IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Q/R LSA_REQ_CHAL; Q/R LSA_AUTH2; Q/R LSA_SAMLOGON; Q/R LSA_SAMLOGOFF.
the last (non-essential right now) bit is the LSA_SRV_PWSET.
the next stage is to do LSA_OPENPOLICY; add the pipe binds (missing right
now); then we can test against an NT Server.
code, which means we don't have to link with a fake getpass routine
and we don't have a whole pile of global variables that really have
nothing to do with nmbd and were there to keep the client code happy.
The code should function identically to what it did before (hopefully
it was correct)
The only thing that now uses the horrible clientutil.c code is
smbclient.
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
- jeremy's nmbd restructure (wins client / wins server stuff)
- which parameters are documented in smb.conf and which aren't
- mentioning the new smbclient work-in-progress
adding some debug info
pipenetlog.c pipentlsa.c pipesrvsvc.c :
using unistrn2 instead of unistr2 in the SAM logon username.
wrong offset for command in request (use "reserved" field
not cancel_count. AGH i'll get there)
added a structure that wraps nt errors as strings and enums, so we
can do a smb_nt_error() function.
Makefile ntclient.c :
added ntclient.c, broken out nt domain stuff into a separate file.
getting fed up of compile-times and size of client.c.
fixed the do_lsa_req_chal() function. made it read the response,
and return the challenge credentials received from the server.
next stop: do_lsa_auth_2().
client.c :
removed nt domain logon functions into a separate file.
pipenetlog.c pipentlsa.c pipesrvsvc.c smbparse.c :
i'd broken the offsets of the RPC_HDR while trying to sort out the
nt client code. fixed it again. added some robustness stuff.
util.c :
the unistrn2() function was null-terminating the string at one
character too many.
Main change is removal of find_name_search() confusion.
This has been replaced with find_name_on_subnet() which
makes it explicit what is being searched.
Also changed wins_subnet to be wins_client_subnet in
preparation for splitting the wins subnet into client
and server pieces.
This is a big nmbd change and I'd appreciate any
bug reports.
Specific changes follow :
asyncdns.c:
Removed wins entry from add_netbios_entry(). This is now
explicit in the subnet_record parameter.
interface.c:
iface_bcast(), iface_nmask(), iface_ip() return the
default interface if none can be found. Made this
behavior explicit - some code in nmbd incorrectly
depended upon this (reply_name_status() for instance).
nameannounce.c:
find_name_search changes to find_name_on_subnet.
namebrowse.c:
wins_subnet renamed to wins_client_subnet.
namedbname.c:
find_name_search removed. find_name_on_subnet added.
add_netbios_entry - wins parameter removed.
namedbsubnet.c:
find_req_subnet removed - not explicit enough.
nameelect.c:
wins_subnet renamed to wins_client_subnet.
namepacket.c:
listening() simplified.
nameresp.c:
wins_subnet renamed to wins_client_subnet.
nameserv.c:
find_name_search moved to find_name_on_subnet.
nameserv.h:
FIND_XXX -> changed to FIND_SELF_NAME, FIND_ANY_NAME.
nameservreply.c:
find_name_search moved to find_name_on_subnet.
Debug entries changed.
nameservresp.c:
wins_subnet renamed to wins_client_subnet.
namework.c:
wins_subnet renamed to wins_client_subnet.
nmbd.c:
wins parameter removed from add_netbios_entry.
nmbsync:
wins_subnet renamed to wins_client_subnet.
proto.h: The usual.
server.c:
remove accepted fd from fd_set.
Jeremy (jallison@whistle.com)
cli_call_api(). sorting this for jeremy.
there is a discrepancy between the client.c list_servers() and the nmbsync.c
add_info() calls to cli_call_api() - one has an mdrcount of 1024, the other
of zero.
i don't know what difference this makes.
trying to set up the data parameters etc and not understanding what's going on.
in api_netlogTNP, added smb_io_rpc_hdr() call to decode the header received
(and in this instance, generated by do_lsa_req_chal()). and then noticed
that it's two bytes out. but i don't know how to do "byte parameters"
and it's not the same format as the LSA_REQCHAL received from nt workstations.
agh!
adding start of undocumented options to do NT domain logons, client-side.
starting with LSA_REQCHAL.
the code here happily crashes smbd: i'll investigate this further... :-)
smbparse.c pipeutil.c lsaparse.c :
moved some of the common make_xxxx() functions out of pipeutil.c
so that the make_xxxx and (smb/lsa)_io_xxxx functions now sit
together. makes sense, really...
added a make_q_req_chal() function.
restructured make_rpc_reply() and called it make_rpc_hdr(). created
functions create_rpc_reply() and create_rpc_response().
pipenetlog.c pipentlsa.c pipesrvsvc.c
calling new create_rpc_reply() function instead of old make_rpc_reply().
proto.h :
usual.
smb.h:
added enum for RPC_PACKET_TYPE
redid the split that i did a year ago, taking the functions in client.c
out into clientutil.c. guess what? we could now do encrypted password
NetServerEnum2 calls in nmbd, if we wanted to.
i can now use cli_call_api() to send to different pipes. i hope.
pipenetlog.c:
allow adding to users group _and_ to admin group. if adding to
guest group, don't allow adding to users or admin as well.
smb.h :
added some pipe #defines (\PIPE\NETLOGON \PIPE\srvsvc ...)
proto.h :
usual.
added "domain other sids" parameter
pipenetlog.c :
using "domain other sids" parameter in SAM Logon response.
using new name_to_rid() function for r_uid and r_gid.
pipentlsa.c :
minor mods to do with new name_to_rid() function.
pipesrvsvc.c :
in the "net share enum" response, allocate some more space for the buffer.
there can be only 32 share entries in the response anyway. this needs
to be dealt with.
pipeutil.c :
modified name_to_rid() function to use new parameters "domain admin users"
and "domain guest users", but will otherwise do unix uid + 1000.
moved make_dom_gids() here.
proto.h:
the usual.
smb.h smbparse.c :
renamed sid_no to sid_rev_num in DOM_SID, and gid to r_gid in DOM_GID.
util.c :
moved make_dom_gids() from here.
created char *unistrn2(uint16* uni_buffer, int max_len)
I realised this afternoon just how easy it is to add this, so I
thought I'd implement it while the idea was fresh.
nmbd forks at startup and uses a pipe to talk to its child. The child
does the DNS lookups and the file descriptor of the child is added to
the main select loop.
While I was doing this I discovered a bug in nmbd that explains why
the dns proxy option has been so expensive. The DNS cache entries in
the WINS list were never being checked, which means we always did a
DNS lookup even if we have done it before and it is in cache. I'm sure
this used to work (I tested the DNS cache when I added it) so someone
broke it :-(
Anyway, the async DNS gets rid of the problem completely. I'll commit
just the fix to the DNS cache bug to the 1.9.17 tree.
You can disable async DNS by adding -DSYNC_DNS to the compile flags.
added "domain admin users" parameter
added "domain guest users" parameter
these two complement the "domain groups" parameter. the "domain groups"
parameter should be for your own groups, and well-known aliases.
util.c :
added ability to do "domain groups = power_users admin_users backup_ops"
which are well-known RID aliases, not well-known RID groups.
pipenetlog.c :
combine the "domain admin users"; "domain guest users" and "domain groups"
parameters to give an array of RID groups to include in the SAM Logon
response.
ipc.c smb.h :
moved REALLOC() into smb.h
added RID #defines.
proto.h:
usual.
