1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

2651 Commits

Author SHA1 Message Date
Luke Leighton
3072044134 Having Well-known Domain Groups ("Domain Admins/Guests/Users") returned
under SID_NAME_ENUM 0x5 instead of 0x2 (Well-known group instead of
Domain Group) was making it impossible to view these groups from USRMGR.EXE.
-
Luke Leighton
56469578a1 groups and aliases being "manually" added which do not necessarily have
representation in the underlying database: removed this code.

for example, with the nt->unix mapping system (don't know about the ldap
one) if you want "Domain Admins" to appear you _must_ put it in the
domaingroup.map file.

the previous code was adding builtin aliases and well-known groups even
if they weren't in the domain maps.  bad idea.
-
Luke Leighton
fcaa121441 when multiple independent large rpc calls come in on the same pipe,
prev_pdu_file_offset was not being re-initialised to zero.
-
Luke Leighton
ac72fe1ab3 removal of the use of unistrn2 function: replace it with unistr2_to_str
which is more appropriate.
-
Luke Leighton
ddd3501982 pwdb_smb_to_sam was not returning NULL for nt name so that
pwdb_sam_map_names() was using a "blank" static string instead of
a NULL pointer for nt names.  NULL means over-ride, so the nt name
got left as "blank".

this causes nt clients to terminate with extreme prejudice.
-
Matthew Chapman
30a085bf80 Fix for NT BSOD problem. There's no reason to have two "NT usernames" running
around anyway.

The real problem is, once again, the brokenness of pwdb_sam_map_names et al.
This time it is deciding to return blank NT usernames, which NT's redirector
objects to.

I'm currently working on improving the pwdb/mapping code, should be ready in a
couple of weeks.
-
Luke Leighton
9084b7e33d UNICODE byte ordering issue: typecast to uint16* replaced with SSVAL() -
Luke Leighton
9ab81caa06 reload_services needs to be called prior to init_files but after
get_myname.
-
Luke Leighton
d455c9d2c9 iteration of sam passwd entries was an order n-cubed algorithm due
to resolution of unix name to nt name being unnecessarily _inside_
another loop.
-
Luke Leighton
ed128c38a8 initialise my name (used in %h) prior to loading smb.conf files. -
Luke Leighton
62118e15fe %s not $s -
Luke Leighton
5b9a7278da corrections to get data stream for 2nd and subsequent pdus copied from
right place (forgot to subtract 0x18 header bytes)
-
Luke Leighton
f7dfa55a2e cache unix groups so that two-level getgrent calls don't occur. -
Luke Leighton
f082f07e76 multiple dce/rpc PDUs failed to work after ntlmssp update was added. -
Luke Leighton
d95bb252f8 server type announcements modified to include the "role" of the server:
domain member, pdc, bdc.
-
Michael Warfield
1cb8fcb33b Minor change to bring smbmount in the main branch in line with some bzero
to memset changes...
-
Luke Leighton
ce1ae86cbd comma after DOM_MAP_USER removed -
Matthew Chapman
af83778abc Must set password length to 24 after we encrypt a password. -
Matthew Chapman
1e3873111f Initialise NTTIME properly in make_reg_q_enum_key instead of using
unix_to_nt_time hack. Seems to me it's ignored anyway (dummy return
buffer?).
-
Matthew Chapman
e9c79c85e6 Fixed a domain functionality problem where NT clients would start
endlessly repeating a network SAMLOGON (hoping it to change, hmmm...).

( Guess what I found in pwdb_init_sam...

  unix_to_nt_time(&user->logon_time, (time_t)-1);
  unix_to_nt_time(&user->logoff_time, (time_t)-1);
  unix_to_nt_time(&user->kickoff_time, (time_t)-1);
  ... )
-
Matthew Chapman
e1e3875057 Added init_nt_time function which initialises an NTTIME to -1. -
Michael Warfield
c5608093e4 Ok... Yet another round of fixes for smbmount and autofs.
1)  The earlier fix for the smbmount race conditions broke the PID
	registration with smbfs.  That fix has been backed out and
	replaced by a signalling convention from the child smbmount
	process back to the parent telling the parent when it is safe
	to exit.

2)  Fixing all of this uncovered a NASTY deadly embrace between smbmount,
	smbmnt, and autofs.  This was caused by the setsid call in the
	daemon code.  The smbmnt process no longer was registered as
	"magic" because it was no longer in the autofs process group.
	Many many kudos and thanks to H Peter Anvin for giving me the
	clue to solving this agravating puzzle.  The setsid was moved
	down the where the child signals the parent and a warn left in
	its place in the daemonize code.

3)  Fixed (actually worked around with a BUTT UGLY HACK) a problem with
	SMB_GET_MOUNTPID in smbumount.c.  The smb_fs.h header file has
	the parameter to this ioctl defined as a uid_t.  Unfortunately
	that's a 32 bit quantity under glibc and it's currently a 16 bit
	quantity in kernel space.  Undefined the macro and redefined
	it with a parameter of __kernel_uid_t.  That should keep us
	out of trouble till I can have someone fix smb_fs.h in the
	kernel sources...
-
Luke Leighton
ad58cdfac6 fix for enumerate domain users (bug spotted by sean matthews).
also needed to use start index properly and generate next index.

both client and server code need to recognise error code 0x105
when there's not enough room to store all the users in one call.

sort this out another time.
-
Luke Leighton
6d14db6a6c removed encrypt-password code pre-cli_session_setup(), session setup
fn decides whether to encrypt password or not.
-
Luke Leighton
14080a564a uni_svc_name not uni_srv_name -
Luke Leighton
a022710f1e rpcclient "Service Control Manager" svcenum [-i] command. -
Luke Leighton
61c40982d6 error code cleanup -
Luke Leighton
17f4c5a785 returned cli_session_setup to previous behaviour. added a couple of
validation checks and also added capability to send plaintext passwords.
send "ntpasslen" of zero to do this.  sending same plaintext password
for pass and ntpass arguments will result in previous behaviour of
encrypting password if server supports it.
-
Luke Leighton
f4dd8f6b56 Service Control Manager - service enumeration. -
Luke Leighton
0ed70972d7 set_port warning / unused / global/local variable overlap issues
cmd_svcctl.c tests got put into cvs by mistake.
-
Christopher R. Hertel
0681f6946b Fuss fuss fuss.
Added missing default: statements to two switch blocks.

