IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
put unicode strings after SAMLOGON query regardless of whether it's
an NT mailslot or a non-NT mailslot, after having observed this behaviour
out of NT machines.
(This used to be commit c101113ec20ed0ba633e78e4ee45596cdccaf1b5)
smb.tgz file from my portable.
particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.
smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data. rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length. this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
- removed debug info in struni2 and unistr2 (security risk)
- rpc_pipe function was getting pointer to data then calling realloc *dur*
- password check function, the start of "credential checking",
user, wks, domain, pass as the credentials (not just user,pass which
is incorrect in a domain context)
- cli_write needs to return ssize_t not size_t, because total can be -1
if the write fails.
- fixed signed / unsigned warnings (how come i don't get those any more
when i compile with gcc???)
- nt password change added in smbd. yes, jeremy, i verified that the
SMBtrans2 version still works.
(This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
- cleaned up resolve_name() (split into separate functions for each resolver)
- if can't find local master then use #1B name
- support listing of foreign workgroups in /smb/
(This used to be commit a4e607c17d1119925c9d0e1d05e0fe81e9a2d1aa)
- added srvsvc client files
clientgen.c :
- replaced cli_error(cli, int *cls, int *err) with
cli_error(cli, uint8 cls, uint32 *err). this version detects
32 bit status messages. the DOS error "MORE_DATA", the
equivalent of the 32 bit *warning* 0x8000 0005
(STATUS_BUFFER_OVERFLOW), was being processed as an error,
terminating the cli_receive_trans() call.
cli_pipe.c :
- replaced calls that had been incorrectly modified from
32 bit warnings (0x8000 0005 - STATUS_BUFFER_OVERFLOW)
to 8 bit DOS errors (0x01 0xEA - MORE_DATA).
the use of the old version of cli_error (DOS only)
instead of the new one (DOS and 32 bit) caused the
dce/rpc client code to fail.
- replaced 2 space indentation with tab indentation in all functions.
cli_srvsvc.c :
cmd_srvsvc.c :
- added these files back in, fixing them up to use jeremy's
modified versions of the dce/rpc client functions.
parse_srv.c :
- added back in some "unused" functions required by dce/rpc
client-side code. it would be helpful if all such "unused"
functions could be added back in.
rpcclient.c :
- added "session", "file", "share", "connection" enumeration
functions back in. these are equivalent to nt's "NetXXXXXEnum"
Win32 (MSDN) functions.
- added "srvinfo" function back in. this is equivalent to
nt's NetServerGetInfo Win32 (MSDN) function.
(This used to be commit bcf39ffdcc64e049bca2d70a394a99976291e81d)
therefore, they are being more strict, first in the server-side code, and
now in the client-side code.
this fixes a bind-request that was too short by 16 bytes, and an rpc-request
that was too long by 24 bytes.
(This used to be commit a69ed7846a1e1403ea51d76d6962b97e8c768b29)
code. added "quality of service" capability to lsa_open_policy code.
different lsa_open_policy queries are *not* dealt with in the server code.
answers like "0xC000 0022" - access denied - will have to be made to
lsa_lookup_sids calls when a "quality of service" request is *not* specified
in the lsa_open_policy call.
(This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
dummy.in files are no longer needed, and new directories will be taken
care of automatically, at configure (or config.status --recheck) time
(This used to be commit 237a8e5fe62d757c04b8207cbbee4df1470cfe4e)
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
Connections[] is now a local array in server.c
I might have broken something with this change. In particular the
oplock code is suspect and some .dll files aren't being oplocked when
I expected them to be. I'll look at it after I've got some sleep.
(This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
recognised.
lib/rpc/client/cli_login.c: Fix debug comment.
lib/rpc/parse/parse_misc.c: Fix for passing null pointers.
lib/rpc/parse/parse_net.c: Send correct password lengths when called
from Win95.
Jeremy.
(This used to be commit ad1848b35521b3d478ea3226db818a1edef78254)
password.c: Added code to tell server.c when machine password needs changing.
server.c: Change machine password in idle cycles if it needs it.
smbpassfile.c: Fixed up length calculations for machine password file.
smbpasswd.c: Moved domain joining code/machine password changing code.
lib/rpc/client/cli_netlogon.c: And this is where it now lives.
Jeremy.
(This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
ipc.c: Caused samba password changing not to be done if UNIX password
changing requested and not successful.
util.c: Added string_to_sid() and sid_to_string() functions.
lib/rpc/client/cli_samr.c:
lib/rpc/include/rpc_misc.h:
lib/rpc/parse/parse_lsa.c:
lib/rpc/parse/parse_misc.c:
lib/rpc/parse/parse_net.c:
lib/rpc/parse/parse_samr.c:
lib/rpc/server/srv_lsa.c:
lib/rpc/server/srv_lsa_hnd.c:
lib/rpc/server/srv_netlog.c:
lib/rpc/server/srv_samr.c:
lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs
around as char *, they are converted to DOM_SID at the earliest
opportunity, and passed around as that. Also added dynamic memory
allocation of group sids. Preparing to auto-generate machine sid.
Jeremy.
(This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
It removed all ocurrences of the following functions :
sprintf
strcpy
strcat
The replacements are slprintf, safe_strcpy and safe_strcat.
It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.
Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.
Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
everywhere. I've implemented slprintf() as a bounds checked sprintf()
using mprotect() and a non-writeable page.
This should prevent any sprintf based security holes.
(This used to be commit ee09e9dadb69aaba5a751dd20ccc6d587d841bd6)
loadparm.c: Patch from tim@quiknet.com for static string problems.
server.c: Setup global_myname.
smbpass.c: Fix up locking. Add machine_password_delete() call.
smbpasswd.c: Added provisional code to add to a domain.
lib/rpc/client/cli_login.c: Fixed incorrect cred_hash3 call when setting machine password.
lib/rpc/server/srv_netlog.c: Fixed incorrect cred_hash3 call when setting machine password.
Jeremy.
(This used to be commit 6a7164233e3bf9d6bb57c44a53204068e454ae5c)
password.c: Stopped cli_nt_logout call (we don't have it correct yet).
Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)
WARNING - so far this has only been tested against a Samba PDC
(still waiting for IS to add me the machine accounts :-).
Still missing is the code in smbpasswd that will add a machine
account password and change it on the domain controller, but
this is not hard, and I will check it in soon.
Jeremy.
(This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
It is changing the global variables "myname" and "myworkgroup"
to "global_myname" and "global_myworkgroup" respectively.
This is to make it very explicit when we are messing
with a global (don't ask - it makes the domain client
code much clearer :-).
Jeremy.
(This used to be commit 866406bfe399cf757c8275093dacd5ce4843afa0)
start to create the calls needed for client-side of "network" logins,
which will be used for domain version of pass-through authentication.
unfortunately, none of this code is called in the main branch, because
smbclient BRANCH_NTDOM code isn't in use, yet!
srv_netlog.c :
fixed a problem with static net_login_network() which was being
stubborn: the if() statement looked horrendous, so i split it into
two if() statements, one to deal with the lm password; the other to
deal with the nt password.
the smb_password_check() functions should _not_ be called here, in
case we decide to disable lm hashes for security reasons, just like
nt does.
so, we now get a response to the SAM_LOGON "network" call, but the
connection is still dropped. a trace is needed from an nt server,
which is why i started on the client-side code. see above, which
is why i'm calling it a day :-)
(This used to be commit 2c29a7d9cf2d8b35e4b6e37e5d24caa91af3a9be)
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
