IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
undecoded, nothing in MSDN, but now it works :-)
cleanup of error codes.
fixed some dfs declarations function.
J.F.
(This used to be commit 87da4404ab)
and the printer functions.
Also tidied up some header includes and got the order right so you
can now do a :
make proto
make clean
make
Jeremy.
(This used to be commit 833cd9fba9)
fixed typo in SPOOLSS_SYNT
some cleanup of unused functions
wrote make_spoolss_enumprinter and make_spoolss_openprinterex for
rpcclient as I'm trying to keep in sync the parsing code between HEAD and
TNG.
Will commit changes to TNG after lunch.
J.F.
(This used to be commit 025cdb345f)
borring.
I need a client test program urgently!!!
rewrote setprinter, doesn't coredump anymore, and no memleak.
J.F.
(This used to be commit b76ae1f92f)
libsmb/clientgen.c: Fixes for Win2k smbclient browsing.
Other fixes implement smbpasswd -x user to delete users. Also allows swat
to do the same.
Jeremy.
(This used to be commit 9f6ad04676)
rewrote the printer notify code, so now it's compatible with SP5 and fully
dynamic. No more limits on printers and job lists.
removed the make_xxx() functions as they are not used and broken
fixed a bug in the open handle function.
J.F.
(This used to be commit aa9054d14b)
nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0.
Others - preparing for multiple pdu write code.
Jeremy.
(This used to be commit 9f879ec396)
on the glibc source code and are safer than the traditional popen as
they don't use a shell to exec the requested command. Now we have
these functions they can be tightened up (environment etc.) as required
to make a safe popen. It should now be safe to add the environement
variable loading code to loadparm.c
Jeremy.
(This used to be commit b52e92b09d)
OpenPrinterEx is now decoding correctly the query
most of the EnumXXX use the new_buffer struct.
check the (un)marshalling return code.
conclusion: still a long way to go. all the client code has to be
rewritten, and I still wonder how to implement correctly the notify stuff.
(This used to be commit 3d6d386375)
two places i found where it was appropriate to _use_ that third argument,
in locking.c and brlock.c! there was a static traverse_function and
i removed the static variable, typecast it to a void*, passed it to
tdb_traverse and re-cast it back to the traverse_function inside the
tdb_traverse function. this makes the use of tdb_traverse() reentrant,
which is never going to happen, i know, i just don't like to see
statics lying about when there's no need for them.
as i had to do in samba-tng, all uses of tdb_traverse modified to take
the new void* state argument.
2) disabled rpcclient: referring people to use SAMBA_TNG rpcclient.
i don't know how the other samba team members would react if i deleted
rpcclient from cvs main. damn, that code's so old, it's unreal.
20 rpcclient commands, instead of about 70 in SAMBA_TNG.
(This used to be commit 49d7f0afbc)
Stop makeing function calls for every use of skip_multibyte_char. This function
is called several *million* times during a NetBench run :-).
Jeremy.
(This used to be commit e5a3deba46)
the last piece was to use a smb timeout slightly larger than the
locking timeout in bloking locks to prevent a race
(This used to be commit 1b54cb4a33)
that will make us match NT semantics exactly and do away with the
horrible fd multiplexing in smbd.
this is some diag stuff to get me started.
- added the ability to do read or write locks in clientgen.c
- added a LOCK4 test to smbtorture. This produces a report on the server
and its locking capabilities. For example, NT4 gives this:
the same process cannot set overlapping write locks
the same process can set overlapping read locks
a different connection cannot set overlapping write locks
a different connection can set overlapping read locks
a different pid cannot set overlapping write locks
a different pid can set overlapping read locks
the same process can set the same read lock twice
the same process cannot set the same write lock twice
the same process cannot override a read lock with a write lock
the same process can override a write lock with a read lock
a different pid cannot override a write lock with a read lock
the same process cannot coalesce read locks
this server does strict write locking
this server does strict read locking
whereas Samba currently gives this:
the same process can set overlapping write locks
the same process can set overlapping read locks
a different connection cannot set overlapping write locks
a different connection can set overlapping read locks
a different pid can set overlapping write locks
a different pid can set overlapping read locks
the same process can set the same read lock twice
the same process can set the same write lock twice
the same process can override a read lock with a write lock
the same process can override a write lock with a read lock
a different pid can override a write lock with a read lock
the same process can coalesce read locks
this server does strict write locking
this server does strict read locking
win95 gives this - I don't understand why!