Chris -)-----
-
Luke Leighton
2a509e9606 - got client code cleartext passwords working again in cli_session_setup.
needed this for some tests.

- removed code that said "if lm password is not encrypted then encrypt both
  lm and nt passwords".  actually it said "if lm password length is not 24
  bytes and we're in security=user mode..."

  it didn't bother to check whether the nt password was NULL or not, and
  doing the encryption inside cli_session_setup is the wrong place.

- checked all instances where cli_session_setup is called with cleartext
  passwords that are expected to then be encrypted (see above) with the
  test "if pwlen != 24...".  there was only one: all the others either
  provide encrypted passwords, do null sessions or use
  cli_establish_connection.

* recommendation: use cli_establish_connection() in smbwrapper/smbw.c
-
Luke Leighton
03967986ec compilation errors due to addition of smb file handle parameter. -
Richard Sharpe
f6c7819266 Putting back the -p flag in smbclient.
However, it seems that the -s flag
in smbclient is also ignored :-(
-
Richard Sharpe
3598d90a32 More changes to get SSL working with 2.x.x
Now, we have most of the configure support done, next
have to fix Makefile.in and other things ...
-
Richard Sharpe
524c4d2978 Fixing up configure to properly support ssl -
Richard Sharpe
fb6048bb86 Adding first of the fixes for SSL.
A whole bunch of string variables in loadparm.c were
not being initialized properly.  Programs crashed as a result.

This set of code not tested, but same code tested elsewhere,
and all this guarded by #ifdef HAVE_SSL
-
Matthew Chapman
63d7822b9d In security=user mode we must allow cli_connect_serverlist to connect to our
own smbd process, rather than complaining about a password server loop.
-
Matthew Chapman
f530e289c6 Added load_interfaces in smbpasswd to allow name resolution by broadcast and
multiple interfaces. (Jeremy already committed this in SAMBA_2_0).
-
Richard Sharpe
57301a3eb4 A small change to clitar.c (really, I promise :-)
If we are writing the tar file to stdout, set dbf to stderr
so that we do not screw up tar output with log info etc.

Compiles clean and tested with 38MB backup. Honest :-)
-
Matthew Chapman
15bd172530 eclass != ERRDOS && num != ERRmoredata
is not the same as
!(eclass == ERRDOS && num == ERRmoredata)

This was causing smbclient to segfault on receiving certain errors.
-
Matthew Chapman
2b6f481885 Fixed typo in srv_samr.c where samr_add_groupmem and samr_del_groupmem were
the wrong way around.
-
Matthew Chapman
91c77f5432 Finally committing my LDAP changes.
* Added new APIs for modifying groups.
* RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1
  for each new user/group.
* RIDs are now consistently in hex

* Fixed bugs reported by Allan Bjorklund <allan@umich.edu>:
   - ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect
   - Missing ldap_connect() in getusergroups functions
   - ldap_next_entry was being called too early while retrieving a sam_struct
   - LDAP globals should be extern in sampassldap.c

* Fixed bugs reported by Martin Hofbauer <mh@bacher.at>
   - Newly added workstation trust accounts had attributes DU rather than W.
   - User dn's were forced to start with "uid=XX" rather than using the existing
     dn.
-
Gerald Carter
175e598dcc Fixed the "You password will expire in 0 days. Would you like to
change it now?" message when you login to a Samba Controlled domain.

The fix is a hard coded 42 days from right now until you need to
change you pasword again time (see passdb/sampassdb.c:pwdb_smb_to_sam())

Also fixed getsmbfilepwent() so that it will read in the last password
change time correctly.

* Related to this lib/util_pwdb.c:StrnCaseCmp() returns 0 if the
strings match.  Chouldn't this be the pther way?  Oh well.  I
didn't change the return code as it was used in several
other cases (see lib/util_pwdb.c:pwdb_get_last_set_time())
-
Gerald Carter
cabc7e739c fixed an uninitialized variable in lookupsmbgrpgid() and
lookupsmbpwuid that was causing a SEGFAULT in smbd.
-
Christopher R. Hertel
fcbdf5fe97 Updated the docs to match the changes I made to debug2html.
Chris -)-----
-
Christopher R. Hertel
300a8c9e50 While writing the man page, I realized that it was a bit silly not to accept
command-line parameters.  I've added that capability.  Of course, the man
page is now wrong.  Sigh.

Chris -)-----
-
Christopher R. Hertel
a045186d4d First go at documentation for debug2html.
Chris -)-----
-
Christopher R. Hertel
d2d6f0bf36 Sorry that this is going so slowly.
I've added debug2html to Makefile.in so that it compiles as part of the
normal build.  Fixed a typo in debug2html.c as well.

One problem:  I found it necessary to link with both $(PARAM_OBJ) and
              $(LIB_OBJ).  The result is an executable that is much larger
              than it really needs to be.
-
John Terpstra
1d9540bfc0 Modified packaging-prep script to remove use of "rm -f *". -