IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
loadparm.c: Patch from tim@quiknet.com for static string problems.
server.c: Setup global_myname.
smbpass.c: Fix up locking. Add machine_password_delete() call.
smbpasswd.c: Added provisional code to add to a domain.
lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password.
lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password.
Jeremy.
(This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
added become_root / unbecome_root around the get machine account password.
smbpass.c:
cleaning up code.
- turning if (BOOL_expr == False) into if (BOOL_expr)
what if you test if (BOOL_expr == True) and someone defines
True to be -1 on one system and 1 on another? or if you get
inconsistent return results between developers
- removed if ((FILE*) == 0) and made this if ((FILE*) == NULL) -
cannot assume that NULL is zero integer. plus there are typecast
issues to deal with
- removed return (ret == 0) ? True : False and made this return ret == 0
rely on the compiler to return correct BOOL value: not all developers
will return True or False #defines: stick with BOOL test (non-zero).
- removed if (ret == False) replaced with if (!ret)
- bug where instead of if (sizeof(pstring)-len-len-6 < 0) it had a
boolean test if (pstring-len-len-6).
- removed "." after debugging of filenames: the "." - a fullstop -
looked like it was part of the filename, making things difficult
to sort out.
still to be resolved: the global_myname isn't set up, such that the
machine account password file is named "TEST3..mac".
(This used to be commit 315e26c23abf7137684bf084c825ad241076132e)
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
(This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
(This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
turns out that [it can be deduced that] microsoft ignores the SMBreadX
offset, and goes by the SMBreadX length only. this makes for a lot simpler
code, in both client and server.
(This used to be commit a8b641c027c8cce179455ac1f6fd0322a8ab017d)
clientgen.c: Added nt_error as an entry in the struct client_state.
password.c: Open the netlogon pipe.
smb.h: Added nt_error as an entry in the struct client_state.
lib/rpc/parse/parse_net.c: Added comments on net logon.
lib/rpc/server/srv_netlog.c: Added comments on net logon.
Jeremy.
(This used to be commit 899a9f0dce50c73e03c8da2ebe920957491c8ad7)
password.c: Changed global cli -> pw_cli, removed strtok (bad strtok, bad :-)
use in security=server, started to extend security=domain code.
smbpasswd.c: Removed rap error code functions.
Jeremy.
(This used to be commit 0f00b8fce1a5cad7f8c212568fa33f09986e5bd6)
password.c: Started the initial code for domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
reply.c: Call to domain_client_validate(). All
bracketed with #ifdef DOMAIN_CLIENT for now.
smbpass.c: New code to get/set machine passwords. Tidied up nesting
of lock calls.
Jeremy.
(This used to be commit 89fe059a6816f32d2cc5c4c04c4089b60590e7e6)
loadparm.c: Started add of 'security=domain' code.
password.c: Fix for security=server NT bugs.
reply.c: Started add of 'security=domain' code.
server.c: Started add of 'security=domain' code.
smb.h: Started add of 'security=domain' code.
Jeremy.
(This used to be commit e6bda112ebe0d41f54c4249b5c2e1f24011347e1)
making encrypted passwords secret. For example, with secure NIS+ only
root can get the encrypted password.
hash in the encrypted password of "root" to provide a nice source of
secret on such systems. On systems that don't have this (ie. any user
can get roots encrypted password) then the security is so slack that
it probably doesn't matter what we do to generate the secret.
(This used to be commit 3271e4c29fdc15a1ae61dec94517e484c2457411)
clientgen.c: Changed to fill change password buffer with random stuff.
password.c: Changed to get challenge from genrand.c
server.c: Added #ifdef around O_SYNC.
version.h: Changed to 1.9.19prealpha.
genrand.c:
New code to generate (hopefully) good random numbers for
use in crypto challenges/session keys etc.
PLEASE REVIEW THIS CODE AND SUGGEST IMPROVEMENTS !!!!!!
Jeremy.
(This used to be commit 608e98546392fd0aac9b33f4feac43615dbb4405)
server is sending out a name_query after a WACK, it needs to send
a packet with recursion_desired = 0 (yes Luke, you were right all
along :-). If it doesn't then if it's talking to itself then the
query packet ends up back in the WINS server instead of in the client
side code.
Makefile: Changed proto generation to stop including NMBDOBJ twice.
nmbd_namequery.c nmbd_packets.c nmbd_winsserver.c: Added extra
query_name_from_wins_server() code.
Jeremy.