the same process cannot set overlapping write locks
the same process cannot set overlapping read locks
a different connection cannot set overlapping write locks
a different connection cannot set overlapping read locks
a different pid cannot set overlapping write locks
a different pid cannot set overlapping read locks
the same process cannot set the same read lock twice
the same process cannot set the same write lock twice
the same process cannot override a read lock with a write lock
the same process cannot override a write lock with a read lock
a different pid cannot override a write lock with a read lock
the same process cannot coalesce read locks
this server does strict write locking
this server does strict read locking
(This used to be commit 49637936b6)
This fixes our netbios scope handling. We now have a 'netbios scope' option
in smb.conf and the scope option is removed from make_nmb_name()
this was prompted by a bug in our PDC finding code where it didn't append
the scope to the query of the '*' name.
(This used to be commit b563be824b)
configure configure.in include/config.h.in: Added <sys/un.h> autoconf
code for Luke's UNIX domain sockets code.
Jeremy.
(This used to be commit 210d61db08)
lp_string() bug properly.
we still need to add lp_talloc_free() calls in all the main event
loops, I've only put it in smbd and nmbd thus far.
(This used to be commit aa7f815525)
I also fixed up the lookup_pdc_name() code so that it now works, even
with a NT server that insists on replying to udp/138.
The method I used to match packets was to use the mailslot string as a
datagram ID. The true dgm_id doesn't work as NT doesn't set it
correctly. uggh.
PS: Jeremy, I had to change your code quite a bit, are you sure this
worked with a Samba PDC?? The code looked broken, it got the offsets
wrong in the SMB portion of the packet and filled in the IP
incorrectly.
(This used to be commit 32f66f4ea6)
this means "nmblookup -S" now always works, even with broken servers
the database stores all unexpected replies and these can be accessed
by any client.
while doing this I cleaned up a couple of functions, and put in place
a better trn_id generator. in most places the code got quite a bit
simpler due to the addition of simple helper functions.
I haven't yet put the code in to take advantage of this for pdc
replies - that will be next. Jeremys pdc finding code will then work :)
(This used to be commit 280e6359d3)
- added TDB_CLEAR_IF_FIRST flag to clear the database if this is the
first attached process. Useful for non-persistent databases like our
locking area (this will also make upgrades to new database layouts easier)
- use lock_path() in a couple of places
- leave connections database open while smbd running
- cleaned up some tdb code a little, using macros for constants
(This used to be commit 00e9da3ca5)
instead of either sysv or mmap shared memory or lock files.
this means we can now completely remove
locking_shm.c
locking_slow.c
shmem.c
shmem_sysv.c
and lots of other things also got simpler
locking.c got a bit larger, but is much better compartmentalised now
(This used to be commit e48c2d9937)
SWAT status page and smbstatus. It made the code _much_ simpler, I
wish we'd done a database module a long time ago!
(This used to be commit 4951755413)
suite and a very simple tool for manuipulating the databases.
the main code is in tdb/tdb.c and includes both mmap and file based
IO. All databases auto-expand and allow multiple simultaneous writers.
the next step is using this new capability in lots of places in Samba
where we have existing ad-hoc databases
(This used to be commit c89d29cc5e)
clash with gnu readline library.
fixed issue with [homes] service not being there - call lp_add_home()
just before starting the msrpc processing.
(This used to be commit 054195df9b)
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa5052522)
pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service. the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.
this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).
removed reference to pipes_struct in msrpc services. all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.
created become_vuser() which does everything not related to connection_struct
that become_user() does.
removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.
todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.
had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons. why? because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency. so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc. this is the MINIMUM info identified so far that's
actually implemented. missing bits include the called and calling
netbios names etc. (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8d)
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef)
one horrible cut / paste job from smbd, plus a code split of shared
components between the two.
the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons. i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real. at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.
i can't believe this all worked!!!
