory.
Tim Potter [Mon, 28 Feb 2000 00:38:45 +0000 (00:38 +0000)]
Oops - put back filename argument to tdb_open().
Tim Potter [Mon, 28 Feb 2000 00:37:13 +0000 (00:37 +0000)]
Modifications to tdb_traverse() arguments to remove compile warnings.
Tim Potter [Mon, 28 Feb 2000 00:25:37 +0000 (00:25 +0000)]
Allow tdb databases to be created "in memory" without having a file
associated with them. tdb can then be used as a hash table data
structure.
Tim Potter [Mon, 28 Feb 2000 00:22:45 +0000 (00:22 +0000)]
Added tdbtool to .cvsignore list.
Luke Leighton [Mon, 28 Feb 2000 00:00:53 +0000 (00:00 +0000)]
adding pack_type data representation. tested as-was (i.e. not against
a non-intel-byte-order m/c).
Luke Leighton [Sun, 27 Feb 2000 19:12:07 +0000 (19:12 +0000)]
added bind nack to server-side.
jeremy, the majority of "negative" responses are actually "fault" pdus.
the only circumstances in which a bind nack is returned is if there is
something wrong with a bind request. e.g the NTLMSSP auth bind-request
(negotiate) stage, which contains the client hostname and client domain,
contains an unrecognised name such as NULL.
e.g the NETSEC (netlogon secure channel) auth bind-request stage which
again happens (coincidentally) to contain the client hostname and client
domain, contains a hostname/domainname tuple for which no NetrReqChal+
NetrAuth2 with flags 0x400001ff has just previously been done.
i.e: NetrReqChal("\\myserver", "mydomain", ...);
NetrAuth2("\\myserver", mydomain, 0x400001ff, ...);
[now do netsec]
NetSecBindRequest("\\somestupidservername", "totalgarbagedomainname")
this should be rejected with a bind NACK.
Luke Leighton [Sun, 27 Feb 2000 18:11:29 +0000 (18:11 +0000)]
trying to track down why setgroups() fails.
Luke Leighton [Sun, 27 Feb 2000 17:52:19 +0000 (17:52 +0000)]
testing password change showed up some bugs in NTLMSSP calcs, plus one in
cli_samr.c. from the NetrSamLogon the first 8 bytes of the
LM# are received, i forgot to pass this over.
Jean-François Micouleau [Sat, 26 Feb 2000 23:01:02 +0000 (23:01 +0000)]
added enumprintprocessordatatypes
now NT is happy and the "always send data in RAW mode" is checked
J.F.
Jean-François Micouleau [Sat, 26 Feb 2000 22:22:24 +0000 (22:22 +0000)]
rewrote enumprinterdata. still a bug in it but reproducing it hard and
borring.
I need a client test program urgently!!!
rewrote setprinter, doesn't coredump anymore, and no memleak.
J.F.
Jeremy Allison [Fri, 25 Feb 2000 22:25:25 +0000 (22:25 +0000)]
client/client.c:
libsmb/clientgen.c: Fixes for Win2k smbclient browsing.
Other fixes implement smbpasswd -x user to delete users. Also allows swat
to do the same.
Jeremy.
Luke Leighton [Fri, 25 Feb 2000 21:07:31 +0000 (21:07 +0000)]
patch from michael breuer for irix TCP_NODELAY include
Luke Leighton [Fri, 25 Feb 2000 05:47:45 +0000 (05:47 +0000)]
const issues
Luke Leighton [Fri, 25 Feb 2000 05:44:46 +0000 (05:44 +0000)]
remove unused var
Luke Leighton [Fri, 25 Feb 2000 05:43:49 +0000 (05:43 +0000)]
tim, after speaking with andrew he noticed that you were calling become_root()
and unbecome_root(). client-side code CANNOT call these functions, it must
only call the *stub* versions of these.
the only circumstances under which it is ok for client-side code to call
become_root() and unbecome_root() is if you are actually calling client-side
code from inside a root process to the msrpc loop-back interface.
this is because you cannot _access_ the msrpc loop-back interface unless you
are root (use a server name of "\\." instead of "\\someservername").
Luke Leighton [Fri, 25 Feb 2000 05:38:00 +0000 (05:38 +0000)]
const issues
Luke Leighton [Fri, 25 Feb 2000 05:23:24 +0000 (05:23 +0000)]
attempting to find a bug that wasn't.
Luke Leighton [Fri, 25 Feb 2000 04:45:28 +0000 (04:45 +0000)]
set_secret_data() parameter typecast constant (16) to a pointer. nggggh!
added decls for setresuid.
const issues.
Luke Leighton [Thu, 24 Feb 2000 23:46:46 +0000 (23:46 +0000)]
trying to track down login issues.
Jean-François Micouleau [Thu, 24 Feb 2000 23:01:24 +0000 (23:01 +0000)]
made dynamic the Printer struct. No more limits :-)
J.F.
Luke Leighton [Thu, 24 Feb 2000 19:48:17 +0000 (19:48 +0000)]
added previously_granted_access parameter to se_access_check(). it
makes life simpler because this function will need to be called inside
EVERY single msrpc function.
Luke Leighton [Thu, 24 Feb 2000 16:57:31 +0000 (16:57 +0000)]
improved ace checking, pseudo-code from todd sabin.
