1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

2563 Commits

Author SHA1 Message Date
Luke Leighton
bee8f7fa6b removed nt_pipe_fnum from struct cli_state. need to be able to call
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions.  thanks to mike black
for starting the ball rolling.
0001-01-01 00:00:00 +00:00
Luke Leighton
b8175702ef - lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
	change module that is independent of "cnums" and "snums".
	a security context is needed for pipes, not just IPC$ or other
	services.

- group database API

	added add_group/alias_member, del_group/alias_member,
	del_group/alias_entry functions.  del_builtin_entry() is
	deliberately set to NULL to cause an exception, you cannot
	delete builtin aliases.

- parse_lsa.c srv_lsa.c

	fixed lookup_names code, it was a load of trash and didn't do
	anything.

- cmd_samr.c rpcclient.c srv_samr.c

	added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
	"addgroupmem", "addaliasmem", "createalias", "creategroup", to
	both client and server code.

	server code calls into unix stubs right now, which don't actually
	do anything.  the only instance where they are expected to do
	anything is in appliance mode NOT even in the ldap code or anything.

	client code modified to call samr_lookup_names() for group code
	(because we can) and lsa_lookup_names() for alias code (because
	we have to).

- srv_lookup.c

	oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
	instead of DOMAIN, name.
0001-01-01 00:00:00 +00:00
Andrew Tridgell
7e9b687de7 fixed a link to testparm.1.html 0001-01-01 00:00:00 +00:00
Andrew Tridgell
783d4b3477 oops - lock test was the wrong way around 0001-01-01 00:00:00 +00:00
Andrew Tridgell
f7ad78e369 fixed pidfile handling to check for a lock on the file, so we can be
sure it is a samba process that is running.
0001-01-01 00:00:00 +00:00
Andrew Tridgell
26fd660e30 replaced the icons in SWAT with real icons 0001-01-01 00:00:00 +00:00
Jeremy Allison
5287f3d19b Sync up critical kernel oplock bugfix. I don't want to lose
this....
Jeremy.
0001-01-01 00:00:00 +00:00
Luke Leighton
bf15343def added delete domain group and local group and delete domain group member. 0001-01-01 00:00:00 +00:00
Luke Leighton
aabb4b3bc5 fixing "addgroupmem" and "enumgroups -m" commands, samr_open_group()
needed a flags fields as you get 0x0000 0010 and 0x0000 001f unknown
values for different purposes, no-one's going to tell us what they
are and i don't CARE!
0001-01-01 00:00:00 +00:00
Luke Leighton
165b15a8ca - oops, i got "add alias member" and "delete alias member" swapped.
- samr_enum_dom_users, the first 4 bytes is some sort of garbage,
  nt5-beta2 clears them out to zeros whereas nt4 does not.
  fixed bug where we were assuming that the first 4 bytes of a
  response _had_ to be non-zero.

- cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names()
  client call.

- added in "addaliasmem" and "addgroupmem" commands.  the addaliasmem
  command actually turned out to be a "delaliasmem" :-) :-)

- parse_lsa.c: moved assert array check to after the size of useable
  array space is set...
0001-01-01 00:00:00 +00:00
Luke Leighton
eacc5e581a - renamed do_samr_xxx to samr_xxx
- renamed do_lsa_xxx to lsa_xxx

- added "enumgroups [-m]" command, enumerates groups, shows members.
- added cmd_sam_add_groupmem(), need to call these in rpcclient.c
- added cmd_sam_add_aliasmem(), need to call these in rpcclient.c

- modified "enumaliases [-m]" command

- improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs.

- renamed "samr_unknown_12" to "samr_lookup_rids".