(This used to be commit 2245b0c6d1)
created an "nmb-agent" utility that, yes: it connects to the 137 socket
and accepts unix socket connections which it redirects onto port 137.
it uses the name_trn_id field to filter requests to the correct
location.
name_query() and name_status() are the first victims to use this
feature (by specifying a file descriptor of -1).
(This used to be commit d923bc8da2)
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
(This used to be commit 294b653f2e)
they should all be replaced with cli_establish_connection().
created cli_use_wait_keyboard() which waits on multiple cli_states
and swallows session keepalives.
(This used to be commit fcc39b3f4f)
from previous lsaquery command. over-ridden from DOMAIN\username
2) initialisation of cli_state is a little more specific: sets use_ntlmv2
to Auto. this can always be over-ridden.
3) fixed reusage of ntlmssp_cli_flgs which was being a pain
4) added pwd_compare() function then fixed bug in cli_use where NULL
domain name was making connections multiply unfruitfully
5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf6)
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
(This used to be commit c049865782)
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
(This used to be commit 29c480085e)
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req().
modified cli_lsarpc.c to use this. the rest is const issues.
(This used to be commit c1ea396de2)
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
(This used to be commit 8ce93b80d3)
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82)
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
(This used to be commit c01b18e632)
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
(This used to be commit c26e8a6ac5)
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
(This used to be commit 9a1efa03c8)
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd)
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
(This used to be commit 97ec74e1fa)
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
(This used to be commit 172601b84a)
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
(This used to be commit 8e406c1fa2)
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
(This used to be commit c3913f8ae2)
reg_io_r_info() working properly. previously they weren't well
understood (well, they were the first of the registry functions i did,
back in december 97, ok??? :-)
set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv.
(This used to be commit 98ddeaf442)
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
(This used to be commit 70b2c1ecbb)
these _may_ not actually ever get used, as trust relationships
really need to be established with shared secrets, and you need
to get the SID of the trusted and trusting domains, so this
may have to go in a private/xxx.mac file.
(This used to be commit 71f1213867)
for which a PDC is responsible. typical answers are:
<Name of Domain> plus <Builtin>.
against a hierarchical, down-level-compatible NT5 PDC, there's likely to
be more than these two entries!!!!!
(This used to be commit 3146aa6b60)
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
(This used to be commit 25c70e3c98)
to mention, there's a spooljobs <printer name> command, and it uses
command-line completion? prints out NT print jobs really nicely, too.
(This used to be commit e6e5caf16c)
spoolss_r_io_enumprinters doesn't decode strings correctly
as printer_info_1/2 code has only been written to write
structures, not read them.
(This used to be commit 135eaa9773)
experimental spoolopen <printer name> command added.
jean-francois, f.y.i. i changed the #define for SPOOLSS_OPENPRINTEREX from
op code 0x44 to 0x45.
(This used to be commit ef7fa58fd3)
char*
UNISTR2*
SID*
decided to create a higher-order function set, add_item_to_array()
free_item_array().
higher-order support routines needed to add a new type:
type* item_dup(const type*)
void item_free(type*)
of course, strdup() and free() are perfect, pre-existing examples
of such functions, used in the implementation of add_chars_to_array()
and free_char_array().
sid_dup() and free() work for the add_sids_to_array() and free_sid_array()
implementations.
use unistr2_dup() and created unistr2_free() because the functionality
behind these may change into something horrible, like [horror] dynamic
memory allocation of the UNISTR2 character array. argh!!!!
jean-francois, this function set implements what we talked about over...
a year ago, now :-)
(This used to be commit a80ea2eb47)
added samaliasmem <aliasname> rpcclient command (shows members in alias)
added tab command-completion to SAM alias related commands (inc 2 above).
(This used to be commit 0c700fb609)
attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H
querysecret to work, it keeps returning access denied.
(This used to be commit 953fe6ba94)
works with command-line completion on the service name (ohh yesss, this
is becoming my favourite bit of functionality-on-the-side hee hee :)
had to fix the svc_io_q_start_service() code which was missing the
ptr_argv[] array in between the array-size and the UNISTR2-array.
i.e it's actually an array of _pointers_ to unicode strings...
(This used to be commit 2903f22e7e)
