IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
server manager first. Just use the -U parameter to smbpasswd when joining
the domain:
smbpasswd -r PDC -j DOMAIN -U administrator%password
Should also work with domain users with the 'add workstation to domain'
user right.
source/lib/smbpasswd.c
- Only call load_interfaces() when doing a network related
operation. This means you can add, remove, enable or disable
smbpasswd entries without a network. Changing passwords always
requires a network.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
libsmb/clientgen.c: Fixes for Win2k smbclient browsing.
Other fixes implement smbpasswd -x user to delete users. Also allows swat
to do the same.
Jeremy.
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
time out of sending the session setup on Solaris 2.6. No idea.
I'll work on it some tomorrow. This is to fix the "Unable to
setup password vectors" thingy.
Also changed an inet_aton() to inet_addr() as the former is
not very portable :-)
Luke, I set the redir flag to false because the connection to
the smb-agent was failing and smbpasswd bombed. Double check me
on this one.
-jc
* Added SEC_CHAN_BDC
* Added -b switch to smbpasswd (for a BDC (server) trust account).
* Propagate sec_chan into the various functions which change trust account
passwords, so they can be used for domain control and inter-domain
trusts.
samr_query_aliasmembers (cool!)
util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c :
pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID
if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5)
to obtain member and pdc sids.
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
should allow us to call a function in swat rather than piping to
smbpasswd.
while doing this I also fixed quite a few "const char *" versus "char *" issues
that cropped up while using const to track down bugs in the code. This
led to changes in several generic functions.
The smbpasswd changes should be correct but they have not been
extensively tested. At least if I have introduced bugs then we should
be able to fix them more easily than before.
I did this when I saw yet another bug report complaining about
smbclient intermittently missing files. Rather than applying more
patches to smbclient it was better to move to the more robust
clientgen.c code.
The conversion wasn't perfect, I probably lost some features of
smbclient while doing it, but at least smbclient should be consistent
now. It if fails it should _always_ fail rather than giving people the
false impression of a reliable utility.
the tar stuff seems to work, but hasn't had much testing as I never
use it myself. I'm sure someone will find bugs in my conversion of
smbtar.c. It was quite tricky as it did a lot of its own SMB calls. It
now uses clientgen.c exclusively.
smbclient is still quite messy, but at least it doesn't build its own
SMB packets.
I haven't touched smbmount as I never use it. Mike, do you want to
convert smbmount to use clientgen.c?
param/loadparm.c: Removed "networkstation user login", "domain controller", and "domain sid" parameters.
passdb/passdb.c: Removed "networkstation user login" code and changed bug test code
to only check once for a bad password server. This will stop the
complaints of many "bad login" audit records in NT PDC logs.
utils/smbpasswd.c: Removed check for "domain controller".
Jeremy.
libsmb/namequery.c: Fix to remove 2 second wait is we are doing a unicast
and got a reply.
smbd/dfree.c:
smbd/noquotas.c:
smbd/quotas.c: Fixes from Dejan Ilic <svedja@lysator.liu.se> for the quota
code.
utils/smbpasswd.c: Fixes to allow smbpasswd to be called from swat.
Jeremy.
password change server as anonymous - you don't need to have
logged on as the user to do the password change. Doh ! (Why
didn't *I* think of that one.... :-).
Jeremy.
- cleaned up resolve_name() (split into separate functions for each resolver)
- if can't find local master then use #1B name
- support listing of foreign workgroups in /smb/
create_new_hashes didn't zero the buffer for the md4hash: nt_lm_owf_gen
did, because jeremy sorted this out a couple of days ago. call
nt_lm_owf_gen instead.
- call SMBOWFencrypt from SMBencrypt and SMBNTencrypt.
- added #ifdef DEBUG_PASSWORD debug password calls.
Added $(PROGS) $(SPROGS) as targets for make clean.
acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES.
configure.in: Added sys/capability.h header check.
Added function checks for srandom random srand rand.
Added HAVE_IRIX_SPECIFIC_CAPABILITIES test.
includes.h: Added #include <sys/capability.h>.
ntdomain.h: Moved struct acct_info into here from smb.h
smb.h: Added KERNEL_OPLOCK_CAPABILITY define.
Moved enum action_type into rpcclient.h
Moved struct cli_state into client.h
Moved struct nt_client_info, struct tar_client_info, struct client_info
into rpcclient.h
lib/genrand.c: Changed to use sys_random() & friends.
lib/smbrun.c: Lose capabilities after fork.
lib/system.c: Added set_process_capability(), set_inherited_process_capability()
sys_random(), sys_srandom().
lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an
32 bit mounted NFS filesystem.
nmbd/nmbd.c: Changed to use sys_random() & friends.
nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends.
passdb/ldap.c: Missed one pdb_encode_acct_ctrl call.
passdb/passdb.c: Changed to Ander's code for ' ' characters.
passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ.
script/mkproto.awk: Added 'long' to prototypes.
smbd/chgpasswd.c: Lose capabilities after fork.
smbd/open.c: Do the mmap *after* the kernel oplock.
smbd/oplock.c: Removed stub code from kernel oplock path.
Added set_process_capability(), set_inherited_process_capability() calls.
smbd/reply.c: Initialize count = 0, offset = 0.
smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls.
tests/summary.c: Ensure we have RANDOM or RAND.
utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ.
utils/torture.c: Changed to use sys_random() & friends.
Jeremy.