- added the following client-side functions:

	get_samr_query_groupmem()
	get_samr_query_aliasmem()
	get_samr_query_groupinfo()
	samr_enum_dom_groups()
	samr_enum_dom_aliases()
	samr_add_aliasmem()
	samr_add_groupmem()

- improved display output (display.c)
0001-01-01 00:00:00 +00:00
John Terpstra
a6d3601cc6 Updated packaging files from 2.0.0 branch - NOTE: Not yet operative.
I will update these when 2.0.0beta3 has shipped. <John H Terpstra>
0001-01-01 00:00:00 +00:00
John Terpstra
f8b811bcda Updated version info and date in document headers. 0001-01-01 00:00:00 +00:00
Luke Leighton
4771d5451b added createalias command to rpcclient 0001-01-01 00:00:00 +00:00
Luke Leighton
1e5d81c154 create domain group command (creategroup) added to rpcclient.
renamed do_samr_xxxx to samr_xxxx.
0001-01-01 00:00:00 +00:00
Luke Leighton
ef58e48bc9 moved get_unixgroups it will be needed by the unix instance of the group
DB API
0001-01-01 00:00:00 +00:00
Luke Leighton
50fa4822df jean-f spotted race condition on generation of sam sid, from starting
nmbd and smbd.  nmbd is now client: smbd is solely responsible for
creating sam_name.SID
0001-01-01 00:00:00 +00:00
Luke Leighton
81be1e6076 jean-f spotted bug in test for existence of MACHINE.SID and SAM_NAME.SID. 0001-01-01 00:00:00 +00:00
Luke Leighton
13a656b0e5 adding group parsing: add/modify/delete/add members. 0001-01-01 00:00:00 +00:00
Luke Leighton
74f826af36 jeremy's going to do me in, again.
jean-francois' going to get annoyed, again.
andrew's going to threaten to take cvs access away, again.

missed compilation of this file when updating sam_unknown_12 call.
0001-01-01 00:00:00 +00:00
Luke Leighton
da442218c5 updating smb.conf from yodl 0001-01-01 00:00:00 +00:00
Luke Leighton
e39c0c76ae spotted the mistake in group_info1 parsing. 0001-01-01 00:00:00 +00:00
Luke Leighton
78a86c6496 added rid and sid_name_use to DOMAIN_GRP_MEMBER, for use in group member
query.

domain groups now work, hurrah!  only thing is that the description is
one character long, don't know why (which is wierd in itself).
0001-01-01 00:00:00 +00:00
Luke Leighton
9bce7340d6 ERRmoredata is an acceptable error code, it is not an error. 0001-01-01 00:00:00 +00:00
Luke Leighton
a74b6dcc76 removed check on name of domain having to be right, etc etc. 0001-01-01 00:00:00 +00:00
Luke Leighton
9266137fcb trailing backslashes spotted by andrej. 0001-01-01 00:00:00 +00:00
Luke Leighton
779a7aa30d issues spotted by andrej: %s\\%s not %s\%s 0001-01-01 00:00:00 +00:00
Luke Leighton
1c478ca172 string_to_sid was using next_token() this is bad as it stops you from
being able to use next_token() outside of string_to_sid calls.
use strchr instead
0001-01-01 00:00:00 +00:00
John Terpstra
195b860b46 Updated HEAD branch version to 2.1.0-prealpha in response to a user
complaint about confusion because both the HEAD and SAMBA_2_0 reported
the same version info.
0001-01-01 00:00:00 +00:00
Luke Leighton
9337049dfc adding group member code, made a start. found that the group members'
rid is needed not the name (see DOMAIN_GRP_MEMBER) decided to go home.
0001-01-01 00:00:00 +00:00
Luke Leighton
585d47644d ok. unix-nt mapping code issues
need to check, when looking up group members, that a group member is
a unix user [being mapped to an nt user] FIRST then if that fails
check that a group member is a unix group [being mapped to an nt group].

why?  because you can have group names in a unix /etc/group file with
the same name as users.

this _might_ be a problem...
0001-01-01 00:00:00 +00:00
Luke Leighton
9d4e810e7d check server role before doing nt user to unix user mapping 0001-01-01 00:00:00 +00:00
Luke Leighton
f7f2516df4 query_aliasmem code. it works (hurrah). 0001-01-01 00:00:00 +00:00
Luke Leighton
bfb75e58ce fixing smbpasswd to link to smbd to obtain domain sid 0001-01-01 00:00:00 +00:00
Luke Leighton
3e1eb4f26b rpc_samr.h parse_samr.c srv_samr.c :
samr_query_aliasmembers (cool!)