Jean-François Micouleau [Thu, 24 Feb 2000 16:27:06 +0000 (16:27 +0000)]
converted a couple of bzero() to memset()
rewrote the printer notify code, so now it's compatible with SP5 and fully
dynamic. No more limits on printers and job lists.
removed the make_xxx() functions as they are not used and broken
fixed a bug in the open handle function.
J.F.
Luke Leighton [Thu, 24 Feb 2000 06:40:47 +0000 (06:40 +0000)]
call to generate well-known SIDs in all programs likely to need them.
Luke Leighton [Thu, 24 Feb 2000 06:30:58 +0000 (06:30 +0000)]
SIDDB_OBJ added to all msrpc daemons.
Luke Leighton [Thu, 24 Feb 2000 06:28:59 +0000 (06:28 +0000)]
oops, global_sid_system not global_sid_S_1_5_17.
Luke Leighton [Thu, 24 Feb 2000 06:27:12 +0000 (06:27 +0000)]
se_access_check function.
Samba Release Account [Thu, 24 Feb 2000 03:49:25 +0000 (03:49 +0000)]
preparing for release of alpha.0.6
Luke Leighton [Wed, 23 Feb 2000 23:06:45 +0000 (23:06 +0000)]
oops! mapped SEC_RIGHTS_READ (a series of bits) to read instead of just
SEC_RIGHTS_READ_CONTROL.
Jeremy Allison [Wed, 23 Feb 2000 22:29:27 +0000 (22:29 +0000)]
Multiple-dot scope handling fix from Greg Bowering gb@pobox.com
Jeremy.
Luke Leighton [Wed, 23 Feb 2000 21:25:59 +0000 (21:25 +0000)]
From Elrond@Wunder-Nett.org Thu Feb 24 08:11:57 2000
Date: Wed, 23 Feb 2000 19:28:08 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: receiving multiple pdus
Hi Luke,
Someone ran rpcclients enumusers against a 2500 user domain
yesterday... and it crashed...
The code to receive multiple pdus is broken...
I fixed most of the things, I could find out myself, but in
rpc_client/cli_connect.c:rpc_api_rcv_pdu() in the
MSRPC_LOCAL-case, I don't know, what you wanted there.
(ret = ...; ret = ...;)
What I did:
- fixed receiving of multiple pdus
(now you should be able to run rpcclient against your
favorite 2500 user domain)
- fixed some possible problem in become_guest
(I realy should write something to samba-technical, this
one is possibly interesting for HEAD/2.0 too)
- fixed up some copyrights (I know, I modified those)
Elrond
[lkcl: the code that elrond fixed was to read a dce/rpc header of
0x18 bytes. i _thought_ i'd removed this code and replaced it
with read-an-entire-pdu. it _is_ ok to do this, because the last
pdu turns up short when using SMBs. you request 0x1630 bytes and
you only get... say.... 0x40, 0x18 of which is the header and the
rest is the last part of the last PDU]
Luke Leighton [Wed, 23 Feb 2000 06:10:54 +0000 (06:10 +0000)]
samr_lookup_rids. also, made it possible to read sam user info, anonymously.
just like NT.
*sigh*...
Luke Leighton [Wed, 23 Feb 2000 05:46:33 +0000 (05:46 +0000)]
samrtdb _samr_enum_dom_users. one function at a time...
Jeremy Allison [Wed, 23 Feb 2000 02:02:33 +0000 (02:02 +0000)]
lib/system.c: Fixed gcc warnings.
nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0.
Others - preparing for multiple pdu write code.
Jeremy.
Luke Leighton [Wed, 23 Feb 2000 01:39:26 +0000 (01:39 +0000)]
update to use secret as a Unicode cleartext NOT NT#
Luke Leighton [Wed, 23 Feb 2000 01:07:07 +0000 (01:07 +0000)]
DOH!
Luke Leighton [Wed, 23 Feb 2000 00:56:33 +0000 (00:56 +0000)]
yess, i had the wrong format for the set secret data, you store the
clear-text trust account password in Unicode, not the NT#.
oops! oops! i broke everything! tee hee :)
Luke Leighton [Wed, 23 Feb 2000 00:37:07 +0000 (00:37 +0000)]
dammit! lsa_set_secret() works DIFFERENTLY depending on the target!
nt4, nt4sp4+ and nt5!
adding an lsa querysecretsecobj command (gets a security descriptor
of a secret, e.g $MACHINE.ACC) to see if it's possible to do a SET
SEC_OBJ command, in order to bypass some of the [good] security
settings that microsoft improved on LSA secrets, i.e you can only
set them, you can't _read_ them.
dammit!
i need to know the format of these, and lsadump2 doesn't help very
much because it uses LsarQuerySecret directly in lsass.exe, it doesn't
get data over-the-wire. (http://razor.bindview.com).
Luke Leighton [Tue, 22 Feb 2000 23:02:58 +0000 (23:02 +0000)]
trying to track down why createuser -j option doesn't work on nt5, it
turns out that they use a different format for the $MACHINE.ACC
secrets.
AGH!
Luke Leighton [Tue, 22 Feb 2000 21:00:01 +0000 (21:00 +0000)]
richard got the short request for GETDC right (hooray!) win9x _and_ nt
now work.