IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
decode_pw_buffer() and the samr password changing routines.
And yes, I know that we can lost some information in the Unicode->UTF->Unicode
bit of this, but its worth the code cleanup.
This also takes into account the possability of multibyte passwords.
Andrew Bartlett
out the error handling into a bunch of separate functions rather than all
being handled in one big function.
Fetch error codes from the last received packet:
void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *num);
uint32 cli_nt_error(struct cli_state *);
Convert errors to UNIX errno values:
int cli_errno_from_dos(uint8 eclass, uint32 num);
int cli_errno_from_nt(uint32 status);
int cli_errno(struct cli_state *cli);
Detect different kinds of errors:
BOOL cli_is_dos_error(struct cli_state *cli);
BOOL cli_is_nt_error(struct cli_state *cli);
BOOL cli_is_error(struct cli_state *cli);
This also means we now support CAP_STATUS32 as we can decode and understand
NT errors instead of just DOS errors. Yay!
Ported a whole bunch of files in libsmb to use this new API instead of the
just the DOS error.
The leg-work for this was done by the folks at samba-tng.org, I'm just bringing
it accross to HEAD.
The MD5 implementation is seperatly derived, and does not have the copyright
problems that the one in TNG has.
Also add const to a few places where it makes sence.
Andrew Bartlett
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
the trust domain list reply on netlogon pipe was wrong, interim hack until
we have full trust relationships.
changed some unistr2 to parse the ending NULL char.
added a prs_align_needed() function. much like a prs_align but with a
condition. needed for the unistr2 parsing.
J.F.
.cvsignore remove config.h - not in this directory
include/profile.h profile changes
lib/messages.c added message to return debug level
libsmb/clierror.c cast to get rid of compiler warning
libsmb/smbencrypt.c cast to get rid of compiler warning
profile/profile.c add flush profile stats changes for profile struct
rpc_parse/parse_samr.c fix for compiler warning
rpc_server/srv_samr.c cast to get rid of compiler warning
smbd/ipc.c profile stats
message.c profile stats
smbd/negprot.c profile stats
smbd/nttrans.c profile stats
smbd/trans2.c profile stats
utils/smbcontrol.c new flush stats command
cleanup of create_user
cleanup of rid/sid mix in samr. now we only have sid.
some prs_align() missing in parse_samr.c
a small debug change in srv_pipe.c
You still can't change a user's password in this commit.
Will be availble in the next one.
J.F.
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
now uses improved authentication. smbclient now "broken" for "scripts"
based on DEBUG() output. cli_establish_connection() requires modification
to support old scripts.
(actually, decryption only currently because I need to get some sleep).
Basically another Microsoft twist on DES; the "master key" is the user's
NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys.
No more ugly static library buffers and all functions take a destination
string length (especially unistrcpy was rather dangerous; we were only
saved by the fact that datagrams are limited in size).
should allow us to call a function in swat rather than piping to
smbpasswd.
while doing this I also fixed quite a few "const char *" versus "char *" issues
that cropped up while using const to track down bugs in the code. This
led to changes in several generic functions.
The smbpasswd changes should be correct but they have not been
extensively tested. At least if I have introduced bugs then we should
be able to fix them more easily than before.
- removed debug info in struni2 and unistr2 (security risk)
- rpc_pipe function was getting pointer to data then calling realloc *dur*
- password check function, the start of "credential checking",
user, wks, domain, pass as the credentials (not just user,pass which
is incorrect in a domain context)
- cli_write needs to return ssize_t not size_t, because total can be -1
if the write fails.
- fixed signed / unsigned warnings (how come i don't get those any more
when i compile with gcc???)
- nt password change added in smbd. yes, jeremy, i verified that the
SMBtrans2 version still works.
create_new_hashes didn't zero the buffer for the md4hash: nt_lm_owf_gen
did, because jeremy sorted this out a couple of days ago. call
nt_lm_owf_gen instead.
- call SMBOWFencrypt from SMBencrypt and SMBNTencrypt.
- added #ifdef DEBUG_PASSWORD debug password calls.
uid_t, gid_t and vuid. Added sys_getgroups() to get
around the int * return problem. Set correct datatypes
for all uid, gid and vuid variables.
Jeremy.
prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...
I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).
in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.
So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)
One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