util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :

	pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
	if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
	to obtain member and pdc sids.
0001-01-01 00:00:00 +00:00
Luke Leighton
faffcb3c89 andrej spotted that entries _not_ in domain map user were being refused.
modified map_nt_and_unix_names() to never refuse a mapping (returns void
now not BOOL).
0001-01-01 00:00:00 +00:00
Luke Leighton
2c0d91e64a hm. removed the "if failed to map nt name to unix name, fail tcon call"
restriction and "domain user map" seems to work.

amazing.
0001-01-01 00:00:00 +00:00
Luke Leighton
f5cedb8c96 fix to domain_namemap (domain, ntname wrong way round oops)
stupid compile errors with file_rename() call just created.
0001-01-01 00:00:00 +00:00
Luke Leighton
51c1c31768 adding some samr parsing calls (group / alias adding / deleting)
added code that moves MACHINE.SID to DOMAIN_NAME.SID if it exists.
0001-01-01 00:00:00 +00:00
Luke Leighton
474f94f419 attempting to fix "domain user map" up, but it's a bit complicated.
i may simply go for a response in the NetSamLogon returning the
unix username, forcing the NT user to appear to be a unix user,
however even that is fraught with implications.

might just have to go the whole hog and do this tuple thing,
"unix_name + nt_name" always associated together...


issue with api_net_sam_logon, getsam21pwent() being called twice,
the second time overwriting static buffer data (argh) so had to
make a copy.

noticed a nested "become_root()"/"unbecome_root()" which will have
to be tracked down...
0001-01-01 00:00:00 +00:00
Luke Leighton
c5ba5fa6fe passdb.c now calls getpwnam() which returns results in a static buffer.
a call _outside_ of this was _also_ calling getpwnam.   the calls to
getsmbpwnam() were therefore overwriting the static buffer.
0001-01-01 00:00:00 +00:00
Luke Leighton
4b5bd4e18c pwdb_initialise() in the wrong place: must load smb.conf first. thanks phil. 0001-01-01 00:00:00 +00:00
Luke Leighton
37a6acf43c missed out endit()s, ta andrej. 0001-01-01 00:00:00 +00:00
Michael Warfield
12739f0456 Earlier fix for smbmount timing window was the wrong patch.
My bad...  Earlier one was the patch from the CIFS conference that
didn't work, this fixes...
0001-01-01 00:00:00 +00:00
Luke Leighton
3257b72c6e moving rpc/rpc.h to after netinet.h 0001-01-01 00:00:00 +00:00
Luke Leighton
603c5f6df8 another attempt at a fix on connect_serverlist()... 0001-01-01 00:00:00 +00:00
Luke Leighton
58c0f0a77c builtin alias password API 0001-01-01 00:00:00 +00:00
Luke Leighton
c0efc35b27 andrej spotted problem with connect_serverlist (starts off assuming
a connection succeeds...).
0001-01-01 00:00:00 +00:00
Luke Leighton
e4930f5f48 - adding builtin[alias]db.
- lib/sids.c:

	generate_sam_sid() modified to take a domain name: it now
	generates "DOMAIN_NAME.SID".  reasons:

	1) if you run multiple samba servers on the same machine
	under different netbios names as members of a domain,
	they won't all use the same SID, which is a _big_ mistake
	but it would happen _by default_.

	2) we have (had) a problem with sid_to_string() and string_to_sid()
	which cause SIDs to be incorrectly read.  one of the major
	reasons for *NOT* making this change was so as not to disrupt
	existing users.  but as they will be anyway by this bug,
	we might as well go ahead.

- passdb/smbpass.c:

	wanted to change the meaning of the name in the smbpasswd
	file to an "nt" name not a "unix" name.  this is probably
	not a good idea: reverted this.

- output formatting / bug-fixing in rpcclient query_useraliases code.
0001-01-01 00:00:00 +00:00
Luke Leighton
b95b2b5d44 updated smb.conf - have not done a yodl2xxx. 0001-01-01 00:00:00 +00:00