(This used to be commit c5ca05c29546053a771f4ea3ef850efb3be970ea)
smbpass.c: Added lock depth code so calls to pw_file_lock() can be nested.
Fixed codedump problems in add_smbpwd_entry().
smbpasswd.c: Removed all the code that manipulated the password file
directly. Now *all* smbpasswd file changes are done through
the interfaces defined in smbpass.c This should make
the life of people adding alternate backend databases
*much* easier.
lib/rpc/server/srv_netlog.c: Removed debug messages used to debug
machine password changing.
Jeremy.
(This used to be commit c9f61be08f3691a6421734d8b026a295d9cbd6ba)
regularized parameter syntax:
setup, setup_count, max_setup_count,
params, params_count, max_params_count,
data, data_count, max_data_count,
(and if a reply is needed)
*reply_params, *reply_data_len
*reply_data, *reply_data_len
This allows the pointers and the lengths
that relate to these pointers to be next
to each other in the parameter list. This
makes seeing what you are passing to these
functions much easier to see.
Getting ready for adding the lib/rpc/client
functions needed to do security=domain.
torture.c: Fixed it so it uses / rather than \\
internally for the //machine/share syntax.
Jeremy.
(This used to be commit 38350ea8b949d0908497490898ff04df7591ccac)
smbdes.c: Added cred_hash3.
smbpasswd.c: Fixes for adding a machine account (needs more work).
lib/rpc/server/srv_netlog.c: Turn on the machine password changing
code by default (calls cred_hash3).
Jeremy.
(This used to be commit 50aa513b969c6e41911aeee8207b065f93af0beb)
internals after Andrews' code had memset it to zero (this was causing core
dumps).
charcnv.c: Fixes for ISO8859-2 from Petr Hubeny <psh@capitol.cz>.
Jeremy.
(This used to be commit df8783ca76d543d200c743f515a185cfea2880df)
nmbd.c: Fix for always overwriting log despite append setting.
smb.h: Addition of last time password changed entry to account info.
smbpass.c: Changes to support last time changed field in smbpasswd file.
smbpasswd.c: Changes to support last time changed field in smbpasswd file.
util.c: Fix for always overwriting log despite append setting.
Jeremy.
(This used to be commit eb4fe9ecdf539209efab07dc992447ea7370cf93)
get_smbpwd_entry (now an internal function to smbpass.c)
to a more UNIX-like :
getsmbpwnam() - get entry by name.
getsmbpwuid() - get entry by uid.
Changed the type returned by the smbpasswd enumeration
functions to be a void * so that people don't come to
depend on it being a FILE *.
These abstractions should make it much easier to
replace the smbpasswd file with a better backend
in future.
Other files changed are to match the above changes.
Jeremy.
(This used to be commit 1161cfb7f2b0d5a6d3e2b524a14a6f325ce70efb)
proto.h: The unusual. ;)
reply.c: I changes some function names, and updated reply.c to match.
See mangle.c below for more.
server.c: Changed function names and parameters in file mangle.c, so
changed server.c calls to match. See mangle.c below for more.
mangle.c:
I replaced the caching mechanism used for caching reverse mangled name
maps. The old method was a large array of 256-byte strings. Movement
in the stack (including push and pop) was done by memcpy()ing whole
chunks of memory around.
The new system uses the ubi_Cache module which, in turn, uses a splay
tree. Entries are dynamically allocated using a minimum amount of
memory. Searches are non-linear, which should speed things up a bit,
too. Overall, this should save memory and be faster.
Other changes: I streamlined the is_mangled() test and made other
speed enhancements including replacing some static functions with
macros. Added comments, etc.
Note: Per an E'mail conversation with Andrew, the 'mangled stack'
parameter in smb.conf doesn't do anything anymore. The cache is
now set for 16K bytes maximum memory usage. The mangle stack
parameter is silently ignored. This can easily be changed, but
I'd rather introduce a 'mangled cache memory' parameter and
remove 'mangled stack'.
Remaining problems:
While testing the module, I noticed that something is calling
name_map_mangle() twice. The result is that names which contain
illegal characters are getting mangled twice.
Also, the entire module works by overwriting the input string.
This has a variety of nasty side effects.
Summary:
There's a lot still to be done, but the changes I have in place *should*
work in exactly the same way (except for the mangle stack parameter).
The rest of the bugs and other issues are separate.
Chris -)-----
(This used to be commit 8759bec11ba483b2292b0e513b85c98ed5e3e2d4)
